Poprosim o kontrolu logu (podozrenie na nieco riadne zaryte)

Zpráva

freshy · #1 Příspěvek od **freshy** » 15 dub 2010 19:36

Dobry den, poprosil by som o kontrolu logu, mam podozrenie na nieco silne zaryte v systeme nakolko mi doslo opat k uniku dat

vopred dakujem

prikladam log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Freshyy at 2010-04-15 20:27:43
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 1 GB (3%) free of 50 GB
Total RAM: 3582 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:27:44, on 15. 4. 2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\JetAudio\JetAudio.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
D:\Download\RSIT.exe
C:\Documents and Settings\Freshyy\Plocha\Freshyy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Nvidia driver] C:\Documents and Settings\Freshyy\Data aplikací\nvdisp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Nvidia Driver] C:\Documents and Settings\Freshyy\Data aplikací\nvdisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 7556 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pre aplikáciu Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-06 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5A1691B-D188-4419-AD02-90002030B8EE}]
FlashFXP Helper for Internet Explorer - C:\PROGRA~1\FlashFXP\IEFlash.dll [2007-05-16 191096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-04-06 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-09-19 16844800]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2008-06-18 949376]
"BDRegion"=C:\Program Files\Cyberlink\Shared Files\brs.exe [2008-05-19 91432]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-06 148888]
"nwiz"=nwiz.exe /installquiet []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-03-16 13670504]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-03-16 110696]
"Nvidia driver"=C:\Documents and Settings\Freshyy\Data aplikací\nvdisp.exe [2010-04-12 1116374]
"MSConfig"=C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE [2004-08-17 159232]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-01-07 1394000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IBP"= []
"DU Meter"=C:\Program Files\DU Meter\DUMeter.exe [2008-06-10 2645528]
""= []
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
"Nvidia Driver"=C:\Documents and Settings\Freshyy\Data aplikací\nvdisp.exe [2010-04-12 1116374]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2009-04-24 203928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FantomDVDService]
C:\Program Files\Copystar\FantomDVD\FantomDVDSrcX86.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST]
m‘|ü []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2010-03-30 1820040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-01-07 1394000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [2010-02-05 385856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2010-03-16 13670504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2010-03-16 110696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [2007-12-14 50472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [2008-03-20 83240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2009-12-12 306088]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe"="C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\Program Files\Codemasters\DiRT2\dirt2_game.exe"="D:\Program Files\Codemasters\DiRT2\dirt2_game.exe:*:Enabled:DiRT2"
"C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"D:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"="D:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"
"D:\Program Files\Unreal Tournament 3\Binaries\UT3.exe"="D:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe"="C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1841de46-cd1f-11de-8e51-00e04caa073e}]
shell\AutoRun\command - H:\InstallTomTomHOME.exe

======List of files/folders created in the last 1 months======

2010-04-15 20:27:43 ----D---- C:\rsit
2010-04-15 17:43:12 ----D---- C:\Program Files\Imikimi
2010-04-14 17:39:19 ----D---- C:\Program Files\MSECache
2010-04-12 18:26:20 ----A---- C:\Documents and Settings\Freshyy\Data aplikací\nvdisp.exe
2010-04-12 18:26:18 ----A---- C:\Documents and Settings\Freshyy\Data aplikací\System.Data.SQLite.DLL
2010-04-12 18:26:17 ----A---- C:\Documents and Settings\Freshyy\Data aplikací\4wstp8774WS.exe
2010-04-12 18:26:17 ----A---- C:\Documents and Settings\Freshyy\Data aplikací\3wstp8774WS.exe
2010-03-31 10:43:45 ----D---- C:\Program Files\LogMeIn Hamachi
2010-03-28 14:19:48 ----D---- C:\Documents and Settings\Freshyy\Data aplikací\NVIDIA
2010-03-28 14:12:03 ----D---- C:\Documents and Settings\All Users\Data aplikací\NVIDIA Corporation
2010-03-28 14:11:55 ----D---- C:\Program Files\NVIDIA Corporation
2010-03-28 14:11:30 ----A---- C:\WINDOWS\system32\OpenCL.dll
2010-03-28 14:11:29 ----A---- C:\WINDOWS\system32\nvcuvid.dll
2010-03-28 14:11:29 ----A---- C:\WINDOWS\system32\nvcuvenc.dll
2010-03-28 14:11:29 ----A---- C:\WINDOWS\system32\nvcompiler.dll
2010-03-16 03:37:50 ----A---- C:\WINDOWS\system32\nvsvc32.exe
2010-03-16 03:37:50 ----A---- C:\WINDOWS\system32\nvmctray.dll
2010-03-16 03:37:50 ----A---- C:\WINDOWS\system32\nvmccs.dll
2010-03-16 03:37:50 ----A---- C:\WINDOWS\system32\nvcpl.dll
2010-03-16 03:37:50 ----A---- C:\WINDOWS\system32\nvcolor.exe
2010-03-16 03:37:44 ----A---- C:\WINDOWS\system32\nvwddi.dll

======List of files/folders modified in the last 1 months======

2010-04-15 20:10:17 ----D---- C:\WINDOWS\temp
2010-04-15 20:05:34 ----D---- C:\Documents and Settings\Freshyy\Data aplikací\Skype
2010-04-15 20:04:52 ----D---- C:\Documents and Settings\Freshyy\Data aplikací\skypePM
2010-04-15 19:45:52 ----D---- C:\Program Files\Mozilla Firefox
2010-04-15 17:43:16 ----D---- C:\WINDOWS\Prefetch
2010-04-15 17:43:12 ----RD---- C:\Program Files
2010-04-15 16:38:38 ----D---- C:\WINDOWS\system32\drivers
2010-04-15 16:36:01 ----A---- C:\WINDOWS\wincmd.ini
2010-04-15 14:19:01 ----D---- C:\Program Files\Valve
2010-04-15 10:54:28 ----ASH---- C:\boot.ini
2010-04-15 10:54:28 ----A---- C:\WINDOWS\win.ini
2010-04-15 10:54:28 ----A---- C:\WINDOWS\system.ini
2010-04-15 06:28:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-14 21:17:34 ----D---- C:\Documents and Settings\Freshyy\Data aplikací\ICQ
2010-04-14 20:43:12 ----D---- C:\WINDOWS\security
2010-04-14 17:39:31 ----SHD---- C:\WINDOWS\Installer
2010-04-14 17:39:31 ----D---- C:\Config.Msi
2010-04-14 17:39:29 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-04-14 17:39:28 ----RSD---- C:\WINDOWS\Fonts
2010-04-14 17:39:26 ----D---- C:\Program Files\Microsoft Office
2010-04-13 14:48:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\FLEXnet
2010-04-13 05:12:47 ----D---- C:\WINDOWS
2010-04-12 22:18:00 ----HD---- C:\WINDOWS\inf
2010-04-12 22:18:00 ----D---- C:\WINDOWS\system32
2010-04-12 22:17:59 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-11 08:44:03 ----D---- C:\Program Files\uTorrent
2010-04-10 22:11:39 ----D---- C:\Documents and Settings\Freshyy\Data aplikací\uTorrent
2010-03-28 14:13:17 ----D---- C:\WINDOWS\Help
2010-03-28 14:12:44 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-03-28 14:11:58 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-28 14:11:24 ----D---- C:\NVIDIA
2010-03-17 16:35:08 ----AD---- C:\Documents and Settings\All Users\Data aplikací\Temp
2010-03-16 08:51:59 ----A---- C:\WINDOWS\system32\nvudisp.exe
2010-03-16 08:51:59 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2010-03-16 08:51:59 ----A---- C:\WINDOWS\system32\nvcuda.dll
2010-03-16 08:51:59 ----A---- C:\WINDOWS\system32\nvcodins.dll
2010-03-16 08:51:59 ----A---- C:\WINDOWS\system32\nvcod.dll
2010-03-16 08:51:59 ----A---- C:\WINDOWS\system32\nvapi.dll
2010-03-16 08:51:59 ----A---- C:\WINDOWS\system32\nv4_disp.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2008-06-18 15424]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; \??\C:\Program Files\CyberLink\PowerDVD8\000.fcl []
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2008-06-18 512096]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-09-19 4617728]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-03-16 10232352]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-09-19 101504]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 an5sakgu;an5sakgu; C:\WINDOWS\system32\drivers\an5sakgu.sys []
S3 Bcim;Bandwidth Controller kernel component; C:\WINDOWS\system32\DRIVERS\bcim.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-08 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-08 21568]
S3 IKFileSec;File Security Driver; C:\WINDOWS\system32\drivers\ikfilesec.sys [2008-06-02 42376]
S3 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-06-02 66952]
S3 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-06-10 81288]
S3 mbr;mbr; \??\C:\DOCUME~1\Freshyy\LOCALS~1\Temp\mbr.sys []
S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys []
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-01-21 18048]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-12-30 22016]
S3 NTSIM;NTSIM; \??\C:\WINDOWS\system32\ntsim.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 tap0901;TAP-Win32 Adapter V9; C:\WINDOWS\system32\DRIVERS\tap0901.sys [2008-08-01 25216]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-12-30 7936]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-21 12800]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-04 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-12-30 7936]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 DUMeterSvc;DU Meter Service; C:\Program Files\DU Meter\DUMeterSvc.exe [2008-06-10 1386008]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-04-06 152984]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2008-06-18 552064]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-03-16 154216]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-08-27 92008]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-10-22 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
S3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-08-07 1073544]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-01-26 652800]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **Caroprd111** » 15 dub 2010 19:44

