Prosím o kontrolu logu

Zpráva

Eleken · #1 Příspěvek od **Eleken** » 12 čer 2010 07:15

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:14:14, on 12.6.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ralink\Common\ApUI.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
I:\Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Jan\Plocha\hij\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://centrum.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7070
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Jan\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Jan\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [StudentDOG] K:\Student DOG\StudentDOG.exe -h
O4 - HKCU\..\Run: [TOY5KNQ8OC] C:\DOCUME~1\Jan\LOCALS~1\Temp\Qwr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\Ralink\Common\ApUI.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe

--
End of file - 8294 bytes

Eleken · #2 Příspěvek od **Eleken** » 12 čer 2010 07:32

EDIT: ted jsem si všiml toho oznámení, předkládám Log z RSIT:

Logfile of random's system information tool 1.07 (written by random/random)
Run by Jan at 2010-06-12 08:31:48
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 671 MB (3%) free of 20 GB
Total RAM: 511 MB (42% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2008-03-20 1267040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Documents and Settings\Jan\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2009-07-14 150768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4D76F01-7896-458a-890F-E1F05C46069F}]
Ask Toolbar BHO - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL [2008-07-01 241664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{F4D76F09-7896-458a-890F-E1F05C46069F} - Ask Toolbar - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL [2008-07-01 241664]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2008-03-20 1267040]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2004-12-22 86016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2004-12-22 5517312]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe []
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-12-01 77824]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-05-06 2815192]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe []
"StudentDOG"=K:\Student DOG\StudentDOG.exe -h []
"TOY5KNQ8OC"=C:\DOCUME~1\Jan\LOCALS~1\Temp\Qwr.exe []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
Ralink Wireless Utility.lnk - C:\Program Files\Ralink\Common\ApUI.exe

C:\Documents and Settings\Jan\Nabídka Start\Programy\Po spuštění
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"Wallpaper"=

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"ForceActiveDesktopOn"=1
"NoActiveDesktop"=2

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"I:\QIP\qip.exe"="I:\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\WINDOWS\network diagnostic\xpnetdiag.exe"="C:\WINDOWS\network diagnostic\xpnetdiag.exe:*:Enabled:Network Diagnostic for Windows XP"
"I:\torent\Swapper\swapper.exe"="I:\torent\Swapper\swapper.exe:*:Enabled:swapper"
"C:\Program Files\Swapper\swapper.exe"="C:\Program Files\Swapper\swapper.exe:*:Enabled:swapper"
"I:\Game\Activision\Call of Duty 2\CoD2MP_s.exe"="I:\Game\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\LucasArts\Star Wars Empire at War\GameData\fpupdate.exe"="C:\Program Files\LucasArts\Star Wars Empire at War\GameData\fpupdate.exe:*:Enabled:fpupdate"
"C:\Program Files\MirandaPack\miranda32.exe"="C:\Program Files\MirandaPack\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\Trillian\trillian.exe"="C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian"
"I:\Opera\opera.exe"="I:\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"J:\bin.win\mserver.exe"="J:\bin.win\mserver.exe:*:Enabled:mserver"
"I:\uTorrent.exe"="I:\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Documents and Settings\Jan\Plocha\Bin\Pokemon Game.exe"="C:\Documents and Settings\Jan\Plocha\Bin\Pokemon Game.exe:*:Enabled:Pokemon Game"
"C:\Program Files\ZoomText 9.1\Zt.exe"="C:\Program Files\ZoomText 9.1\Zt.exe:LocalSubNet:Enabled:ZoomText 9.1"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\Java\jre1.6.0_07\bin\java.exe"="C:\Program Files\Java\jre1.6.0_07\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\KeyHoleTV\KeyHoleTV.exe"="C:\Program Files\KeyHoleTV\KeyHoleTV.exe:*:Enabled:KeyHole TV Main Application"
"C:\Program Files\Pinnacle\Studio 10\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 10\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Ralink\Common\ApUI.exe"="C:\Program Files\Ralink\Common\ApUI.exe:*:Enabled:Ralink Wireless Access Point Utility"
"I:\Firefox\firefox.exe"="I:\Firefox\firefox.exe:*:Enabled:Firefox"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ZoomText 9.1\Zt.exe"="C:\Program Files\ZoomText 9.1\Zt.exe:LocalSubNet:Enabled:ZoomText 9.1"

======List of files/folders created in the last 1 months======

2010-06-12 08:10:47 ----D---- C:\rsit
2010-06-12 08:10:47 ----D---- C:\Program Files\trend micro
2010-06-12 07:55:04 ----D---- C:\Program Files\Alwil Software
2010-06-12 07:54:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-06-11 23:46:36 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-06-11 23:46:31 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-06-11 23:45:54 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-06-11 23:43:18 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-06-11 23:43:15 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-06-11 23:43:02 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-06-03 12:00:28 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$

