Angela.C prosím o pomoc!!!

[dave.felis]

Dnes jsem si idiot vlastní vinou zaviroval comp... Stáhl jsem si keygen a po jeho spuštění chaos na ploše, zmizeli ikony a objevilo se mi okno: " Virus Angela.C právě smazal soubor hal.dll z tveho windowsu. Pokud vypnes svuj comp tak uz nikdy nepujde spustit xD xD komentare k viru napis nawww.EK-VIRUS.ic.cz "

Prosím o pomoc s odstraněním tohoto viru, vím, že to jde, někdo to už tady dokonce řešil.... Prosím pomozte mi, počítač potřebuji denně k práci a bez něj jsem v háji...

Předem děkuji za postup a za pomoc

zoufalý Dave

[dave.felis]

jj, mám instalační cd

[dave.felis]

děkuji za návod, asi bych zkusil 1. variantu. Jen mě zajímá jak dostanu vir z kompu, chápu, že tam dostanu zpět knihovnu, abych mohl vypínat a zapínat comp, ale jak se zbavým té havěti? Jinak mám OS XP profesional SP2 a mám možnost psát i z 2. compu...

[dave.felis]

OTL logfile created on: 21.1.2010 13:14:07 - Run 1
OTL by OldTimer - Version 3.1.25.3 Folder = C:\Documents and Settings\DK\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 71,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34,18 Gb Total Space | 8,73 Gb Free Space | 25,53% Space Free | Partition Type: NTFS
Drive D: | 77,60 Gb Total Space | 1,26 Gb Free Space | 1,63% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KACE
Current User Name: DK
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.01.21 13:10:25 | 00,546,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DK\Plocha\OTL.exe
PRC - [2009.10.30 04:38:46 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 3.6 Beta 1\firefox.exe
PRC - [2009.10.11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009.10.11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009.09.23 13:38:18 | 00,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009.09.14 11:34:59 | 00,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009.08.28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009.08.13 11:43:54 | 03,276,288 | ---- | M] (The Author of QIP) -- C:\Program Files\QIP\qip.exe
PRC - [2009.05.14 14:47:54 | 00,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009.05.14 14:47:08 | 02,029,640 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008.12.12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007.05.14 13:23:32 | 01,191,936 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007.05.11 21:57:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2007.05.06 16:10:52 | 00,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2007.04.27 15:10:10 | 00,851,968 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007.03.16 17:10:46 | 01,392,640 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\WLTRAY.EXE
PRC - [2007.03.16 17:10:46 | 00,020,480 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE
PRC - [2007.03.16 17:10:42 | 01,253,376 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\BCMWLTRY.EXE
PRC - [2006.11.02 13:05:50 | 00,282,624 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\KADxMain.exe
PRC - [2006.05.24 17:28:28 | 00,622,653 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006.05.24 17:27:10 | 01,372,244 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2006.05.24 17:21:28 | 00,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
PRC - [2004.08.17 14:49:24 | 01,032,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010.01.21 13:10:25 | 00,546,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DK\Plocha\OTL.exe
MOD - [2007.05.11 21:57:00 | 01,474,560 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2007.05.11 21:57:00 | 00,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll
MOD - [2004.08.17 14:48:02 | 01,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009.11.12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009.10.11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009.09.23 13:38:18 | 00,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.08.28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009.05.14 14:54:22 | 00,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009.05.14 14:47:54 | 00,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2008.12.12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2007.05.11 21:57:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2007.03.16 17:10:46 | 00,020,480 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2006.05.24 17:21:28 | 00,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2003.07.28 19:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2009.09.14 11:15:37 | 00,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.05.18 14:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009.05.14 14:49:32 | 00,094,360 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009.05.14 14:47:14 | 00,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009.05.14 14:41:10 | 00,114,472 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2008.09.04 05:28:22 | 00,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008.09.04 05:27:54 | 00,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008.09.04 05:27:28 | 00,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008.08.20 18:58:58 | 00,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PxHelp20.sys -- (PxHelp20)
