Spomaleny PC

[matej7]

Logfile of random's system information tool 1.06 (written by random/random)
Run by PC at 2010-04-16 21:37:17
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 86 GB (86%) free of 100 GB
Total RAM: 2047 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:37:21, on 16.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
E:\Programy\Avast 4.8 home\aswUpdSv.exe
E:\Programy\Avast 4.8 home\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
E:\Programy\AVAST4~1.8HO\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
E:\Programy\SuperaAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\SearchIndexer.exe
E:\Programy\Avast 4.8 home\ashMaiSv.exe
E:\Programy\Avast 4.8 home\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\Programy\ICQ7.1\ICQ.exe
E:\JAVA HRY\RSIT.exe
C:\Program Files\trend micro\PC.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [avast!] E:\Programy\AVAST4~1.8HO\ashDisp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "E:\Programy\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "e:\hry\cs\steam.exe" -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\Programy\SuperaAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ICQ] "E:\Programy\ICQ7.1\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - E:\Programy\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - E:\Programy\ICQ7.1\ICQ.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7387854578
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 0897011765
O17 - HKLM\System\CCS\Services\Tcpip\..\{092475B1-4D09-4DA2-AA69-BEE9A6F0E11E}: NameServer = 92.245.2.245,92.245.2.162
O17 - HKLM\System\CS1\Services\Tcpip\..\{092475B1-4D09-4DA2-AA69-BEE9A6F0E11E}: NameServer = 92.245.2.245,92.245.2.162
O17 - HKLM\System\CS2\Services\Tcpip\..\{092475B1-4D09-4DA2-AA69-BEE9A6F0E11E}: NameServer = 92.245.2.245,92.245.2.162
O17 - HKLM\System\CS3\Services\Tcpip\..\{092475B1-4D09-4DA2-AA69-BEE9A6F0E11E}: NameServer = 92.245.2.245,92.245.2.162
O17 - HKLM\System\CS4\Services\Tcpip\..\{092475B1-4D09-4DA2-AA69-BEE9A6F0E11E}: NameServer = 92.245.2.245,92.245.2.162
O17 - HKLM\System\CS5\Services\Tcpip\..\{092475B1-4D09-4DA2-AA69-BEE9A6F0E11E}: NameServer = 92.245.2.245,92.245.2.162
O17 - HKLM\System\CS6\Services\Tcpip\..\{092475B1-4D09-4DA2-AA69-BEE9A6F0E11E}: NameServer = 92.245.2.245,92.245.2.162
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - E:\Programy\SuperaAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Programy\Avast 4.8 home\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Programy\Avast 4.8 home\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Programy\Avast 4.8 home\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Programy\Avast 4.8 home\ashWebSv.exe
O23 - Service: Dragon Age: Prameny - aktualizace obsahu (DAUpdaterSvc) - BioWare - E:\Hry\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 6881 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-11-24 953800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"=C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [2009-10-09 33677312]
"avast!"=E:\Programy\AVAST4~1.8HO\ashDisp.exe [2009-11-25 81000]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-03 98304]
"QuickTime Task"=E:\Programy\QuickTime\QTTask.exe [2010-03-17 421888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Steam"=e:\hry\cs\steam.exe [2010-02-28 1217872]
"SUPERAntiSpyware"=E:\Programy\SuperaAntiSpyware\SUPERAntiSpyware.exe [2010-02-18 2012912]
"ICQ"=E:\Programy\ICQ7.1\ICQ.exe [2010-04-06 133368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
E:\Programy\DAEMON Tools Lite\daemon.exe [2008-12-10 216520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
E:\Programy\Winamp\winampa.exe [2009-07-01 37888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
C:\PROGRA~1\WINDOW~4\WINDOW~1.EXE [2008-05-26 123904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
E:\Programy\SuperaAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-02-03 159744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=E:\Programy\SuperaAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\freecell.exe"="C:\WINDOWS\system32\freecell.exe:*:Enabled:FreeCell"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
"E:\Programy\ICQ6.5\ICQ.exe"="E:\Programy\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"E:\Programy\BitLord\BitLord.exe"="E:\Programy\BitLord\BitLord.exe:*:Enabled:BitLord"
"E:\Hry\Dragon Age\bin_ship\daorigins.exe"="E:\Hry\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Prameny Hra"
"E:\Hry\Dragon Age\DAOriginsLauncher.exe"="E:\Hry\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Prameny Spustit"
"E:\Hry\Dragon Age\bin_ship\daupdatersvc.service.exe"="E:\Hry\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Prameny Aktualizovat"
"E:\Programy\Garena\Garena.exe"="E:\Programy\Garena\Garena.exe:*:Enabled:Garena"
"E:\Programy\Spyware Terminator\SpywareTerminatorUpdate.exe"="E:\Programy\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator"
"E:\Hry\CS 1.6\SteamApps\camejko\dedicated server\hltv.exe"="E:\Hry\CS 1.6\SteamApps\camejko\dedicated server\hltv.exe:*:Enabled:HLTV Launcher"
"C:\Documents and Settings\PC\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe"="C:\Documents and Settings\PC\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"E:\Hry\Stronghold Crusader\Stronghold Crusader.exe"="E:\Hry\Stronghold Crusader\Stronghold Crusader.exe:*:Enabled:Stronghold Crusader"
"C:\Program Files\LogMeIn Hamachi\hamachi-2.exe"="C:\Program Files\LogMeIn Hamachi\hamachi-2.exe:*:Enabled:hamachi-2"
"C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe"="C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe:*:Enabled:LogMeIn Hamachi"
"E:\Hry\CS 1.6\Steam.exe"="E:\Hry\CS 1.6\Steam.exe:*:Enabled:Steam 732897"
"E:\DOWNLOADS\povhltv\hltv.exe"="E:\DOWNLOADS\povhltv\hltv.exe:*:Enabled:HLTV Launcher"
"E:\Hry\Rise of nations\rise.exe"="E:\Hry\Rise of nations\rise.exe:*:Enabled:Rise of Nations"
"E:\Hry\CS 1.6\SteamApps\camejko\dedicated server\hlds.exe"="E:\Hry\CS 1.6\SteamApps\camejko\dedicated server\hlds.exe:*:Enabled:Dedicated Server"
"E:\Hry\CS 1.6\SteamApps\camejko\counter-strike\hl.exe"="E:\Hry\CS 1.6\SteamApps\camejko\counter-strike\hl.exe:*:Enabled:Counter-Strike"
"E:\Hry\CoD 2\CoD2MP_s.exe"="E:\Hry\CoD 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"E:\Hry\CS\SteamApps\camejko\counter-strike\hl.exe"="E:\Hry\CS\SteamApps\camejko\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"E:\Hry\CS\Steam.exe"="E:\Hry\CS\Steam.exe:*:Enabled:Steam"
"E:\Programy\ICQ7.1\ICQ.exe"="E:\Programy\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"E:\Programy\ICQ7.1\aolload.exe"="E:\Programy\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\Programy\ICQ7.1\ICQ.exe"="E:\Programy\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"E:\Programy\ICQ7.1\aolload.exe"="E:\Programy\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"

======List of files/folders created in the last 1 months======

2010-04-15 21:14:54 ----D---- C:\Documents and Settings\PC\Application Data\UDC Profiles
2010-04-15 21:14:33 ----A---- C:\WINDOWS\system32\udcpm.dll
2010-04-15 21:14:29 ----D---- C:\Program Files\Universal Document Converter
2010-04-14 19:36:21 ----D---- C:\Documents and Settings\PC\Application Data\M8 Software
2010-04-14 08:19:37 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-14 08:19:32 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-14 08:19:28 ----HDC---- C:\WINDOWS\$NtUninstallKB979402_WM9$
2010-04-14 08:18:25 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-14 08:18:22 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-14 08:18:19 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-14 08:18:13 ----A---- C:\WINDOWS\imsins.BAK
2010-04-14 08:18:10 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-04-13 16:58:59 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2010-04-13 16:58:47 ----D---- C:\Program Files\Common Files\Apple
2010-04-13 16:58:37 ----D---- C:\Program Files\Apple Software Update
2010-04-13 16:58:37 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2010-04-07 16:51:10 ----D---- C:\WINDOWS\system32\Adobe
2010-04-07 15:24:43 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2010-04-02 15:20:49 ----A---- C:\WINDOWS\uninst.exe
2010-04-02 15:20:25 ----D---- C:\Documents and Settings\PC\Application Data\Help
2010-03-20 21:58:55 ----D---- C:\Documents and Settings\PC\Application Data\TS3Client