Zdravím

Odstraňte prosím log z "Code" a já se na to podívám.

freshy · #3 Příspěvek od **freshy** » 15 dub 2010 19:58

code odstraneny, hadam to je uz prehladnejsie

vopred vdaka za vas cas

#4 Příspěvek od **Caroprd111** » 15 dub 2010 20:04

Doporučuji odinstalovat (pokud nepoužíváte) toolbary (lišty) v Přidat nebo odebrat programy.

Obrázek

Doporučuji odinstalovat:
C:\Program Files\uTorrent\utorrent.exe

P2P sítě a jejich klienti jsou potenciálním bezpečnostním rizikem, prakticky neustále jsou zdrojem virů, zbytečně se vystavujete riziku.

Obrázek

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe

Spusťte program, poté klikněte na Prohledat
Po dokončení, sem vložte logy OTL.Txt a Extras.txt

freshy · #5 Příspěvek od **freshy** » 15 dub 2010 20:19

OTL.txt

OTL logfile created on: 15. 4. 2010 21:17:49 - Run 5
OTL by OldTimer - Version 3.2.1.1 Folder = D:\Download
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000041B | Country: Slovensko | Language: SKY | Date Format: d. M. yyyy

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 78,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 1,31 Gb Free Space | 2,68% Space Free | Partition Type: NTFS
Drive D: | 292,97 Gb Total Space | 187,04 Gb Free Space | 63,84% Space Free | Partition Type: NTFS
Drive E: | 254,36 Gb Total Space | 10,39 Gb Free Space | 4,08% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FRESHY
Current User Name: Freshyy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010.04.15 21:17:09 | 000,561,664 | ---- | M] (OldTimer Tools) -- D:\Download\OTL.exe
PRC - [2010.04.03 12:18:02 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.03.30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2010.01.26 12:19:16 | 003,438,592 | ---- | M] (JetAudio, Inc.) -- C:\Program Files\JetAudio\JetAudio.exe
PRC - [2009.11.16 17:36:19 | 000,172,792 | ---- | M] (ICQ, LLC.) -- C:\Program Files\ICQ6.5\ICQ.exe
PRC - [2009.09.30 20:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009.08.27 17:05:04 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009.06.01 22:20:12 | 000,222,968 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2009.04.06 23:40:11 | 000,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe
PRC - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008.06.18 14:04:27 | 000,949,376 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32kui.exe
PRC - [2008.06.18 14:04:27 | 000,552,064 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32krn.exe
PRC - [2008.06.10 17:16:57 | 001,386,008 | ---- | M] (Hagel Technologies Ltd) -- C:\Program Files\DU Meter\DUMeterSvc.exe
PRC - [2008.06.10 17:16:40 | 002,645,528 | ---- | M] (Hagel Technologies Ltd) -- C:\Program Files\DU Meter\DUMeter.exe
PRC - [2008.04.22 07:03:00 | 001,083,848 | ---- | M] (C. Ghisler & Co.) -- C:\totalcmd\TOTALCMD.EXE
PRC - [2006.11.13 14:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006.11.13 14:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010.04.15 21:17:09 | 000,561,664 | ---- | M] (OldTimer Tools) -- D:\Download\OTL.exe
MOD - [2004.08.17 15:48:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010.03.30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010.01.26 13:41:08 | 000,652,800 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009.10.22 01:59:10 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.08.27 17:05:04 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009.08.07 12:44:18 | 000,045,816 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009.06.01 22:20:12 | 000,222,968 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008.08.07 18:34:23 | 001,073,544 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2008.07.29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.06.18 14:04:27 | 000,552,064 | ---- | M] (Eset ) [Auto | Running] -- C:\Program Files\Eset\nod32krn.exe -- (NOD32krn)
SRV - [2008.06.13 15:29:14 | 000,356,920 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008.06.10 17:16:57 | 001,386,008 | ---- | M] (Hagel Technologies Ltd) [Auto | Running] -- C:\Program Files\DU Meter\DUMeterSvc.exe -- (DUMeterSvc)
SRV - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.dejaclick.soundkeyword: "chrome://dejaclick/skin/sounds/dc_keyword.wav"
FF - prefs.js..extensions.enabledItems: bejeweledblitz3cheat@thecybershadow.net:1.1
FF - prefs.js..extensions.enabledItems: {af103f06-4278-42c5-9cc0-98174bbbea1e}:2.0.0.1
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.22
FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:6.2.5.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.02.18 22:05:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.03 12:18:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.15 17:43:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.02.18 22:05:14 | 000,000,000 | ---D | M]

