vir VB08/PANDEM!C/SoNNy - kontrola logu

[víťa_p]

Prosim o kontrolu logu. Pocitac napaden virem "SMS vyderacem"
RSIT log:
==============================
Logfile of random's system information tool 1.07 (written by random/random)
Run by Vasek at 2010-06-08 19:21:07
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 136 GB (59%) free of 230 GB
Total RAM: 1022 MB (55% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Extended Warranty.job
C:\WINDOWS\tasks\Master CD_DVD Creator.job
C:\WINDOWS\tasks\Registration reminder 1.job
C:\WINDOWS\tasks\Registration reminder 2.job
C:\WINDOWS\tasks\Registration reminder 3.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-02-23 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-23 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-23 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2009-05-20 1258808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-06-12 958712]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2009-05-20 1258808]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"=C:\WINDOWS\sm56hlpr.exe [2005-10-18 557056]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-05-18 16207872]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"DAEMON Tools-1033"=C:\Program Files\D-Tools\daemon.exe [2003-10-02 81920]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-11-27 98304]
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2009-05-20 111928]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-06-10 1447168]
"System"=C:\Program Files\System\system32.exe [2010-04-21 28160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"SmpcSys"=C:\APPS\SMP\SmpSys.exe [2005-12-08 975360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-10-09 139264]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-07-04 139264]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
""=1
"DisableTaskMgr"=0
"DisableLockWorkstation"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\RealVNC\WinVNC\winvnc.exe"="C:\Program Files\RealVNC\WinVNC\winvnc.exe:*:Enabled:VNC server for Win32"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Valve\hl.exe"="C:\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\FlatOut2\FlatOut2.exe"="C:\Program Files\FlatOut2\FlatOut2.exe:*:Disabled:FlatOut2"
"C:\hry Files\Sniper Elite\SniperElite.exe"="C:\hry Files\Sniper Elite\SniperElite.exe:*:Disabled:SniperElite"
"C:\Program Files\EA GAMES\MOHAA\moh_Breakthrough.exe"="C:\Program Files\EA GAMES\MOHAA\moh_Breakthrough.exe:*:Disabled:Medal of Honor Allied Assault(tm) Breakthrough"
"C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe"="C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:*:Enabled:Medal of Honor Airborne"
"C:\Program Files\EA GAMES\Medal of Honor Pacific Assault(tm)\mohpa.exe"="C:\Program Files\EA GAMES\Medal of Honor Pacific Assault(tm)\mohpa.exe:*:Enabled:Medal of Honor Pacific Assault(tm)"
"C:\Program Files\VALVe\Counter-Strike Source\hl2.exe"="C:\Program Files\VALVe\Counter-Strike Source\hl2.exe:*:Disabled:hl2"
"C:\APPS\SKYPE\Phone\Skype.exe"="C:\APPS\SKYPE\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-06-08 19:21:07 ----D---- C:\rsit
2010-06-08 19:21:07 ----D---- C:\Program Files\trend micro
2010-06-08 19:20:47 ----SHD---- C:\RECYCLER
2010-06-08 18:36:43 ----HD---- C:\WINDOWS\system32\GroupPolicy

======List of files/folders modified in the last 1 months======

2010-06-08 19:21:07 ----RD---- C:\Program Files
2010-06-08 19:16:10 ----D---- C:\WINDOWS\Registration
2010-06-08 19:16:08 ----D---- C:\WINDOWS\temp
2010-06-08 19:16:08 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-08 19:15:20 ----D---- C:\WINDOWS
2010-06-08 18:51:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-08 18:44:41 ----D---- C:\Program Files\Mozilla Firefox
2010-06-08 18:36:43 ----D---- C:\WINDOWS\system32
2010-06-08 18:26:32 ----A---- C:\WINDOWS\wincmd.ini
2010-06-07 19:46:27 ----D---- C:\WINDOWS\Prefetch
2010-06-07 19:17:56 ----D---- C:\WINDOWS\system32\drivers
2010-05-30 17:24:20 ----SHD---- C:\Config.Msi
2010-05-30 17:24:08 ----RSD---- C:\WINDOWS\assembly
2010-05-30 17:23:49 ----SHD---- C:\WINDOWS\Installer
2010-05-21 10:33:31 ----D---- C:\Documents and Settings\Vasek\Application Data\ICQ
2010-05-13 15:40:46 ----A---- C:\WINDOWS\NeroDigital.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-06-10 53256]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-06-10 34312]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-06-10 39944]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-07-04 3230720]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2006-06-12 43008]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-05-16 4275712]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2005-10-18 905608]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys []
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-03-03 18944]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-08-24 477696]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2007-06-18 565248]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-07-04 561152]
R2 ehRecvr;Služba přijímače aplikace Media Center; C:\WINDOWS\eHome\ehRecvr.exe [2006-06-29 237568]
R2 ehSched;Služba plánování aplikace Media Center; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-06-10 468224]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-23 152984]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2005-01-31 49152]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-03 38912]
R2 USBDeviceService;USBDeviceService; C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe [2005-10-20 90112]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-07-03 593920]
S2 NOD32FiXTemDono;Eset Nod32 Boot; C:\WINDOWS\system32\regedt32.exe [2004-08-10 3584]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-06-10 19200]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-10-09 724992]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Mohu pridat HiJackThis.

[víťa_p]

Ahoj,
dik za rychlou reakci.
Log OTL:
=============
OTL logfile created on: 8.6.2010 20:03:43 - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Vasek\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1 022,00 Mb Total Physical Memory | 552,00 Mb Available Physical Memory | 54,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 225,07 Gb Total Space | 133,21 Gb Free Space | 59,19% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 3,72 Gb Total Space | 3,11 Gb Free Space | 83,51% Space Free | Partition Type: FAT32

Computer Name: 122136410314
Current User Name: Vasek
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.06.08 19:58:04 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vasek\Desktop\OTL.exe
PRC - [2010.04.21 18:26:34 | 000,028,160 | ---- | M] (Norris) -- C:\Program Files\System\system32.exe
PRC - [2009.05.20 15:11:40 | 000,111,928 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe
PRC - [2008.08.08 08:04:10 | 001,091,768 | ---- | M] (C. Ghisler & Co.) -- C:\totalcmd\TOTALCMD.EXE
PRC - [2008.06.10 18:53:54 | 000,468,224 | ---- | M] (ESET) -- C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe
PRC - [2008.06.10 18:52:30 | 001,447,168 | ---- | M] (ESET) -- C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe
PRC - [2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.06.18 16:51:50 | 000,565,248 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
PRC - [2006.10.09 12:28:56 | 000,139,264 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006.10.09 12:22:58 | 000,884,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2005.12.08 17:39:08 | 000,975,360 | ---- | M] (Packard Bell BV) -- C:\APPS\SMP\SMPSYS.EXE
PRC - [2005.10.20 08:15:00 | 000,090,112 | ---- | M] () -- C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
PRC - [2005.10.18 14:14:00 | 000,557,056 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe
PRC - [2005.01.31 11:45:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2003.10.02 03:20:50 | 000,081,920 | ---- | M] (DAEMON'S HOME) -- C:\Program Files\D-Tools\daemon.exe


========== Modules (SafeList) ==========

MOD - [2010.06.08 19:58:04 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vasek\Desktop\OTL.exe
MOD - [2009.05.20 15:11:06 | 000,023,864 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll
MOD - [2008.04.14 02:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2006.07.11 18:35:38 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\SweetIM\Messenger\msvcr71.dll


========== Win32 Services (SafeList) ==========

SRV - [2008.07.29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.06.10 18:59:18 | 000,019,200 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2008.06.10 18:53:54 | 000,468,224 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2007.06.18 16:51:50 | 000,565,248 | ---- | M] (Lavasoft AB) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice)
SRV - [2005.10.20 08:15:00 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe -- (USBDeviceService)
SRV - [2005.01.31 11:45:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2004.08.10 16:00:00 | 000,003,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\regedt32.exe -- (NOD32FiXTemDono)


========== Driver Services (SafeList) ==========

DRV - [2008.07.04 08:33:33 | 003,230,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.06.10 18:56:10 | 000,034,312 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2008.06.10 18:48:38 | 000,053,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv)
DRV - [2008.06.10 18:47:42 | 000,039,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2008.04.13 20:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008.04.13 20:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008.04.13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006.08.24 07:44:14 | 000,477,696 | R--- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211BU.sys -- (ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS)
DRV - [2006.05.29 14:03:00 | 000,006,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaidexp.sys -- (ViaIde)
DRV - [2006.05.16 18:32:58 | 004,275,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006.02.21 13:12:00 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2005.10.18 14:16:00 | 000,905,608 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2005.09.29 19:01:51 | 000,066,048 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005.08.10 14:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005.05.16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004.08.09 13:33:26 | 000,114,016 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004.08.09 13:29:28 | 000,053,920 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2004.07.19 16:49:54 | 000,007,040 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1)
DRV - [2003.12.01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003.10.02 04:16:48 | 000,119,552 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pnpshark.sys -- (pnpshark)
DRV - [2003.09.27 15:37:16 | 000,005,504 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\st3shark.sys -- (st3shark)
DRV - [2001.08.17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001.08.17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001.08.17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001.08.17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001.08.17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001.08.17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001.08.17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001.08.17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001.08.17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001.08.17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001.08.17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001.08.17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001.08.17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001.08.17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001.08.17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-435502334-3970489975-646819446-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKU\S-1-5-21-435502334-3970489975-646819446-1005\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-435502334-3970489975-646819446-1005\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-435502334-3970489975-646819446-1005\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKU\S-1-5-21-435502334-3970489975-646819446-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-435502334-3970489975-646819446-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search..."
FF - prefs.js..browser.search.defaulturl: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://radiobar.toolbarhome.com/?hp=df"
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.17
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: radiobar@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10
FF - prefs.js..keyword.URL: "http://radiobar.toolbarhome.com/search.aspx?srch=ku&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.icq.com/search/afe_result ... id=afex&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.02 14:55:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.01 19:59:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2008.11.21 21:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vasek\Application Data\mozilla\Extensions
[2010.05.30 14:34:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vasek\Application Data\mozilla\Firefox\Profiles\ukihn1uq.default\extensions
[2009.09.02 15:32:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Vasek\Application Data\mozilla\Firefox\Profiles\ukihn1uq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.01.02 15:20:55 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Vasek\Application Data\mozilla\Firefox\Profiles\ukihn1uq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.02.12 14:25:31 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Documents and Settings\Vasek\Application Data\mozilla\Firefox\Profiles\ukihn1uq.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2010.03.13 14:39:56 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Documents and Settings\Vasek\Application Data\mozilla\Firefox\Profiles\ukihn1uq.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2010.03.13 14:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vasek\Application Data\mozilla\Firefox\Profiles\ukihn1uq.default\extensions\firebug@software.joehewitt.com
[2010.05.30 14:34:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vasek\Application Data\mozilla\Firefox\Profiles\ukihn1uq.default\extensions\radiobar@toolbar
[2010.06.06 20:59:24 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Vasek\Application Data\Mozilla\FireFox\Profiles\ukihn1uq.default\searchplugins\icqplugin-1.xml
[2009.09.14 06:59:22 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Vasek\Application Data\Mozilla\FireFox\Profiles\ukihn1uq.default\searchplugins\icqplugin-10.xml
[2009.10.28 20:35:51 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Vasek\Application Data\Mozilla\FireFox\Profiles\ukihn1uq.default\searchplugins\icqplugin-11.xml
[2009.12.16 21:22:25 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Vasek\Application Data\Mozilla\FireFox\Profiles\ukihn1uq.default\searchplugins\icqplugin-12.xml
[2010.01.07 18:37:59 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Vasek\Application Data\Mozilla\FireFox\Profiles\ukihn1uq.default\searchplugins\icqplugin-13.xml
[2010.02.12 14:25:52 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Vasek\Application Data\Mozilla\FireFox\Profiles\ukihn1uq.default\searchplugins\icqplugin-14.xml
[2010.04.01 20:00:27 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Vasek\Application Data\Mozilla\FireFox\Profiles\ukihn1uq.default\searchplugins\icqplugin-15.xml
[2010.04.06 16:30:15 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Vasek\Application Data\Mozilla\FireFox\Profiles\ukihn1uq.default\searchplugins\icqplugin-16.xml
[2009.03.15 09:58:00 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Vasek\Application Data\Mozilla\FireFox\Profiles\ukihn1uq.default\searchplugins\icqplugin-2.xml
[2009.03.17 18:41:50 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Vasek\Application Data\Mozilla\FireFox\Profiles\ukihn1uq.default\searchplugins\icqplugin-3.xml
[2009.03.29 09:17:51 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Vasek\Application Data\Mozilla\FireFox\Profiles\ukihn1uq.default\searchplugins\icqplugin-4.xml
[2009.04.23 17:19:00 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Vasek\Application Data\Mozilla\FireFox\Profiles\ukihn1uq.default\searchplugins\icqplugin-5.xml
[2009.04.29 18:52:31 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Vasek\Application Data\Mozilla\FireFox\Profiles\ukihn1uq.default\searchplugins\icqplugin-6.xml
[2009.06.12 15:41:57 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Vasek\Application Data\Mozilla\FireFox\Profiles\ukihn1uq.default\searchplugins\icqplugin-7.xml
[2009.08.02 16:34:09 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Vasek\Application Data\Mozilla\FireFox\Profiles\ukihn1uq.default\searchplugins\icqplugin-8.xml
[2009.08.08 15:35:37 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Vasek\Application Data\Mozilla\FireFox\Profiles\ukihn1uq.default\searchplugins\icqplugin-9.xml
[2008.11.18 13:56:02 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\Vasek\Application Data\Mozilla\FireFox\Profiles\ukihn1uq.default\searchplugins\icqplugin.xml
[2009.03.07 17:46:15 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\Vasek\Application Data\Mozilla\FireFox\Profiles\ukihn1uq.default\searchplugins\sweetim.xml
[2010.05.30 14:34:54 | 000,001,598 | ---- | M] () -- C:\Documents and Settings\Vasek\Application Data\Mozilla\FireFox\Profiles\ukihn1uq.default\searchplugins\web-search.xml
[2010.05.30 14:57:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.04.06 16:28:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.04.01 19:59:44 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.04.01 19:59:44 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.04.01 19:59:44 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.04.01 19:59:44 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.04.01 19:59:44 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2004.08.10 16:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No CLSID value found.
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComett\tools\BitCometBHO_1.3.7.16.dll (BitComet)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-435502334-3970489975-646819446-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-435502334-3970489975-646819446-1005\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [System] C:\Program Files\System\system32.exe (Norris)
O4 - HKU\S-1-5-21-435502334-3970489975-646819446-1005..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-435502334-3970489975-646819446-1005..\Run: [SmpcSys] C:\APPS\SMP\SMPSYS.EXE (Packard Bell BV)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-435502334-3970489975-646819446-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-435502334-3970489975-646819446-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-435502334-3970489975-646819446-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-435502334-3970489975-646819446-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-435502334-3970489975-646819446-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: = 1
O7 - HKU\S-1-5-21-435502334-3970489975-646819446-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-21-435502334-3970489975-646819446-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 1
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - C:\Program Files\BitComett\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - C:\Program Files\BitComett\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - C:\Program Files\BitComett\BitComet.exe (www.BitComet.com)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComett\tools\BitCometBHO_1.3.7.16.dll (BitComet)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... vc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 () - http://ima.lide.cz/small/499E60E2C60131 ... g#55728304
O24 - Desktop Components:1 () - http://profil.lide.cz/st/2.2.3/js/lide5.js
O24 - Desktop Components:2 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Vasek\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Vasek\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.05.30 13:37:20 | 000,000,030 | RH-- | M] () - I:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004.09.10 10:16:00 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\VIO\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.mpegacm - C:\Program Files\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.ulmp3acm - C:\Program Files\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (55745656140070912)

========== Files/Folders - Created Within 7 Days ==========

[2010.06.08 20:01:49 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Vasek\Desktop\OTL.exe
[2010.06.08 19:34:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Vasek\Recent
[2010.06.08 19:21:07 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.06.08 19:21:07 | 000,000,000 | ---D | C] -- C:\rsit
[2010.06.08 19:20:47 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.06.08 18:36:43 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2003.10.02 04:16:48 | 000,119,552 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\pnpshark.sys
[2003.09.27 15:37:16 | 000,005,504 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\st3shark.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2010.06.08 20:05:17 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\Vasek\NTUSER.DAT
[2010.06.08 20:01:18 | 000,002,359 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010.06.08 19:58:04 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vasek\Desktop\OTL.exe
[2010.06.08 19:52:09 | 000,000,017 | ---- | M] () -- C:\Documents and Settings\Vasek\Desktop\kill.bat
[2010.06.08 19:48:32 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.06.08 19:48:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.06.08 19:48:02 | 1072,156,672 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.08 19:46:43 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Vasek\ntuser.ini
[2010.06.08 19:36:28 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BitComet.lnk
[2010.06.08 19:30:00 | 000,000,228 | ---- | M] () -- C:\WINDOWS\tasks\Master CD_DVD Creator.job
[2010.06.08 19:30:00 | 000,000,228 | ---- | M] () -- C:\WINDOWS\tasks\Extended Warranty.job
[2010.06.08 19:18:05 | 000,000,614 | RHS- | M] () -- C:\Documents and Settings\Vasek\ntuser.pol
[2010.06.08 18:30:44 | 000,824,681 | ---- | M] () -- C:\Documents and Settings\Vasek\Desktop\RSIT.exe
[2010.06.07 19:39:58 | 000,000,011 | ---- | M] () -- C:\Documents and Settings\Vasek\Desktop\Antivypnutí.bat
[2010.06.06 18:28:30 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.06.08 19:51:43 | 000,000,017 | ---- | C] () -- C:\Documents and Settings\Vasek\Desktop\kill.bat
[2010.06.08 19:20:45 | 000,824,681 | ---- | C] () -- C:\Documents and Settings\Vasek\Desktop\RSIT.exe
[2010.06.08 18:37:03 | 000,000,614 | RHS- | C] () -- C:\Documents and Settings\Vasek\ntuser.pol
[2010.06.07 19:39:50 | 000,000,011 | ---- | C] () -- C:\Documents and Settings\Vasek\Desktop\Antivypnutí.bat
[2010.04.10 19:27:20 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2009.12.25 19:43:52 | 000,000,341 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008.12.23 13:04:53 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit.INI
[2008.11.23 17:11:36 | 000,000,384 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.11.22 06:04:41 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.11.16 20:49:44 | 000,002,359 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2008.06.10 18:56:10 | 000,034,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\epfwtdir.sys
[2007.06.19 09:59:36 | 000,070,400 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2007.04.20 08:57:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007.04.20 08:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007.04.20 08:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007.04.20 08:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007.04.20 08:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007.04.20 08:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007.04.20 08:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007.04.20 08:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007.04.20 08:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2006.11.27 20:47:45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006.11.27 20:29:46 | 000,002,431 | ---- | C] () -- C:\WINDOWS\System32\SETUPPC.INI
[2006.11.27 20:26:16 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006.11.27 20:03:54 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006.01.12 17:37:38 | 000,005,968 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006.01.12 13:23:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005.10.18 14:15:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2005.10.18 14:15:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2005.10.18 14:14:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2005.10.18 14:14:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2005.10.18 14:14:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2005.10.18 14:14:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2005.10.18 14:13:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2005.10.18 14:13:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2005.10.18 14:13:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2005.08.05 16:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005.06.17 07:41:14 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004.09.10 17:50:43 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003.10.02 03:20:48 | 000,061,952 | ---- | C] () -- C:\WINDOWS\daemon.dll

========== LOP Check ==========

[2010.04.17 10:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009.07.13 16:44:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2008.12.24 12:11:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\POP3Profiles
[2009.12.26 19:21:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\POPWWPROFILES
[2008.11.14 02:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2009.03.07 17:46:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SweetIM
[2008.11.14 02:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010.02.12 14:32:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vasek\Application Data\CometNetwork
[2010.05.21 10:33:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vasek\Application Data\ICQ
[2008.11.14 18:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vasek\Application Data\Leadertech
[2009.08.13 22:56:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vasek\Application Data\TeamViewer
[2008.11.15 22:20:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vasek\Application Data\Ulead Systems
[2010.04.21 18:35:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vasek\Application Data\uTorrent
[2010.06.08 19:30:00 | 000,000,228 | ---- | M] () -- C:\WINDOWS\Tasks\Extended Warranty.job
[2010.06.08 19:30:00 | 000,000,228 | ---- | M] () -- C:\WINDOWS\Tasks\Master CD_DVD Creator.job
[2008.11.14 18:20:12 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 1.job
[2008.11.13 19:50:54 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 2.job
[2008.11.27 20:05:10 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 3.job

========== Purity Check ==========

---------- pokracovani ------------

[víťa_p]

---------- pokracovani ------------
========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"MSMSGS" = "C:\Program Files\Messenger\msmsgs.exe" /background -- [2008.04.14 02:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation)
"SmpcSys" = C:\APPS\SMP\SmpSys.exe -- [2005.12.08 17:39:08 | 000,975,360 | ---- | M] (Packard Bell BV)
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" -- [2006.10.09 12:28:56 | 000,139,264 | ---- | M] (Nero AG)
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 02:12:16 | 000,015,360 | ---- | M] (Microsoft Corporation)

< c:\windows\*.* /U >
[1 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >
[2008.12.24 20:36:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008.11.16 11:36:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2008.11.16 21:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2010.04.17 10:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009.07.13 16:44:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2008.11.14 02:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2008.11.16 20:52:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008.12.06 21:38:38 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2008.12.24 12:11:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\POP3Profiles
[2009.12.26 19:21:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\POPWWPROFILES
[2009.02.04 20:33:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2008.11.14 02:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2010.04.02 12:48:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2008.11.14 02:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2009.03.07 17:46:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SweetIM
[2008.11.14 18:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2008.11.14 02:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009.02.04 20:39:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2008.12.06 15:01:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vasek\Application Data\Adobe
[2008.12.08 18:04:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vasek\Application Data\AdobeUM
[2008.11.16 21:23:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vasek\Application Data\Ahead
[2008.11.13 20:12:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vasek\Application Data\ATI
[2010.02.12 14:32:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vasek\Application Data\CometNetwork
[2008.11.16 11:36:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vasek\Application Data\CyberLink
[2008.11.21 21:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vasek\Application Data\Help
[2010.05.21 10:33:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vasek\Application Data\ICQ
[2008.11.14 02:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vasek\Application Data\Identities
[2008.11.14 18:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vasek\Application Data\Leadertech
[2008.11.14 02:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vasek\Application Data\Macromedia
[2010.03.14 13:40:37 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Vasek\Application Data\Microsoft
[2008.11.21 21:15:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vasek\Application Data\Mozilla
[2009.12.26 13:24:04 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Vasek\Application Data\SecuROM
[2010.06.08 19:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vasek\Application Data\Skype
[2008.11.14 18:20:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vasek\Application Data\Sonic
[2008.11.21 21:17:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vasek\Application Data\Sun
[2008.11.14 02:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vasek\Application Data\Symantec
[2009.08.13 22:56:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vasek\Application Data\TeamViewer
[2008.11.15 22:20:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vasek\Application Data\Ulead Systems
[2010.04.21 18:35:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vasek\Application Data\uTorrent
[2008.11.16 20:49:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vasek\Application Data\WinRAR

< %APPDATA%\*.exe /s >
[2006.11.27 20:32:49 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Vasek\Application Data\Microsoft\Installer\{5E8A1B08-0FBD-4543-9646-F2C2D0D05750}\ARPPRODUCTICON.exe


< MD5 for: AGP440.SYS >
[2004.08.10 16:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.12.13 19:45:04 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004.08.10 16:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008.12.13 19:45:04 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004.08.10 16:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.12.13 19:45:04 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004.08.10 16:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008.12.13 19:45:04 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: CDROM.SYS >
[2004.08.10 16:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.12.13 19:45:04 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2004.08.10 16:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:cdrom.sys
[2008.12.13 19:45:04 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004.08.10 16:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2004.08.10 16:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=10654F9DDCEA9C46CFB77554231BE73B -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 02:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 02:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 02:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 02:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004.08.10 16:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\cache\explorer.exe
[2004.08.10 16:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: HAL.DLL >
[2004.08.10 16:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.12.13 19:45:04 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2004.08.10 16:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:hal.dll
[2008.12.13 19:45:04 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 20:31:28 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\HAL.DLL
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2005.09.29 01:35:25 | 000,134,272 | ---- | M] (Microsoft Corporation) MD5=A3961B9456DE472D2F152C9DE950FFA5 -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll
[2004.08.04 00:59:14 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- C:\WINDOWS\$NtUninstallKB896256$\hal.dll

< MD5 for: CHANGER.SYS >
[2004.08.10 16:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008.12.13 19:45:04 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2004.08.10 16:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:Changer.sys
[2008.12.13 19:45:04 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys

< MD5 for: ISAPNP.SYS >
[2008.12.13 19:45:04 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.12.13 19:45:04 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2008.04.13 20:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=05A299EC56E52649B1CF2FC52D20F2D7 -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.13 20:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=05A299EC56E52649B1CF2FC52D20F2D7 -- C:\WINDOWS\system32\drivers\isapnp.sys
[2001.08.17 15:58:02 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=E504F706CCB699C2596E9A3DA1596E87 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys

< MD5 for: LSASS.EXE >
[2004.08.10 16:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=84885F9B82F4D55C6146EBF6065D75D2 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 02:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 02:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\system32\dllcache\cache\lsass.exe
[2008.04.14 02:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\cache\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004.08.10 16:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008.04.14 02:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 02:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\cache\netlogon.dll
[2008.04.14 02:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.10 16:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004.08.10 16:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 02:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 02:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\cache\scecli.dll
[2008.04.14 02:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2008.04.14 02:12:36 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 02:12:36 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\system32\smss.exe
[2004.08.10 16:00:00 | 000,470,016 | ---- | M] (Microsoft Corporation) MD5=9A98937A980831729D21343754FF9D59 -- C:\WINDOWS\I386\SYSTEM32\SMSS.EXE
[2004.08.10 16:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=BD7FB0957C716F1A60333AEE04DE2178 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2004.08.10 16:00:00 | 000,469,504 | ---- | M] (Microsoft Corporation) MD5=C37F36D08F06A7B0CAF8C1EE9E4079A3 -- C:\cmdcons\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\cache\svchost.exe
[2008.04.14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004.08.10 16:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2006.04.20 13:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2006.01.13 19:07:08 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=5562CC0A47B2AEF06D3417B733F3C195 -- C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[2006.01.13 04:28:14 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=583E063FDC888CA30D05C2724B0D7EF4 -- C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\cache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004.08.10 16:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006.04.20 14:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2004.08.10 16:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008.04.14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\cache\userinit.exe
[2008.04.14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: VIAMRAID.SYS >
[2006.05.29 14:03:22 | 000,092,672 | ---- | M] (VIA Technologies inc,.ltd) MD5=FBF18F9F5FB852C2976723587B44F346 -- C:\PNP\MOBO\VIAMRAID.SYS
[2006.05.29 14:03:22 | 000,092,672 | ---- | M] (VIA Technologies inc,.ltd) MD5=FBF18F9F5FB852C2976723587B44F346 -- C:\WINDOWS\system32\drivers\viamraid.sys

< MD5 for: WINLOGON.EXE >
[2004.08.10 16:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\cache\winlogon.exe
[2008.04.14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2008.04.14 02:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 02:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\dllcache\cache\ws2_32.dll
[2008.04.14 02:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[2004.08.10 16:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008.04.14 02:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004.09.10 17:22:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004.09.10 17:22:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004.09.10 17:22:08 | 000,851,968 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[2008.04.14 02:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2010.06.06 18:28:30 | 000,001,158 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report >
===============

Extras.zip v priloze

[víťa_p]

Otravny okno obtezovat ostalo

Tady je ten log:
======================
All processes killed
========== OTL ==========
No active process named system32.exe was found!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ not found.
Registry value HKEY_USERS\S-1-5-21-435502334-3970489975-646819446-1005\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\System deleted successfully.
C:\Program Files\System\system32.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-435502334-3970489975-646819446-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-435502334-3970489975-646819446-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: divokej bill

User: Extra Band

User: Jaromír Nohavica - Babylon

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 16786 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Vasek
->Temp folder emptied: 22147561 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 36496165 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 228834921 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 17 bytes

Total Files Cleaned = 274,00 mb


OTL by OldTimer - Version 3.2.5.3 log created on 06082010_203511

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Vasek\Local Settings\Application Data\Mozilla\Firefox\Profiles\ukihn1uq.default\Cache.Trash\Trash\Cache\12108296d01 not found!
File\Folder C:\Documents and Settings\Vasek\Local Settings\Application Data\Mozilla\Firefox\Profiles\ukihn1uq.default\Cache.Trash\Trash\Cache\B569ABE3d01 not found!

Registry entries deleted on Reboot...


=========== EOF ==========

EDIT:
Přidávám scan z VirusTotal:
http://www.virustotal.com/cs/analisis/9 ... 1276023277

[víťa_p]

1) Log z VT
http://www.virustotal.com/cs/analisis/9 ... 1276023277

2) Log HJT po leceni
================
Logfile of HijackThis v1.99.1
Scan saved at 21:05:51, on 8.6.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\APPS\SMP\SmpSys.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\totalcmd\TOTALCMD.EXE
i:\Recovery\HiJacksThis!\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://format.packardbell.com/cgi-bin/r ... ey=IESTART
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComett\tools\BitCometBHO_1.3.7.16.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComett\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComett\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComett\BitComet.exe/AddAllLink.htm
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComett\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://format.packardbell.com/cgi-bin/r ... ey=IESTART
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{7BAE9EBB-46A3-4BC3-A8B6-BBAA6095B499}: NameServer = 10.83.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{DDC804F6-C35F-4926-908D-2593CF94AA00}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

======= EOF =======

3) Log RSIT po leceni
================
Logfile of random's system information tool 1.07 (written by random/random)
Run by Vasek at 2010-06-08 21:03:59
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 137 GB (59%) free of 230 GB
Total RAM: 1022 MB (54% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Extended Warranty.job
C:\WINDOWS\tasks\Master CD_DVD Creator.job
C:\WINDOWS\tasks\Registration reminder 1.job
C:\WINDOWS\tasks\Registration reminder 2.job
C:\WINDOWS\tasks\Registration reminder 3.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComett\tools\BitCometBHO_1.3.7.16.dll [2009-07-16 664888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-02-23 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-23 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-23 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2009-05-20 1258808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-06-12 958712]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2009-05-20 1258808]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"=C:\WINDOWS\sm56hlpr.exe [2005-10-18 557056]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-05-18 16207872]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"DAEMON Tools-1033"=C:\Program Files\D-Tools\daemon.exe [2003-10-02 81920]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-11-27 98304]
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2009-05-20 111928]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-06-10 1447168]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"SmpcSys"=C:\APPS\SMP\SmpSys.exe [2005-12-08 975360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-10-09 139264]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-07-04 139264]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableLockWorkstation"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\RealVNC\WinVNC\winvnc.exe"="C:\Program Files\RealVNC\WinVNC\winvnc.exe:*:Enabled:VNC server for Win32"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Valve\hl.exe"="C:\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\FlatOut2\FlatOut2.exe"="C:\Program Files\FlatOut2\FlatOut2.exe:*:Disabled:FlatOut2"
"C:\hry Files\Sniper Elite\SniperElite.exe"="C:\hry Files\Sniper Elite\SniperElite.exe:*:Disabled:SniperElite"
"C:\Program Files\EA GAMES\MOHAA\moh_Breakthrough.exe"="C:\Program Files\EA GAMES\MOHAA\moh_Breakthrough.exe:*:Disabled:Medal of Honor Allied Assault(tm) Breakthrough"
"C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe"="C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:*:Enabled:Medal of Honor Airborne"
"C:\Program Files\EA GAMES\Medal of Honor Pacific Assault(tm)\mohpa.exe"="C:\Program Files\EA GAMES\Medal of Honor Pacific Assault(tm)\mohpa.exe:*:Enabled:Medal of Honor Pacific Assault(tm)"
"C:\Program Files\VALVe\Counter-Strike Source\hl2.exe"="C:\Program Files\VALVe\Counter-Strike Source\hl2.exe:*:Disabled:hl2"
"C:\APPS\SKYPE\Phone\Skype.exe"="C:\APPS\SKYPE\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\BitComett\BitComet.exe"="C:\Program Files\BitComett\BitComet.exe:*:Enabled:BitComet"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-06-08 20:35:11 ----D---- C:\_OTL
2010-06-08 19:21:07 ----D---- C:\rsit
2010-06-08 19:21:07 ----D---- C:\Program Files\trend micro
2010-06-08 19:20:47 ----SHD---- C:\RECYCLER
2010-06-08 18:36:43 ----HD---- C:\WINDOWS\system32\GroupPolicy

======List of files/folders modified in the last 1 months======

2010-06-08 20:51:36 ----A---- C:\WINDOWS\wincmd.ini
2010-06-08 20:43:31 ----D---- C:\WINDOWS\temp
2010-06-08 20:43:25 ----D---- C:\WINDOWS\Registration
2010-06-08 20:43:21 ----D---- C:\WINDOWS
2010-06-08 20:35:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-08 20:35:15 ----D---- C:\WINDOWS\system32
2010-06-08 20:35:13 ----D---- C:\Program Files\System
2010-06-08 20:32:50 ----A---- C:\WINDOWS\NeroDigital.ini
2010-06-08 20:24:20 ----D---- C:\Program Files\Mozilla Firefox
2010-06-08 19:50:25 ----D---- C:\WINDOWS\Prefetch
2010-06-08 19:46:38 ----D---- C:\Documents and Settings\Vasek\Application Data\Skype
2010-06-08 19:37:11 ----D---- C:\Program Files\BitComett
2010-06-08 19:34:07 ----D---- C:\WINDOWS\Minidump
2010-06-08 19:21:07 ----RD---- C:\Program Files
2010-06-08 19:16:08 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-07 19:17:56 ----D---- C:\WINDOWS\system32\drivers
2010-05-30 17:24:20 ----SHD---- C:\Config.Msi
2010-05-30 17:24:08 ----RSD---- C:\WINDOWS\assembly
2010-05-30 17:23:49 ----SHD---- C:\WINDOWS\Installer
2010-05-21 10:33:31 ----D---- C:\Documents and Settings\Vasek\Application Data\ICQ

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-06-10 53256]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-06-10 34312]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-06-10 39944]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-07-04 3230720]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2006-06-12 43008]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-05-16 4275712]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2005-10-18 905608]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys []
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-03-03 18944]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-08-24 477696]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2007-06-18 565248]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-07-04 561152]
R2 ehRecvr;Služba přijímače aplikace Media Center; C:\WINDOWS\eHome\ehRecvr.exe [2006-06-29 237568]
R2 ehSched;Služba plánování aplikace Media Center; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-06-10 468224]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-23 152984]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2005-01-31 49152]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-03 38912]
R2 USBDeviceService;USBDeviceService; C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe [2005-10-20 90112]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-07-03 593920]
S2 NOD32FiXTemDono;Eset Nod32 Boot; C:\WINDOWS\system32\regedt32.exe [2004-08-10 3584]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-06-10 19200]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-10-09 724992]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[víťa_p]

Ahoj,

ComboFix log:
=====================
ComboFix 10-06-08.05 - Vasek 09.06.2010 16:56:40.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.1022.618 [GMT 2:00]
Spuštěný z: c:\documents and settings\Vasek\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Vasek\Local Settings\Application Data\DoubleD
c:\documents and settings\Vasek\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.8.0.7880\bin\stbup.exe
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-09 do 2010-06-09 )))))))))))))))))))))))))))))))
.

2010-06-09 14:56 . 2010-06-09 14:56 -------- d-----w- c:\documents and settings\Vasek\Local Settings\Application Data\ESET
2010-06-08 18:35 . 2010-06-08 18:35 -------- d-----w- C:\_OTL
2010-06-08 17:21 . 2010-06-08 17:22 -------- d-----w- C:\rsit
2010-06-08 17:21 . 2010-06-08 17:21 -------- d-----w- c:\program files\trend micro
2010-06-08 16:36 . 2010-06-08 16:36 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-05-30 12:34 . 2010-05-23 09:28 14336 ----a-w- c:\documents and settings\Vasek\Application Data\Mozilla\Firefox\Profiles\ukihn1uq.default\extensions\radiobar@toolbar\components\toolbarhomewmp.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-08 18:35 . 2010-04-15 14:59 -------- d-----w- c:\program files\System
2010-06-08 17:46 . 2009-04-09 19:23 -------- d-----w- c:\documents and settings\Vasek\Application Data\Skype
2010-06-08 17:37 . 2010-02-12 12:25 -------- d-----w- c:\program files\BitComett
2010-05-21 08:33 . 2008-11-22 06:54 -------- d-----w- c:\documents and settings\Vasek\Application Data\ICQ
2010-04-21 16:35 . 2009-01-02 13:27 -------- d-----w- c:\documents and settings\Vasek\Application Data\uTorrent
2010-04-20 18:32 . 2008-11-21 19:18 -------- d-----w- c:\program files\Eset
2010-04-17 08:13 . 2010-04-17 08:13 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-04-10 17:27 . 2010-04-10 17:27 -------- d-----w- c:\program files\Cheat Engine
2010-03-18 08:17 . 2009-11-17 12:28 79488 ----a-w- c:\documents and settings\Vasek\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-04-20_18.52.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-09 14:55 . 2010-06-09 14:55 16384 c:\windows\temp\Perflib_Perfdata_6f4.dat
+ 2010-04-20 18:55 . 2009-08-06 17:24 53472 c:\windows\system32\dllcache\cache\wuauclt.exe
+ 2010-04-20 18:55 . 2008-04-14 00:12 13824 c:\windows\system32\dllcache\cache\wscntfy.exe
+ 2010-04-20 18:55 . 2008-04-14 00:12 82432 c:\windows\system32\dllcache\cache\ws2_32.dll
+ 2010-04-20 18:55 . 2008-04-14 00:12 26112 c:\windows\system32\dllcache\cache\userinit.exe
+ 2010-04-20 18:55 . 2008-04-14 00:12 14336 c:\windows\system32\dllcache\cache\svchost.exe
+ 2010-04-20 18:55 . 2008-04-14 00:12 57856 c:\windows\system32\dllcache\cache\spoolsv.exe
+ 2010-04-20 18:55 . 2008-04-14 00:12 88576 c:\windows\system32\dllcache\cache\rasauto.dll
+ 2010-04-20 18:55 . 2008-04-14 00:12 17408 c:\windows\system32\dllcache\cache\powrprof.dll
+ 2010-04-20 18:55 . 2008-04-14 00:11 33792 c:\windows\system32\dllcache\cache\msgsvc.dll
+ 2010-04-20 18:55 . 2008-04-14 00:12 13312 c:\windows\system32\dllcache\cache\lsass.exe
+ 2010-04-20 18:55 . 2008-04-14 00:11 22016 c:\windows\system32\dllcache\cache\lpk.dll
+ 2010-04-20 18:55 . 2008-04-13 18:39 24576 c:\windows\system32\dllcache\cache\kbdclass.sys
+ 2010-04-20 18:55 . 2008-04-13 18:53 36608 c:\windows\system32\dllcache\cache\ip6fw.sys
+ 2010-04-20 18:55 . 2008-04-14 00:12 15360 c:\windows\system32\dllcache\cache\ctfmon.exe
+ 2010-04-20 18:55 . 2008-04-13 18:57 14336 c:\windows\system32\dllcache\cache\asyncmac.sys
+ 2010-04-20 18:55 . 2004-08-10 14:00 11648 c:\windows\system32\dllcache\cache\acpiec.sys
+ 2010-04-20 18:55 . 2008-04-14 00:12 5120 c:\windows\system32\dllcache\cache\sfc.dll
+ 2010-04-20 18:55 . 2004-08-10 14:00 2944 c:\windows\system32\dllcache\cache\null.sys
+ 2010-04-20 18:55 . 2004-08-10 14:00 4224 c:\windows\system32\dllcache\cache\beep.sys
+ 2010-04-20 18:55 . 2008-04-14 00:12 507904 c:\windows\system32\dllcache\cache\winlogon.exe
+ 2010-04-20 18:55 . 2010-03-11 12:38 832512 c:\windows\system32\dllcache\cache\wininet.dll
+ 2010-04-20 18:55 . 2008-04-14 00:12 578560 c:\windows\system32\dllcache\cache\user32.dll
+ 2010-04-20 18:55 . 2008-04-14 00:12 295424 c:\windows\system32\dllcache\cache\termsrv.dll
+ 2010-04-20 18:55 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\cache\tcpip.sys
+ 2010-04-20 18:55 . 2008-04-14 00:12 171008 c:\windows\system32\dllcache\cache\srsvc.dll
+ 2010-04-20 18:55 . 2009-02-06 11:11 110592 c:\windows\system32\dllcache\cache\services.exe
+ 2010-04-20 18:55 . 2008-04-14 00:12 181248 c:\windows\system32\dllcache\cache\scecli.dll
+ 2010-04-20 18:55 . 2009-02-09 12:10 401408 c:\windows\system32\dllcache\cache\rpcss.dll
+ 2010-04-20 18:55 . 2008-04-14 00:12 409088 c:\windows\system32\dllcache\cache\qmgr.dll
+ 2010-04-20 18:55 . 2008-04-14 00:12 435200 c:\windows\system32\dllcache\cache\ntmssvc.dll
+ 2010-04-20 18:55 . 2008-04-13 19:15 574976 c:\windows\system32\dllcache\cache\ntfs.sys
+ 2010-04-20 18:55 . 2008-04-14 00:12 407040 c:\windows\system32\dllcache\cache\netlogon.dll
+ 2010-04-20 18:55 . 2008-04-13 19:20 182656 c:\windows\system32\dllcache\cache\ndis.sys
+ 2010-04-20 18:55 . 2008-04-14 00:11 927504 c:\windows\system32\dllcache\cache\mfc40u.dll
+ 2010-04-20 18:55 . 2009-03-21 14:06 989696 c:\windows\system32\dllcache\cache\kernel32.dll
+ 2010-04-20 18:55 . 2008-04-14 00:11 110080 c:\windows\system32\dllcache\cache\imm32.dll
+ 2010-04-20 18:55 . 2008-04-14 00:11 792064 c:\windows\system32\dllcache\cache\comres.dll
+ 2010-04-20 18:55 . 2008-04-14 00:11 617472 c:\windows\system32\dllcache\cache\comctl32.dll
+ 2010-04-20 18:55 . 2008-04-14 00:11 167936 c:\windows\system32\dllcache\cache\appmgmts.dll
+ 2010-04-20 18:55 . 2008-04-13 16:39 142592 c:\windows\system32\dllcache\cache\aec.sys
+ 2010-04-20 18:55 . 2008-04-14 00:12 1614848 c:\windows\system32\dllcache\cache\sfcfiles.dll
+ 2010-04-20 18:55 . 2010-02-16 14:08 2146304 c:\windows\system32\dllcache\cache\ntoskrnl.exe
+ 2010-04-20 18:55 . 2010-02-16 13:25 2024448 c:\windows\system32\dllcache\cache\ntkrnlpa.exe
+ 2010-04-20 18:55 . 2010-03-11 12:38 3599872 c:\windows\system32\dllcache\cache\mshtml.dll
+ 2010-04-20 18:55 . 2008-04-14 00:12 1033728 c:\windows\system32\dllcache\cache\explorer.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-05-20 177464]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-05-20 12:36 1258808 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\apps\SMP\SmpSys.exe" [2005-12-08 975360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="sm56hlpr.exe" [2005-10-18 557056]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 16207872]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2003-10-02 81920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-11-27 98304]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-05-20 111928]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\RealVNC\\WinVNC\\winvnc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Valve\\hl.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\hry Files\\Sniper Elite\\SniperElite.exe"=
"c:\\Program Files\\EA GAMES\\MOHAA\\moh_Breakthrough.exe"=
"c:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"c:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault(tm)\\mohpa.exe"=
"c:\\Program Files\\VALVe\\Counter-Strike Source\\hl2.exe"=
"c:\\APPS\\SKYPE\\Phone\\Skype.exe"=
"c:\\Program Files\\BitComett\\BitComet.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22693:TCP"= 22693:TCP:BitComet 22693 TCP
"22693:UDP"= 22693:UDP:BitComet 22693 UDP
"22916:TCP"= 22916:TCP:BitComet 22916 TCP
"22916:UDP"= 22916:UDP:BitComet 22916 UDP

R0 pnpshark;pnpshark;c:\windows\system32\drivers\pnpshark.sys [2.10.2003 4:16 119552]
R0 st3shark;st3shark;c:\windows\system32\drivers\st3shark.sys [27.9.2003 15:37 5504]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [10.6.2008 18:56 34312]
R2 ekrn;Eset Service;c:\program files\Eset\ESET NOD32 Antivirus\ekrn.exe [10.6.2008 18:53 468224]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys --> c:\windows\system32\DRIVERS\ehdrv.sys [?]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [10.9.2004 16:57 3584]
.
Obsah adresáře 'Naplánované úlohy'

2010-06-08 c:\windows\Tasks\Extended Warranty.job
- c:\apps\SMP\PBCARNOT.EXE [2005-11-09 12:55]

2010-06-08 c:\windows\Tasks\Master CD_DVD Creator.job
- c:\apps\SMP\MCDCHECK.EXE [2005-11-08 14:26]

2008-11-14 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-10 00:12]

2008-11-13 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-10 00:12]

2008-11-27 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-10 00:12]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://home.sweetim.com
uInternet Connection Wizard,ShellNext = hxxp://format.packardbell.com/cgi-bin/redirect/?country=CZ&range=AD&phase=7&key=IESTART
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComett\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComett\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComett\BitComet.exe/AddAllLink.htm
TCP: {7BAE9EBB-46A3-4BC3-A8B6-BBAA6095B499} = 10.83.1.1
TCP: {DDC804F6-C35F-4926-908D-2593CF94AA00} = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Vasek\Application Data\Mozilla\Firefox\Profiles\ukihn1uq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.startup.homepage - hxxp://radiobar.toolbarhome.com/?hp=df
FF - prefs.js: keyword.URL - hxxp://radiobar.toolbarhome.com/search.aspx?srch=ku&q=
FF - component: c:\documents and settings\Vasek\Application Data\Mozilla\Firefox\Profiles\ukihn1uq.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - component: c:\documents and settings\Vasek\Application Data\Mozilla\Firefox\Profiles\ukihn1uq.default\extensions\radiobar@toolbar\components\toolbarhomewmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-HijackThis - i:\hijacksthis!\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-09 17:03
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86B4D8D8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7724f28
\Driver\ACPI -> ACPI.sys @ 0xf7527cb8
\Driver\atapi -> 0x86b4d8d8
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: VIA Rhine II Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf734abb0
PacketIndicateHandler -> NDIS.sys @ 0xf7339a0d
SendHandler -> NDIS.sys @ 0xf734db40
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-435502334-3970489975-646819446-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-06-09 17:05:12
ComboFix-quarantined-files.txt 2010-06-09 15:05
ComboFix2.txt 2010-04-20 18:56

Před spuštěním: 143 220 748 288 bytes free
Po spuštění: Volných bajtů: 143 226 044 416

- - End Of File - - 8195BEB344C678E895973556C9F17A1C

[víťa_p]

Jak zabezpecit pocitac, ktery prevazne pouziva 14-ti lety kluk, ktery si rizika pouzivani netu vubec neuvedomuje a rodice se vubec nevyznaji (pripad tohoto leceneho kompu)? ESET je taky out of date a kdo vi jak casto se pokuseji o nejakou aktualizaci.
Tento konkretni pocitac neni pod mym dozorem.

[víťa_p]

Toolbary smazat. Je to otravny balast.

[víťa_p]

Si spustel Ty ComboFix2.txt 2010-04-20 18:56? Pokud ano, neznalym do ruky Cf nepatri. Vloz obsah logu ComboFix2.txt

NE ja to nebyl. Ten pocitac mam v rukou od vcerejska. pokusim se ho najit a hodim to sem.

[víťa_p]

Zatim ten ComboFix2.txt z 20.4.2010
============================
ComboFix 09-08-10.01 - Vasek 20.04.2010 20:51.1.2 - NTFSx86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.1022.689 [GMT 2:00]
Spuštěný z: c:\documents and settings\Vasek\My Documents\Stažené soubory\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
- REŽIM S OMEZENOU FUNKČNOSTÍ -
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

?
c:\recycler\S-1-5-21-1408612007-4253205653-323653659-500

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-20 do 2010-04-20 )))))))))))))))))))))))))))))))
.

2010-04-20 18:34 . 2008-03-03 16:21 568 ---ha-w- c:\windows\nod32fixtemdono.reg
2010-04-20 18:34 . 2008-03-03 12:25 5702 ---ha-w- c:\windows\nod32restoretemdono.reg
2010-04-20 18:24 . 2010-04-20 18:25 -------- d-----w- c:\documents and settings\Vasek\Application Data\Spyware Terminator
2010-04-20 18:24 . 2010-04-20 18:24 6144 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe
2010-04-20 18:24 . 2010-04-20 18:24 5632 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys
2010-04-20 18:24 . 2010-04-20 18:24 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-04-20 18:24 . 2010-04-20 18:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2010-04-20 18:24 . 2010-04-20 18:31 -------- d-----w- c:\program files\Spyware Terminator
2010-04-17 08:13 . 2010-04-17 08:13 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-04-15 14:59 . 2010-04-15 14:59 -------- d-----w- c:\program files\System
2010-04-10 17:27 . 2007-12-26 15:30 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
2010-04-10 17:27 . 2007-12-26 15:30 1970176 ----a-w- c:\windows\system32\d3dx9.dll
2010-04-10 17:27 . 2010-04-10 17:27 -------- d-----w- c:\program files\Cheat Engine
2010-04-06 14:26 . 2010-04-06 14:29 -------- d-----w- c:\program files\ICQ6.5
2010-04-02 10:49 . 2010-04-02 10:49 -------- d-----w- c:\program files\Common Files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-20 18:32 . 2008-11-21 19:18 -------- d-----w- c:\program files\Eset
2010-04-20 17:23 . 2010-02-12 12:25 -------- d-----w- c:\program files\BitComett
2010-04-10 17:27 . 2010-04-10 17:27 -------- d-----w- c:\program files\Cheat Engine
2010-04-07 13:10 . 2008-11-22 06:56 -------- d-----w- c:\program files\ICQ6Toolbar
2010-04-04 17:22 . 2008-11-22 06:54 -------- d-----w- c:\documents and settings\Vasek\Application Data\ICQ
2010-04-02 11:31 . 2009-04-09 19:23 -------- d-----w- c:\documents and settings\Vasek\Application Data\Skype
2010-04-02 10:48 . 2009-04-09 19:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-03-18 08:17 . 2009-11-17 12:28 79488 ----a-w- c:\documents and settings\Vasek\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-11 12:38 . 2004-09-10 14:57 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-09-10 14:57 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2004-09-10 14:56 17408 ------w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2004-09-10 14:57 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-24 13:11 . 2004-09-10 14:57 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 18:55 . 2010-02-12 12:30 -------- d-----w- c:\program files\CometBird
2010-02-16 14:08 . 2004-09-10 14:57 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 12:25 . 2010-02-12 12:25 1036288 ----a-w- c:\documents and settings\Vasek\Application Data\Mozilla\Firefox\Profiles\ukihn1uq.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
2010-02-12 10:03 . 2010-03-11 16:13 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33 . 2004-09-10 14:56 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-09-10 14:57 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-05-20 177464]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-05-20 12:36 1258808 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SmpcSys"="c:\apps\SMP\SmpSys.exe" [2005-12-08 975360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 139264]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-04-20 3037696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2003-10-02 81920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-11-27 98304]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-05-20 111928]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168]
"SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2005-10-18 557056]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-05-18 16207872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\RealVNC\\WinVNC\\winvnc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Valve\\hl.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\hry Files\\Sniper Elite\\SniperElite.exe"=
"c:\\Program Files\\EA GAMES\\MOHAA\\moh_Breakthrough.exe"=
"c:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"c:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault(tm)\\mohpa.exe"=
"c:\\Program Files\\VALVe\\Counter-Strike Source\\hl2.exe"=
"c:\\APPS\\SKYPE\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22693:TCP"= 22693:TCP:BitComet 22693 TCP
"22693:UDP"= 22693:UDP:BitComet 22693 UDP
"22916:TCP"= 22916:TCP:BitComet 22916 TCP
"22916:UDP"= 22916:UDP:BitComet 22916 UDP

R0 pnpshark;pnpshark;c:\windows\system32\drivers\pnpshark.sys [2.10.2003 4:16 119552]
R0 st3shark;st3shark;c:\windows\system32\drivers\st3shark.sys [27.9.2003 15:37 5504]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [10.6.2008 18:56 34312]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys --> c:\windows\system32\DRIVERS\ehdrv.sys [?]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [20.4.2010 20:24 142592]
S2 ekrn;Eset Service;c:\program files\Eset\ESET NOD32 Antivirus\ekrn.exe [10.6.2008 18:53 468224]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [10.9.2004 16:57 3584]
.
Obsah adresáře 'Naplánované úlohy'

2010-04-20 c:\windows\Tasks\Extended Warranty.job
- c:\apps\SMP\PBCARNOT.EXE [2005-11-09 12:55]

2010-04-20 c:\windows\Tasks\Master CD_DVD Creator.job
- c:\apps\SMP\MCDCHECK.EXE [2005-11-08 14:26]

2008-11-14 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-10 00:12]

2008-11-13 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-10 00:12]

2008-11-27 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-10 00:12]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://home.sweetim.com
uInternet Connection Wizard,ShellNext = hxxp://format.packardbell.com/cgi-bin/redirect/?country=CZ&range=AD&phase=7&key=IESTART
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
TCP: {7BAE9EBB-46A3-4BC3-A8B6-BBAA6095B499} = 10.83.1.1
TCP: {DDC804F6-C35F-4926-908D-2593CF94AA00} = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Vasek\Application Data\Mozilla\Firefox\Profiles\ukihn1uq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\documents and settings\Vasek\Application Data\Mozilla\Firefox\Profiles\ukihn1uq.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-20 20:52
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-435502334-3970489975-646819446-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(900)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-04-20 20:56
ComboFix-quarantined-files.txt 2010-04-20 18:56

Před spuštěním: 145 336 868 864 bytes free
Po spuštění: Volných bajtů: 145 377 234 944

244 --- E O F --- 2010-04-20 05:11

[víťa_p]

To OTL se zaseklo na odstraneni jednoho toolbaru a nic nedela: Program neodpovida. Cekam a nic. Vsechna okna jsou vypnuta, rezident NOD vypnut. Zatezuje CPU z 50%.
Mam jeste pockat, nebo mam proces ukoncit?

[víťa_p]

Zase se to kouslo. Konci to na:

[-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[víťa_p]

ComboFix log po léčení:
=================
ComboFix 10-06-08.05 - Vasek 09.06.2010 19:13:42.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.1022.618 [GMT 2:00]
Spuštěný z: c:\documents and settings\Vasek\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Vasek\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((( Soubory vytvořené od 2010-05-09 do 2010-06-09 )))))))))))))))))))))))))))))))
.

2010-06-09 14:56 . 2010-06-09 14:56 -------- d-----w- c:\documents and settings\Vasek\Local Settings\Application Data\ESET
2010-06-08 18:35 . 2010-06-08 18:35 -------- d-----w- C:\_OTL
2010-06-08 17:21 . 2010-06-08 17:22 -------- d-----w- C:\rsit
2010-06-08 17:21 . 2010-06-08 17:21 -------- d-----w- c:\program files\trend micro
2010-06-08 16:36 . 2010-06-08 16:36 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-05-30 12:34 . 2010-05-23 09:28 14336 ----a-w- c:\documents and settings\Vasek\Application Data\Mozilla\Firefox\Profiles\ukihn1uq.default\extensions\radiobar@toolbar\components\toolbarhomewmp.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-08 18:35 . 2010-04-15 14:59 -------- d-----w- c:\program files\System
2010-06-08 17:46 . 2009-04-09 19:23 -------- d-----w- c:\documents and settings\Vasek\Application Data\Skype
2010-06-08 17:37 . 2010-02-12 12:25 -------- d-----w- c:\program files\BitComett
2010-05-21 08:33 . 2008-11-22 06:54 -------- d-----w- c:\documents and settings\Vasek\Application Data\ICQ
2010-04-21 16:35 . 2009-01-02 13:27 -------- d-----w- c:\documents and settings\Vasek\Application Data\uTorrent
2010-04-20 18:32 . 2008-11-21 19:18 -------- d-----w- c:\program files\Eset
2010-04-17 08:13 . 2010-04-17 08:13 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-04-10 17:27 . 2010-04-10 17:27 -------- d-----w- c:\program files\Cheat Engine
2010-03-18 08:17 . 2009-11-17 12:28 79488 ----a-w- c:\documents and settings\Vasek\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-04-20_18.52.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-09 17:13 . 2010-06-09 17:13 16384 c:\windows\temp\Perflib_Perfdata_7b4.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\apps\SMP\SmpSys.exe" [2005-12-08 975360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="sm56hlpr.exe" [2005-10-18 557056]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 16207872]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2003-10-02 81920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-11-27 98304]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\RealVNC\\WinVNC\\winvnc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Valve\\hl.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\hry Files\\Sniper Elite\\SniperElite.exe"=
"c:\\Program Files\\EA GAMES\\MOHAA\\moh_Breakthrough.exe"=
"c:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"c:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault(tm)\\mohpa.exe"=
"c:\\Program Files\\VALVe\\Counter-Strike Source\\hl2.exe"=
"c:\\APPS\\SKYPE\\Phone\\Skype.exe"=
"c:\\Program Files\\BitComett\\BitComet.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22693:TCP"= 22693:TCP:BitComet 22693 TCP
"22693:UDP"= 22693:UDP:BitComet 22693 UDP
"22916:TCP"= 22916:TCP:BitComet 22916 TCP
"22916:UDP"= 22916:UDP:BitComet 22916 UDP

R0 pnpshark;pnpshark;c:\windows\system32\drivers\pnpshark.sys [2.10.2003 4:16 119552]
R0 st3shark;st3shark;c:\windows\system32\drivers\st3shark.sys [27.9.2003 15:37 5504]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [10.6.2008 18:56 34312]
R2 ekrn;Eset Service;c:\program files\Eset\ESET NOD32 Antivirus\ekrn.exe [10.6.2008 18:53 468224]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys --> c:\windows\system32\DRIVERS\ehdrv.sys [?]
.
Obsah adresáře 'Naplánované úlohy'

2010-06-09 c:\windows\Tasks\Extended Warranty.job
- c:\apps\SMP\PBCARNOT.EXE [2005-11-09 12:55]

2010-06-09 c:\windows\Tasks\Master CD_DVD Creator.job
- c:\apps\SMP\MCDCHECK.EXE [2005-11-08 14:26]

2008-11-14 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-10 00:12]

2008-11-13 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-10 00:12]

2008-11-27 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-10 00:12]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://home.sweetim.com
uInternet Connection Wizard,ShellNext = hxxp://format.packardbell.com/cgi-bin/redirect/?country=CZ&range=AD&phase=7&key=IESTART
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComett\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComett\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComett\BitComet.exe/AddAllLink.htm
TCP: {7BAE9EBB-46A3-4BC3-A8B6-BBAA6095B499} = 10.83.1.1
TCP: {DDC804F6-C35F-4926-908D-2593CF94AA00} = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Vasek\Application Data\Mozilla\Firefox\Profiles\ukihn1uq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.startup.homepage - hxxp://radiobar.toolbarhome.com/?hp=df
FF - prefs.js: keyword.URL - hxxp://radiobar.toolbarhome.com/search.aspx?srch=ku&q=
FF - component: c:\documents and settings\Vasek\Application Data\Mozilla\Firefox\Profiles\ukihn1uq.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - component: c:\documents and settings\Vasek\Application Data\Mozilla\Firefox\Profiles\ukihn1uq.default\extensions\radiobar@toolbar\components\toolbarhomewmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-Yahoo! Companion - c:\progra~1\Yahoo!\Common\unyt.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-09 19:20
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86B4A958]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7724f28
\Driver\ACPI -> ACPI.sys @ 0xf7527cb8
\Driver\atapi -> 0x86b4a958
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: VIA Rhine II Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf734abb0
PacketIndicateHandler -> NDIS.sys @ 0xf7339a0d
SendHandler -> NDIS.sys @ 0xf734db40
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-435502334-3970489975-646819446-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-06-09 19:23:06
ComboFix-quarantined-files.txt 2010-06-09 17:23
ComboFix2.txt 2010-06-09 15:05
ComboFix3.txt 2010-04-20 18:56

Před spuštěním: 143 228 481 536 bytes free
Po spuštění: Volných bajtů: 143 184 695 296

- - End Of File - - EEA3ADF59908A29886D7482BA93AABB6

[víťa_p]

Mooooockrat dekuju.
Majiteli kompu predam cislo na zaslani darovaci smsky nebo ho radeji poslu na terminal sazky.

DIK

[víťa_p]

Vsechno udelano, vycisteno. VELKY DIIIK.

Jaky typ haveti to byl? root-kit?