======List of files/folders modified in the last 1 months======

2010-04-16 21:37:18 ----D---- C:\Program Files\trend micro
2010-04-16 18:46:21 ----D---- C:\WINDOWS\Temp
2010-04-16 17:42:17 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-16 17:00:04 ----D---- C:\Documents and Settings\PC\Application Data\ICQ
2010-04-16 14:44:30 ----D---- C:\WINDOWS\system32
2010-04-16 14:44:30 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-16 14:41:04 ----D---- C:\Documents and Settings\PC\Application Data\Skype
2010-04-15 23:05:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-15 22:01:19 ----D---- C:\WINDOWS\Prefetch
2010-04-15 21:14:29 ----RD---- C:\Program Files
2010-04-15 16:03:52 ----D---- C:\Documents and Settings\PC\Application Data\skypePM
2010-04-14 17:57:12 ----D---- C:\WINDOWS\system32\config
2010-04-14 08:28:09 ----D---- C:\WINDOWS
2010-04-14 08:19:40 ----HD---- C:\WINDOWS\inf
2010-04-14 08:19:39 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-14 08:19:35 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-14 08:19:34 ----D---- C:\WINDOWS\system32\drivers
2010-04-14 08:18:16 ----D---- C:\WINDOWS\ie8updates
2010-04-13 23:03:03 ----D---- C:\Documents and Settings\PC\Application Data\vlc
2010-04-13 16:59:29 ----SHD---- C:\WINDOWS\Installer
2010-04-13 16:59:27 ----D---- C:\Program Files\Internet Explorer
2010-04-13 16:58:47 ----D---- C:\Program Files\Common Files
2010-04-13 16:58:41 ----SD---- C:\WINDOWS\Tasks
2010-04-06 22:17:08 ----HD---- C:\Program Files\InstallShield Installation Information
2010-04-06 19:52:54 ----A---- C:\WINDOWS\system32\MRT.exe
2010-04-03 23:09:49 ----D---- C:\Program Files\Mozilla Firefox
2010-03-29 18:46:51 ----RSD---- C:\WINDOWS\assembly
2010-03-29 18:46:32 ----D---- C:\WINDOWS\system32\DirectX
2010-03-23 23:39:50 ----D---- C:\WINDOWS\security
2010-03-19 18:05:50 ----A---- C:\WINDOWS\system32\wmp.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AmdPPM;AMD HwPState Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 SASDIFSV;SASDIFSV; \??\E:\Programy\SuperaAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\E:\Programy\SuperaAntiSpyware\SASKUTIL.SYS []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R2 cpuz132;cpuz132; \??\C:\WINDOWS\system32\drivers\cpuz132_x32.sys []
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2006-02-28 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2006-02-28 55936]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-02-03 4605952]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2009-06-02 99856]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 KMWDFILTER;HIDUASDesc; C:\WINDOWS\system32\DRIVERS\KMWDFILTER.sys [2008-10-09 17408]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1c51x86.sys [2009-07-27 44032]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-02-28 12160]
R3 SASENUM;SASENUM; \??\E:\Programy\SuperaAntiSpyware\SASENUM.SYS []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\WINDOWS\system32\drivers\viahduaa.sys [2009-09-30 1418368]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2005-01-28 18944]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; E:\Programy\Avast 4.8 home\aswUpdSv.exe [2009-11-25 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-02-03 602112]
R2 avast! Antivirus;avast! Antivirus; E:\Programy\Avast 4.8 home\ashServ.exe [2009-11-25 138680]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-01-03 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-01-03 214520]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; E:\Programy\Avast 4.8 home\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; E:\Programy\Avast 4.8 home\ashWebSv.exe [2009-11-25 352920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu; E:\Hry\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Caroprd111]

Zdravím


Doporučuji odinstalovat (pokud nepoužíváte) toolbary (lišty) v Přidat nebo odebrat programy.


Doporučuji odinstalovat:
E:\Programy\BitLord\BitLord.exe

P2P sítě a jejich klienti jsou potenciálním bezpečnostním rizikem, prakticky neustále jsou zdrojem virů, zbytečně se vystavujete riziku.



Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary
• Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrazí stránka s licenčními podmínkami, pokračujte stisknutím tlačítka "Ano"
• Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna
• Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.
• Během skenování může být počítač restartován.

[matej7]

hotovo

pri prvom spusteni combofixu mi asi po 5 min. naskocila modra smrt dal som RR pc combofix opat spusteny a vsetko rpebehlo uspesne..tu je log :

ComboFix 10-04-15.05 - PC 17.04.2010 11:04:08.4.3 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1626 [GMT 2:00]
Running from: c:\documents and settings\PC\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100416-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\regedit.com
c:\windows\system32\Ijl11.dll
c:\windows\system32\taskmgr.com
c:\windows\system32\vbpng1.dll

.
((((((((((((((((((((((((( Files Created from 2010-03-17 to 2010-04-17 )))))))))))))))))))))))))))))))
.

2010-04-15 19:14 . 2010-04-15 19:16 -------- d-----w- c:\documents and settings\PC\Application Data\UDC Profiles
2010-04-15 19:14 . 2010-03-18 20:27 24440 ----a-w- c:\windows\system32\udcpm.dll
2010-04-15 19:14 . 2010-04-15 19:14 -------- d-----w- c:\program files\Universal Document Converter
2010-04-15 18:47 . 2010-03-22 09:25 780288 ----a-w- c:\documents and settings\PC\Application Data\Octoshape\Octoshape Streaming Services\pmv306a-1003220-0-libOctoshapeClient.dll
2010-04-14 17:36 . 2010-04-14 17:36 -------- d-----w- c:\documents and settings\PC\Application Data\M8 Software
2010-04-13 14:58 . 2010-04-13 14:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-04-13 14:58 . 2010-04-13 14:58 -------- d-----w- c:\program files\Common Files\Apple
2010-04-13 14:58 . 2010-04-13 14:58 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\Apple
2010-04-13 14:58 . 2010-04-13 14:58 -------- d-----w- c:\program files\Apple Software Update
2010-04-13 14:58 . 2010-04-13 14:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-04-13 14:56 . 2010-04-13 14:56 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\Apple Computer
2010-04-11 17:45 . 2010-04-11 17:45 117288 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-04-07 14:51 . 2010-04-07 14:51 -------- d-----w- c:\windows\system32\Adobe
2010-04-07 14:50 . 2010-04-07 14:50 1924976 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-04-07 13:24 . 2010-04-08 11:57 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-04-06 20:16 . 2010-04-06 20:16 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\AOL
2010-04-02 13:20 . 1996-11-05 14:13 299008 ----a-w- c:\windows\uninst.exe
2010-04-02 13:20 . 2010-04-02 13:20 -------- d-----w- c:\documents and settings\PC\WINDOWS
2010-04-02 13:20 . 2010-04-02 13:20 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\Help
2010-03-20 19:58 . 2010-03-20 20:03 -------- d-----w- c:\documents and settings\PC\Application Data\TS3Client