[2009.12.16 11:34:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Freshyy\Data aplikací\Mozilla\Extensions
[2010.04.15 19:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Freshyy\Data aplikací\Mozilla\Firefox\Profiles\8bn5n8r6.default\extensions
[2010.01.28 14:05:24 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Documents and Settings\Freshyy\Data aplikací\Mozilla\Firefox\Profiles\8bn5n8r6.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2009.12.19 16:09:31 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Documents and Settings\Freshyy\Data aplikací\Mozilla\Firefox\Profiles\8bn5n8r6.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2009.12.25 13:57:12 | 000,000,000 | ---D | M] (DejaClick by AlertSite) -- C:\Documents and Settings\Freshyy\Data aplikací\Mozilla\Firefox\Profiles\8bn5n8r6.default\extensions\{af103f06-4278-42c5-9cc0-98174bbbea1e}
[2009.12.25 14:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Freshyy\Data aplikací\Mozilla\Firefox\Profiles\8bn5n8r6.default\extensions\bejeweledblitz3cheat@thecybershadow.net
[2010.01.23 23:04:27 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\Freshyy\Data aplikací\Mozilla\Firefox\Profiles\8bn5n8r6.default\searchplugins\ebay.xml
[2010.04.11 08:55:53 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Freshyy\Data aplikací\Mozilla\Firefox\Profiles\8bn5n8r6.default\searchplugins\icqplugin-1.xml
[2009.08.04 18:59:19 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Freshyy\Data aplikací\Mozilla\Firefox\Profiles\8bn5n8r6.default\searchplugins\icqplugin-2.xml
[2009.09.12 01:56:21 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Freshyy\Data aplikací\Mozilla\Firefox\Profiles\8bn5n8r6.default\searchplugins\icqplugin-3.xml
[2009.10.29 14:13:03 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Freshyy\Data aplikací\Mozilla\Firefox\Profiles\8bn5n8r6.default\searchplugins\icqplugin-4.xml
[2009.11.07 11:37:59 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Freshyy\Data aplikací\Mozilla\Firefox\Profiles\8bn5n8r6.default\searchplugins\icqplugin-5.xml
[2009.12.14 15:02:53 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Freshyy\Data aplikací\Mozilla\Firefox\Profiles\8bn5n8r6.default\searchplugins\icqplugin-6.xml
[2009.07.21 23:38:58 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\Freshyy\Data aplikací\Mozilla\Firefox\Profiles\8bn5n8r6.default\searchplugins\icqplugin.xml
[2010.04.15 19:55:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.10.26 19:21:31 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2007.12.17 19:16:14 | 000,065,536 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npkimi.dll
[2009.12.02 10:46:10 | 000,001,583 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\atlas-sk.xml
[2009.12.02 10:46:10 | 000,001,380 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\azet-sk.xml
[2009.12.02 10:46:10 | 000,001,479 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\dunaj-sk.xml
[2009.12.02 10:46:10 | 000,001,473 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slovnik-sk.xml
[2009.12.02 10:46:10 | 000,001,104 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-sk.xml
[2009.12.02 10:46:10 | 000,000,830 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\zoznam-sk.xml

Hosts file not found
O2 - BHO: (Podpora odkazu pre aplikáciu Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe (Eset )
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Nvidia driver] C:\Documents and Settings\Freshyy\Data aplikací\nvdisp.exe ()
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe (Hagel Technologies Ltd)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [IBP] File not found
O4 - HKCU..\Run: [Nvidia Driver] C:\Documents and Settings\Freshyy\Data aplikací\nvdisp.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\imon.dll (Eset )
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Freshyy\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Freshyy\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1841de46-cd1f-11de-8e51-00e04caa073e}\Shell\AutoRun\command - "" = H:\InstallTomTomHOME.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010.04.15 20:27:43 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Freshyy\Plocha\Freshyy.exe
[2010.04.15 20:27:43 | 000,000,000 | ---D | C] -- C:\rsit
[2010.04.15 17:43:12 | 000,000,000 | ---D | C] -- C:\Program Files\Imikimi
[2010.04.15 10:09:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\LogMeIn Hamachi
[2010.04.14 17:39:19 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010.04.12 18:26:17 | 000,569,335 | ---- | C] (FarmVille Tools, Inc. ) -- C:\Documents and Settings\Freshyy\Data aplikací\4wstp8774WS.exe
[2010.02.18 22:08:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[2010.02.12 15:12:31 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Data aplikací\Microsoft
[2008.06.17 01:23:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Hagel Technologies
[2008.06.16 22:42:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[2008.06.16 22:39:49 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010.04.15 20:04:48 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\Freshyy\Plocha\Skype.lnk
[2010.04.15 17:20:11 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Freshyy\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.15 16:36:01 | 000,003,240 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010.04.15 10:54:28 | 000,000,560 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.04.15 10:54:28 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.04.15 10:54:28 | 000,000,210 | -HS- | M] () -- C:\boot.ini
[2010.04.15 10:09:16 | 000,886,272 | ---- | M] () -- C:\Documents and Settings\Freshyy\Data aplikací\System.Data.SQLite.DLL
[2010.04.15 10:08:54 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010.04.15 10:08:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.15 10:08:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.15 06:28:29 | 003,932,160 | -H-- | M] () -- C:\Documents and Settings\Freshyy\NTUSER.DAT
[2010.04.14 20:43:34 | 002,018,456 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.04.14 19:08:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.04.14 18:52:56 | 000,021,224 | ---- | M] () -- C:\Documents and Settings\Freshyy\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
[2010.04.12 18:26:17 | 001,116,374 | ---- | M] () -- C:\Documents and Settings\Freshyy\Data aplikací\nvdisp.exe
[2010.04.12 18:26:17 | 001,116,374 | ---- | M] () -- C:\Documents and Settings\Freshyy\Data aplikací\3wstp8774WS.exe
[2010.04.12 18:26:17 | 000,569,335 | ---- | M] (FarmVille Tools, Inc. ) -- C:\Documents and Settings\Freshyy\Data aplikací\4wstp8774WS.exe
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.04.15 17:24:55 | 002,049,219 | ---- | C] () -- C:\Documents and Settings\Freshyy\Plocha\IMG_9241.jpg
[2010.04.15 17:24:15 | 002,250,726 | ---- | C] () -- C:\Documents and Settings\Freshyy\Plocha\IMG_9195.jpg
[2010.04.15 17:24:00 | 002,341,275 | ---- | C] () -- C:\Documents and Settings\Freshyy\Plocha\IMG_9208.jpg
[2010.04.15 17:21:41 | 002,104,904 | ---- | C] () -- C:\Documents and Settings\Freshyy\Plocha\IMG_9088.jpg
[2010.04.12 18:26:20 | 001,116,374 | ---- | C] () -- C:\Documents and Settings\Freshyy\Data aplikací\nvdisp.exe
[2010.04.12 18:26:18 | 000,886,272 | ---- | C] () -- C:\Documents and Settings\Freshyy\Data aplikací\System.Data.SQLite.DLL
[2010.04.12 18:26:17 | 001,116,374 | ---- | C] () -- C:\Documents and Settings\Freshyy\Data aplikací\3wstp8774WS.exe
[2010.03.19 12:33:46 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\NetworkService\Data aplikací\jasltw.dat
[2010.02.13 02:50:18 | 000,423,752 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2009.12.26 10:23:45 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Freshyy\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.11.22 15:10:01 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Freshyy\Data aplikací\$_hpcst$.hpc
[2009.11.06 11:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009.07.14 14:36:46 | 000,000,135 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2009.07.10 01:19:49 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.07.10 01:10:18 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009.07.10 01:10:17 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.05.13 17:52:42 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Freshyy\Local Settings\Data aplikací\PUTTY.RND
[2009.04.29 15:22:15 | 000,001,536 | ---- | C] () -- C:\WINDOWS\System32\bcevent.dll
[2008.11.18 19:34:56 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Freshyy\Data aplikací\winscp.rnd
[2008.06.23 15:36:20 | 000,000,616 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\hpzinstall.log
[2008.06.23 15:29:59 | 000,000,382 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.06.18 14:05:51 | 000,015,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\nod32drv.sys
[2008.06.17 14:27:50 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008.06.17 00:20:38 | 000,003,240 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2008.06.16 22:43:52 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Freshyy\ntuser.dat.LOG
[2008.06.16 22:43:52 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Freshyy\ntuser.ini
[2008.06.16 22:43:51 | 003,932,160 | -H-- | C] () -- C:\Documents and Settings\Freshyy\NTUSER.DAT
[2008.05.02 22:46:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005.10.14 11:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 11:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 11:56:50 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 11:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 11:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 11:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 11:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 11:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2004.08.17 15:49:10 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004.07.17 11:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