DRV - [2008.05.16 10:33:14 | 00,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV - [2008.05.16 10:33:14 | 00,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV - [2008.05.16 10:33:14 | 00,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008.05.16 10:33:12 | 00,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008.05.16 10:33:12 | 00,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV - [2008.05.16 10:33:12 | 00,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008.05.16 10:33:12 | 00,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2007.05.11 21:57:00 | 06,345,472 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007.05.06 16:12:00 | 01,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007.04.27 14:37:24 | 00,202,912 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007.03.16 17:10:46 | 00,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006.11.21 03:25:44 | 00,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006.11.14 23:16:24 | 00,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006.11.14 18:42:46 | 00,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.11.14 16:35:20 | 00,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006.11.02 17:47:36 | 00,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006.11.02 17:47:00 | 00,209,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006.11.02 17:46:56 | 00,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006.11.02 11:31:38 | 00,103,168 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec02.sys -- (DXEC02)
DRV - [2006.06.19 12:26:58 | 00,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2006.05.24 17:07:18 | 00,328,237 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006.05.24 17:05:26 | 00,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2006.05.24 17:04:04 | 00,851,434 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006.05.24 17:01:34 | 00,030,427 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006.05.24 17:01:22 | 00,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2006.05.24 17:00:50 | 00,066,488 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006.05.24 16:58:18 | 00,148,900 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006.05.24 16:57:00 | 00,045,683 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2005.08.12 16:50:46 | 00,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2004.08.22 15:31:48 | 00,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt)
DRV - [2004.08.22 15:31:10 | 00,155,136 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\d347bus.sys -- (d347bus)
DRV - [2004.08.12 16:45:54 | 00,137,728 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004.07.17 10:36:38 | 00,027,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2001.10.25 15:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1482476501-117609710-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
IE - HKU\S-1-5-21-1482476501-117609710-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKU\S-1-5-21-1482476501-117609710-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKU\S-1-5-21-1482476501-117609710-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-1482476501-117609710-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKU\S-1-5-21-1482476501-117609710-682003330-1003\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1482476501-117609710-682003330-1003\..\URLSearchHook: {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\DK\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKU\S-1-5-21-1482476501-117609710-682003330-1003\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\DK\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKU\S-1-5-21-1482476501-117609710-682003330-1003\S-1-5-21-1482476501-117609710-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1482476501-117609710-682003330-1003\S-1-5-21-1482476501-117609710-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..browser.search.selectedEngine: "QIP Search"
FF - prefs.js..browser.startup.homepage: "http://seznam.cz/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 44
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://search.qip.ru/search?from=FF&query="