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-17 09:03 . 2009-12-16 20:56 -------- d-----w- c:\documents and settings\PC\Application Data\Skype
2010-04-17 08:13 . 2009-12-15 16:36 -------- d-----w- c:\documents and settings\PC\Application Data\ICQ
2010-04-17 08:11 . 2009-12-16 20:57 -------- d-----w- c:\documents and settings\PC\Application Data\skypePM
2010-04-16 19:37 . 2009-12-20 08:31 -------- d-----w- c:\program files\trend micro
2010-04-16 15:41 . 2010-03-01 16:04 117760 ----a-w- c:\documents and settings\PC\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-13 21:03 . 2009-12-23 09:00 -------- d-----w- c:\documents and settings\PC\Application Data\vlc
2010-04-13 16:57 . 2009-12-20 19:11 1 ----a-w- c:\documents and settings\PC\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-06 20:17 . 2009-12-11 14:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-10 06:15 . 2006-02-28 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-05 18:17 . 2010-03-05 18:16 249856 ------w- c:\windows\Setup1.exe
2010-03-05 18:17 . 2010-03-05 18:16 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-03-03 21:19 . 2010-03-03 21:19 5631823 ----a-w- c:\windows\REGBK03.ZIP
2010-03-02 06:12 . 2009-12-11 15:15 46416 ----a-w- c:\documents and settings\PC\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-01 16:04 . 2010-03-01 16:04 52224 ----a-w- c:\documents and settings\PC\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-03-01 16:03 . 2009-12-17 19:51 -------- d-----w- c:\documents and settings\PC\Application Data\SUPERAntiSpyware.com
2010-03-01 16:02 . 2009-12-16 16:35 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-28 19:18 . 2009-12-11 13:43 23412 ----a-w- c:\windows\system32\emptyregdb.dat
2010-02-28 10:54 . 2009-12-24 14:14 -------- d-----w- c:\program files\ATI
2010-02-28 10:51 . 2010-02-28 10:51 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2010-02-28 10:48 . 2010-02-28 10:48 10134 ----a-r- c:\documents and settings\PC\Application Data\Microsoft\Installer\{2FB2169F-04D8-FFC0-6A66-80EE652B93A5}\ARPPRODUCTICON.exe
2010-02-28 10:48 . 2009-12-11 14:04 -------- d-----w- c:\program files\ATI Technologies
2010-02-28 09:57 . 2010-02-28 09:57 15872 ----a-r- c:\documents and settings\PC\Application Data\Microsoft\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C9.exe
2010-02-25 06:24 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2006-02-28 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 08:55 . 2010-02-19 08:54 5102794 ----a-w- c:\windows\REGBK02.ZIP
2010-02-16 14:08 . 2006-02-28 12:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03 . 2010-03-10 12:10 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33 . 2006-02-28 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2006-02-28 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-03 04:52 . 2009-08-14 04:27 4605952 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-02-03 04:12 . 2009-12-24 13:22 45056 ----a-w- c:\windows\system32\aticalrt.dll
2010-02-03 04:12 . 2009-12-24 13:22 45056 ----a-w- c:\windows\system32\aticalcl.dll
2010-02-03 04:10 . 2009-12-24 13:22 3633152 ----a-w- c:\windows\system32\aticaldd.dll
2010-02-03 04:07 . 2010-02-28 10:48 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-02-03 04:02 . 2009-12-24 13:22 14188544 ----a-w- c:\windows\system32\atioglxx.dll
2010-02-03 03:50 . 2009-08-14 01:58 3566048 ----a-w- c:\windows\system32\ati3duag.dll
2010-02-03 03:40 . 2010-02-28 10:48 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-02-03 03:39 . 2009-08-14 02:27 301568 ----a-w- c:\windows\system32\ati2dvag.dll
2010-02-03 03:35 . 2009-08-14 01:42 2176640 ----a-w- c:\windows\system32\ativvaxx.dll
2010-02-03 03:34 . 2010-02-28 10:48 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-02-03 03:34 . 2010-02-28 10:48 3 ----a-w- c:\windows\system32\ativva5x.dat
2010-02-03 03:32 . 2009-12-24 13:22 397312 ----a-w- c:\windows\system32\atiok3x2.dll
2010-02-03 03:23 . 2009-12-24 13:22 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-02-03 03:23 . 2009-12-24 13:22 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-02-03 03:23 . 2009-12-24 13:22 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-02-03 03:23 . 2009-12-24 13:22 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-02-03 03:22 . 2009-12-24 13:22 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-02-03 03:21 . 2009-12-24 13:22 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2010-02-03 03:19 . 2009-12-24 13:22 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-02-03 03:19 . 2010-02-28 10:28 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-02-03 03:18 . 2009-12-24 13:22 65024 ----a-w- c:\windows\system32\atimpc32.dll
2010-02-03 03:18 . 2009-12-24 13:22 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2010-02-03 03:17 . 2009-12-24 13:22 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-02-03 03:15 . 2009-12-24 13:22 565248 ----a-w- c:\windows\system32\atikvmag.dll
2010-02-03 03:12 . 2009-12-24 13:22 180224 ----a-w- c:\windows\system32\atiadlxx.dll
2010-02-03 03:12 . 2009-12-24 13:22 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-02-03 03:06 . 2009-08-14 01:12 638976 ----a-w- c:\windows\system32\ati2cqag.dll
2010-02-01 12:24 . 2010-03-02 17:00 71960 ----a-w- c:\documents and settings\PC\Application Data\Octoshape\Octoshape Streaming Services\sua-1002010-0-npoctoshape.dll
2010-02-01 12:24 . 2010-03-02 17:00 417280 ----a-w- c:\documents and settings\PC\Application Data\Octoshape\Octoshape Streaming Services\sua-1002010-0-libOctoshapeClient.dll
2010-02-01 12:24 . 2010-03-02 17:00 124184 ----a-w- c:\documents and settings\PC\Application Data\Octoshape\Octoshape Streaming Services\sua-1002010-0-apoctoshape.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"Steam"="e:\hry\cs\steam.exe" [2010-02-28 1217872]
"SUPERAntiSpyware"="e:\programy\SuperaAntiSpyware\SUPERAntiSpyware.exe" [2010-02-18 2012912]
"ICQ"="e:\programy\ICQ7.1\ICQ.exe" [2010-04-06 133368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-10-09 33677312]
"avast!"="e:\programy\AVAST4~1.8HO\ashDisp.exe" [2009-11-24 81000]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-02 98304]
"QuickTime Task"="e:\programy\QuickTime\QTTask.exe" [2010-03-17 421888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-02-28 44544]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "e:\programy\SuperaAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- e:\programy\SuperaAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt\0sprestrt

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-10 09:02 216520 ----a-w- e:\programy\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 37888 ----a-w- e:\programy\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\freecell.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"e:\\Hry\\Dragon Age\\bin_ship\\daorigins.exe"=
"e:\\Hry\\Dragon Age\\DAOriginsLauncher.exe"=
"e:\\Hry\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"e:\\Programy\\Garena\\Garena.exe"=
"c:\\Documents and Settings\\PC\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\LogMeIn Hamachi\\hamachi-2.exe"=
"c:\\Program Files\\LogMeIn Hamachi\\hamachi-2-ui.exe"=
"e:\\Hry\\Rise of nations\\rise.exe"=
"e:\\Hry\\CoD 2\\CoD2MP_s.exe"=
"e:\\Hry\\CS\\SteamApps\\camejko\\counter-strike\\hl.exe"=
"e:\\Hry\\CS\\Steam.exe"=
"e:\\Programy\\ICQ7.1\\ICQ.exe"=
"e:\\Programy\\ICQ7.1\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6.1.2010 17:58 114768]
R1 SASDIFSV;SASDIFSV;e:\programy\SuperaAntiSpyware\sasdifsv.sys [17.2.2010 11:25 12872]
R1 SASKUTIL;SASKUTIL;e:\programy\SuperaAntiSpyware\SASKUTIL.SYS [17.2.2010 11:15 66632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6.1.2010 17:58 20560]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [29.10.2009 13:27 1074568]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [11.12.2009 16:02 44032]
R3 SASENUM;SASENUM;e:\programy\SuperaAntiSpyware\SASENUM.SYS [17.2.2010 11:15 12872]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [11.12.2009 16:17 1418368]
S3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;e:\hry\Dragon Age\bin_ship\daupdatersvc.service.exe [31.12.2009 17:19 25832]
.
Contents of the 'Scheduled Tasks' folder

2010-04-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - e:\programy\ICQ7.1\ICQ.exe
TCP: {092475B1-4D09-4DA2-AA69-BEE9A6F0E11E} = 92.245.2.245,92.245.2.162
FF - ProfilePath - c:\documents and settings\PC\Application Data\Mozilla\Firefox\Profiles\8hwzxgix.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://sk.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:sk:official
FF - component: c:\documents and settings\PC\Application Data\Mozilla\Firefox\Profiles\8hwzxgix.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\documents and settings\PC\Application Data\Mozilla\plugins\npoctoshape.dll
FF - plugin: e:\programy\QuickTime\Plugins\npqtplugin.dll
FF - plugin: e:\programy\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: e:\programy\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: e:\programy\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: e:\programy\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: e:\programy\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: e:\programy\QuickTime\Plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Call of Duty 2 SK - e:\hry\CoD 2\Odinštalovat CoD-2_SK.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-17 11:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(728)
e:\programy\SuperaAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
.
Completion time: 2010-04-17 11:07:05
ComboFix-quarantined-files.txt 2010-04-17 09:07

Pre-Run: 88 139 296 768 bytes free
Post-Run: 88 101 621 760 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - D1B7C3A1E894AC05DF0CCCE6134A0748

[Caroprd111]

Jak to vypadá s PC

[matej7]

hmm este j stale spomaleny kus

[Caroprd111]

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe

• Spusťte program, poté klikněte na Prohledat
• Po dokončení, sem vložte logy OTL.Txt a Extras.txt

[matej7]

OTL logfile created on: 20.4.2010 18:36:02 - Run 1
OTL by OldTimer - Version 3.2.1.3 Folder = C:\Documents and Settings\PC\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 59,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 83,34 Gb Free Space | 85,34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 368,10 Gb Total Space | 222,88 Gb Free Space | 60,55% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAREK-1F0500E1B
Current User Name: PC
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.04.20 18:35:51 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PC\Desktop\OTL.exe
PRC - [2010.04.06 22:16:45 | 000,133,368 | ---- | M] (ICQ, LLC.) -- E:\Programy\ICQ7.1\ICQ.exe
PRC - [2010.04.03 23:09:40 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.02.28 12:02:12 | 001,217,872 | ---- | M] (Valve Corporation) -- E:\Hry\CS\Steam.exe
PRC - [2010.02.18 17:40:26 | 002,012,912 | ---- | M] (SUPERAntiSpyware.com) -- E:\Programy\SuperaAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009.11.25 01:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- E:\Programy\Avast 4.8 home\ashDisp.exe
PRC - [2009.11.25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- E:\Programy\Avast 4.8 home\ashServ.exe
PRC - [2009.11.25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- E:\Programy\Avast 4.8 home\ashMaiSv.exe
PRC - [2009.11.25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- E:\Programy\Avast 4.8 home\ashWebSv.exe
PRC - [2009.11.25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- E:\Programy\Avast 4.8 home\aswUpdSv.exe
PRC - [2009.10.29 13:27:54 | 001,074,568 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.08.14 14:34:50 | 000,196,608 | ---- | M] (Petr Sloup) -- C:\Program Files\ScreenShots\ScreenShots.exe
PRC - [2003.12.22 16:36:14 | 000,561,152 | ---- | M] () -- C:\Documents and Settings\PC\Desktop\Ventrilo.exe


========== Modules (SafeList) ==========

MOD - [2010.04.20 18:35:51 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PC\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2009.11.25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- E:\Programy\Avast 4.8 home\ashServ.exe -- (avast! Antivirus)
SRV - [2009.11.25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- E:\Programy\Avast 4.8 home\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009.11.25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- E:\Programy\Avast 4.8 home\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009.11.25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- E:\Programy\Avast 4.8 home\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009.10.29 13:27:54 | 001,074,568 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2009.07.26 07:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- E:\Hry\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2008.07.29 20:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)