======List of files/folders modified in the last 1 months======

2010-06-12 08:10:47 ----RD---- C:\Program Files
2010-06-12 08:06:34 ----D---- C:\WINDOWS\system32
2010-06-12 08:06:34 ----D---- C:\WINDOWS\inf
2010-06-12 08:05:59 ----SHD---- C:\WINDOWS\Installer
2010-06-12 08:05:59 ----SD---- C:\Documents and Settings\Jan\Data aplikací\Microsoft
2010-06-12 08:05:59 ----D---- C:\Program Files\Project64 1.6
2010-06-12 08:01:04 ----A---- C:\WINDOWS\win.ini
2010-06-12 08:00:48 ----D---- C:\WINDOWS\TEMP
2010-06-12 07:58:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-12 07:58:40 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-12 07:58:10 ----RSD---- C:\WINDOWS\Fonts
2010-06-12 07:57:19 ----D---- C:\WINDOWS\system32\drivers
2010-06-12 07:57:13 ----D---- C:\WINDOWS
2010-06-12 07:57:00 ----A---- C:\WINDOWS\VFO.INI
2010-06-12 07:56:56 ----HD---- C:\Program Files\InstallShield Installation Information
2010-06-12 07:56:34 ----D---- C:\Program Files\Pinnacle
2010-06-12 07:55:51 ----D---- C:\WINDOWS\Prefetch
2010-06-12 07:55:36 ----D---- C:\WINDOWS\WinSxS
2010-06-12 07:55:34 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-06-12 07:34:47 ----D---- C:\WINDOWS\Microsoft.NET
2010-06-12 07:34:43 ----RSD---- C:\WINDOWS\assembly
2010-06-11 23:46:39 ----DC---- C:\WINDOWS\system32\dllcache
2010-06-11 23:46:33 ----A---- C:\WINDOWS\imsins.BAK
2010-06-11 23:46:29 ----D---- C:\WINDOWS\$hf_mig$
2010-06-11 23:45:39 ----D---- C:\Program Files\Internet Explorer
2010-06-11 23:45:25 ----D---- C:\WINDOWS\ie8updates
2010-06-11 23:41:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-05-28 21:37:34 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-05-06 28880]
R1 AmdK8;AMD Athlon64 Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-10-21 35840]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-05-06 164048]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-05-06 46672]
R1 NetworkX;NetworkX; C:\WINDOWS\system32\ckldrv.sys [2006-01-10 31846]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 prodrv04;Star Force copy protection driver v4; C:\WINDOWS\System32\drivers\prodrv04.sys [2007-09-14 114496]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2010-02-28 21361]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-05-06 19024]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-05-06 100432]
R2 BT848;WinFast TV2000 XP WDM Video Capture; C:\WINDOWS\system32\drivers\wf2kvcap.sys [2004-10-04 75925]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner; C:\WINDOWS\system32\drivers\wf2ktunr.sys [2005-03-03 36423]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar; C:\WINDOWS\system32\drivers\wf2kxbar.sys [2004-10-04 10005]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-12-01 2300928]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-12-22 3395520]
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-04-13 70144]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-05-06 23376]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nocashio;nocashio; C:\WINDOWS\system32\drivers\nocashio.sys [2008-07-09 4096]
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 RT73;RT73 USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2008-05-29 463616]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\D:\NTGLM7X.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS []
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
R2 Crypkey License;Crypkey License; C:\WINDOWS\system32\crypserv.exe [2007-02-02 122880]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2004-12-22 139330]
R2 RalinkRegistryWriter;Ralink Registry Writer; C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe [2008-05-13 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#3 Příspěvek od **vyosek** » 12 čer 2010 07:50

Zdravim a pekne sobotni rano,

Pekneho konicka trojskeho si tam chovate

Doporucuji odinstalovat (pokud nepouzivate) toolbary (listy prohlizecu) v Přidat nebo odebrat programy

Doporucuji odinstalovat klienty P2P siti - jsou potencialnim rizikem pro bezpecnost PC a jsou velmi casto zdrojem viru a haveti - navic jejich pouzivani odporuje i pravidlum naseho fora (vice zde)

Stahnete na plochu CKScanner

Spustte a kliknete na Search for files
Po dokonceni skenu kliknete na Save List to File a nasledne OK
Na plose se Vam vytvori log s nazvem ckfiles.txt, jeho obsah mi sem vlozte

Zapojte do PC vsechny USB klice (flashky, ext. disky apod.)

Stahne a ulozte na plochu UsbFix http://pagesperso-orange.fr/NosTools/Ch ... UsbFix.exe
Spustte a kliknete na Deletion
Po dokonceni sem vlozte log, pokud na Vas nevyskoci, najdete jej zde C:\UsbFix.txt

Stahnete OTL (viz muj podpis) a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Stari souboru zmente z 30 dnu na 7 dnu
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
autochk.exe
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT

Kliknete na tlacitko Prohledat
Po dokonceni skenu (cca 5min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte

Kazdy log do noveho prispevku poprosim - OTL se Vam mozna do jednoho nevejde, tak jej rozdelte - dekuji

Eleken · #4 Příspěvek od **Eleken** » 12 čer 2010 10:00

Eleken · #5 Příspěvek od **Eleken** » 12 čer 2010 10:01

OTL.txt

OTL logfile created on: 12.6.2010 10:44:04 - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Jan\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

511,00 Mb Total Physical Memory | 220,00 Mb Available Physical Memory | 43,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 5,99 Gb Free Space | 30,67% Space Free | Partition Type: NTFS
Drive D: | 82,91 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 92,25 Gb Total Space | 37,14 Gb Free Space | 40,26% Space Free | Partition Type: NTFS
Drive K: | 3,75 Gb Total Space | 0,09 Gb Free Space | 2,53% Space Free | Partition Type: FAT32

Computer Name: JAN-517CB4FB58E
Current User Name: Jan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.06.12 10:41:19 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jan\Plocha\OTL.exe
PRC - [2010.06.03 18:00:37 | 000,307,672 | ---- | M] (Mozilla Corporation) -- I:\Firefox\firefox.exe
PRC - [2010.05.06 22:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010.05.06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010.06.12 10:41:19 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jan\Plocha\OTL.exe
MOD - [2008.04.14 05:19:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010.05.06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010.05.06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010.05.06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008.07.29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.05.13 16:12:54 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Stopped] -- C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter)
SRV - [2007.02.02 21:32:21 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Stopped] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)

========== Driver Services (SafeList) ==========

DRV - [2010.05.06 22:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010.05.06 22:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010.05.06 22:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010.05.06 22:33:59 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010.05.06 22:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.05.06 22:33:29 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008.07.09 19:35:53 | 000,004,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nocashio.sys -- (nocashio)
DRV - [2008.05.29 23:00:12 | 000,463,616 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2007.10.05 19:33:57 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007.09.14 17:07:30 | 000,114,496 | ---- | M] (Protection Technology Co.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv04.sys -- (prodrv04)
DRV - [2006.01.10 04:47:27 | 000,031,846 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX)
DRV - [2005.03.03 06:34:56 | 000,036,423 | R--- | M] (Leadtek Research Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wf2ktunr.sys -- (tv2ktunr)
DRV - [2005.02.09 11:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)
DRV - [2004.12.22 16:40:00 | 003,395,520 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004.12.07 10:15:54 | 000,087,936 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2004.10.21 05:39:44 | 000,035,840 | R--- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004.10.04 12:34:56 | 000,075,925 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wf2kvcap.sys -- (BT848)
DRV - [2004.10.04 12:34:56 | 000,010,005 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wf2kXbar.sys -- (Tv2kXbar)
DRV - [2004.08.04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004.04.13 14:14:12 | 000,070,144 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7070