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.01.07 20:42:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.01.07 20:42:03 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6b1\extensions\\Components: C:\Program Files\Mozilla Firefox 3.6 Beta 1\components [2009.11.26 14:35:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6b1\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.6 Beta 1\plugins [2009.11.26 14:38:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009.07.18 10:32:24 | 00,000,000 | ---D | M]

[2009.10.05 18:01:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DK\Data aplikací\Mozilla\Extensions
[2009.10.05 18:01:31 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DK\Data aplikací\Mozilla\Extensions\{2f1e6a90-e99e-11dd-ba2f-0800200c9a66}
[2010.01.21 10:34:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DK\Data aplikací\Mozilla\Firefox\Profiles\hsl5mqgw.default\extensions
[2009.09.12 22:38:32 | 00,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\DK\Data aplikací\Mozilla\Firefox\Profiles\hsl5mqgw.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.01.21 10:44:12 | 00,000,950 | ---- | M] () -- C:\Documents and Settings\DK\Data aplikací\Mozilla\Firefox\Profiles\hsl5mqgw.default\searchplugins\icqplugin-1.xml
[2009.08.07 09:59:40 | 00,000,950 | ---- | M] () -- C:\Documents and Settings\DK\Data aplikací\Mozilla\Firefox\Profiles\hsl5mqgw.default\searchplugins\icqplugin-2.xml
[2009.08.15 15:49:19 | 00,000,950 | ---- | M] () -- C:\Documents and Settings\DK\Data aplikací\Mozilla\Firefox\Profiles\hsl5mqgw.default\searchplugins\icqplugin-3.xml
[2009.07.22 07:45:23 | 00,000,944 | ---- | M] () -- C:\Documents and Settings\DK\Data aplikací\Mozilla\Firefox\Profiles\hsl5mqgw.default\searchplugins\icqplugin.xml
[2009.09.18 11:09:19 | 00,002,061 | ---- | M] () -- C:\Documents and Settings\DK\Data aplikací\Mozilla\Firefox\Profiles\hsl5mqgw.default\searchplugins\qipsearch.xml
[2010.01.20 19:29:51 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.12.22 04:24:43 | 00,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2009.12.22 04:24:43 | 00,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2009.12.22 04:24:43 | 00,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2009.12.22 04:24:43 | 00,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2009.12.22 04:24:43 | 00,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2001.10.25 15:00:00 | 00,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Podpora odkazu pro Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (QIPBHO Class) - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\DK\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\DK\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1482476501-117609710-682003330-1003..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1482476501-117609710-682003330-1003..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [CleanSetup] File not found
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1482476501-117609710-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 08:40:53 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{d66621a2-7c7c-11de-ad53-001c23a8f651}\Shell - "" = AutoRun
O33 - MountPoints2\{d66621a2-7c7c-11de-ad53-001c23a8f651}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{f625e99a-72ee-11de-ad1e-001c23a8f651}\Shell - "" = AutoRun
O33 - MountPoints2\{f625e99a-72ee-11de-ad1e-001c23a8f651}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 7 Days ==========