========== Driver Services (SafeList) ==========

DRV - [2010.04.19 20:09:06 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.02.17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- E:\Programy\SuperaAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010.02.17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- E:\Programy\SuperaAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.02.17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- E:\Programy\SuperaAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010.02.03 06:52:08 | 004,605,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009.11.25 01:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009.11.25 01:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009.11.25 01:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009.11.25 01:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009.11.25 01:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009.11.25 01:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009.09.30 13:55:46 | 001,418,368 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009.09.23 10:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.07.27 09:09:52 | 000,044,032 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009.06.02 15:26:28 | 000,099,856 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009.03.27 02:16:28 | 000,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys -- (cpuz132)
DRV - [2008.10.09 16:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008.04.13 20:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008.04.13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007.04.16 22:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006.02.28 14:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2006.02.28 14:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..browser.startup.homepage: "http://sk.start3.mozilla.com/firefox?cl ... k:official"
FF - prefs.js..extensions.enabledItems: {76063e7f-3558-4b68-8287-54eb6512adc0}:2.7.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.13 16:59:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.20 15:14:59 | 000,000,000 | ---D | M]

[2009.12.15 17:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Application Data\Mozilla\Extensions
[2010.04.19 21:26:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\8hwzxgix.default\extensions
[2009.12.15 19:57:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\8hwzxgix.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.03.26 22:16:47 | 000,000,000 | ---D | M] (Gladiatus Tools) -- C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\8hwzxgix.default\extensions\{76063e7f-3558-4b68-8287-54eb6512adc0}
[2009.12.16 16:40:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\8hwzxgix.default\extensions\anycolor.pavlos256@gmail.com
[2010.01.03 16:28:33 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\8hwzxgix.default\searchplugins\daemon-search.xml
[2009.10.25 10:18:52 | 000,002,061 | ---- | M] () -- C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\8hwzxgix.default\searchplugins\qipsearch.xml
[2010.04.19 21:26:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.04.03 23:09:43 | 000,001,583 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\atlas-sk.xml
[2010.04.03 23:09:43 | 000,001,380 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\azet-sk.xml
[2010.04.03 23:09:43 | 000,001,479 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\dunaj-sk.xml
[2010.04.03 23:09:43 | 000,001,473 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slovnik-sk.xml
[2010.04.03 23:09:43 | 000,001,104 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-sk.xml
[2010.04.03 23:09:43 | 000,000,830 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\zoznam-sk.xml

O1 HOSTS File: ([2006.02.28 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [avast!] E:\Programy\Avast 4.8 home\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [ICQ] E:\Programy\ICQ7.1\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [Steam] e:\hry\cs\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] E:\Programy\SuperaAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - E:\Programy\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - E:\Programy\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Programy\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 7387854578 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 0897011765 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - E:\Programy\SuperaAntiSpyware\SASWINLO.dll - E:\Programy\SuperaAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\PC\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\PC\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - E:\Programy\SuperaAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.12.11 15:45:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.04.20 18:35:50 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\PC\Desktop\OTL.exe
[2010.04.20 16:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
[2010.04.19 23:08:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\PC\Recent
[2010.04.19 20:19:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010.04.19 20:18:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010.04.19 20:18:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010.04.17 22:45:08 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.04.17 12:59:33 | 000,000,000 | ---D | C] -- C:\Shoty
[2010.04.17 12:59:13 | 000,000,000 | ---D | C] -- C:\Program Files\ScreenShots
[2010.04.17 10:45:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.04.17 10:45:21 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.04.17 10:45:21 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.04.17 10:45:21 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.04.17 10:44:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.04.15 21:14:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PC\Application Data\UDC Profiles
[2010.04.15 21:14:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\PC\My Documents\UDC Output Files
[2010.04.14 19:36:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PC\Application Data\M8 Software
[2010.04.13 16:58:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010.04.13 16:58:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010.04.13 16:58:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PC\Local Settings\Application Data\Apple
[2010.04.13 16:58:37 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010.04.13 16:58:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010.04.13 16:56:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PC\Local Settings\Application Data\Apple Computer
[2010.04.07 16:51:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2010.04.07 15:24:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010.04.06 22:16:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PC\Local Settings\Application Data\AOL
[2010.04.02 15:20:49 | 000,299,008 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\uninst.exe
[2010.04.02 15:20:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PC\WINDOWS
[2010.04.02 15:20:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PC\Local Settings\Application Data\Help
[2010.04.02 15:20:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PC\Application Data\Help
[2010.03.29 18:52:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PC\My Documents\NHL09
[2010.01.30 17:54:54 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009.12.15 18:57:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009.12.11 15:47:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009.12.11 15:45:38 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.04.20 18:35:51 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PC\Desktop\OTL.exe
[2010.04.20 15:15:02 | 000,000,654 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.04.20 14:04:43 | 000,550,666 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.04.20 14:04:43 | 000,462,058 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.04.20 14:04:43 | 000,078,260 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.04.20 14:00:11 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.04.20 14:00:07 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.20 14:00:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.19 23:08:59 | 004,980,736 | -H-- | M] () -- C:\Documents and Settings\PC\NTUSER.DAT
[2010.04.19 23:08:59 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\PC\ntuser.ini
[2010.04.19 20:54:05 | 000,047,968 | ---- | M] () -- C:\Documents and Settings\PC\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010.04.19 20:53:28 | 000,212,880 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.04.19 20:37:34 | 000,010,582 | ---- | M] () -- C:\Documents and Settings\PC\Desktop\disney2_kacer2.gif
[2010.04.19 20:20:03 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010.04.19 20:09:06 | 000,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010.04.19 18:33:12 | 000,137,909 | ---- | M] () -- C:\Documents and Settings\PC\Desktop\19-4-2010_18-33-11.jpg
[2010.04.18 22:37:29 | 005,325,964 | -H-- | M] () -- C:\Documents and Settings\PC\Local Settings\Application Data\IconCache.db
[2010.04.17 12:59:13 | 000,000,718 | ---- | M] () -- C:\Documents and Settings\PC\Desktop\ScreenShots.lnk
[2010.04.17 12:56:10 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\PC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.17 11:06:14 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.04.17 10:42:56 | 003,916,775 | R--- | M] () -- C:\Documents and Settings\PC\Desktop\ComboFix.exe
[2010.04.13 16:58:41 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.04.02 23:26:46 | 000,015,994 | ---- | M] () -- C:\Documents and Settings\PC\Desktop\presov userbars.png
[2010.03.31 11:04:17 | 000,012,941 | ---- | M] () -- C:\Documents and Settings\PC\Desktop\camejkooavatar.gif
[2010.03.29 18:49:22 | 000,001,442 | ---- | M] () -- C:\Documents and Settings\All Users\Pracovná plocha\NHL® 09.lnk
[2010.03.23 22:54:24 | 008,749,472 | ---- | M] () -- C:\K´Naan-waving Flag.mp3
[2010.03.23 22:49:55 | 003,467,421 | ---- | M] () -- C:\train - hey, soul sister.mp3
[2010.03.23 18:49:52 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Pracovná plocha\Mozilla Firefox.lnk
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.04.19 20:37:33 | 000,010,582 | ---- | C] () -- C:\Documents and Settings\PC\Desktop\disney2_kacer2.gif
[2010.04.19 20:09:06 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010.04.19 18:33:03 | 000,137,909 | ---- | C] () -- C:\Documents and Settings\PC\Desktop\19-4-2010_18-33-11.jpg
[2010.04.17 12:59:13 | 000,000,718 | ---- | C] () -- C:\Documents and Settings\PC\Desktop\ScreenShots.lnk
[2010.04.17 10:45:21 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.04.17 10:45:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.04.17 10:45:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.04.17 10:45:21 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.04.17 10:45:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.04.17 10:42:52 | 003,916,775 | R--- | C] () -- C:\Documents and Settings\PC\Desktop\ComboFix.exe
[2010.04.13 16:58:41 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.04.11 19:45:28 | 000,117,288 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010.04.02 23:26:45 | 000,015,994 | ---- | C] () -- C:\Documents and Settings\PC\Desktop\presov userbars.png
[2010.03.31 11:04:16 | 000,012,941 | ---- | C] () -- C:\Documents and Settings\PC\Desktop\camejkooavatar.gif
[2010.03.29 18:49:22 | 000,001,442 | ---- | C] () -- C:\Documents and Settings\All Users\Pracovná plocha\NHL® 09.lnk
[2010.03.23 23:40:02 | 008,749,472 | ---- | C] () -- C:\K´Naan-waving Flag.mp3
[2010.03.23 23:40:02 | 003,467,421 | ---- | C] () -- C:\train - hey, soul sister.mp3
[2010.01.20 21:08:58 | 000,000,299 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2010.01.04 17:29:03 | 000,000,257 | ---- | C] () -- C:\WINDOWS\game.ini
[2010.01.03 17:42:13 | 000,137,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009.12.31 15:47:24 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\PC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.24 16:01:15 | 000,010,281 | ---- | C] () -- C:\Documents and Settings\PC\CCCInstall_200912241501149843.log
[2009.12.24 15:40:28 | 000,000,323 | ---- | C] () -- C:\Documents and Settings\PC\CCCInstall_200912241440282656.log
[2009.12.24 15:38:05 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009.12.19 15:46:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\PC\Application Data\AVSDVDPlayer.m3u
[2009.12.19 15:42:57 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.12.19 15:42:57 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.12.17 22:58:49 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\PC\Local Settings\Application Data\fusioncache.dat
[2009.12.15 20:32:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.12.11 15:59:09 | 000,495,616 | -H-- | C] () -- C:\Documents and Settings\PC\ntuser.dat.LOG
[2009.12.11 15:59:09 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\PC\ntuser.ini
[2009.12.11 15:59:08 | 004,980,736 | -H-- | C] () -- C:\Documents and Settings\PC\NTUSER.DAT
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007.09.27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007.09.27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007.09.27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005.10.14 12:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 12:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 12:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 12:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 12:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 12:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 12:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2004.08.04 02:56:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003.04.07 11:38:32 | 000,005,746 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001.01.12 11:52:26 | 000,044,032 | ---- | C] () -- C:\WINDOWS\System32\vbpng1.dll
[2001.01.12 11:49:38 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
< End of report >