========== LOP Check ==========

[2010.02.15 15:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Autodesk
[2010.01.31 21:38:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Codemasters
[2009.11.21 08:23:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Downloaded Installations
[2008.11.02 14:45:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\FlashFXP
[2008.06.17 01:23:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Hagel Technologies
[2009.07.14 18:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2010.02.18 22:03:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\OviInstallerCache
[2010.02.18 22:08:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Suite
[2008.07.30 16:49:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PlayFirst
[2010.03.17 16:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Temp
[2010.01.21 22:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TmForever
[2009.11.09 13:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TomTom
[2008.10.16 12:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Freshyy\Data aplikací\Acreon
[2009.10.13 15:31:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Freshyy\Data aplikací\Alien Skin
[2008.10.21 18:28:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Freshyy\Data aplikací\Autodesk
[2009.04.12 18:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Freshyy\Data aplikací\Canneverbe_Limited
[2008.06.18 13:55:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Freshyy\Data aplikací\COWON
[2008.06.17 00:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Freshyy\Data aplikací\Datalayer
[2010.02.15 15:49:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Freshyy\Data aplikací\Dev-Cpp
[2009.10.26 19:21:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Freshyy\Data aplikací\Foxit Software
[2010.02.13 16:39:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Freshyy\Data aplikací\IBP
[2010.04.14 21:17:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Freshyy\Data aplikací\ICQ
[2008.06.17 00:04:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Freshyy\Data aplikací\ICQLite
[2010.02.18 22:09:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Freshyy\Data aplikací\Nokia
[2009.06.06 19:32:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Freshyy\Data aplikací\Octoshape
[2010.02.18 22:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Freshyy\Data aplikací\PC Suite
[2008.07.30 16:49:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Freshyy\Data aplikací\PlayFirst
[2009.11.09 13:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Freshyy\Data aplikací\TomTom
[2010.04.10 22:11:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Freshyy\Data aplikací\uTorrent

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Data aplikací\Temp:DFC5A2B2
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Data aplikací\Temp:D1B5B4F1
< End of report >

freshy · #6 Příspěvek od **freshy** » 15 dub 2010 20:30

extras.txt

OTL Extras logfile created on: 15. 4. 2010 21:29:42 - Run 6
OTL by OldTimer - Version 3.2.1.1 Folder = D:\Download
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000041B | Country: Slovensko | Language: SKY | Date Format: d. M. yyyy

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 77,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 1,31 Gb Free Space | 2,68% Space Free | Partition Type: NTFS
Drive D: | 292,97 Gb Total Space | 187,04 Gb Free Space | 63,84% Space Free | Partition Type: NTFS
Drive E: | 254,36 Gb Total Space | 10,39 Gb Free Space | 4,08% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FRESHY
Current User Name: Freshyy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe" = C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- File not found
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe" = C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.)
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"D:\Program Files\Codemasters\DiRT2\dirt2_game.exe" = D:\Program Files\Codemasters\DiRT2\dirt2_game.exe:*:Enabled:DiRT2 -- (Codemasters)
"C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" = C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club -- (Take-Two Interactive Software, Inc.)
"D:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe" = D:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV -- (Sony DADC Austria AG)
"D:\Program Files\Unreal Tournament 3\Binaries\UT3.exe" = D:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3 -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{0317400B-698E-4F22-A1CB-AA91D9D0D118}" = Power Article Rewriter
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{129DDEC1-A6A3-3D60-AABE-76E6E5334922}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - CSY
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{18C9716F-C906-441F-BA66-CABAA5CB2DCE}" = Adobe XMP Panels CS4
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Odovzdávací nástroj lokality Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{28773E11-6E44-46DC-90BD-273A3FA2CAC1}" = Adobe Setup
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35ED8B97-897C-4BD1-AEAE-6FD3404BA082}" = Ovi Desktop Sync Engine
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{481C9A00-91AC-4065-870C-BD4E28186E5A}" = PC Connectivity Solution
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}" = OviMPlatform
"{52D1D62C-FEAB-4580-849E-1DB624BADBBD}" = DiRT2
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6FE8B722-4D7E-3CD7-BB3A-3AD1684B1295}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - CSY
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74DCC43B-33C9-3389-BD0D-33EB37973657}" = Microsoft .NET Framework 3.5 Language Pack - csy
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{77E927C4-C603-4E77-8E4E-5EEAD58EBF41}" = Windows Live Messenger
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9211041B-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{927AA2A2-7631-4EA2-A1F9-252D27B9D0A2}" = Nokia Ovi Suite
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1051-7B44-A81200000003}" = Adobe Reader 8 - Slovak
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2C61EBB-F47C-48ba-B375-27A40F8F48F7}" = HP Deskjet All-In-One Software 9.0
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver
"{BA63348B-143D-4CAC-A355-3879402ED781}" = Nokia Ovi Suite Software Updater
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.22 Game
"{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1" = NOD32 FiX
"{DE787736-66F0-4BD9-884B-E4BCA3661646}" = Adobe ExtendScript Toolkit CS4
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = COWON Media Center - jetAudio Plus VX
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE092FB2-4B8D-4C02-AEDA-D8DE697F7794}" = Windows Live Essentials
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_ccb135070a90ff24d6e7cc4bc5a59cb" = Adobe Fireworks CS4
"CCleaner" = CCleaner (remove only)
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"DC++" = DC++ 0.707
"DUMeter3_is1" = DU Meter
"emu8086 microprocessor emulator_is1" = emu8086 microprocessor emulator
"ffdshow_is1" = ffdshow [rev 3026] [2009-07-05]
"GoldWave v5.24" = GoldWave v5.24
"Hide My Ass! Pro" = Hide My Ass! Pro 1.7
"HijackThis" = HijackThis 2.0.2
"HyperCam 2" = HyperCam 2
"IBP11_is1" = IBP 11.6
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack - csy" = Microsoft .NET Framework 3.5 Language Pack - CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"NOD32" = NOD32 antivirus system
"Nokia Ovi Suite" = Nokia Ovi Suite
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"PDF Editor 2" = PDF Editor 2
"PSPad editor_is1" = PSPad editor
"Registry Mechanic_is1" = Registry Mechanic 8.0
"Spyware Doctor" = Spyware Doctor 6.0
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TmNationsForever_is1" = TmNationsForever
"TomTom HOME" = TomTom HOME 2.7.2.1825
"Totalcmd" = Total Commander (Remove or Repair)
"UniqueContentMakerApplication_is1" = UCM
"VentriloMIX" = VentriloMIX
"VLC media player" = VLC media player 0.9.8a
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archivátor
"winscp3_is1" = WinSCP 4.1.7
"WMFDist11" = Windows Media Format 11 runtime
"World of Warcraft" = World of Warcraft
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Xvid_is1" = Xvid 1.2.1 final uninstall
"YouTube Download Studio_is1" = YouTube Download Studio 2.5.7.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Octoshape Streaming Services" = Octoshape Streaming Services

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5. 3. 2009 18:44:05 | Computer Name = FRESHY | Source = Application Error | ID = 1000
Description = Chybující aplikace firefox.exe, verze 1.9.0.3306, chybující modul
imon.dll, verze 2.70.39.0, adresa chyby 0x0002472a.