[2010.01.21 13:09:59 | 00,546,816 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DK\Plocha\OTL.exe
[2010.01.21 12:08:20 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.01.21 12:08:20 | 00,000,000 | ---D | C] -- C:\rsit
[2010.01.21 11:23:41 | 02,405,485 | ---- | C] ( ) -- C:\Documents and Settings\DK\Plocha\qip8095.exe
[2010.01.20 21:07:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DK\Data aplikací\Nero
[2010.01.20 20:49:50 | 00,000,000 | ---D | C] -- C:\Program Files\Nero
[2010.01.20 20:47:34 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2010.01.20 20:20:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DK\Plocha\N9AIOP2010MT_wms
[2010.01.20 18:36:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DK\Plocha\Sherlock Holmes
[2010.01.20 17:35:27 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2010.01.20 17:16:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Nero
[2010.01.20 17:16:19 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2010.01.20 17:16:10 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2010.01.20 16:47:28 | 00,014,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010.01.20 16:47:10 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2010.01.17 17:15:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DK\Plocha\co
[2010.01.15 09:38:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DK\Plocha\GORY
[2009.11.26 22:21:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Apple
[2009.07.21 14:58:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\ESET
[2009.06.10 12:33:21 | 00,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2009.06.10 12:33:21 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[2009.06.10 09:01:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[2009.06.10 08:44:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[2009.06.10 08:40:50 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[2009.06.10 08:40:50 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Data aplikací\Microsoft
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2010.01.21 14:00:01 | 00,000,310 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010.01.21 14:00:01 | 00,000,310 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010.01.21 14:00:01 | 00,000,310 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010.01.21 14:00:01 | 00,000,310 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010.01.21 14:00:01 | 00,000,302 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010.01.21 14:00:01 | 00,000,302 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010.01.21 14:00:01 | 00,000,302 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010.01.21 14:00:01 | 00,000,302 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010.01.21 14:00:01 | 00,000,302 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010.01.21 14:00:01 | 00,000,302 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010.01.21 14:00:01 | 00,000,302 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010.01.21 13:10:25 | 00,546,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DK\Plocha\OTL.exe
[2010.01.21 13:01:04 | 00,040,448 | ---- | M] () -- C:\Documents and Settings\DK\Dokumenty\David Kočařík - curriculum vitae.doc
[2010.01.21 13:00:09 | 00,037,376 | ---- | M] () -- C:\Documents and Settings\DK\Dokumenty\David Kočařík - životopis.doc
[2010.01.21 12:08:09 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\DK\Plocha\RSIT.exe
[2010.01.21 11:39:47 | 00,348,056 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010.01.21 11:25:17 | 00,000,805 | ---- | M] () -- C:\Documents and Settings\DK\Plocha\Zástupce - firefox.lnk
[2010.01.21 11:24:56 | 00,000,616 | ---- | M] () -- C:\Documents and Settings\DK\Plocha\QIP 2005.lnk
[2010.01.21 11:24:04 | 02,405,485 | ---- | M] ( ) -- C:\Documents and Settings\DK\Plocha\qip8095.exe
[2010.01.21 11:22:58 | 04,718,592 | -H-- | M] () -- C:\Documents and Settings\DK\NTUSER.DAT
[2010.01.21 10:13:56 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.01.21 10:13:54 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.01.20 21:14:35 | 00,348,056 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010.01.20 21:13:10 | 00,131,584 | ---- | M] () -- C:\Documents and Settings\DK\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.20 20:19:24 | 00,000,613 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010.01.20 19:05:14 | 00,311,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.01.20 19:05:14 | 00,310,228 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.01.20 19:05:14 | 00,046,394 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.01.20 19:05:14 | 00,040,326 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.01.20 19:05:13 | 00,714,818 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.01.20 18:34:24 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.01.20 17:34:46 | 00,004,767 | ---- | M] () -- C:\WINDOWS\Irremote.ini
[2010.01.19 21:22:40 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.01.17 11:35:06 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\DK\Plocha\fošínky.doc
[2010.01.15 13:38:39 | 20,000,0000 | ---- | M] () -- C:\Documents and Settings\DK\Plocha\VA-50_Techno_Trance_Anthems_Vol._3-WEB-2009.by.piatok13o8.of.SU.part1.rar
[2010.01.14 22:21:07 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.01.21 14:00:00 | 00,000,310 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010.01.21 14:00:00 | 00,000,310 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010.01.21 14:00:00 | 00,000,310 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010.01.21 14:00:00 | 00,000,310 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010.01.21 14:00:00 | 00,000,302 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010.01.21 14:00:00 | 00,000,302 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010.01.21 14:00:00 | 00,000,302 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010.01.21 14:00:00 | 00,000,302 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010.01.21 14:00:00 | 00,000,302 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010.01.21 14:00:00 | 00,000,302 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010.01.21 14:00:00 | 00,000,302 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010.01.21 12:08:05 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\DK\Plocha\RSIT.exe