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-57989841-1383384898-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://aktualne.cz [binary data]
IE - HKU\S-1-5-21-57989841-1383384898-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKU\S-1-5-21-57989841-1383384898-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-57989841-1383384898-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://aktualne.cz [binary data]
IE - HKU\S-1-5-21-57989841-1383384898-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKU\S-1-5-21-57989841-1383384898-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKU\S-1-5-21-57989841-1383384898-725345543-1004\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-57989841-1383384898-725345543-1004\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Jan\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKU\S-1-5-21-57989841-1383384898-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-57989841-1383384898-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7070

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/sli ... ie7&query="
FF - prefs.js..browser.search.selectedEngine: "Seznam"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz"
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_result ... id=afex&q="
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 7070
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: I:\Firefox\components [2010.06.03 18:00:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: I:\Firefox\plugins [2010.06.03 18:00:51 | 000,000,000 | ---D | M]

[2008.08.28 13:05:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jan\Data aplikací\Mozilla\Extensions
[2010.06.12 10:38:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\extensions
[2010.06.03 18:01:30 | 000,001,122 | ---- | M] () -- C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\firmycz.xml
[2010.06.09 22:11:56 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin-1.xml
[2008.11.14 19:59:19 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin-10.xml
[2008.12.17 18:21:40 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin-11.xml
[2009.02.05 07:38:05 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin-12.xml
[2009.03.06 11:20:10 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin-13.xml
[2009.03.29 18:28:01 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin-14.xml
[2009.04.22 13:13:01 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin-15.xml
[2009.04.28 11:17:14 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin-16.xml
[2009.06.12 19:35:08 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin-17.xml
[2009.07.23 09:28:02 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin-18.xml
[2009.08.05 14:24:21 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin-19.xml
[2008.06.29 11:01:17 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin-2.xml
[2008.07.05 09:45:40 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin-3.xml
[2008.07.05 11:33:56 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin-4.xml
[2008.07.17 09:41:18 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin-5.xml
[2008.07.19 08:41:49 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin-6.xml
[2008.08.28 13:05:37 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin-7.xml
[2008.09.24 18:32:28 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin-8.xml
[2008.09.27 11:32:04 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin-9.xml
[2008.04.13 07:46:56 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin.xml
[2010.06.03 18:01:47 | 000,002,044 | ---- | M] () -- C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\mapycz.xml
[2008.07.02 20:30:07 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\winamp-search.xml
[2010.06.03 18:01:48 | 000,002,210 | ---- | M] () -- C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\zbocz.xml

O1 HOSTS File: ([2004.08.18 14:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Jan\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O3 - HKU\S-1-5-21-57989841-1383384898-725345543-1004\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKU\S-1-5-21-57989841-1383384898-725345543-1004\..\Toolbar\WebBrowser: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No CLSID value found.
O3 - HKU\S-1-5-21-57989841-1383384898-725345543-1004\..\Toolbar\WebBrowser: (no name) - {C17590D2-ECB4-4B15-8820-F58798DCC118} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe File not found
O4 - HKU\S-1-5-21-57989841-1383384898-725345543-1004..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe File not found
O4 - HKU\S-1-5-21-57989841-1383384898-725345543-1004..\Run: [StudentDOG] K:\Student DOG\StudentDOG.exe ()
O4 - HKLM..\RunOnce: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Ralink Wireless Utility.lnk = C:\Program Files\Ralink\Common\ApUI.exe (Ralink Technology, Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-57989841-1383384898-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-57989841-1383384898-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 1
O7 - HKU\S-1-5-21-57989841-1383384898-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 2
O7 - HKU\S-1-5-21-57989841-1383384898-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 2
O7 - HKU\S-1-5-21-57989841-1383384898-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-57989841-1383384898-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: Wallpaper =
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll File not found
O9 - Extra Button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.26.26.1 10.26.1.1 212.158.128.2
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Jan\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jan\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.02.27 21:53:41 | 000,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.06.12 10:34:43 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2005.12.05 11:34:20 | 000,000,027 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O32 - AutoRun File - [2010.06.12 10:34:43 | 000,000,000 | RHSD | M] - I:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010.06.12 10:34:46 | 000,000,000 | RHSD | M] - K:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2009.11.27 10:25:40 | 000,000,000 | ---D | M] - K:\Automobil -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007.09.10 15:11:31 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: SSHNAS - File not found

Drivers32: msacm.divxa32 - C:\WINDOWS\System32\divxa32.acm (Kristal StudioD
FileDescription)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.wmv3 - C:\WINDOWS\System32\WMV9VCM.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54338281256517632)