[matej7]

OTL Extras logfile created on: 20.4.2010 18:36:02 - Run 1
OTL by OldTimer - Version 3.2.1.3 Folder = C:\Documents and Settings\PC\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 59,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 83,34 Gb Free Space | 85,34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 368,10 Gb Total Space | 222,88 Gb Free Space | 60,55% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAREK-1F0500E1B
Current User Name: PC
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Programy\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Programy\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "E:\Programy\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "E:\Programy\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "E:\Programy\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"E:\Programy\ICQ7.1\ICQ.exe" = E:\Programy\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1 -- (ICQ, LLC.)
"E:\Programy\ICQ7.1\aolload.exe" = E:\Programy\ICQ7.1\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\freecell.exe" = C:\WINDOWS\system32\freecell.exe:*:Enabled:FreeCell -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"E:\Hry\Dragon Age\bin_ship\daorigins.exe" = E:\Hry\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Prameny Hra -- (BioWare)
"E:\Hry\Dragon Age\DAOriginsLauncher.exe" = E:\Hry\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Prameny Spustit -- (BioWare)
"E:\Hry\Dragon Age\bin_ship\daupdatersvc.service.exe" = E:\Hry\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Prameny Aktualizovat -- (BioWare)
"E:\Programy\Garena\Garena.exe" = E:\Programy\Garena\Garena.exe:*:Enabled:Garena -- (Garena Interactive PTE LTD)
"C:\Documents and Settings\PC\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" = C:\Documents and Settings\PC\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client -- (Octoshape ApS)
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Program Files\LogMeIn Hamachi\hamachi-2.exe" = C:\Program Files\LogMeIn Hamachi\hamachi-2.exe:*:Enabled:hamachi-2 -- (LogMeIn Inc.)
"C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" = C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe:*:Enabled:LogMeIn Hamachi -- (LogMeIn Inc.)
"E:\Hry\Rise of nations\rise.exe" = E:\Hry\Rise of nations\rise.exe:*:Enabled:Rise of Nations -- (Big Huge Games, Inc.)
"E:\Hry\CoD 2\CoD2MP_s.exe" = E:\Hry\CoD 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s -- ()
"E:\Hry\CS\SteamApps\camejko\counter-strike\hl.exe" = E:\Hry\CS\SteamApps\camejko\counter-strike\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"E:\Hry\CS\Steam.exe" = E:\Hry\CS\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"E:\Programy\ICQ7.1\ICQ.exe" = E:\Programy\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1 -- (ICQ, LLC.)
"E:\Programy\ICQ7.1\aolload.exe" = E:\Programy\ICQ7.1\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{067EC517-9731-43FD-B4D5-296EE0027BBB}" = LogMeIn Hamachi
"{0B9E0BD1-328D-415C-80A5-6B0028F0C104}" = Call of Duty(R) 2 Patch 1.2
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{1A48AB8A-DA88-545F-9D3D-C481DC6C31A3}" = Catalyst Control Center Graphics Full Existing
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1D2CF076-A63F-41A5-00A1-5924FADFAD9D}" = The Godfather™ The Game
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{24CB2BE4-FAAF-78F8-D211-042327560FD8}" = ccc-utility
"{257DEF70-A302-CF80-79FE-D8C72EB5E4D0}" = ccc-utility
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 17
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2B44554A-AC5E-D835-82EC-FF6BB2FF8CA6}" = Catalyst Control Center Graphics Light
"{2CF6349E-8A3F-B726-F59A-8703FC8885E8}" = Catalyst Control Center Graphics Light
"{2FB2169F-04D8-FFC0-6A66-80EE652B93A5}" = Catalyst Control Center InstallProxy
"{302126A2-BB96-5931-6249-CAACA2C89AA1}" = ccc-core-static
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4025BE-5CC2-1979-5400-2AFD9A2860E4}" = Catalyst Control Center Graphics Full Existing
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5B9EFDF8-AC4F-CA21-9A8C-7534D49E7EE9}" = Catalyst Control Center HydraVision Full
"{5F4BBCD5-E6F5-FCFA-5F3B-95EC2AD0945E}" = ccc-core-preinstall
"{66E3BA00-6B3D-466B-96FA-6309A7F42BB0}" = Adobe Flash Player 10 ActiveX
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E5AB107-172B-4F17-8ABB-357C59EF1B08}" = Vegas Pro 9.0
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{855AA20A-CA81-7EF1-1936-AE4AA3DC4BEA}" = ccc-core-preinstall
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{9011041B-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BB86C70-E1EF-7457-46DC-0093B5269458}" = ATI Catalyst Install Manager
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A9867BC9-0EAD-BAC6-C320-4FBC2E127643}" = Catalyst Control Center Core Implementation
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Prameny
"{B00220C8-AD02-4DA8-BEF4-E0552A4AC1E2}_is1" = Panopticum Lens Pro 3.5 For Vegas
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D0B2D0A3-245D-E256-EF6F-2E6E4DA30B41}" = Catalyst Control Center Core Implementation
"{D0E6B5D9-6737-AF3E-7BE5-7327DD6B6002}" = Catalyst Control Center Graphics Previews Common
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D8B36DA7-F196-2953-8A93-DDBFB1F6267D}" = ccc-core-static
"{DAD3A57E-2B4D-30F2-F971-6A0FD04D5EA3}" = Catalyst Control Center HydraVision Full
"{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM)
"{E4C82E4B-CD9E-27ED-BC6A-E099DE3EC3ED}" = CCC Help English
"{E7231089-60AD-CD67-8CC0-B0F415E2A32A}" = Catalyst Control Center Graphics Full New
"{EC102FA9-A54E-2D6B-9926-B92E5D9E14C7}" = Catalyst Control Center Graphics Full New
"{F2B5A2A7-2DF9-4361-8BD5-362714528B51}" = NHL® 09
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ashampoo Burning Studio 8_is1" = Ashampoo Burning Studio 8.08
"ATI Display Driver" = ATI Display Driver
"avast!" = avast! Antivirus
"CCleaner" = CCleaner
"Corgoň Liga CL10 BETA VERZIA" = Corgoň Liga CL10 BETA VERZIA
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.15
"Defraggler" = Defraggler
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"Fraps" = Fraps (remove only)
"Garena" = Garena
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"JDownloader" = JDownloader
"LogMeIn Hamachi" = LogMeIn Hamachi
"Magic Bullet Editors 2.0 Vegas" = Magic Bullet Editors 2.0 Vegas
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaInfo" = MediaInfo 0.7.25
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NewBlue 3D Explosions for Windows" = NewBlue 3D Explosions for Windows
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PluginPac" = DebugMode PluginPac (remove only)
"Recuva" = Recuva
"RiseOfNations 1.0" = Microsoft Rise Of Nations
"Speccy" = Speccy
"SpiceMASTER 2.5 PRO for Vegas" = SpiceMASTER 2.5 PRO for Vegas
"ST6UNST #1" = HLTooLz
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Totalcmd" = Total Commander (Remove or Repair)
"VLC media player" = VLC media player 1.0.3
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archivátor
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape Streaming Services" = Octoshape Streaming Services
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 1.2.2010 11:26:04 | Computer Name = MAREK-1F0500E1B | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\Patch\patcher.exe failed, 0000001E.

[ Application Events ]
Error - 27.1.2010 10:20:33 | Computer Name = MAREK-1F0500E1B | Source = Windows Search Service | ID = 3028
Description = The gatherer object cannot be initialized. Context: Windows Application,
SystemIndex Catalog Details: The registry value cannot be read because the configuration
is invalid. Recreate the content index configuration by removing the content index.
(0x80040d03)

Error - 27.1.2010 10:20:33 | Computer Name = MAREK-1F0500E1B | Source = Windows Search Service | ID = 3058
Description = The application cannot be initialized. Context: Windows Application

Details:
The
registry value cannot be read because the configuration is invalid. Recreate the
content index configuration by removing the content index. (0x80040d03)

Error - 30.1.2010 9:04:20 | Computer Name = MAREK-1F0500E1B | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikácia hl.exe, verzia 1.1.1.1, zablokovaný modul hungapp,
verzia 0.0.0.0, adresa zablokovania 0x00000000.