[2010.01.21 11:25:17 | 00,000,805 | ---- | C] () -- C:\Documents and Settings\DK\Plocha\Zástupce - firefox.lnk
[2010.01.20 17:34:46 | 00,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2010.01.17 11:25:46 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\DK\Plocha\fošínky.doc
[2010.01.15 12:38:38 | 20,000,0000 | ---- | C] () -- C:\Documents and Settings\DK\Plocha\VA-50_Techno_Trance_Anthems_Vol._3-WEB-2009.by.piatok13o8.of.SU.part1.rar
[2009.09.14 11:15:37 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.06.21 20:37:34 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009.06.21 20:33:19 | 00,000,026 | ---- | C] () -- C:\WINDOWS\CDE DX4400DEFGIPS.ini
[2009.06.11 09:53:26 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.06.11 09:53:22 | 00,131,584 | ---- | C] () -- C:\Documents and Settings\DK\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.10 13:06:22 | 00,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2009.06.10 12:54:41 | 00,000,613 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2009.06.10 12:39:55 | 00,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.06.10 10:28:07 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009.06.10 10:28:06 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009.06.10 10:13:49 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2009.06.10 09:15:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009.06.10 09:15:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009.06.10 09:14:59 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009.06.10 09:14:58 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007.01.16 09:41:02 | 00,235,520 | R--- | C] () -- C:\WINDOWS\System32\libjcc.dll
[2006.05.24 17:16:22 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005.10.14 10:56:50 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 10:56:50 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 10:56:50 | 00,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 10:56:50 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 10:56:50 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 10:56:50 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 10:56:50 | 00,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 10:56:50 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.02.17 11:41:32 | 00,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005.02.17 11:41:30 | 00,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2004.08.22 16:04:56 | 00,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2004.08.17 14:49:10 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004.07.17 10:36:38 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2001.11.14 12:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2009.06.12 23:29:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\BVRP Software
[2009.09.14 11:27:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
[2009.07.26 17:27:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\EPSON
[2009.07.18 10:32:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2009.06.22 20:41:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2009.07.26 17:30:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\UDL
[2009.11.28 17:52:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009.09.14 11:28:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DK\Data aplikací\DAEMON Tools Lite
[2009.07.05 12:37:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DK\Data aplikací\Docx2Rtf
[2009.08.14 11:07:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DK\Data aplikací\EPSON
[2009.08.03 19:49:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DK\Data aplikací\gtk-2.0
[2009.08.14 10:59:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DK\Data aplikací\Jpeg Resampler
[2009.09.15 11:30:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DK\Data aplikací\LG Electronics
[2010.01.06 10:26:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DK\Data aplikací\LogoMaker
[2009.06.22 20:36:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DK\Data aplikací\Miranda
[2009.07.05 12:36:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DK\Data aplikací\NwDocx
[2009.10.05 18:01:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DK\Data aplikací\Scendix Software
[2010.01.21 10:14:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DK\Data aplikací\uTorrent
[2010.01.21 14:00:01 | 00,000,302 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010.01.21 14:00:01 | 00,000,310 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010.01.21 14:00:01 | 00,000,310 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010.01.21 14:00:01 | 00,000,302 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010.01.21 14:00:01 | 00,000,302 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010.01.21 14:00:01 | 00,000,302 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010.01.21 14:00:01 | 00,000,302 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010.01.21 14:00:01 | 00,000,302 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010.01.21 14:00:01 | 00,000,302 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010.01.21 14:00:01 | 00,000,310 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010.01.21 14:00:01 | 00,000,310 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2004.08.17 14:49:24 | 00,015,360 | ---- | M] (Microsoft Corporation)
"EPSON Stylus DX4400 Series" = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S14B.tmp" /EF "HKCU" -- [2007.01.25 07:00:00 | 00,179,200 | ---- | M] (SEIKO EPSON CORPORATION)
"uTorrent" = "C:\Program Files\uTorrent\uTorrent.exe" -- [2009.12.12 19:39:36 | 00,289,584 | ---- | M] (BitTorrent, Inc.)