========== Files/Folders - Created Within 7 Days ==========

[2010.06.12 10:41:15 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jan\Plocha\OTL.exe
[2010.06.12 10:34:43 | 000,000,000 | RHSD | C] -- C:\Autorun.inf
[2010.06.12 10:24:26 | 000,000,000 | ---D | C] -- C:\UsbFix_Upload_Me
[2010.06.12 10:09:27 | 000,000,000 | ---D | C] -- C:\UsbFix
[2010.06.12 10:08:47 | 001,214,114 | ---- | C] (C_XX & El Desaparecido) -- C:\Documents and Settings\Jan\Plocha\UsbFix.exe
[2010.06.12 09:00:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Jan\IECompatCache
[2010.06.12 08:34:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jan\Data aplikací\Maxthon3
[2010.06.12 08:10:47 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.06.12 08:10:47 | 000,000,000 | ---D | C] -- C:\rsit
[2010.06.12 08:06:18 | 000,000,000 | ---D | C] -- I:\Dokumenty\PDF soubory
[2010.06.12 08:04:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jan\Plocha\hij
[2010.06.12 07:55:04 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010.06.12 07:54:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2010.06.11 12:55:44 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2010.06.12 10:41:19 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jan\Plocha\OTL.exe
[2010.06.12 10:29:51 | 000,001,215 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.06.12 10:28:47 | 000,017,916 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.06.12 10:28:44 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.06.12 10:28:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.06.12 10:27:45 | 011,796,480 | -H-- | M] () -- C:\Documents and Settings\Jan\NTUSER.DAT
[2010.06.12 10:27:45 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Jan\ntuser.ini
[2010.06.12 10:08:56 | 001,214,114 | ---- | M] (C_XX & El Desaparecido) -- C:\Documents and Settings\Jan\Plocha\UsbFix.exe
[2010.06.12 10:07:13 | 000,451,584 | ---- | M] () -- C:\Documents and Settings\Jan\Plocha\CKScanner.exe
[2010.06.12 09:32:54 | 000,029,672 | ---- | M] () -- C:\Documents and Settings\Jan\Data aplikací\GDIPFONTCACHEV1.DAT
[2010.06.12 09:29:18 | 000,151,040 | ---- | M] () -- C:\Documents and Settings\Jan\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.12 09:17:09 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010.06.12 09:17:05 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010.06.12 09:17:05 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010.06.12 07:59:41 | 000,168,304 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.06.12 07:57:00 | 000,001,196 | ---- | M] () -- C:\WINDOWS\VFO.INI
[2010.06.12 07:55:41 | 000,002,553 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010.06.12 07:53:45 | 051,731,232 | ---- | M] () -- C:\Documents and Settings\Jan\Plocha\setup_av_free.exe
[2010.06.11 23:46:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.06.11 23:41:32 | 000,978,772 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.06.11 23:41:32 | 000,432,492 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.06.11 23:41:32 | 000,429,024 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.06.11 23:41:32 | 000,078,052 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.06.11 23:41:32 | 000,067,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.06.11 14:29:18 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Jan\Plocha\Eleken.doc
[2010.06.10 09:08:23 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Jan\Plocha\Dnešní otázky petrologie.doc
[2010.06.09 22:00:49 | 000,013,732 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.06.12 10:07:13 | 000,451,584 | ---- | C] () -- C:\Documents and Settings\Jan\Plocha\CKScanner.exe
[2010.06.12 09:07:05 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2010.06.12 09:07:05 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2010.06.12 07:45:38 | 051,731,232 | ---- | C] () -- C:\Documents and Settings\Jan\Plocha\setup_av_free.exe
[2010.06.11 14:29:17 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Jan\Plocha\Eleken.doc
[2010.06.10 09:08:22 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Jan\Plocha\Dnešní otázky petrologie.doc
[2010.02.28 11:21:45 | 000,001,164 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI
[2010.02.28 11:21:44 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.dll
[2010.02.27 21:53:41 | 000,001,196 | ---- | C] () -- C:\WINDOWS\VFO.INI
[2009.09.14 14:31:32 | 000,000,548 | ---- | C] () -- C:\WINDOWS\settings.ini
[2009.03.07 19:09:55 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009.02.28 15:10:32 | 000,000,056 | ---- | C] () -- C:\WINDOWS\kgt2k.INI
[2009.02.11 21:02:02 | 000,000,237 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2009.02.11 21:00:10 | 000,003,304 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2008.12.22 14:24:43 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008.12.02 13:31:27 | 000,000,046 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2008.12.02 13:31:24 | 000,031,846 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2008.12.02 13:31:24 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2008.12.02 13:31:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\dcmuser.ini
[2008.12.02 13:30:20 | 000,000,090 | ---- | C] () -- C:\WINDOWS\TestSupp.ini
[2008.07.09 19:35:53 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\nocashio.sys
[2008.06.18 20:20:55 | 000,000,059 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2008.06.18 20:20:55 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2008.06.18 20:20:55 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2007.10.05 19:33:56 | 000,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007.10.05 15:44:43 | 000,000,222 | ---- | C] () -- C:\WINDOWS\level.ini
[2007.09.27 00:07:02 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007.09.16 02:09:06 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2007.09.16 02:09:06 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2007.09.11 13:51:31 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007.09.11 13:51:31 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007.09.11 13:51:31 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007.09.10 15:32:21 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.09.10 15:29:32 | 000,000,139 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2007.09.10 15:27:36 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\memtest.dll
[2007.09.10 15:27:35 | 000,039,372 | R--- | C] () -- C:\WINDOWS\System32\drivers\vgauti.sys
[2007.09.10 15:27:35 | 000,039,372 | R--- | C] () -- C:\WINDOWS\System32\drivers\msicpl.sys
[2007.03.10 13:51:48 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007.02.06 02:05:26 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2006.02.25 20:09:38 | 000,774,144 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004.04.09 17:00:46 | 000,001,128 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

========== LOP Check ==========

[2010.06.12 07:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2007.12.29 23:36:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2008.12.31 11:01:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2008.02.07 09:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\LangSoft
[2010.02.27 22:03:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pinnacle
[2010.02.27 22:03:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pinnacle Studio
[2010.02.28 11:20:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Ralink Driver
[2007.09.11 08:36:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Ulead Systems
[2008.08.14 09:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jan\Data aplikací\COWON
[2008.07.24 14:40:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jan\Data aplikací\ICQ
[2008.04.12 12:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jan\Data aplikací\ICQ Toolbar
[2008.02.07 09:55:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jan\Data aplikací\LangSoft
[2010.06.12 08:34:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jan\Data aplikací\Maxthon3
[2009.05.25 19:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jan\Data aplikací\OpenOffice.org
[2008.07.02 10:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jan\Data aplikací\Opera
[2008.11.20 20:46:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jan\Data aplikací\PC Suite
[2008.04.20 14:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jan\Data aplikací\Petroglyph
[2008.07.01 18:02:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jan\Data aplikací\QIP
[2009.09.14 14:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jan\Data aplikací\Student dog
[2008.11.23 00:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jan\Data aplikací\zweitgeist

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 05:22:17 | 000,015,360 | ---- | M] (Microsoft Corporation)
"RocketDock" = "C:\Program Files\RocketDock\RocketDock.exe" -- File not found
"StudentDOG" = K:\Student DOG\StudentDOG.exe -h -- [2009.04.03 23:15:20 | 002,228,224 | ---- | M] ()