Error - 1.2.2010 11:26:19 | Computer Name = MAREK-1F0500E1B | Source = Application Error | ID = 1005
Description = Systém Windows nemá prístup k súboru D:\Patch\patcher.exe pre jednu
z nasledovných prícin: vyskytol sa problém s pripojením k sieti, s diskom, na ktorom
je súbor uložený, alebo s ovládacmi ukladacích zariadení inštalovanými v tomto
pocítaci, alebo chýba disk. V dôsledku výskytu tejto chyby systém Windows zatvoril
program Rise of Nations. Program: Rise of Nations Súbor: D:\Patch\patcher.exe Hodnota
chyby je uvedená v casti s doplnkovými údajmi. Akcia používatela 1. Otvorte súbor
znovu. Môže íst o docasný problém, ktorý sa odstráni po opätovnom spustení programu.
2.
Ak problém s prístupom k súboru pretrváva a - súbor sa nachádza v sieti, správca
siete by mal skontrolovat, ci siet pracuje normálne a ci je možné kontaktovat server.
-
súbor sa nachádza na vymenitelnom disku, napr. na diskete alebo disku CD-ROM, uistite
sa, že je disk správne vložený v pocítaci. 3. Skontrolujte a opravte systém súborov
spustením programu CHKDSK. Program CHKDSK spustíte kliknutím na tlacidlo Štart,
na položku Spustit, zadaním retazca CMD a kliknutím na tlacidlo OK. Do príkazového
riadka zadajte CHKDSK /F a stlacte kláves ENTER. 4. Ak problém pretrváva, obnovte
súbor zo záložnej kópie. 5. Skontrolujte, ci sa dajú otvorit iné súbory uložené
na tom istom disku. Ak nie, disk je pravdepodobne poškodený. Ak ide o pevný disk,
obrátte sa na správcu alebo dodávatela pocítacového hardvéru. Doplnkové údaje Hodnota
chyby: C000009C Typ disku: 5

Error - 1.2.2010 11:26:48 | Computer Name = MAREK-1F0500E1B | Source = Application Error | ID = 1000
Description = Zlyhanie aplikácie , verzia 0.0.0.0, zlyhanie modulu unknown, verzia
0.0.0.0, adresa zlyhania 0x0042d74e.

Error - 1.2.2010 11:30:47 | Computer Name = MAREK-1F0500E1B | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikácia TotalCmd.exe, verzia 7.5.0.1, zablokovaný modul
hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.

Error - 1.2.2010 11:32:19 | Computer Name = MAREK-1F0500E1B | Source = Application Error | ID = 1005
Description = Systém Windows nemá prístup k súboru D:\Patch\patcher.exe pre jednu
z nasledovných prícin: vyskytol sa problém s pripojením k sieti, s diskom, na ktorom
je súbor uložený, alebo s ovládacmi ukladacích zariadení inštalovanými v tomto
pocítaci, alebo chýba disk. V dôsledku výskytu tejto chyby systém Windows zatvoril
program Rise of Nations. Program: Rise of Nations Súbor: D:\Patch\patcher.exe Hodnota
chyby je uvedená v casti s doplnkovými údajmi. Akcia používatela 1. Otvorte súbor
znovu. Môže íst o docasný problém, ktorý sa odstráni po opätovnom spustení programu.
2.
Ak problém s prístupom k súboru pretrváva a - súbor sa nachádza v sieti, správca
siete by mal skontrolovat, ci siet pracuje normálne a ci je možné kontaktovat server.
-
súbor sa nachádza na vymenitelnom disku, napr. na diskete alebo disku CD-ROM, uistite
sa, že je disk správne vložený v pocítaci. 3. Skontrolujte a opravte systém súborov
spustením programu CHKDSK. Program CHKDSK spustíte kliknutím na tlacidlo Štart,
na položku Spustit, zadaním retazca CMD a kliknutím na tlacidlo OK. Do príkazového
riadka zadajte CHKDSK /F a stlacte kláves ENTER. 4. Ak problém pretrváva, obnovte
súbor zo záložnej kópie. 5. Skontrolujte, ci sa dajú otvorit iné súbory uložené
na tom istom disku. Ak nie, disk je pravdepodobne poškodený. Ak ide o pevný disk,
obrátte sa na správcu alebo dodávatela pocítacového hardvéru. Doplnkové údaje Hodnota
chyby: C000009C Typ disku: 5

Error - 1.2.2010 11:32:36 | Computer Name = MAREK-1F0500E1B | Source = Application Error | ID = 1000
Description = Zlyhanie aplikácie patcher.exe, verzia 1.14.5.600, zlyhanie modulu
patcher.exe, verzia 1.14.5.600, adresa zlyhania 0x0002d74e.

Error - 7.2.2010 9:23:25 | Computer Name = MAREK-1F0500E1B | Source = Application Error | ID = 1000
Description = Zlyhanie aplikácie stronghold crusader.exe, verzia 1.0.0.1, zlyhanie
modulu stronghold crusader.exe, verzia 1.0.0.1, adresa zlyhania 0x00077316.

Error - 17.2.2010 6:41:18 | Computer Name = MAREK-1F0500E1B | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikácia hl.exe, verzia 1.1.1.1, zablokovaný modul hungapp,
verzia 0.0.0.0, adresa zablokovania 0x00000000.

[ System Events ]
Error - 19.4.2010 11:34:40 | Computer Name = MAREK-1F0500E1B | Source = W32Time | ID = 39452689
Description = Poskytovatel casu NtpClient: Pri vyhladávaní rucne nakonfigurovaného
partnera
time.windows.com,0x1 serverom DNS sa vyskytla chyba. NtpClient sa pokúsi o vyhladávanie
servera DNS znova o 30 min. Vyskytla sa chyba: Došlo k pokusu o operáciu so soketom
v case nedosiahnutelnosti hostitela. (0x80072751)

Error - 19.4.2010 11:34:40 | Computer Name = MAREK-1F0500E1B | Source = W32Time | ID = 39452701
Description = Poskytovatel casu NtpClient je nakonfigurovaný tak, aby získaval cas
z jedného alebo viacerých casových zdrojov, žiadny zo zdrojov však nie je momentálne
prístupný. Pocas 30 minút nebude uskutocnený žiadny pokus o skontaktovanie zdroja.
NtpClient
nemá žiadny zdroj presného casu.

Error - 19.4.2010 12:04:40 | Computer Name = MAREK-1F0500E1B | Source = W32Time | ID = 39452689
Description = Poskytovatel casu NtpClient: Pri vyhladávaní rucne nakonfigurovaného
partnera
time.windows.com,0x1 serverom DNS sa vyskytla chyba. NtpClient sa pokúsi o vyhladávanie
servera DNS znova o 60 min. Vyskytla sa chyba: Došlo k pokusu o operáciu so soketom
v case nedosiahnutelnosti hostitela. (0x80072751)

Error - 19.4.2010 12:04:40 | Computer Name = MAREK-1F0500E1B | Source = W32Time | ID = 39452701
Description = Poskytovatel casu NtpClient je nakonfigurovaný tak, aby získaval cas
z jedného alebo viacerých casových zdrojov, žiadny zo zdrojov však nie je momentálne
prístupný. Pocas 60 minút nebude uskutocnený žiadny pokus o skontaktovanie zdroja.
NtpClient
nemá žiadny zdroj presného casu.

Error - 20.4.2010 9:53:45 | Computer Name = MAREK-1F0500E1B | Source = W32Time | ID = 39452689
Description = Poskytovatel casu NtpClient: Pri vyhladávaní rucne nakonfigurovaného
partnera
time.windows.com,0x1 serverom DNS sa vyskytla chyba. NtpClient sa pokúsi o vyhladávanie
servera DNS znova o 15 min. Vyskytla sa chyba: Došlo k pokusu o operáciu so soketom
v case nedosiahnutelnosti hostitela. (0x80072751)

Error - 20.4.2010 9:53:45 | Computer Name = MAREK-1F0500E1B | Source = W32Time | ID = 39452701
Description = Poskytovatel casu NtpClient je nakonfigurovaný tak, aby získaval cas
z jedného alebo viacerých casových zdrojov, žiadny zo zdrojov však nie je momentálne
prístupný. Pocas 14 minút nebude uskutocnený žiadny pokus o skontaktovanie zdroja.
NtpClient
nemá žiadny zdroj presného casu.

Error - 20.4.2010 10:08:45 | Computer Name = MAREK-1F0500E1B | Source = W32Time | ID = 39452689
Description = Poskytovatel casu NtpClient: Pri vyhladávaní rucne nakonfigurovaného
partnera
time.windows.com,0x1 serverom DNS sa vyskytla chyba. NtpClient sa pokúsi o vyhladávanie
servera DNS znova o 30 min. Vyskytla sa chyba: Došlo k pokusu o operáciu so soketom
v case nedosiahnutelnosti hostitela. (0x80072751)

Error - 20.4.2010 10:08:45 | Computer Name = MAREK-1F0500E1B | Source = W32Time | ID = 39452701
Description = Poskytovatel casu NtpClient je nakonfigurovaný tak, aby získaval cas
z jedného alebo viacerých casových zdrojov, žiadny zo zdrojov však nie je momentálne
prístupný. Pocas 30 minút nebude uskutocnený žiadny pokus o skontaktovanie zdroja.
NtpClient
nemá žiadny zdroj presného casu.

Error - 20.4.2010 10:38:45 | Computer Name = MAREK-1F0500E1B | Source = W32Time | ID = 39452689
Description = Poskytovatel casu NtpClient: Pri vyhladávaní rucne nakonfigurovaného
partnera
time.windows.com,0x1 serverom DNS sa vyskytla chyba. NtpClient sa pokúsi o vyhladávanie
servera DNS znova o 60 min. Vyskytla sa chyba: Došlo k pokusu o operáciu so soketom
v case nedosiahnutelnosti hostitela. (0x80072751)

Error - 20.4.2010 10:38:45 | Computer Name = MAREK-1F0500E1B | Source = W32Time | ID = 39452701
Description = Poskytovatel casu NtpClient je nakonfigurovaný tak, aby získaval cas
z jedného alebo viacerých casových zdrojov, žiadny zo zdrojov však nie je momentálne
prístupný. Pocas 60 minút nebude uskutocnený žiadny pokus o skontaktovanie zdroja.
NtpClient
nemá žiadny zdroj presného casu.