< c:\windows\*.* /U >
[3 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]


< MD5 for: AGP440.SYS >
[2004.08.17 14:57:28 | 18,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2004.08.17 14:57:28 | 18,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004.08.03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004.08.03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2004.08.03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004.08.17 14:49:08 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004.08.17 14:49:08 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: HAL.DLL >
[2004.08.17 14:57:28 | 18,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll

< MD5 for: IASTOR.SYS >
[2007.02.12 12:36:54 | 00,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\dell\drivers\R154200\iastor.sys

< MD5 for: NDIS.SYS >
[2004.08.03 22:14:30 | 00,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\dllcache\ndis.sys
[2004.08.03 22:14:30 | 00,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2004.08.17 14:49:14 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004.08.17 14:49:14 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004.08.17 14:49:18 | 00,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004.08.17 14:49:18 | 00,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\scecli.dll

< %SYSTEMDRIVE%\hal.dll /s /md5 >
< End of report >

[dave.felis]

tady je link na toho sráča:
http:///sharerapid.cz/stahuj/400548/keygen-nero-9.exe

P.S. link upravil JaRon - nepotrebujeme aby dalsich 23 ludi sem kliklo

[dave.felis]

========== FILES ==========
C:\WINDOWS\tasks\AppleSoftwareUpdate.job moved successfully.
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
hal.dll extracted to C:\
File C:\WINDOWS\system32\hal.dll successfully replaced with c:\hal.dll
AGP440.sys extracted to C:\

OTL by OldTimer - Version 3.1.25.3 log created on 01212010_134923


ani jeden ze souborů (hal.dll, AGP440.sys) není fyzicky na disku

děkuji mockrát, že mi s tím pomáháš

[dave.felis]

Tak hal.dll už je na svém místě, nicméně je i na C:\ spolu s AGP400.sys. Které soubory At mám vymazat a odkud? Co dál?

[dave.felis]

Tak At soubory z adresáře _OTL smazány

[dave.felis]

hmm, tak to jde nastartovat pouze v nouzovém režimu. Při běžným spouštění se to sekne před uvítací obrazovkou a konec

[dave.felis]

vydrž chvilku, po 3. restartu z nouzovýho režimu se nakopl už normálně...

[dave.felis]

tak už jsem zde, komp startuje normálně a hláška o viru zmizela, co dál?

[dave.felis]

ok, takže mám postupovat podle návodu co jsi mi napsal k ComboFixu?

[dave.felis]

tak tady je ten log v Combofixu:
ComboFix 10-01-20.05 - DK 21.01.2010 15:21:49.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2046.1636 [GMT 1:00]
Spuštěný z: c:\documents and settings\DK\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\DK\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
c:\program files\Java\jre6\bin\jucheck.exe
c:\windows\system32\ieuinit.inf

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-21 do 2010-01-21 )))))))))))))))))))))))))))))))
.

2010-01-21 13:07 . 2004-08-03 22:07 42368 -c--a-w- c:\windows\system32\dllcache\agp440.sys
2010-01-21 13:07 . 2004-08-03 22:07 42368 ----a-w- c:\windows\system32\drivers\agp440.sys
2010-01-21 12:49 . 2004-08-03 22:07 42368 ----a-w- C:\agp440.sys
2010-01-21 12:49 . 2010-01-21 12:49 -------- d-----w- C:\_OTL
2010-01-21 12:49 . 2004-08-03 21:59 105472 ----a-w- C:\hal.dll
2010-01-21 11:08 . 2010-01-21 11:10 -------- d-----w- c:\program files\trend micro
2010-01-21 11:08 . 2010-01-21 11:08 -------- d-----w- C:\rsit
2010-01-20 19:49 . 2010-01-20 20:04 -------- d-----w- c:\program files\Nero
2010-01-20 16:35 . 2010-01-20 16:35 -------- d-----w- c:\program files\Windows Sidebar
2010-01-20 16:16 . 2010-01-20 20:04 -------- d-----w- c:\program files\Common Files\Nero
2010-01-06 09:24 . 2010-01-06 09:24 -------- d-----w- c:\program files\Studio V5

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-21 14:22 . 2001-10-25 14:00 46016 ----a-w- c:\windows\system32\perfc005.dat
2010-01-21 14:22 . 2001-10-25 14:00 309716 ----a-w- c:\windows\system32\perfh005.dat
2010-01-21 10:24 . 2009-06-22 20:07 -------- d-----w- c:\program files\QIP
2010-01-20 20:14 . 2009-06-10 08:15 348056 ----a-w- c:\windows\system32\nvModes.dat
2010-01-20 16:00 . 2009-11-28 16:50 -------- d-----w- c:\program files\Bonjour
2010-01-20 15:58 . 2009-06-10 08:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-04 16:20 . 2009-12-04 16:20 -------- d-----w- c:\program files\Free WMA to MP3 Converter
2009-12-03 11:40 . 2009-06-10 12:00 -------- d-----w- c:\program files\MediaCoder
2009-11-28 16:52 . 2009-11-28 16:51 -------- d-----w- c:\program files\iTunes
2009-11-28 16:51 . 2009-11-28 16:51 -------- d-----w- c:\program files\iPod
2009-11-28 16:51 . 2009-11-26 13:34 -------- d-----w- c:\program files\Common Files\Apple
2009-11-26 13:38 . 2009-11-26 13:37 -------- d-----w- c:\program files\QuickTime
2009-11-26 13:33 . 2009-11-26 13:33 -------- d-----w- c:\program files\Apple Software Update
2009-11-24 12:28 . 2009-06-10 12:03 -------- d-----w- c:\program files\Java
2009-11-10 08:02 . 2009-11-09 15:20 80 ---ha-r- c:\windows\ssystda.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-12-12 289584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-11 8429568]
"nwiz"="nwiz.exe" [2007-05-11 1626112]
"NVHotkey"="nvHotkey.dll" [2007-05-11 67584]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-11 81920]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 851968]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-14 180269]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"SigmatelSysTrayApp"="stsystra.exe" [2007-05-06 405504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 20:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
2004-08-22 15:05 81920 ----a-w- c:\program files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
2009-05-14 13:47 2029640 ----a-w- c:\program files\ESET\ESET NOD32 Antivirus\egui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 15:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2008-07-02 14:16 393216 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2009-12-12 18:39 289584 ----a-w- c:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"ERSvc"=2 (0x2)
"wscsvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [10.6.2009 12:33 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [10.6.2009 12:33 5248]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 14:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.5.2009 14:49 94360]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 14:47 731840]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [10.6.2009 12:56 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [10.6.2009 12:56 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [10.6.2009 12:56 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [10.6.2009 12:56 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [10.6.2009 12:56 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [10.6.2009 12:56 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [10.6.2009 12:56 115752]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.9.2009 11:15 721904]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\DK\Data aplikací\Mozilla\Firefox\Profiles\hsl5mqgw.default\
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

URLSearchHooks-{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - c:\documents and settings\DK\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
URLSearchHooks-{95289393-33EA-4F8D-B952-483415B9C955} - c:\documents and settings\DK\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
BHO-{95289393-33EA-4F8D-B952-483415B9C955} - c:\documents and settings\DK\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
BHO-{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - c:\documents and settings\DK\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-WinRAR archiver - c:\program files\WinRAR\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-21 15:27
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A057348]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba90cfc3
\Driver\ACPI -> ACPI.sys @ 0xba759cb8
\Driver\atapi -> 0x8a057348
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577d44
ParseProcedure -> ntkrnlpa.exe @ 0x80576964
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577d44
ParseProcedure -> ntkrnlpa.exe @ 0x80576964
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
Warning: possible MBR rootkit infection !
user & kernel MBR OK
malicious code @ sector 0xdf8f900 size 0x1aa !
PE file found in sector at 0x0DF8F900 !

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(984)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(3656)
c:\windows\system32\nview.dll
c:\windows\system32\nvwddi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\stsystra.exe
c:\windows\system32\rundll32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
.
**************************************************************************
.
Celkový čas: 2010-01-21 15:30:28 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-21 14:30

Před spuštěním: 9 129 132 032
Po spuštění: Volných bajtů: 12 671 295 488

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 881109B50E6ACD97A250C9F64C5A000A

[dave.felis]

SPTD mi nabízí pouze install nebo storno, tlačítko uninstall je neaktivní, co teď?

[dave.felis]

log z defrogeru:

defogger_disable by jpshortstuff (28.11.09.2)
Log created at 17:06 on 21/01/2010 (DK)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
d347prt -> Already disabled
SPTD -> Already disabled


-=E.O.F=-