< c:\windows\*.* /U >
[5 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2008.04.12 17:31:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jan\Data aplikací\Adobe
[2009.03.02 21:03:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jan\Data aplikací\Apple Computer
[2008.08.14 09:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jan\Data aplikací\COWON
[2008.07.02 10:07:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jan\Data aplikací\Google
[2008.02.01 09:11:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jan\Data aplikací\Help
[2008.07.24 14:40:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jan\Data aplikací\ICQ
[2008.04.12 12:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jan\Data aplikací\ICQ Toolbar
[2007.09.10 15:16:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jan\Data aplikací\Identities
[2010.02.28 11:19:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jan\Data aplikací\InstallShield
[2008.02.07 09:55:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jan\Data aplikací\LangSoft
[2007.09.11 12:10:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jan\Data aplikací\Macromedia
[2010.06.12 08:34:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jan\Data aplikací\Maxthon3
[2010.06.12 08:05:59 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Jan\Data aplikací\Microsoft
[2008.08.28 13:05:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jan\Data aplikací\Mozilla
[2009.05.25 19:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jan\Data aplikací\OpenOffice.org
[2008.07.02 10:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jan\Data aplikací\Opera
[2008.11.20 20:46:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jan\Data aplikací\PC Suite
[2008.04.20 14:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jan\Data aplikací\Petroglyph
[2008.07.01 18:02:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jan\Data aplikací\QIP
[2009.08.21 09:16:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jan\Data aplikací\skypePM
[2009.09.14 14:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jan\Data aplikací\Student dog
[2007.11.04 09:07:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jan\Data aplikací\Sun
[2007.09.11 11:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jan\Data aplikací\Talkback
[2008.05.01 10:00:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jan\Data aplikací\WinRAR
[2008.04.12 18:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jan\Data aplikací\Yahoo!
[2008.11.23 00:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jan\Data aplikací\zweitgeist

< %APPDATA%\*.exe /s >

< MD5 for: AGP440.SYS >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.08.25 08:09:18 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.08.25 08:09:18 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.08.25 08:09:18 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.08.25 08:09:18 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.18 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.18 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.04.14 05:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008.04.14 05:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe
[2004.08.18 14:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe

< MD5 for: CDROM.SYS >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.08.25 08:09:18 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.08.25 08:09:18 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004.08.18 14:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2004.08.18 14:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2004.08.18 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004.08.18 14:00:00 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007.06.13 15:11:59 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=9B32416BD5988C97B6397CE0B02CAF97 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007.06.13 15:23:39 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=ED7B460B142A32097B8A8F6ECC941815 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: HAL.DLL >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.08.25 08:09:18 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.08.25 08:09:18 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2008.04.13 20:31:28 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=6F61D3287A6A15A08A9433222C09D17F -- C:\WINDOWS\system32\HAL.DLL
[2004.08.18 14:00:00 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll

< MD5 for: CHANGER.SYS >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008.08.25 08:09:18 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2008.08.25 08:09:18 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys

< MD5 for: ISAPNP.SYS >
[2008.08.25 08:09:18 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.08.25 08:09:18 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2004.08.18 14:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2004.08.18 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004.08.18 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2004.08.18 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2004.12.07 10:15:54 | 000,087,936 | R--- | M] (NVIDIA Corporation) MD5=E4F1F95A6BBBFBBFF9A713C6063AA2CB -- C:\WINDOWS\system32\drivers\nvatabus.sys

< MD5 for: SCECLI.DLL >
[2004.08.18 14:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.18 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2004.08.18 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2006.04.20 13:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2007.10.30 18:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2007.10.30 19:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004.08.18 14:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006.04.20 14:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2004.08.18 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.18 14:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2004.08.18 14:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2007.10.05 19:33:57 | 000,685,816 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2007.09.10 16:59:51 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007.09.10 16:59:51 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007.09.10 16:59:51 | 000,471,040 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2010.06.12 09:17:05 | 000,016,832 | ---- | M] () -- C:\WINDOWS\system32\amcompat.tlb
[2010.06.12 07:55:41 | 000,002,553 | ---- | M] () -- C:\WINDOWS\system32\CONFIG.NT
[2010.06.12 07:59:41 | 000,168,304 | ---- | M] () -- C:\WINDOWS\system32\FNTCACHE.DAT
[2010.06.12 09:17:05 | 000,023,392 | ---- | M] () -- C:\WINDOWS\system32\nscompat.tlb
[2010.06.12 10:28:47 | 000,017,916 | ---- | M] () -- C:\WINDOWS\system32\nvapps.xml
[2010.06.11 23:41:32 | 000,078,052 | ---- | M] () -- C:\WINDOWS\system32\perfc005.dat
[2010.06.11 23:41:32 | 000,067,448 | ---- | M] () -- C:\WINDOWS\system32\perfc009.dat
[2010.06.11 23:41:32 | 000,429,024 | ---- | M] () -- C:\WINDOWS\system32\perfh005.dat
[2010.06.11 23:41:32 | 000,432,492 | ---- | M] () -- C:\WINDOWS\system32\perfh009.dat
[2010.06.11 23:41:32 | 000,978,772 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI
[2010.06.09 22:00:49 | 000,013,732 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report >

Eleken · #6 Příspěvek od **Eleken** » 12 čer 2010 10:02

Extras.txt

OTL Extras logfile created on: 12.6.2010 10:44:04 - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Jan\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

511,00 Mb Total Physical Memory | 220,00 Mb Available Physical Memory | 43,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 5,99 Gb Free Space | 30,67% Space Free | Partition Type: NTFS
Drive D: | 82,91 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 92,25 Gb Total Space | 37,14 Gb Free Space | 40,26% Space Free | Partition Type: NTFS
Drive K: | 3,75 Gb Total Space | 0,09 Gb Free Space | 2,53% Space Free | Partition Type: FAT32

Computer Name: JAN-517CB4FB58E
Current User Name: Jan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = SafariHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-57989841-1383384898-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Safari\Safari.exe" -url "%1" File not found
https [open] -- "C:\Program Files\Safari\Safari.exe" -url "%1" File not found
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"7070:TCP" = 7070:TCP:*:Enabled:nfra
"80:TCP" = 80:TCP:*:Enabled:nfra