< End of report >

[Caroprd111]

Spusťte OTL a do spodního okna vložte následující skript.

Kód: Vybrat vše

:OTL
FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF

:Files
E:\Programy\Garena

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Programy\Garena\Garena.exe" =-

:Commands
[PURITY] 
[EMPTYTEMP] 
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[CREATERESTOREPOINT]

Poté klikněte na Opravit, PC se restartuje, log vložte sem.


Defragmentujte disk.

[matej7]

All processes killed
========== OTL ==========
Prefs.js: "QIP Search" removed from browser.search.defaultenginename
Prefs.js: "DAEMON Search" removed from browser.search.selectedEngine
C:\WINDOWS\003104_.tmp deleted successfully.
C:\WINDOWS\003143_.tmp deleted successfully.
C:\WINDOWS\SET36.tmp deleted successfully.
C:\WINDOWS\SET39.tmp deleted successfully.
C:\WINDOWS\SET45.tmp deleted successfully.
C:\WINDOWS\SET78.tmp deleted successfully.
C:\WINDOWS\SETA2.tmp deleted successfully.
C:\WINDOWS\SETA5.tmp deleted successfully.
C:\WINDOWS\SETB1.tmp deleted successfully.
C:\WINDOWS\SETE4.tmp deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF deleted successfully.
========== FILES ==========
E:\Programy\Garena\web\cache\RUpoker\img folder moved successfully.
E:\Programy\Garena\web\cache\RUpoker\css folder moved successfully.
E:\Programy\Garena\web\cache\RUpoker folder moved successfully.
E:\Programy\Garena\web\cache\ROM\images folder moved successfully.
E:\Programy\Garena\web\cache\ROM\css folder moved successfully.
E:\Programy\Garena\web\cache\ROM\config\images folder moved successfully.
E:\Programy\Garena\web\cache\ROM\config\css folder moved successfully.
E:\Programy\Garena\web\cache\ROM\config folder moved successfully.
E:\Programy\Garena\web\cache\ROM folder moved successfully.
E:\Programy\Garena\web\cache\Freesky\img folder moved successfully.
E:\Programy\Garena\web\cache\Freesky\css folder moved successfully.
E:\Programy\Garena\web\cache\Freesky folder moved successfully.
E:\Programy\Garena\web\cache folder moved successfully.
E:\Programy\Garena\web folder moved successfully.
E:\Programy\Garena\user\12237572 folder moved successfully.
E:\Programy\Garena\user folder moved successfully.
E:\Programy\Garena\sound folder moved successfully.
E:\Programy\Garena\skin_bs folder moved successfully.
E:\Programy\Garena\Skin\Flags folder moved successfully.
E:\Programy\Garena\Skin folder moved successfully.
E:\Programy\Garena\shop\items folder moved successfully.
E:\Programy\Garena\shop folder moved successfully.
E:\Programy\Garena\plugins\UI\AdPlugin folder moved successfully.
E:\Programy\Garena\plugins\UI folder moved successfully.
E:\Programy\Garena\plugins\Game folder moved successfully.
E:\Programy\Garena\plugins folder moved successfully.
E:\Programy\Garena\lib\common folder moved successfully.
E:\Programy\Garena\lib folder moved successfully.
E:\Programy\Garena\layout folder moved successfully.
E:\Programy\Garena\Languages folder moved successfully.
E:\Programy\Garena\GarenaTV folder moved successfully.
E:\Programy\Garena\files folder moved successfully.
E:\Programy\Garena\dlls folder moved successfully.
E:\Programy\Garena\deps folder moved successfully.
E:\Programy\Garena\config folder moved successfully.
E:\Programy\Garena\Cache folder moved successfully.
E:\Programy\Garena\Avatar folder moved successfully.
E:\Programy\Garena folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\E:\Programy\Garena\Garena.exe deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: PC
->Temp folder emptied: 1376332 bytes
->Temporary Internet Files folder emptied: 3140882 bytes
->Java cache emptied: 3092 bytes
->FireFox cache emptied: 78468880 bytes
->Flash cache emptied: 5116 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 79,00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: PC
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

Restore points cleared and new OTL Restore Point set!
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

OTL by OldTimer - Version 3.2.1.3 log created on 04202010_194646

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_778.dat not found!

Registry entries deleted on Reboot...

[Caroprd111]

Jak to vypadá s PC

[matej7]

no je to uz lepsie...

combofix odinstalovat alebo?

[Caroprd111]

Poprosím o nový log z RSIT.

[matej7]

Logfile of random's system information tool 1.06 (written by random/random)
Run by PC at 2010-04-21 18:01:45
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 86 GB (86%) free of 100 GB
Total RAM: 2047 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:01:49, on 21.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
E:\Programy\Avast 4.8 home\aswUpdSv.exe
E:\Programy\Avast 4.8 home\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
E:\Programy\AVAST4~1.8HO\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
E:\Programy\SuperaAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\SearchIndexer.exe
E:\Programy\Avast 4.8 home\ashMaiSv.exe
E:\Programy\Avast 4.8 home\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\Programy\totalcmd\TOTALCMD.EXE
E:\JAVA HRY\RSIT.exe
C:\Program Files\trend micro\PC.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [avast!] E:\Programy\AVAST4~1.8HO\ashDisp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "E:\Programy\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "e:\hry\cs\steam.exe" -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\Programy\SuperaAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ICQ] "E:\Programy\ICQ7.1\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - E:\Programy\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - E:\Programy\ICQ7.1\ICQ.exe
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Programy\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7387854578
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 0897011765
O17 - HKLM\System\CCS\Services\Tcpip\..\{092475B1-4D09-4DA2-AA69-BEE9A6F0E11E}: NameServer = 92.245.2.245,92.245.2.162
O17 - HKLM\System\CS1\Services\Tcpip\..\{092475B1-4D09-4DA2-AA69-BEE9A6F0E11E}: NameServer = 92.245.2.245,92.245.2.162
O17 - HKLM\System\CS2\Services\Tcpip\..\{092475B1-4D09-4DA2-AA69-BEE9A6F0E11E}: NameServer = 92.245.2.245,92.245.2.162
O17 - HKLM\System\CS3\Services\Tcpip\..\{092475B1-4D09-4DA2-AA69-BEE9A6F0E11E}: NameServer = 92.245.2.245,92.245.2.162
O17 - HKLM\System\CS4\Services\Tcpip\..\{092475B1-4D09-4DA2-AA69-BEE9A6F0E11E}: NameServer = 92.245.2.245,92.245.2.162
O17 - HKLM\System\CS5\Services\Tcpip\..\{092475B1-4D09-4DA2-AA69-BEE9A6F0E11E}: NameServer = 92.245.2.245,92.245.2.162
O17 - HKLM\System\CS6\Services\Tcpip\..\{092475B1-4D09-4DA2-AA69-BEE9A6F0E11E}: NameServer = 92.245.2.245,92.245.2.162
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - E:\Programy\SuperaAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Programy\Avast 4.8 home\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Programy\Avast 4.8 home\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Programy\Avast 4.8 home\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Programy\Avast 4.8 home\ashWebSv.exe
O23 - Service: Dragon Age: Prameny - aktualizace obsahu (DAUpdaterSvc) - BioWare - E:\Hry\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 6786 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"=C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [2009-10-09 33677312]
"avast!"=E:\Programy\AVAST4~1.8HO\ashDisp.exe [2009-11-25 81000]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-03 98304]
"QuickTime Task"=E:\Programy\QuickTime\QTTask.exe [2010-03-17 421888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
"Steam"=e:\hry\cs\steam.exe [2010-02-28 1217872]
"SUPERAntiSpyware"=E:\Programy\SuperaAntiSpyware\SUPERAntiSpyware.exe [2010-02-18 2012912]
"ICQ"=E:\Programy\ICQ7.1\ICQ.exe [2010-04-06 133368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
E:\Programy\DAEMON Tools Lite\daemon.exe -autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
E:\Programy\Winamp\winampa.exe [2009-07-01 37888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
C:\PROGRA~1\WINDOW~4\WINDOW~1.EXE [2008-05-26 123904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
E:\Programy\SuperaAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-02-03 159744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=E:\Programy\SuperaAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\freecell.exe"="C:\WINDOWS\system32\freecell.exe:*:Enabled:FreeCell"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"E:\Hry\Dragon Age\bin_ship\daorigins.exe"="E:\Hry\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Prameny Hra"
"E:\Hry\Dragon Age\DAOriginsLauncher.exe"="E:\Hry\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Prameny Spustit"
"E:\Hry\Dragon Age\bin_ship\daupdatersvc.service.exe"="E:\Hry\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Prameny Aktualizovat"
"C:\Documents and Settings\PC\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe"="C:\Documents and Settings\PC\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\LogMeIn Hamachi\hamachi-2.exe"="C:\Program Files\LogMeIn Hamachi\hamachi-2.exe:*:Enabled:hamachi-2"
"C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe"="C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe:*:Enabled:LogMeIn Hamachi"
"E:\Hry\Rise of nations\rise.exe"="E:\Hry\Rise of nations\rise.exe:*:Enabled:Rise of Nations"
"E:\Hry\CoD 2\CoD2MP_s.exe"="E:\Hry\CoD 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"E:\Hry\CS\SteamApps\camejko\counter-strike\hl.exe"="E:\Hry\CS\SteamApps\camejko\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"E:\Hry\CS\Steam.exe"="E:\Hry\CS\Steam.exe:*:Enabled:Steam"
"E:\Programy\ICQ7.1\ICQ.exe"="E:\Programy\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"E:\Programy\ICQ7.1\aolload.exe"="E:\Programy\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\Programy\ICQ7.1\ICQ.exe"="E:\Programy\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"E:\Programy\ICQ7.1\aolload.exe"="E:\Programy\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"

======List of files/folders created in the last 1 months======

2010-04-20 19:46:46 ----D---- C:\_OTL
2010-04-19 20:19:03 ----D---- C:\Program Files\Common Files\DESIGNER
2010-04-19 20:18:49 ----D---- C:\WINDOWS\SHELLNEW
2010-04-19 20:18:47 ----D---- C:\Program Files\Microsoft.NET
2010-04-17 22:45:08 ----SHD---- C:\RECYCLER
2010-04-17 12:59:33 ----D---- C:\Shoty
2010-04-17 12:59:13 ----D---- C:\Program Files\ScreenShots
2010-04-17 11:07:05 ----A---- C:\ComboFix.txt
2010-04-17 10:45:21 ----A---- C:\WINDOWS\zip.exe
2010-04-17 10:45:21 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-04-17 10:45:21 ----A---- C:\WINDOWS\SWSC.exe
2010-04-17 10:45:21 ----A---- C:\WINDOWS\SWREG.exe
2010-04-17 10:45:21 ----A---- C:\WINDOWS\sed.exe
2010-04-17 10:45:21 ----A---- C:\WINDOWS\PEV.exe
2010-04-17 10:45:21 ----A---- C:\WINDOWS\NIRCMD.exe
2010-04-17 10:45:21 ----A---- C:\WINDOWS\MBR.exe
2010-04-17 10:45:21 ----A---- C:\WINDOWS\grep.exe
2010-04-17 10:44:43 ----D---- C:\Qoobox
2010-04-15 21:14:54 ----D---- C:\Documents and Settings\PC\Application Data\UDC Profiles
2010-04-14 19:36:21 ----D---- C:\Documents and Settings\PC\Application Data\M8 Software
2010-04-14 08:19:37 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-14 08:19:32 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-14 08:19:28 ----HDC---- C:\WINDOWS\$NtUninstallKB979402_WM9$
2010-04-14 08:18:25 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-14 08:18:22 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-14 08:18:19 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-14 08:18:10 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-04-13 16:58:59 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2010-04-13 16:58:47 ----D---- C:\Program Files\Common Files\Apple
2010-04-13 16:58:37 ----D---- C:\Program Files\Apple Software Update
2010-04-13 16:58:37 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2010-04-07 16:51:10 ----D---- C:\WINDOWS\system32\Adobe
2010-04-07 15:24:43 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2010-04-02 15:20:49 ----A---- C:\WINDOWS\uninst.exe
2010-04-02 15:20:25 ----D---- C:\Documents and Settings\PC\Application Data\Help

======List of files/folders modified in the last 1 months======

2010-04-21 18:01:46 ----D---- C:\Program Files\trend micro
2010-04-21 16:05:08 ----D---- C:\WINDOWS\Prefetch
2010-04-21 15:41:10 ----SHD---- C:\WINDOWS\Installer
2010-04-21 15:39:46 ----A---- C:\WINDOWS\win.ini
2010-04-21 15:30:39 ----D---- C:\WINDOWS\system32
2010-04-21 15:30:39 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-21 15:30:18 ----D---- C:\WINDOWS\Temp
2010-04-21 15:29:24 ----D---- C:\Documents and Settings\PC\Application Data\Skype
2010-04-20 23:15:51 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-20 23:15:50 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-20 22:25:53 ----D---- C:\WINDOWS
2010-04-20 19:47:28 ----SHD---- C:\System Volume Information
2010-04-20 19:47:28 ----D---- C:\WINDOWS\system32\Restore
2010-04-20 16:52:38 ----D---- C:\Documents and Settings\PC\Application Data\ICQ
2010-04-20 15:15:08 ----RSD---- C:\WINDOWS\assembly
2010-04-20 15:14:35 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-04-20 15:14:23 ----RSD---- C:\WINDOWS\Fonts
2010-04-19 23:03:52 ----SD---- C:\Documents and Settings\PC\Application Data\Microsoft
2010-04-19 20:56:18 ----D---- C:\Documents and Settings\PC\Application Data\vlc
2010-04-19 20:20:03 ----A---- C:\WINDOWS\ODBC.INI
2010-04-19 20:19:03 ----D---- C:\Program Files\Common Files
2010-04-19 20:18:49 ----D---- C:\Program Files\Common Files\System
2010-04-19 20:18:47 ----RD---- C:\Program Files
2010-04-19 20:14:53 ----D---- C:\WINDOWS\system
2010-04-19 20:12:04 ----HD---- C:\WINDOWS\inf
2010-04-19 20:09:06 ----D---- C:\WINDOWS\system32\drivers
2010-04-19 16:06:33 ----D---- C:\Documents and Settings\PC\Application Data\skypePM
2010-04-17 22:45:08 ----D---- C:\WINDOWS\Debug
2010-04-17 11:10:40 ----D---- C:\WINDOWS\system32\config
2010-04-17 11:06:14 ----A---- C:\WINDOWS\system.ini
2010-04-17 11:05:27 ----D---- C:\WINDOWS\AppPatch
2010-04-17 10:45:16 ----D---- C:\WINDOWS\ERDNT
2010-04-14 08:19:39 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-14 08:19:35 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-14 08:18:16 ----D---- C:\WINDOWS\ie8updates
2010-04-13 16:59:27 ----D---- C:\Program Files\Internet Explorer
2010-04-13 16:58:41 ----SD---- C:\WINDOWS\Tasks
2010-04-06 22:17:08 ----HD---- C:\Program Files\InstallShield Installation Information
2010-04-06 19:52:54 ----A---- C:\WINDOWS\system32\MRT.exe
2010-04-03 23:09:49 ----D---- C:\Program Files\Mozilla Firefox
2010-03-29 18:46:32 ----D---- C:\WINDOWS\system32\DirectX
2010-03-23 23:39:50 ----D---- C:\WINDOWS\security

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AmdPPM;AMD HwPState Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 SASDIFSV;SASDIFSV; \??\E:\Programy\SuperaAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\E:\Programy\SuperaAntiSpyware\SASKUTIL.SYS []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R2 cpuz132;cpuz132; \??\C:\WINDOWS\system32\drivers\cpuz132_x32.sys []
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2006-02-28 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2006-02-28 55936]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-02-03 4605952]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2009-06-02 99856]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 KMWDFILTER;HIDUASDesc; C:\WINDOWS\system32\DRIVERS\KMWDFILTER.sys [2008-10-09 17408]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1c51x86.sys [2009-07-27 44032]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-02-28 12160]
R3 SASENUM;SASENUM; \??\E:\Programy\SuperaAntiSpyware\SASENUM.SYS []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\WINDOWS\system32\drivers\viahduaa.sys [2009-09-30 1418368]
S3 catchme;catchme; \??\C:\DOCUME~1\PC\LOCALS~1\Temp\catchme.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2005-01-28 18944]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; E:\Programy\Avast 4.8 home\aswUpdSv.exe [2009-11-25 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-02-03 602112]
R2 avast! Antivirus;avast! Antivirus; E:\Programy\Avast 4.8 home\ashServ.exe [2009-11-25 138680]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-01-03 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-01-03 214520]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; E:\Programy\Avast 4.8 home\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; E:\Programy\Avast 4.8 home\ashWebSv.exe [2009-11-25 352920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu; E:\Hry\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Caroprd111]

Odinstalujte ComboFix přes:
Start >> Spustit, zkopírujte do okénka:

ComboFix /Uninstall

stiskněte Enter



Stáhněte T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe

• Spusťte, pro potvrzení volby mačkejte klávesu A, Enter
• Po použití program vymažte. Pozor,antiviry ho mohou falešně označit za vir.

Stáhněte TFC http://oldtimer.geekstogo.com/TFC.exe

• Spusťte.
• Klikněte na "Start". Potvrďte hlášku kliknutím na "Ok" (Bude následovat restart)

Stáhněte OTC http://oldtimer.geekstogo.com/OTC.exe

• Spusťte.
• Klikněte na "CleanUp!". Potvrďte hlášky kliknutím na "Yes" (Bude následovat restart)

Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478

• Nainstalujte a v průběhu instalace odškrtněte, že chcete instalovat yahoo toolbar.
  
  Záložka Čistič
• Dejte analyzovat, po dokončení dejte Spustit Ccleaner.
  
  Záložka Registry
• Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, potom dejte Opravit všechny problémy.
  OK Zavřít

V logu nevidím firewall, doinstalujte Přehled: http://www.viry.cz/forum/viewtopic.php?f=41&t=6523