Error - 5. 3. 2009 19:32:56 | Computer Name = FRESHY | Source = Application Error | ID = 1000
Description = Chybující aplikace wow.exe, verze 3.0.9.9551, chybující modul , verze
0.0.0.0, adresa chyby 0x00000000.

Error - 6. 3. 2009 15:41:01 | Computer Name = FRESHY | Source = Application Error | ID = 1000
Description = Chybující aplikace wow.exe, verze 3.0.9.9551, chybující modul , verze
0.0.0.0, adresa chyby 0x00000000.

Error - 7. 3. 2009 11:49:14 | Computer Name = FRESHY | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 paint.exe, P2 3.1.4.0, P3 49a1a534, P4 mrfishit,
P5 3.1.4.0, P6 49a1a534, P7 c5, P8 28, P9 system.exception, P10 NIL.

Error - 8. 3. 2009 7:50:06 | Computer Name = FRESHY | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 paint.exe, P2 3.1.4.0, P3 49a1a534, P4 mrfishit,
P5 3.1.4.0, P6 49a1a534, P7 c5, P8 28, P9 system.exception, P10 NIL.

Error - 8. 3. 2009 8:11:07 | Computer Name = FRESHY | Source = Application Error | ID = 1000
Description = Chybující aplikace wow.exe, verze 3.0.9.9551, chybující modul , verze
0.0.0.0, adresa chyby 0x00000000.

Error - 12. 3. 2009 13:12:11 | Computer Name = FRESHY | Source = Application Error | ID = 1000
Description = Chybující aplikace wow.exe, verze 3.0.9.9551, chybující modul , verze
0.0.0.0, adresa chyby 0x00000000.

Error - 12. 3. 2009 19:05:44 | Computer Name = FRESHY | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace firefox.exe, verze 1.9.0.3334, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 13. 3. 2009 11:47:40 | Computer Name = FRESHY | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 paint.exe, P2 3.1.4.0, P3 49a1a534, P4 mrfishit,
P5 3.1.4.0, P6 49a1a534, P7 bc, P8 28, P9 system.exception, P10 NIL.

Error - 15. 3. 2009 8:22:27 | Computer Name = FRESHY | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 paint.exe, P2 3.1.4.0, P3 49a1a534, P4 mrfishit,
P5 3.1.4.0, P6 49a1a534, P7 bc, P8 28, P9 system.exception, P10 NIL.

[ System Events ]
Error - 15. 4. 2010 4:18:56 | Computer Name = FRESHY | Source = MRxSmb | ID = 8003
Description = Hlavní prohledávač přijal oznámení serveru od počítače VELVEET-PC,
který
se považuje za hlavní prohledávač domény pro přenos NetBT_Tcpip_{57F2C10E-DE9E-42D.
Hlavní
prohledávač bude ukončen nebo bude vyvolána volba.

Error - 15. 4. 2010 5:52:45 | Computer Name = FRESHY | Source = MRxSmb | ID = 8003
Description = Hlavní prohledávač přijal oznámení serveru od počítače VELVEET-PC,
který
se považuje za hlavní prohledávač domény pro přenos NetBT_Tcpip_{57F2C10E-DE9E-42D.
Hlavní
prohledávač bude ukončen nebo bude vyvolána volba.

Error - 15. 4. 2010 7:04:27 | Computer Name = FRESHY | Source = MRxSmb | ID = 8003
Description = Hlavní prohledávač přijal oznámení serveru od počítače VELVEET-PC,
který
se považuje za hlavní prohledávač domény pro přenos NetBT_Tcpip_{57F2C10E-DE9E-42D.
Hlavní
prohledávač bude ukončen nebo bude vyvolána volba.

Error - 15. 4. 2010 8:23:10 | Computer Name = FRESHY | Source = MRxSmb | ID = 8003
Description = Hlavní prohledávač přijal oznámení serveru od počítače LUBOSHNTB, který
se považuje za hlavní prohledávač domény pro přenos NetBT_Tcpip_{550A00F9-DC03-4FA6.
Hlavní
prohledávač bude ukončen nebo bude vyvolána volba.

Error - 15. 4. 2010 8:38:16 | Computer Name = FRESHY | Source = MRxSmb | ID = 8003
Description = Hlavní prohledávač přijal oznámení serveru od počítače VELVEET-PC,
který
se považuje za hlavní prohledávač domény pro přenos NetBT_Tcpip_{57F2C10E-DE9E-42D.
Hlavní
prohledávač bude ukončen nebo bude vyvolána volba.

Error - 15. 4. 2010 9:47:54 | Computer Name = FRESHY | Source = MRxSmb | ID = 8003
Description = Hlavní prohledávač přijal oznámení serveru od počítače VELVEET-PC,
který
se považuje za hlavní prohledávač domény pro přenos NetBT_Tcpip_{57F2C10E-DE9E-42D.
Hlavní
prohledávač bude ukončen nebo bude vyvolána volba.

Error - 15. 4. 2010 11:03:30 | Computer Name = FRESHY | Source = MRxSmb | ID = 8003
Description = Hlavní prohledávač přijal oznámení serveru od počítače YOUR-71FEDB593F,
který
se považuje za hlavní prohledávač domény pro přenos NetBT_Tcpip_{57F2C10E-DE9. Hlavní
prohledávač bude ukončen nebo bude vyvolána volba.

Error - 15. 4. 2010 12:20:21 | Computer Name = FRESHY | Source = MRxSmb | ID = 8003
Description = Hlavní prohledávač přijal oznámení serveru od počítače GUDERIAN-PC,
který
se považuje za hlavní prohledávač domény pro přenos NetBT_Tcpip_{57F2C10E-DE9E-42.
Hlavní
prohledávač bude ukončen nebo bude vyvolána volba.

Error - 15. 4. 2010 13:36:29 | Computer Name = FRESHY | Source = MRxSmb | ID = 8003
Description = Hlavní prohledávač přijal oznámení serveru od počítače X-25C2431BD05C4,
který
se považuje za hlavní prohledávač domény pro přenos NetBT_Tcpip_{57F2C10E-DE9. Hlavní
prohledávač bude ukončen nebo bude vyvolána volba.

Error - 15. 4. 2010 15:01:20 | Computer Name = FRESHY | Source = MRxSmb | ID = 8003
Description = Hlavní prohledávač přijal oznámení serveru od počítače VELVEET-PC,
který
se považuje za hlavní prohledávač domény pro přenos NetBT_Tcpip_{57F2C10E-DE9E-42D.
Hlavní
prohledávač bude ukončen nebo bude vyvolána volba.

< End of report >

#7 Příspěvek od **Caroprd111** » 15 dub 2010 20:35

Podle pravidel fóra se zde nelegálním softwarem nezabýváme (nelegální programy představují bezpečnostní hrozbu).
Obstarejte si legální zabezpečení PC (antivir, firewall), poté sem vložte nový log z RSIT a log z CKScanner.

Vyberte si třeba free Aviru nebo Avast + nějaký firewall (doporučuji ZoneAlarm) http://www.viry.cz/forum/viewtopic.php?f=29&t=6152 + http://www.viry.cz/forum/viewtopic.php?f=41&t=6523

Obrázek

Stáhněte na plochu CKScanner http://downloads.malwareremoval.com/CKScanner.exe

Spusťte a klikněte na "Search For Files", po dokončení skenu klikněte na "Save List to File" -> "OK"
Log s názvem ckfiles.txt bude uložený na ploše, obsah tohoto souboru sem vložte.

freshy · #8 Příspěvek od **freshy** » 16 dub 2010 12:15

dakujem za radu, nelegalny software som okamzite odinstaloval

prikladam reporty:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:07:39, on 16. 4. 2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\totalcmd\TOTALCMD.EXE
C:\Documents and Settings\Freshyy\Plocha\Freshyy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Nvidia driver] C:\Documents and Settings\Freshyy\Data aplikací\nvdisp.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Nvidia Driver] C:\Documents and Settings\Freshyy\Data aplikací\nvdisp.exe
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6408 bytes

CKScanner

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11
----- EOF -----

freshy · #9 Příspěvek od **freshy** » 16 dub 2010 12:23

este Vam pridavam error log Microsoft .NET framework, ktory sa spusti vzdy po starte PC, trva to uz poslednych par dni a to od doby ked AV hlasil prve virusy

Informace o vyvolání ladění JIT najdete na konci této zprávy,
nikoli v tomto dialogovém okně.

************** Text výjimky **************
System.IO.FileLoadException: Nelze načíst soubor nebo sestavení System.Data.SQLite, Version=1.0.64.0, Culture=neutral, PublicKeyToken=db937bc2d44ff139 nebo jeden z jejich závislých prvků. Proces nemá přístup k souboru, neboť jej právě využívá jiný proces. (Výjimka na základě hodnoty HRESULT: 0x80070020)
Název souboru: System.Data.SQLite, Version=1.0.64.0, Culture=neutral, PublicKeyToken=db937bc2d44ff139
v winlogon.Chromer.GetChrome()
v winlogon.Chromer.(Object , EventArgs )
v System.EventHandler.Invoke(Object sender, EventArgs e)
v System.Windows.Forms.Form.OnLoad(EventArgs e)
v System.Windows.Forms.Form.OnCreateControl()
v System.Windows.Forms.Control.CreateControl(Boolean fIgnoreVisible)
v System.Windows.Forms.Control.CreateControl()
v System.Windows.Forms.Control.WmShowWindow(Message& m)
v System.Windows.Forms.Control.WndProc(Message& m)
v System.Windows.Forms.ScrollableControl.WndProc(Message& m)
v System.Windows.Forms.ContainerControl.WndProc(Message& m)
v System.Windows.Forms.Form.WmShowWindow(Message& m)
v System.Windows.Forms.Form.WndProc(Message& m)
v System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m)
v System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
v System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)

WRN: Protokolování vazeb sestavení je VYPNUTO.
Chcete-li povolit protokolování chyb vazeb sestavení, nastavte hodnotu registru [HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD) na hodnotu 1.
Poznámka: Protokolování chyb vazeb sestavení ovlivňuje výkon systému.
Chcete-li tuto funkci vypnout, odeberte z registru hodnotu [HKLM\Software\Microsoft\Fusion!EnableLog].

************** Načtená sestavení **************
mscorlib
Verze sestavení: 2.0.0.0
Verze Win32: 2.0.50727.3053 (netfxsp.050727-3000)
Základ kódu: file:///C:/WINDOWS/Microsoft.NET/Framework/v2.0.50727/mscorlib.dll
----------------------------------------
winlogon
Verze sestavení: 1.0.0.0
Verze Win32: 1.0.0.0
Základ kódu: file:///C:/Documents%20and%20Settings/Freshyy/Data%20aplikac%ED/nvdisp.exe
----------------------------------------
Microsoft.VisualBasic
Verze sestavení: 8.0.0.0
Verze Win32: 8.0.50727.3053 (netfxsp.050727-3000)
Základ kódu: file:///C:/WINDOWS/assembly/GAC_MSIL/Microsoft.VisualBasic/8.0.0.0__b03f5f7f11d50a3a/Microsoft.VisualBasic.dll
----------------------------------------
System
Verze sestavení: 2.0.0.0
Verze Win32: 2.0.50727.3053 (netfxsp.050727-3000)
Základ kódu: file:///C:/WINDOWS/assembly/GAC_MSIL/System/2.0.0.0__b77a5c561934e089/System.dll
----------------------------------------
System.Windows.Forms
Verze sestavení: 2.0.0.0
Verze Win32: 2.0.50727.3053 (netfxsp.050727-3000)
Základ kódu: file:///C:/WINDOWS/assembly/GAC_MSIL/System.Windows.Forms/2.0.0.0__b77a5c561934e089/System.Windows.Forms.dll
----------------------------------------
System.Drawing
Verze sestavení: 2.0.0.0
Verze Win32: 2.0.50727.3053 (netfxsp.050727-3000)
Základ kódu: file:///C:/WINDOWS/assembly/GAC_MSIL/System.Drawing/2.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll
----------------------------------------
System.Runtime.Remoting
Verze sestavení: 2.0.0.0
Verze Win32: 2.0.50727.3053 (netfxsp.050727-3000)
Základ kódu: file:///C:/WINDOWS/assembly/GAC_MSIL/System.Runtime.Remoting/2.0.0.0__b77a5c561934e089/System.Runtime.Remoting.dll
----------------------------------------
System.Xml
Verze sestavení: 2.0.0.0
Verze Win32: 2.0.50727.3053 (netfxsp.050727-3000)
Základ kódu: file:///C:/WINDOWS/assembly/GAC_MSIL/System.Xml/2.0.0.0__b77a5c561934e089/System.Xml.dll
----------------------------------------
mscorlib.resources
Verze sestavení: 2.0.0.0
Verze Win32: 2.0.50727.3053 (netfxsp.050727-3000)
Základ kódu: file:///C:/WINDOWS/Microsoft.NET/Framework/v2.0.50727/mscorlib.dll
----------------------------------------
CustomMarshalers
Verze sestavení: 2.0.0.0
Verze Win32: 2.0.50727.3053 (netfxsp.050727-3000)
Základ kódu: file:///C:/WINDOWS/assembly/GAC_32/CustomMarshalers/2.0.0.0__b03f5f7f11d50a3a/CustomMarshalers.dll
----------------------------------------
System.Configuration
Verze sestavení: 2.0.0.0
Verze Win32: 2.0.50727.3053 (netfxsp.050727-3000)
Základ kódu: file:///C:/WINDOWS/assembly/GAC_MSIL/System.Configuration/2.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll
----------------------------------------
System.Windows.Forms.resources
Verze sestavení: 2.0.0.0
Verze Win32: 2.0.50727.1433 (REDBITS.050727-1400)
Základ kódu: file:///C:/WINDOWS/assembly/GAC_MSIL/System.Windows.Forms.resources/2.0.0.0_cs_b77a5c561934e089/System.Windows.Forms.resources.dll
----------------------------------------

************** Ladění JIT **************
Aby bylo povoleno ladění JIT, musí konfigurační soubor
pro tuto aplikaci nebo počítač (machine.config) mít
v oddílu system.windows.forms nastavenou hodnotu njitDebugging.
Aplikace rovněž musí být kompilována s povoleným
laděním.

Příklad:

<configuration>
<system.windows.forms jitDebugging="true" />
</configuration>

Je-li ladění JIT povoleno, budou všechny neošetřené výjimky
odeslány ladicímu programu JIT, který je registrován v počítači,
a nebudou zpracovány tímto dialogovým oknem.

freshy · #10 Příspěvek od **freshy** » 16 dub 2010 12:45

poprosim lock temy, bolo by lepsie vytvorit novy thread v Řešení problémů, logy. ocividne ide o vacsi problem

#11 Příspěvek od **Caroprd111** » 16 dub 2010 12:51

Budeme pokračovat v tomto tématu. Za chvilku Vám napíšu další pokyny.

freshy · #12 Příspěvek od **freshy** » 16 dub 2010 12:52

#13 Příspěvek od **Caroprd111** » 16 dub 2010 13:19

Poprosím o log z RSIT.

freshy · #14 Příspěvek od **freshy** » 16 dub 2010 13:36

Logfile of random's system information tool 1.06 (written by random/random)
Run by Freshyy at 2010-04-16 14:41:20
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 2 GB (4%) free of 50 GB
Total RAM: 3582 MB (81% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:41:22, on 16. 4. 2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\JetAudio\JetAudio.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Documents and Settings\Freshyy\Data aplikací\uTorrent\utorrent.exe
D:\Download\RSIT(2).exe
C:\Documents and Settings\Freshyy\Plocha\Freshyy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Nvidia driver] C:\Documents and Settings\Freshyy\Data aplikací\nvdisp.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Nvidia Driver] C:\Documents and Settings\Freshyy\Data aplikací\nvdisp.exe
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6605 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pre aplikáciu Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-06 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5A1691B-D188-4419-AD02-90002030B8EE}]
FlashFXP Helper for Internet Explorer - C:\PROGRA~1\FlashFXP\IEFlash.dll [2007-05-16 191096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-04-06 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-09-19 16844800]
"BDRegion"=C:\Program Files\Cyberlink\Shared Files\brs.exe [2008-05-19 91432]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-06 148888]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-03-16 13670504]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-03-16 110696]
"Nvidia driver"=C:\Documents and Settings\Freshyy\Data aplikací\nvdisp.exe [2010-04-12 1116374]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-11-22 1037192]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Nvidia Driver"=C:\Documents and Settings\Freshyy\Data aplikací\nvdisp.exe [2010-04-12 1116374]
"DU Meter"=C:\Program Files\DU Meter\DUMeter.exe [2008-06-10 2645528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2009-04-24 203928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST]
m‘|ü []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2010-03-30 1820040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-03-30 1086856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [2010-02-05 385856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2010-03-16 13670504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2010-03-16 110696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [2007-12-14 50472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [2008-03-20 83240]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe"="C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\Program Files\Codemasters\DiRT2\dirt2_game.exe"="D:\Program Files\Codemasters\DiRT2\dirt2_game.exe:*:Enabled:DiRT2"
"D:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"="D:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\Freshyy\Data aplikací\uTorrent\utorrent.exe"="C:\Documents and Settings\Freshyy\Data aplikací\uTorrent\utorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe"="C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2010-04-16 14:41:20 ----D---- C:\rsit
2010-04-16 14:24:34 ----D---- C:\Documents and Settings\Freshyy\Data aplikací\uTorrent
2010-04-16 13:10:58 ----SHD---- C:\RECYCLER
2010-04-16 12:51:40 ----A---- C:\ComboFix.txt
2010-04-16 12:45:54 ----A---- C:\Boot.bak
2010-04-16 12:45:51 ----RASHD---- C:\cmdcons
2010-04-16 12:45:22 ----A---- C:\WINDOWS\zip.exe
2010-04-16 12:45:22 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-04-16 12:45:22 ----A---- C:\WINDOWS\SWSC.exe
2010-04-16 12:45:22 ----A---- C:\WINDOWS\SWREG.exe
2010-04-16 12:45:22 ----A---- C:\WINDOWS\sed.exe
2010-04-16 12:45:22 ----A---- C:\WINDOWS\PEV.exe
2010-04-16 12:45:22 ----A---- C:\WINDOWS\NIRCMD.exe
2010-04-16 12:45:22 ----A---- C:\WINDOWS\MBR.exe
2010-04-16 12:45:22 ----A---- C:\WINDOWS\grep.exe
2010-04-16 12:45:03 ----D---- C:\WINDOWS\ERDNT
2010-04-16 12:45:02 ----D---- C:\ComboFix
2010-04-16 12:44:28 ----D---- C:\Qoobox
2010-04-16 10:17:24 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2010-04-16 10:17:24 ----A---- C:\WINDOWS\system32\zlcomm.dll
2010-04-16 10:17:24 ----A---- C:\WINDOWS\system32\vsregexp.dll
2010-04-16 10:17:21 ----A---- C:\WINDOWS\system32\vswmi.dll
2010-04-16 10:17:20 ----D---- C:\WINDOWS\system32\ZoneLabs
2010-04-16 10:17:20 ----A---- C:\WINDOWS\system32\zpeng25.dll
2010-04-16 10:17:20 ----A---- C:\WINDOWS\system32\vsxml.dll
2010-04-16 10:17:20 ----A---- C:\WINDOWS\system32\vspubapi.dll
2010-04-16 10:17:20 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2010-04-16 10:16:00 ----A---- C:\WINDOWS\system32\vsutil.dll
2010-04-16 10:16:00 ----A---- C:\WINDOWS\system32\vsinit.dll
2010-04-16 10:16:00 ----A---- C:\WINDOWS\system32\vsdata.dll
2010-04-16 10:14:28 ----D---- C:\Program Files\Zone Labs
2010-04-16 10:14:17 ----D---- C:\WINDOWS\Internet Logs
2010-04-16 09:56:13 ----D---- C:\Documents and Settings\Freshyy\Data aplikací\Avira
2010-04-16 09:50:03 ----D---- C:\Program Files\Avira
2010-04-16 09:50:03 ----D---- C:\Documents and Settings\All Users\Data aplikací\Avira
2010-04-14 17:39:19 ----D---- C:\Program Files\MSECache
2010-04-12 18:26:20 ----A---- C:\Documents and Settings\Freshyy\Data aplikací\nvdisp.exe
2010-04-12 18:26:18 ----A---- C:\Documents and Settings\Freshyy\Data aplikací\System.Data.SQLite.DLL
2010-03-31 10:43:45 ----D---- C:\Program Files\LogMeIn Hamachi
2010-03-28 14:19:48 ----D---- C:\Documents and Settings\Freshyy\Data aplikací\NVIDIA
2010-03-28 14:12:03 ----D---- C:\Documents and Settings\All Users\Data aplikací\NVIDIA Corporation
2010-03-28 14:11:55 ----D---- C:\Program Files\NVIDIA Corporation
2010-03-28 14:11:30 ----A---- C:\WINDOWS\system32\OpenCL.dll
2010-03-28 14:11:29 ----A---- C:\WINDOWS\system32\nvcuvid.dll
2010-03-28 14:11:29 ----A---- C:\WINDOWS\system32\nvcuvenc.dll
2010-03-28 14:11:29 ----A---- C:\WINDOWS\system32\nvcompiler.dll

======List of files/folders modified in the last 1 months======

2010-04-16 13:56:40 ----D---- C:\Documents and Settings\Freshyy\Data aplikací\ICQ
2010-04-16 13:21:41 ----D---- C:\Program Files\Mozilla Firefox
2010-04-16 13:19:45 ----D---- C:\WINDOWS\temp
2010-04-16 13:19:13 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-16 13:18:06 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-16 13:17:58 ----A---- C:\WINDOWS\wincmd.ini
2010-04-16 12:51:42 ----D---- C:\WINDOWS\system32\drivers
2010-04-16 12:49:11 ----D---- C:\WINDOWS
2010-04-16 12:49:11 ----A---- C:\WINDOWS\system.ini
2010-04-16 12:48:03 ----D---- C:\WINDOWS\system32\config
2010-04-16 12:47:50 ----D---- C:\WINDOWS\system32
2010-04-16 12:47:18 ----D---- C:\WINDOWS\AppPatch
2010-04-16 12:47:16 ----D---- C:\Program Files\Common Files
2010-04-16 12:45:54 ----RASH---- C:\boot.ini
2010-04-16 12:26:58 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$
2010-04-16 12:09:23 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-16 12:01:32 ----D---- C:\WINDOWS\system32\NtmsData
2010-04-16 11:48:08 ----D---- C:\WINDOWS\Registration
2010-04-16 10:50:44 ----RD---- C:\Program Files
2010-04-16 10:44:22 ----D---- C:\Documents and Settings\Freshyy\Data aplikací\Mozilla
2010-04-16 10:41:45 ----SHD---- C:\WINDOWS\Installer
2010-04-16 10:41:45 ----D---- C:\Config.Msi
2010-04-16 10:41:42 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-04-16 10:41:41 ----HD---- C:\WINDOWS\inf
2010-04-16 10:35:06 ----HD---- C:\Program Files\InstallShield Installation Information
2010-04-16 10:32:59 ----D---- C:\Program Files\IBP 11
2010-04-16 10:14:42 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-16 10:14:30 ----D---- C:\WINDOWS\system32\CatRoot
2010-04-16 09:59:59 ----D---- C:\WINDOWS\repair
2010-04-16 09:46:01 ----AD---- C:\Documents and Settings\All Users\Data aplikací\Temp
2010-04-16 09:44:14 ----D---- C:\WINDOWS\Prefetch
2010-04-15 20:05:34 ----D---- C:\Documents and Settings\Freshyy\Data aplikací\Skype
2010-04-15 20:04:52 ----D---- C:\Documents and Settings\Freshyy\Data aplikací\skypePM
2010-04-15 14:19:01 ----D---- C:\Program Files\Valve
2010-04-15 10:54:28 ----A---- C:\WINDOWS\win.ini
2010-04-14 20:43:12 ----D---- C:\WINDOWS\security
2010-04-14 17:39:29 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-04-14 17:39:28 ----RSD---- C:\WINDOWS\Fonts
2010-04-14 17:39:26 ----D---- C:\Program Files\Microsoft Office
2010-04-13 14:48:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\FLEXnet
2010-03-28 14:13:17 ----D---- C:\WINDOWS\Help
2010-03-28 14:12:44 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-03-28 14:11:24 ----D---- C:\NVIDIA

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-11-22 486280]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; \??\C:\Program Files\CyberLink\PowerDVD8\000.fcl []
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-09-19 4617728]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-03-16 10232352]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-09-19 101504]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 Bcim;Bandwidth Controller kernel component; C:\WINDOWS\system32\DRIVERS\bcim.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-08 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-08 21568]
S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys []
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-01-21 18048]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-12-30 22016]
S3 NTSIM;NTSIM; \??\C:\WINDOWS\system32\ntsim.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys []
S3 tap0901;TAP-Win32 Adapter V9; C:\WINDOWS\system32\DRIVERS\tap0901.sys [2008-08-01 25216]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-12-30 7936]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-21 12800]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-04 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-12-30 7936]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-01-31 721904]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-03-16 267432]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-04-06 152984]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-03-16 154216]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-11-22 2384240]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-10-22 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
S3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#15 Příspěvek od **Caroprd111** » 16 dub 2010 14:17

Spusťte OTL a do spodního okna vložte následující skript.

Kód: Vybrat vše

:OTL
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
FF - prefs.js..extensions.enabledItems: bejeweledblitz3cheat@thecybershadow.net:1.1
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [IBP] File not found
O4 - HKCU..\Run: [Nvidia Driver] C:\Documents and Settings\Freshyy\Data aplikací\nvdisp.exe ()
[2010.04.12 18:26:17 | 001,116,374 | ---- | M] () -- C:\Documents and Settings\Freshyy\Data aplikací\nvdisp.exe
[2010.04.12 18:26:17 | 001,116,374 | ---- | M] () -- C:\Documents and Settings\Freshyy\Data aplikací\3wstp8774WS.exe
[2010.04.12 18:26:17 | 000,569,335 | ---- | M] (FarmVille Tools, Inc. ) -- C:\Documents and Settings\Freshyy\Data aplikací\4wstp8774WS.exe
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Data aplikací\Temp:DFC5A2B2
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Data aplikací\Temp:D1B5B4F1

:Reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"="0"

:Commands
[EMPTYTEMP] 
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[CREATERESTOREPOINT]

Poté klikněte na Opravit, PC se restartuje, log vložte sem.

Obrázek

Zkopírujte sem log C:\ComboFix.txt

Nedoporučuji používat ComboFix z vlastní iniciativy, může dojít k poškození systému!

VIRY.CZ

Poprosim o kontrolu logu (podozrenie na nieco riadne zaryte)

Poprosim o kontrolu logu (podozrenie na nieco riadne zaryte)

Re: Poprosim o kontrolu logu (podozrenie na nieco riadne zar

Re: Poprosim o kontrolu logu (podozrenie na nieco riadne zar

Re: Poprosim o kontrolu logu (podozrenie na nieco riadne zar

Re: Poprosim o kontrolu logu (podozrenie na nieco riadne zar

Re: Poprosim o kontrolu logu (podozrenie na nieco riadne zar

Re: Poprosim o kontrolu logu (podozrenie na nieco riadne zar

Re: Poprosim o kontrolu logu (podozrenie na nieco riadne zar

Re: Poprosim o kontrolu logu (podozrenie na nieco riadne zar

Re: Poprosim o kontrolu logu (podozrenie na nieco riadne zar

Re: Poprosim o kontrolu logu (podozrenie na nieco riadne zar

Re: Poprosim o kontrolu logu (podozrenie na nieco riadne zar

Re: Poprosim o kontrolu logu (podozrenie na nieco riadne zar

Re: Poprosim o kontrolu logu (podozrenie na nieco riadne zar

Re: Poprosim o kontrolu logu (podozrenie na nieco riadne zar