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\ZoomText 9.1\Zt.exe" = C:\Program Files\ZoomText 9.1\Zt.exe:LocalSubNet:Enabled:ZoomText 9.1 -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"I:\QIP\qip.exe" = I:\QIP\qip.exe:*:Enabled:Quiet Internet Pager -- File not found
"I:\torent\Swapper\swapper.exe" = I:\torent\Swapper\swapper.exe:*:Enabled:swapper -- File not found
"C:\Program Files\Swapper\swapper.exe" = C:\Program Files\Swapper\swapper.exe:*:Enabled:swapper -- File not found
"I:\Game\Activision\Call of Duty 2\CoD2MP_s.exe" = I:\Game\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s -- File not found
"C:\Program Files\LucasArts\Star Wars Empire at War\GameData\fpupdate.exe" = C:\Program Files\LucasArts\Star Wars Empire at War\GameData\fpupdate.exe:*:Enabled:fpupdate -- File not found
"C:\Program Files\MirandaPack\miranda32.exe" = C:\Program Files\MirandaPack\miranda32.exe:*:Enabled:Miranda IM -- File not found
"C:\Program Files\Trillian\trillian.exe" = C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
"I:\Opera\opera.exe" = I:\Opera\opera.exe:*:Enabled:Opera Internet Browser -- File not found
"C:\Program Files\FlashGet\flashget.exe" = C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget -- File not found
"J:\bin.win\mserver.exe" = J:\bin.win\mserver.exe:*:Enabled:mserver -- File not found
"I:\uTorrent.exe" = I:\uTorrent.exe:*:Enabled:µTorrent -- File not found
"C:\Documents and Settings\Jan\Plocha\Bin\Pokemon Game.exe" = C:\Documents and Settings\Jan\Plocha\Bin\Pokemon Game.exe:*:Enabled:Pokemon Game -- File not found
"C:\Program Files\ZoomText 9.1\Zt.exe" = C:\Program Files\ZoomText 9.1\Zt.exe:LocalSubNet:Enabled:ZoomText 9.1 -- File not found
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- File not found
"C:\totalcmd\TOTALCMD.EXE" = C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows -- (C. Ghisler & Co.)
"C:\Program Files\Java\jre1.6.0_07\bin\java.exe" = C:\Program Files\Java\jre1.6.0_07\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\KeyHoleTV\KeyHoleTV.exe" = C:\Program Files\KeyHoleTV\KeyHoleTV.exe:*:Enabled:KeyHole TV Main Application -- File not found
"C:\Program Files\Pinnacle\Studio 10\programs\RM.exe" = C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager -- File not found
"C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe" = C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio -- File not found
"C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe" = C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile -- File not found
"C:\Program Files\Pinnacle\Studio 10\programs\umi.exe" = C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi -- File not found
"C:\Program Files\Ralink\Common\ApUI.exe" = C:\Program Files\Ralink\Common\ApUI.exe:*:Enabled:Ralink Wireless Access Point Utility -- (Ralink Technology, Corp.)
"I:\Firefox\firefox.exe" = I:\Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{17EAD3D5-7E7D-47A3-A63C-C07AB46D468B}" = Windows Live Mail
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{90280405-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional s aplikací FrontPage
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{BE4AA694-815A-4045-BD49-C94F2BED7458}" = WinFast Entertainment Center(WDM Driver)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio Basic
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Ralink RT7x Wireless LAN Card
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast5" = avast! Free Antivirus
"Fallout" = Fallout
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nightwing's Diamond/Pearl Stat Calculator" = Nightwing's Diamond/Pearl Stat Calculator
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"pokemon rangers 2 screensaver" = pokemon rangers 2 screensaver
"Totalcmd" = Total Commander (Remove or Repair)
"Usbfix" = Usbfix By C_XX & El Desaparecido
"WIC" = Windows Imaging Component
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-57989841-1383384898-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"QIP 2005" = QIP 2005 8095

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 11.1.2008 13:19:11 | Computer Name = JAN-517CB4FB58E | Source = avast! | ID = 33554522
Description =

Error - 11.1.2008 13:19:11 | Computer Name = JAN-517CB4FB58E | Source = avast! | ID = 33554522
Description =

Error - 11.1.2008 13:19:17 | Computer Name = JAN-517CB4FB58E | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 2.7.2009 7:36:59 | Computer Name = JAN-517CB4FB58E | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace firefox.exe, verze 1.9.0.3439, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 20.8.2009 14:41:58 | Computer Name = JAN-517CB4FB58E | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: A connection with the server could not be established

Error - 20.8.2009 14:41:58 | Computer Name = JAN-517CB4FB58E | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: A connection with the server could not be established

Error - 20.8.2009 14:42:03 | Computer Name = JAN-517CB4FB58E | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: A connection with the server could not be established

Error - 20.8.2009 14:42:03 | Computer Name = JAN-517CB4FB58E | Source = crypt32 | ID = 131077
Description = Načtení automatické aktualizace kořenového certifikátu jiného výrobce
z: <http://www.download.windowsupdate.com/m ... 2A58FE.crt>
se nezdařilo. Chyba: A connection with the server could not be established

Error - 20.8.2009 14:42:03 | Computer Name = JAN-517CB4FB58E | Source = crypt32 | ID = 131077
Description = Načtení automatické aktualizace kořenového certifikátu jiného výrobce
z: <http://www.download.windowsupdate.com/m ... 2A58FE.crt>
se nezdařilo. Chyba: A connection with the server could not be established

Error - 20.8.2009 14:42:04 | Computer Name = JAN-517CB4FB58E | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Takové síťové připojení neexistuje.

Error - 20.8.2009 14:42:04 | Computer Name = JAN-517CB4FB58E | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Takové síťové připojení neexistuje.

Error - 20.8.2009 14:42:09 | Computer Name = JAN-517CB4FB58E | Source = crypt32 | ID = 131077
Description = Načtení automatické aktualizace kořenového certifikátu jiného výrobce
z: <http://www.download.windowsupdate.com/m ... 2A58FE.crt>
se nezdařilo. Chyba: A connection with the server could not be established

Error - 20.8.2009 14:42:09 | Computer Name = JAN-517CB4FB58E | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Takové síťové připojení neexistuje.

[ System Events ]
Error - 12.6.2010 4:09:37 | Computer Name = JAN-517CB4FB58E | Source = Service Control Manager | ID = 7031
Description = Služba .NET Runtime Optimization Service v2.0.50727_X86 byla nečekaně
ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 60000 milisekund:
Restartovat službu.

Error - 12.6.2010 4:09:37 | Computer Name = JAN-517CB4FB58E | Source = Service Control Manager | ID = 7034
Description = Služba NVIDIA Display Driver Service byla neočekávaně ukončena. Tento
stav nastal již 1krát.

Error - 12.6.2010 4:09:37 | Computer Name = JAN-517CB4FB58E | Source = Service Control Manager | ID = 7034
Description = Služba Služba brány aplikačního rozhraní byla neočekávaně ukončena.
Tento stav nastal již 1krát.

Error - 12.6.2010 4:09:37 | Computer Name = JAN-517CB4FB58E | Source = Service Control Manager | ID = 7034
Description = Služba Crypkey License byla neočekávaně ukončena. Tento stav nastal
již 1krát.

Error - 12.6.2010 4:31:31 | Computer Name = JAN-517CB4FB58E | Source = Service Control Manager | ID = 7031
Description = Služba .NET Runtime Optimization Service v2.0.50727_X86 byla nečekaně
ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 60000 milisekund:
Restartovat službu.

Error - 12.6.2010 4:31:31 | Computer Name = JAN-517CB4FB58E | Source = Service Control Manager | ID = 7034
Description = Služba NVIDIA Display Driver Service byla neočekávaně ukončena. Tento
stav nastal již 1krát.

Error - 12.6.2010 4:31:31 | Computer Name = JAN-517CB4FB58E | Source = Service Control Manager | ID = 7034
Description = Služba Ralink Registry Writer byla neočekávaně ukončena. Tento stav
nastal již 1krát.

Error - 12.6.2010 4:31:31 | Computer Name = JAN-517CB4FB58E | Source = Service Control Manager | ID = 7031
Description = Služba Zařazování tisku byla nečekaně ukončena. Stalo se to 1 krát.
Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.

Error - 12.6.2010 4:31:31 | Computer Name = JAN-517CB4FB58E | Source = Service Control Manager | ID = 7034
Description = Služba Crypkey License byla neočekávaně ukončena. Tento stav nastal
již 1krát.

Error - 12.6.2010 4:31:31 | Computer Name = JAN-517CB4FB58E | Source = Service Control Manager | ID = 7034
Description = Služba Služba brány aplikačního rozhraní byla neočekávaně ukončena.
Tento stav nastal již 1krát.

< End of report >

#7 Příspěvek od **vyosek** » 12 čer 2010 12:15

Pouzivate proxy umyslne

Z logu vyplyva ze je zavedeno IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7070

Eleken · #8 Příspěvek od **Eleken** » 12 čer 2010 12:40

Ne, nevím o tom že bych něco takového cíleně využíval.

#9 Příspěvek od **vyosek** » 12 čer 2010 14:10

Spustte znovu OTL

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

:otl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7070
IE - HKU\S-1-5-21-57989841-1383384898-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKU\S-1-5-21-57989841-1383384898-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-57989841-1383384898-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKU\S-1-5-21-57989841-1383384898-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKU\S-1-5-21-57989841-1383384898-725345543-1004\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-57989841-1383384898-725345543-1004\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Jan\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKU\S-1-5-21-57989841-1383384898-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-57989841-1383384898-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7070
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&q="
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 7070
FF - prefs.js..network.proxy.type: 4
[2010.06.09 22:11:56 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin-1.xml
[2008.11.14 19:59:19 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin-10.xml
[2008.12.17 18:21:40 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin-11.xml
[2009.02.05 07:38:05 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin-12.xml
[2009.03.06 11:20:10 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin-13.xml
[2009.03.29 18:28:01 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin-14.xml
[2009.04.22 13:13:01 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin-15.xml
[2009.04.28 11:17:14 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin-16.xml
[2009.06.12 19:35:08 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin-17.xml
[2009.07.23 09:28:02 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin-18.xml
[2009.08.05 14:24:21 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin-19.xml
[2008.06.29 11:01:17 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin-2.xml
[2008.07.05 09:45:40 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin-3.xml
[2008.07.05 11:33:56 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin-4.xml
[2008.07.17 09:41:18 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin-5.xml
[2008.07.19 08:41:49 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin-6.xml
[2008.08.28 13:05:37 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin-7.xml
[2008.09.24 18:32:28 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin-8.xml
[2008.09.27 11:32:04 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin-9.xml
[2008.04.13 07:46:56 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin.xml
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Jan\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O3 - HKU\S-1-5-21-57989841-1383384898-725345543-1004\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKU\S-1-5-21-57989841-1383384898-725345543-1004\..\Toolbar\WebBrowser: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No CLSID value found.
O3 - HKU\S-1-5-21-57989841-1383384898-725345543-1004\..\Toolbar\WebBrowser: (no name) - {C17590D2-ECB4-4B15-8820-F58798DCC118} - No CLSID value found.
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe File not found
O4 - HKU\S-1-5-21-57989841-1383384898-725345543-1004..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe File not found
O4 - HKLM..\RunOnce: [] File not found
O9 - Extra Button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll File not found
O9 - Extra Button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll File not found
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->  ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s
C:\DOCUME~1\Jan\LOCALS~1\Temp\Qwr.exe

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOY5KNQ8OC"=-

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[CREATERESTOREPOINT]

Nasledne kliknete na Opravit
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Eleken · #10 Příspěvek od **Eleken** » 12 čer 2010 14:27

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-21-57989841-1383384898-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-57989841-1383384898-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!
HKU\S-1-5-21-57989841-1383384898-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-57989841-1383384898-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-57989841-1383384898-725345543-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-57989841-1383384898-725345543-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ deleted successfully.
C:\Documents and Settings\Jan\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll moved successfully.
HKU\S-1-5-21-57989841-1383384898-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-57989841-1383384898-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "http://slirsredirect.search.aol.com/sli ... ie7&query=" removed from browser.search.defaulturl
Prefs.js: "http://search.icq.com/search/afe_result ... id=afex&q=" removed from keyword.URL
Prefs.js: "localhost" removed from network.proxy.http
Prefs.js: 7070 removed from network.proxy.http_port
Prefs.js: 4 removed from network.proxy.type
C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin-10.xml moved successfully.
C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin-11.xml moved successfully.
C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin-12.xml moved successfully.
C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin-13.xml moved successfully.
C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin-14.xml moved successfully.
C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin-15.xml moved successfully.
C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin-16.xml moved successfully.
C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin-17.xml moved successfully.
C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin-18.xml moved successfully.
C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin-19.xml moved successfully.
C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin-8.xml moved successfully.
C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin-9.xml moved successfully.
C:\Documents and Settings\Jan\Data aplikací\Mozilla\Firefox\Profiles\lh5ya1vp.default\searchplugins\icqplugin.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ not found.
File C:\Documents and Settings\Jan\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-57989841-1383384898-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
Registry value HKEY_USERS\S-1-5-21-57989841-1383384898-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}\ not found.
Registry value HKEY_USERS\S-1-5-21-57989841-1383384898-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C17590D2-ECB4-4B15-8820-F58798DCC118} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C17590D2-ECB4-4B15-8820-F58798DCC118}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinampAgent deleted successfully.
Registry value HKEY_USERS\S-1-5-21-57989841-1383384898-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run\\RocketDock deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5428486-50A0-4a02-9D20-520B59A9F9B2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5428486-50A0-4a02-9D20-520B59A9F9B3}\ not found.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET81.tmp deleted successfully.
C:\WINDOWS\System32\SET85.tmp deleted successfully.
C:\WINDOWS\System32\SET86.tmp deleted successfully.
C:\WINDOWS\System32\SET89.tmp deleted successfully.
C:\WINDOWS\System32\SET8D.tmp deleted successfully.
C:\WINDOWS\002893_.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
========== FILES ==========
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP309.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3ED.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP46D.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP526.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP615.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP62D.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP663.tmp folder moved successfully.
C:\WINDOWS\Installer\MSI11D.tmp moved successfully.
C:\WINDOWS\Installer\MSI126.tmp moved successfully.
C:\WINDOWS\Installer\MSI1C.tmp moved successfully.
C:\WINDOWS\Installer\MSI210.tmp moved successfully.
C:\WINDOWS\Installer\MSI48.tmp moved successfully.
C:\WINDOWS\Installer\MSI4F.tmp moved successfully.
C:\WINDOWS\Installer\MSI7B.tmp moved successfully.
C:\WINDOWS\Installer\MSI81.tmp moved successfully.
C:\WINDOWS\Installer\MSIC.tmp moved successfully.
C:\WINDOWS\TEMP\y9empm7a.TMP moved successfully.
File\Folder C:\DOCUME~1\Jan\LOCALS~1\Temp\Qwr.exe not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\TOY5KNQ8OC not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 47431599 bytes
->FireFox cache emptied: 4297373 bytes
->Flash cache emptied: 348 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Jan
->Temp folder emptied: 1466414248 bytes
->Temporary Internet Files folder emptied: 8281906 bytes
->Java cache emptied: 1676401 bytes
->FireFox cache emptied: 63647744 bytes
->Google Chrome cache emptied: 6771070 bytes
->Apple Safari cache emptied: 3337839 bytes
->Opera cache emptied: 210541634 bytes
->Flash cache emptied: 75094 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 21638299 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 54967878 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1 802,00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: Jan
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

Restore points cleared and new OTL Restore Point set!
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

OTL by OldTimer - Version 3.2.6.0 log created on 06122010_152148

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#11 Příspěvek od **vyosek** » 12 čer 2010 14:30

Jak se chova PC

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) (viz muj podpis)

Provedte aktualizaci - treti zalozka
Provedte uplny sken - nic nemazte
MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

Eleken · #12 Příspěvek od **Eleken** » 12 čer 2010 15:56

PC je znatelně rychlejší v prohlížení webu.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4190

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

12.6.2010 16:54:26
mbam-log-2010-06-12 (16-54-26).txt

Typ skenu: Úplný sken (C:\|D:\|E:\|F:\|G:\|H:\|I:\|K:\|)
Skenované objekty: 209721
Uplynulý čas: 1 hodina(y), 7 minuta(y), 51 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 26
Infikované hodnoty registru: 3
Infikované datové položky registru: 2
Infikované složky: 1
Infikované soubory: 6

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Bind (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\spyshredder (Rogue.SpyShredder) -> No action taken.

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\adp (Rogue.Multiple) -> No action taken.

Infikované datové položky registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceActiveDesktopOn (Hijack.Desktop) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (2) Good: (0) -> No action taken.

Infikované složky:
C:\Program Files\SpyShredder (Rogue.SpyShredder) -> No action taken.

Infikované soubory:
C:\UsbFix\Quarantine\C\DOCUME~1\Jan\LOCALS~1\Temp\Qwp.exe.vir (Trojan.Downloader) -> No action taken.
C:\UsbFix\Quarantine\C\DOCUME~1\Jan\LOCALS~1\Temp\Qwq.exe.vir (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Jan\Plocha\HijackThis\backups\backup-20090315-115836-412.dll (Adware.Shopper) -> No action taken.
C:\Program Files\SpyShredder\SpyShredder.lic (Rogue.SpyShredder) -> No action taken.
C:\Program Files\SpyShredder\SpyShredder0.ss (Rogue.SpyShredder) -> No action taken.
C:\Program Files\SpyShredder\SpyShredder1.ss (Rogue.SpyShredder) -> No action taken.

#13 Příspěvek od **vyosek** » 12 čer 2010 16:54

Vse co nasel mbam smazte...
To je dobre, ze se stav zlepsil...jsou s PC jeste nejake problemy

Eleken · #14 Příspěvek od **Eleken** » 13 čer 2010 15:14

Ne, PC již funguje viditelně lépe než předtím. Moc děkuji za pomoc.

#15 Příspěvek od **vyosek** » 13 čer 2010 15:41

Pekne nedelni odpoledne,
tak to je dobra zprava...Pro jistotu jeste ale udelame test na rootkity, jelikoz pc bylo docela zaneseno...

Odinstalujte vsechny emulatory virtualnich jednotek (Deamon Tools, Alcohol 120%, PowerISO apod)

Stahnete SPTD http://www.duplexsecure.com/en/downloads

Vyberte z uvedene stranky verzi dle sveho operacniho systemu (32(x86)bit ci 64(x64)bit)
Ulozte na plochu a spustte
Zvolte moznost Uninstall a restartujte PC - pokud nepujde kliknout (tlacitko bude sede), krok preskocte

Stahnete Defogger http://www.jpshortstuff.247fixes.com/Defogger.exe

Ulozte na plochu a spustte
Kliknete na Disable a restartujte PC - pokud nepujde kliknout (tlacitko bude sede), krok preskocte

Stahnete MBR na plochu http://www2.gmer.net/mbr/mbr.exe

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

Vyskoci na Vas okenko, do ktereho zkopirujte text nize
Kód: Vybrat vše
```
"%userprofile%\plocha\mbr" -t
```
Kliknete na OK
Na plose se Vam vytvori log s nazvem mbr.txt, jeho obsah mi sem vlozte

Dejte log z Gmer - viz muj podpis

VIRY.CZ

Prosím o kontrolu logu

Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu