nejde naběhnout systém

Zpráva

Ryder3.0 · #1 Příspěvek od **Ryder3.0** » 07 črc 2010 17:51

Tuším, že jsem chytl nějáký ten "porno" vir. Tu máte log.

Logfile of random's system information tool 1.07 (written by random/random)
Run by admin at 2010-07-07 18:49:27
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 113 GB (76%) free of 150 GB
Total RAM: 2046 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:49:31, on 7.7.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\admin\Plocha\RSIT.exe
C:\Program Files\trend micro\admin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 75.127.97.213:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [WheelMouse] C:\STINGE~1\wh_exec.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CTAPR2] "C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe" /r
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [SPIRun] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Ocs_SM] C:\Documents and Settings\admin\Data aplikací\OCS\SM\SearchAnonymizer.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Program Files\Common Files\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MSI" TRANSFORMS="C:\Program Files\Common Files\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MST" WISE_SETUP_EXE_PATH="f:\nvidia\win2k-xp\display\PhysX_9.09.0814_SystemSoftware.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O15 - Trusted Zone: http://software.kuaiche.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SearchAnonymizer - Unknown owner - C:\Documents and Settings\admin\Data aplikací\OCS\SM\SearchAnonymizerHelper.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 8848 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Automatická údržba.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-18 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-18 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2010-03-26 19522592]
"WheelMouse"=C:\STINGE~1\wh_exec.exe [2007-11-10 98304]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-10-25 652624]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-09-13 1603152]
"CTAPR2"=C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe [2007-01-16 57344]
"VolPanel"=C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [2007-04-17 184320]
"SPIRun"=Rundll32 SPIRun.dll,RunDLLEntry []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-04-03 13670504]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-04-03 110696]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-07-09 570664]
"Ocs_SM"=C:\Documents and Settings\admin\Data aplikací\OCS\SM\SearchAnonymizer.exe [2010-06-24 106496]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2009-11-15 33120]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WiseStubReboot"=MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I C:\Program Files\Common Files\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MSI TRANSFORMS=C:\Program Files\Common Files\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MST WISE_SETUP_EXE_PATH=f:\nvidia\win2k-xp\display\PhysX_9.09.0814_SystemSoftware.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CmPCIaudio]
RunDll32 CMICNFG3.cpl,CMICtrlWnd []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-07-09 570664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^WDDMStatus.lnk]
C:\PROGRA~1\WESTER~1\WDSMAR~1\WDDRIV~1\WDDMST~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^WDSmartWare.lnk]
C:\PROGRA~1\WESTER~1\WDSMAR~1\FRONTP~1\WDSMAR~1.EXE View=show_in_tray

View=show_in_tray []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WDSmartWareBackgroundService"=2
"WDDMService"=2
"Nero BackItUp Scheduler 3"=2
"Microsoft Office Groove Audit Service"=3

C:\Documents and Settings\admin\Nabídka Start\Programy\Po spuštění
Xfire.lnk - C:\Program Files\Xfire\Xfire.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"D:\program files\activision\COD2\CoD2MP_s.exe"="D:\program files\activision\COD2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"D:\program files\activision\cod4\iw3mp.exe"="D:\program files\activision\cod4\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\Program Files\VDOWNLOADER\VDownloader.exe"="C:\Program Files\VDOWNLOADER\VDownloader.exe:*:Enabled:VDownloader"
"D:\program files\activision\COD5\CoDWaW.exe"="D:\program files\activision\COD5\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM) "
"D:\program files\activision\COD5\CoDWaWmp.exe"="D:\program files\activision\COD5\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM) "
"C:\Program Files\Java\jre6\launch4j-tmp\frd.exe"="C:\Program Files\Java\jre6\launch4j-tmp\frd.exe:*:Enabled:Java(TM) Platform SE binary"
"D:\program files\valve\CSS\Counter-Strike Source\hl2.exe"="D:\program files\valve\CSS\Counter-Strike Source\hl2.exe:*:Enabled:hl2"
"D:\program files\valve\cs1.6\hl.exe"="D:\program files\valve\cs1.6\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"D:\program files\Rockstar games\gta4\Rockstar Games Social Club\RGSCLauncher.exe"="D:\program files\Rockstar games\gta4\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"D:\program files\Rockstar games\gta4\Grand Theft Auto IV\LaunchGTAIV.exe"="D:\program files\Rockstar games\gta4\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"
"D:\program files\Rockstar games\gta4\Grand Theft Auto IV\GTAIV.exe"="D:\program files\Rockstar games\gta4\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\Soldat\Soldat.exe"="C:\Soldat\Soldat.exe:*:Enabled:http://soldat.pl"
"E:\zaloha\Net\Plocha\Plugin Manager\skypePM.exe"="E:\zaloha\Net\Plocha\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Documents and Settings\admin\Plocha\miranda-pack-105\miranda32.exe"="C:\Documents and Settings\admin\Plocha\miranda-pack-105\miranda32.exe:*:Enabled:Miranda IM"
"E:\zaloha\Net\Plocha\Phone\Skype.exe"="E:\zaloha\Net\Plocha\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{213a3dcc-4326-11df-8264-26f3f2f66547}]
shell\AutoRun\command - "G:\WD SmartWare.exe" autoplay=true

======List of files/folders created in the last 1 months======

2010-07-03 19:06:21 ----D---- C:\Miranda IM
2010-06-30 13:57:32 ----D---- C:\Documents and Settings\admin\Data aplikací\VistaCodecs
2010-06-30 13:57:24 ----D---- C:\Program Files\VistaCodecPack
2010-06-30 13:56:45 ----D---- C:\Documents and Settings\All Users\Data aplikací\VistaCodecs
2010-06-24 16:34:16 ----D---- C:\Documents and Settings\admin\Data aplikací\Opera
2010-06-24 16:34:13 ----D---- C:\Documents and Settings\admin\Data aplikací\OCS
2010-06-24 16:34:06 ----D---- C:\Program Files\ICQ Update Patch
2010-06-24 16:32:32 ----D---- C:\Documents and Settings\admin\Data aplikací\ICQ
2010-06-24 16:32:11 ----D---- C:\Program Files\ICQ6.5
2010-06-23 12:35:52 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2010-06-23 12:35:52 ----A---- C:\WINDOWS\system32\xvidcore.dll
2010-06-21 21:04:56 ----A---- C:\WINDOWS\system32\VSFilter.dll
2010-06-20 23:38:03 ----D---- C:\Program Files\Phoenix Crew
2010-06-14 12:13:57 ----D---- C:\Program Files\Common Files\Skype
2010-06-11 18:00:23 ----A---- C:\WINDOWS\system32\d3dx9.dll
2010-06-11 18:00:22 ----A---- C:\WINDOWS\system32\D3DX81ab.dll
2010-06-10 17:58:47 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-06-10 17:58:43 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-06-10 17:57:33 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-06-10 17:56:02 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-06-10 17:55:45 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-06-10 17:55:18 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-06-09 09:32:57 ----D---- C:\Documents and Settings\admin\Data aplikací\URSoft
2010-06-09 09:32:57 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-06-08 23:10:23 ----A---- C:\WINDOWS\ntbtlog.txt

======List of files/folders modified in the last 1 months======

2010-07-07 18:49:28 ----D---- C:\Program Files\trend micro
2010-07-07 18:42:47 ----D---- C:\WINDOWS
2010-07-07 18:41:28 ----A---- C:\WINDOWS\DUMP518b.tmp
2010-07-07 18:38:45 ----A---- C:\WINDOWS\DUMP5999.tmp
2010-07-07 18:37:10 ----A---- C:\WINDOWS\DUMP566d.tmp
2010-07-07 18:35:35 ----A---- C:\WINDOWS\DUMP5544.tmp
2010-07-06 20:55:51 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-06 20:55:51 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-06 20:49:53 ----D---- C:\Documents and Settings\admin\Data aplikací\Skype
2010-07-06 20:21:38 ----D---- C:\Documents and Settings\admin\Data aplikací\skypePM
2010-07-06 19:04:48 ----D---- C:\WINDOWS\Prefetch
2010-07-06 18:57:00 ----D---- C:\WINDOWS\temp
2010-07-03 08:19:15 ----D---- C:\Program Files\Xfire
2010-07-02 21:45:16 ----D---- C:\Documents and Settings\admin\Data aplikací\Xfire
2010-07-02 21:45:15 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-06-30 13:59:09 ----A---- C:\WINDOWS\NeroDigital.ini
2010-06-30 13:58:56 ----D---- C:\WINDOWS\Help
2010-06-30 13:57:43 ----SHD---- C:\WINDOWS\Installer
2010-06-30 13:57:43 ----D---- C:\Config.Msi
2010-06-30 13:57:33 ----D---- C:\WINDOWS\system32
2010-06-30 13:57:24 ----RD---- C:\Program Files
2010-06-30 11:23:20 ----D---- C:\Program Files\JDownloader
2010-06-29 10:44:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\NOS
2010-06-28 15:03:10 ----D---- C:\Program Files\Mozilla Firefox
2010-06-24 16:29:39 ----D---- C:\Program Files\VS Revo Group
2010-06-24 11:49:26 ----D---- C:\WINDOWS\Microsoft.NET
2010-06-24 11:49:24 ----RSD---- C:\WINDOWS\assembly
2010-06-23 22:40:22 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-23 22:40:11 ----D---- C:\WINDOWS\WinSxS
2010-06-22 14:26:31 ----D---- C:\Documents and Settings\admin\Data aplikací\uTorrent
2010-06-20 11:11:48 ----D---- C:\Program Files\ICQ6Toolbar
2010-06-20 11:11:46 ----HD---- C:\Program Files\InstallShield Installation Information
2010-06-20 11:11:45 ----D---- C:\Documents and Settings\All Users\Data aplikací\ICQ
2010-06-19 18:49:18 ----D---- C:\WINDOWS\system32\NtmsData
2010-06-19 18:26:46 ----D---- C:\WINDOWS\Registration
2010-06-14 12:13:57 ----D---- C:\Program Files\Common Files
2010-06-12 14:32:34 ----D---- C:\Documents and Settings\admin\Data aplikací\Western Digital
2010-06-11 18:20:11 ----D---- C:\Program Files\Cheat Engine
2010-06-10 17:58:50 ----HD---- C:\WINDOWS\inf
2010-06-10 17:58:49 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-06-10 17:58:45 ----A---- C:\WINDOWS\imsins.BAK
2010-06-10 17:58:43 ----HD---- C:\WINDOWS\$hf_mig$
2010-06-10 17:58:41 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-06-10 17:56:11 ----D---- C:\WINDOWS\Debug
2010-06-10 17:51:34 ----D---- C:\WINDOWS\system32\cs-cz
2010-06-10 17:51:34 ----D---- C:\Program Files\Internet Explorer
2010-06-10 17:51:27 ----D---- C:\WINDOWS\ie7updates
2010-06-10 15:44:39 ----D---- C:\WINDOWS\Minidump
2010-06-09 09:50:31 ----A---- C:\WINDOWS\system32\MsiExec.exe.log
2010-06-09 09:49:50 ----D---- C:\Program Files\Common Files\Nero
2010-06-09 09:47:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\Nero
2010-06-08 18:43:43 ----D---- C:\Program Files\Nero

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2009-06-29 142592]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 whfltr2k;WheelMouse USB Lower Filter Driver; C:\WINDOWS\system32\DRIVERS\whfltr2k.sys [2007-01-25 6784]
S1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
S1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
S1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
S1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2009-07-27 58908]
S1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
S2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
S2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 catchme;catchme; \??\C:\DOCUME~1\admin\LOCALS~1\Temp\catchme.sys []
S3 CEDRIVER52;CEDRIVER52; \??\C:\Program Files\Cheat Engine\dbk32.sys []
S3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-07-16 379726]
S3 cmuda3;C-Media PCI Audio Interface; C:\WINDOWS\system32\drivers\cmudax3.sys [2009-05-20 1872192]
S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-12-08 142336]
S3 CTUSFSYN;Creative SoundFont Synthesizer; C:\WINDOWS\system32\drivers\ctusfsyn.sys [2007-02-27 171008]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2010-03-26 5883936]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 MSICPL;MSICPL; \??\F:\install4\MSICPL.sys []
S3 Nokia USB Generic;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2006-05-29 8704]
S3 Nokia USB Modem;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2006-05-29 13312]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2006-05-29 127488]
S3 Nokia USB Port;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2006-05-29 13312]
S3 NTACCESS;NTACCESS; \??\F:\NTACCESS.sys []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-04-04 10232128]
S3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-12-08 114688]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\F:\NTGLM7X.sys []
S3 t3;SB Xtreme Audio Notebook; C:\WINDOWS\system32\drivers\t3.sys [2007-06-19 735744]
S3 t3filt;t3filt; C:\WINDOWS\system32\drivers\t3filt.sys [2007-08-20 1656960]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 GEST Service;GEST Service for program management.; C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe [2009-07-30 68136]
S2 IJPLMSVC;Inkjet Printer/Scanner Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2008-01-22 103808]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-01-18 153376]
S2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]
S2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-04-03 154216]
S2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
S2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-02-01 75064]
S2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-07-02 214520]
S2 SearchAnonymizer;SearchAnonymizer; C:\Documents and Settings\admin\Data aplikací\OCS\SM\SearchAnonymizerHelper.exe [2010-06-24 40960]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-05-07 1051976]
S2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe [2006-06-05 174080]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2009-01-13 435016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **Caroprd111** » 07 črc 2010 18:10

Zdravím

ProxyServer = 75.127.97.213:3128 máte nastaven úmyslně

Stáhněte OTL http://oldtimer.geekstogo.com/OTL.exe na plochu

Spusťte, poté do spodního políčka vložte následující skript.

Kód: Vybrat vše

 netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys 
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys 
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys 
cdrom.sys 
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav 
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT

Označte položku Pro všechny uživatele.
Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Klikněte na tlačítko Prohledat
Po dokončení, sem vložte logy OTL.Txt a Extras.txt

Ryder3.0 · #3 Příspěvek od **Ryder3.0** » 07 črc 2010 18:41

nemám to úmyslně : ) , konec konců mám statickou ip, takže bych teoreticky neměl mít tu ip změněnou ne?Jak říkám porno stránky udělaly vždy s mým pc divy.

OTL logfile created on: 7.7.2010 19:37:47 - Run 2
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Documents and Settings\admin\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 87,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 98,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146,48 Gb Total Space | 110,70 Gb Free Space | 75,57% Space Free | Partition Type: NTFS
Drive D: | 319,27 Gb Total Space | 250,11 Gb Free Space | 78,34% Space Free | Partition Type: NTFS
Drive E: | 108,81 Gb Total Space | 100,84 Gb Free Space | 92,68% Space Free | Partition Type: NTFS
Drive F: | 2,41 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RPC-B82E6470F60
Current User Name: admin
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.07.07 19:19:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Plocha\OTL.exe
PRC - [2008.04.14 09:52:46 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\savedump.exe
PRC - [2008.04.14 09:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010.07.07 19:19:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Plocha\OTL.exe
MOD - [2008.04.14 09:49:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010.06.24 16:34:13 | 000,040,960 | ---- | M] () [Auto | Stopped] -- C:\Documents and Settings\admin\Data aplikací\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2010.05.07 18:04:20 | 001,051,976 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.05.07 18:01:04 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.04.01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.02.24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.07.30 18:51:02 | 000,068,136 | ---- | M] () [Auto | Stopped] -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
SRV - [2009.01.13 12:28:50 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2008.07.29 20:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.01.22 10:35:52 | 000,103,808 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2006.06.05 13:59:18 | 000,174,080 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- (ServiceLayer)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- F:\NTGLM7X.sys -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\install4\MSICPL.sys -- (MSICPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\admin\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010.07.06 18:56:34 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2010.05.31 15:40:59 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.04.04 00:55:31 | 010,232,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010.03.26 12:21:26 | 005,883,936 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010.03.01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.11.18 01:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009.11.18 01:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009.10.14 08:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.27 04:43:18 | 000,058,908 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009.06.29 13:59:14 | 000,142,592 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009.05.20 06:22:44 | 001,872,192 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmudax3.sys -- (cmuda3)
DRV - [2009.05.11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008.04.14 01:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008.04.13 23:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007.08.20 07:35:10 | 001,656,960 | R--- | M] (Sensaura) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\t3filt.sys -- (t3filt)
DRV - [2007.06.19 07:38:52 | 000,735,744 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\t3.sys -- (t3)
DRV - [2007.02.27 09:31:10 | 000,171,008 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctusfsyn.sys -- (CTUSFSYN)
DRV - [2007.01.25 17:45:02 | 000,006,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\whfltr2k.sys -- (whfltr2k)
DRV - [2006.05.29 08:26:38 | 000,127,488 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent)
DRV - [2006.05.29 08:26:36 | 000,013,312 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (Nokia USB Port)
DRV - [2006.05.29 08:26:36 | 000,013,312 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem)
DRV - [2006.05.29 08:26:36 | 000,008,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic)
DRV - [2005.12.08 05:54:52 | 000,114,688 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005.12.08 05:54:44 | 000,142,336 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2005.11.29 16:01:20 | 000,019,200 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Cheat Engine\dbk32.sys -- (CEDRIVER52)
DRV - [2004.12.22 13:58:14 | 000,008,704 | R--- | M] (Creative Technology Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\Pfmodnt.sys -- (PfModNT)
DRV - [2002.07.16 11:58:12 | 000,379,726 | R--- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found

IE - HKU\.DEFAULT\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-299502267-1580436667-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKU\S-1-5-21-299502267-1580436667-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-299502267-1580436667-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchT ... f8&oe=utf8
IE - HKU\S-1-5-21-299502267-1580436667-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKU\S-1-5-21-299502267-1580436667-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKU\S-1-5-21-299502267-1580436667-725345543-1003\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-299502267-1580436667-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-299502267-1580436667-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 75.127.97.213:3128

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_result ... r=1.1.6&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.28 15:03:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.29 10:43:58 | 000,000,000 | ---D | M]

[2010.01.13 02:21:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\Mozilla\Extensions
[2010.07.07 19:23:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\Mozilla\Firefox\Profiles\bcfjcfwc.default\extensions
[2010.06.25 09:54:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\admin\Data aplikací\Mozilla\Firefox\Profiles\bcfjcfwc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.24 16:34:16 | 000,001,012 | ---- | M] () -- C:\Documents and Settings\admin\Data aplikací\Mozilla\Firefox\Profiles\bcfjcfwc.default\searchplugins\icq-search.xml
[2010.06.24 16:34:16 | 000,001,150 | ---- | M] () -- C:\Documents and Settings\admin\Data aplikací\Mozilla\Firefox\Profiles\bcfjcfwc.default\searchplugins\icqplugin.xml
[2010.06.24 16:34:16 | 000,002,281 | ---- | M] () -- C:\Documents and Settings\admin\Data aplikací\Mozilla\Firefox\Profiles\bcfjcfwc.default\searchplugins\qipsearch.xml
[2010.06.24 16:34:16 | 000,001,834 | ---- | M] () -- C:\Documents and Settings\admin\Data aplikací\Mozilla\Firefox\Profiles\bcfjcfwc.default\searchplugins\{1F7A4B6C-4013-4691-92EA-6BF6E907B697}.xml
[2010.06.24 16:34:16 | 000,002,486 | ---- | M] () -- C:\Documents and Settings\admin\Data aplikací\Mozilla\Firefox\Profiles\bcfjcfwc.default\searchplugins\{382B59C5-935E-4746-ACD7-5655C7576C6E}.xml
[2010.06.24 16:34:16 | 000,024,003 | ---- | M] () -- C:\Documents and Settings\admin\Data aplikací\Mozilla\Firefox\Profiles\bcfjcfwc.default\searchplugins\{562B9163-8CCF-471A-89DD-F6668F9615AB}.xml
[2010.06.24 16:34:16 | 000,002,152 | ---- | M] () -- C:\Documents and Settings\admin\Data aplikací\Mozilla\Firefox\Profiles\bcfjcfwc.default\searchplugins\{653743AD-A0A9-422B-82B2-D151F2AFAA0F}.xml
[2010.06.24 16:34:16 | 000,002,041 | ---- | M] () -- C:\Documents and Settings\admin\Data aplikací\Mozilla\Firefox\Profiles\bcfjcfwc.default\searchplugins\{EA1791E7-9EB4-4100-8881-4201ABE81BC6}.xml
[2010.07.07 19:23:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.06.24 16:34:16 | 000,000,828 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.06.24 16:34:16 | 000,001,916 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.06.24 16:34:16 | 000,001,323 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.06.24 16:34:16 | 000,000,901 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.06.24 16:34:16 | 000,001,244 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2009.01.15 22:01:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CTAPR2] C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Ocs_SM] C:\Documents and Settings\admin\Data aplikací\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKLM..\Run: [SPIRun] C:\WINDOWS\System32\SPIRun.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [WheelMouse] C:\Stinger Mouse Driver\wh_exec.exe ()
O4 - HKU\S-1-5-21-299502267-1580436667-725345543-1003..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-299502267-1580436667-725345543-1003..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - Startup: C:\Documents and Settings\admin\Nabídka Start\Programy\Po spuštění\Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-299502267-1580436667-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-299502267-1580436667-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-299502267-1580436667-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-299502267-1580436667-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O15 - HKU\S-1-5-21-299502267-1580436667-725345543-1003\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.211.45.3 212.96.160.7
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\admin\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\admin\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.01.11 22:30:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{213a3dcc-4326-11df-8264-26f3f2f66547}\Shell - "" = AutoRun
O33 - MountPoints2\{213a3dcc-4326-11df-8264-26f3f2f66547}\Shell\AutoRun\command - "" = G:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.07.07 19:19:36 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\admin\Plocha\OTL.exe
[2010.07.05 16:26:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Plocha\Shippuuden 101-115 (www.hokage.cz)
[2010.07.03 19:06:21 | 000,000,000 | ---D | C] -- C:\Miranda IM
[2010.06.30 13:57:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Data aplikací\VistaCodecs
[2010.06.30 13:57:24 | 000,000,000 | ---D | C] -- C:\Program Files\VistaCodecPack
[2010.06.30 13:56:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\VistaCodecs
[2010.06.30 13:54:56 | 025,089,959 | ---- | C] (Shark007) -- C:\Documents and Settings\admin\Plocha\VistaCodecs_v577.exe
[2010.06.24 22:59:07 | 007,837,888 | ---- | C] (Macrovision Corporation) -- C:\Documents and Settings\admin\Plocha\install_skins_icq7.exe
[2010.06.24 16:34:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Data aplikací\Opera
[2010.06.24 16:34:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Data aplikací\OCS
[2010.06.24 16:34:06 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ Update Patch
[2010.06.24 16:32:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Data aplikací\ICQ
[2010.06.24 16:32:11 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ6.5
[2010.06.24 14:00:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Plocha\NarutoShipMovie2Cover
[2010.06.23 20:59:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Plocha\miranda-pack-105
[2010.06.21 21:04:56 | 002,539,520 | ---- | C] (MPC-HC Team) -- C:\WINDOWS\System32\VSFilter.dll
[2010.06.20 23:38:03 | 000,000,000 | ---D | C] -- C:\Program Files\Phoenix Crew
[2010.06.20 11:11:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Data aplikací\AOL
[2010.06.15 10:46:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Plocha\b-stospsp
[2010.06.14 12:13:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010.06.11 18:00:22 | 000,679,936 | ---- | C] (Generated by JEDI) -- C:\WINDOWS\System32\D3DX81ab.dll
[2010.06.09 09:32:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Data aplikací\URSoft
[2010.06.09 09:32:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2010.06.09 09:32:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Plocha\Your_Uninstaller__Pro_2010_7.0.2010.13_SK_CZ_by_Bodo
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.07.07 19:36:51 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.07.07 19:36:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.07.07 19:33:57 | 007,340,032 | ---- | M] () -- C:\Documents and Settings\admin\ntuser.dat
[2010.07.07 19:33:57 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\admin\ntuser.ini
[2010.07.07 19:19:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Plocha\OTL.exe
[2010.07.07 18:48:53 | 000,824,681 | ---- | M] () -- C:\Documents and Settings\admin\Plocha\RSIT.exe
[2010.07.06 20:55:51 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.07.06 20:21:21 | 000,002,225 | ---- | M] () -- C:\Documents and Settings\admin\Plocha\Skype.lnk
[2010.07.06 19:04:54 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\admin\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.06 18:57:08 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010.07.06 18:56:34 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys
[2010.07.03 20:15:00 | 000,000,476 | ---- | M] () -- C:\WINDOWS\tasks\Automatická údržba.job
[2010.07.03 19:06:10 | 001,898,699 | ---- | M] () -- C:\Documents and Settings\admin\Plocha\miranda-im-v0.8.27-unicode.exe
[2010.07.02 21:45:28 | 000,137,464 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010.07.02 21:45:15 | 000,214,520 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010.06.30 13:59:09 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.06.30 13:56:35 | 025,089,959 | ---- | M] (Shark007) -- C:\Documents and Settings\admin\Plocha\VistaCodecs_v577.exe
[2010.06.29 23:24:02 | 001,334,061 | ---- | M] () -- C:\Documents and Settings\admin\Plocha\gaara-wall.jpg
[2010.06.24 22:59:17 | 007,837,888 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\admin\Plocha\install_skins_icq7.exe
[2010.06.24 16:33:09 | 000,001,487 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\ICQ6.5.lnk
[2010.06.23 22:40:22 | 000,991,166 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.06.23 22:40:22 | 000,436,544 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.06.23 22:40:22 | 000,433,584 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.06.23 22:40:22 | 000,079,878 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.06.23 22:40:22 | 000,068,888 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.06.23 22:37:18 | 000,180,898 | ---- | M] () -- C:\Documents and Settings\admin\Plocha\msvcr71.zip
[2010.06.23 22:37:11 | 000,155,175 | ---- | M] () -- C:\Documents and Settings\admin\Plocha\msvcr70.zip
[2010.06.23 20:57:21 | 004,628,361 | ---- | M] () -- C:\Documents and Settings\admin\Plocha\miranda-pack-105.zip
[2010.06.23 12:35:52 | 000,790,528 | ---- | M] () -- C:\WINDOWS\System32\xvidcore.dll
[2010.06.23 12:35:52 | 000,134,144 | ---- | M] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010.06.23 12:35:52 | 000,059,392 | ---- | M] () -- C:\WINDOWS\System32\xvid.ax
[2010.06.21 21:04:56 | 002,539,520 | ---- | M] (MPC-HC Team) -- C:\WINDOWS\System32\VSFilter.dll
[2010.06.20 23:55:41 | 002,106,550 | -H-- | M] () -- C:\Documents and Settings\admin\Local Settings\Data aplikací\IconCache.db
[2010.06.20 23:49:22 | 000,001,072 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010.06.20 23:49:22 | 000,001,072 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010.06.15 10:20:38 | 734,003,200 | ---- | M] () -- C:\Documents and Settings\admin\Plocha\b-stospsp.part1.rar
[2010.06.15 10:19:39 | 683,442,346 | ---- | M] () -- C:\Documents and Settings\admin\Plocha\b-stospsp.part2.rar
[2010.06.10 21:34:35 | 000,270,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.06.10 17:58:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.06.09 09:50:20 | 000,001,024 | ---- | M] () -- C:\Documents and Settings\admin\.rnd
[2010.06.08 18:38:52 | 000,000,110 | ---- | M] () -- C:\Documents and Settings\admin\Dokumenty\ax_files.xml
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.07.07 18:48:53 | 000,824,681 | ---- | C] () -- C:\Documents and Settings\admin\Plocha\RSIT.exe
[2010.07.03 19:06:09 | 001,898,699 | ---- | C] () -- C:\Documents and Settings\admin\Plocha\miranda-im-v0.8.27-unicode.exe
[2010.06.29 23:24:01 | 001,334,061 | ---- | C] () -- C:\Documents and Settings\admin\Plocha\gaara-wall.jpg
[2010.06.24 16:33:09 | 000,001,487 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\ICQ6.5.lnk
[2010.06.23 22:37:18 | 000,180,898 | ---- | C] () -- C:\Documents and Settings\admin\Plocha\msvcr71.zip
[2010.06.23 22:37:10 | 000,155,175 | ---- | C] () -- C:\Documents and Settings\admin\Plocha\msvcr70.zip
[2010.06.23 20:57:04 | 004,628,361 | ---- | C] () -- C:\Documents and Settings\admin\Plocha\miranda-pack-105.zip
[2010.06.23 12:35:52 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010.06.23 12:35:52 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010.06.23 12:35:52 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\xvid.ax
[2010.06.15 09:44:34 | 683,442,346 | ---- | C] () -- C:\Documents and Settings\admin\Plocha\b-stospsp.part2.rar
[2010.06.15 09:44:09 | 734,003,200 | ---- | C] () -- C:\Documents and Settings\admin\Plocha\b-stospsp.part1.rar
[2010.06.11 18:00:23 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2010.05.28 02:09:00 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010.05.18 01:47:52 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010.05.08 18:34:52 | 000,008,888 | ---- | C] () -- C:\WINDOWS\System32\AudioDrv.ini
[2010.05.08 18:34:42 | 000,032,400 | R--- | C] () -- C:\WINDOWS\System32\t3.ini
[2010.05.08 18:34:42 | 000,000,049 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2010.05.08 18:33:52 | 000,007,532 | R--- | C] () -- C:\WINDOWS\sfsyn.ini
[2010.05.08 18:33:50 | 000,140,800 | R--- | C] () -- C:\WINDOWS\System32\OemSpi.dll
[2010.05.08 18:33:50 | 000,118,850 | R--- | C] () -- C:\WINDOWS\System32\CTPcie.dll
[2010.04.27 18:04:55 | 000,002,641 | ---- | C] () -- C:\WINDOWS\cmudax3.ini
[2010.04.27 18:04:55 | 000,002,123 | ---- | C] () -- C:\WINDOWS\Cmicnfg3.ini.cfg
[2010.04.25 18:42:08 | 000,000,048 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010.02.19 00:03:19 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\CmiInstallResAll.dll
[2010.02.06 20:40:35 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI
[2010.01.30 19:02:46 | 000,020,333 | ---- | C] () -- C:\WINDOWS\cmaudio.ini
[2010.01.30 18:50:31 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2010.01.26 18:12:04 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010.01.18 14:18:45 | 000,000,318 | ---- | C] () -- C:\WINDOWS\Shz Moo.INI
[2010.01.17 21:36:14 | 000,137,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010.01.16 18:09:12 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010.01.12 19:10:56 | 000,000,691 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2010.01.12 18:50:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2010.01.12 18:43:08 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\smdll.dll
[2010.01.12 18:43:05 | 000,032,768 | R--- | C] () -- C:\WINDOWS\System32\Auxiliary.dll
[2010.01.12 18:25:48 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010.01.12 18:20:24 | 000,000,010 | ---- | C] () -- C:\WINDOWS\GSetup.ini
[2009.11.06 11:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009.08.16 10:08:36 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009.01.09 11:38:27 | 000,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI
[2008.09.12 15:21:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2007.01.25 17:45:02 | 000,006,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\whfltr2k.sys
[2005.12.07 12:31:00 | 000,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll

========== LOP Check ==========

[2010.02.08 11:52:22 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\admin\Data aplikací\.#
[2010.01.14 21:32:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\Allstar
[2010.04.11 20:05:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\BITS
[2010.05.02 12:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\Datalayer
[2010.02.06 20:40:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\FlashGet
[2010.02.06 20:40:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\FlashGetBHO
[2010.07.03 19:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\ICQ
[2010.04.02 10:00:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\IObit
[2010.03.04 23:28:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\LangSoft
[2010.04.25 18:42:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\Leadertech
[2010.05.02 12:12:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\Nokia
[2010.05.02 12:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\Nokia Multimedia Player
[2010.06.24 16:34:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\OCS
[2010.06.24 16:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\Opera
[2010.05.02 12:06:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\PC Suite
[2010.03.15 14:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\Softplicity
[2010.01.14 22:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\Soldat
[2010.02.09 17:48:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\TuneUp Software
[2010.06.09 09:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\URSoft
[2010.06.22 14:26:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\uTorrent
[2010.06.30 13:57:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\VistaCodecs
[2010.02.07 19:56:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\VitySoft
[2010.06.12 14:32:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\Western Digital
[2009.01.13 23:30:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonBJ
[2009.01.13 23:33:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonIJPLM
[2010.05.02 12:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Downloaded Installations
[2010.06.20 11:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2010.03.04 23:23:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\LangSoft
[2010.05.02 12:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Suite
[2010.06.09 09:41:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2010.02.09 17:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
[2010.06.30 13:57:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\VistaCodecs
[2010.04.08 17:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Western Digital
[2010.02.13 02:52:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\{0151C9FC-719D-4459-B1E2-4685CC6E62A8}
[2010.02.23 19:04:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\{14A09095-BB1B-4D65-AD59-665E4B5ADF85}
[2010.02.23 19:03:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\{30904704-BA49-4526-8606-362534D2B636}
[2010.02.13 02:52:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\{5794CDCB-FAB7-4C15-9069-4D8AC02592DE}
[2010.02.09 17:48:14 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Data aplikací\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2009.01.01 17:31:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Data aplikací\PC Suite
[2010.07.03 20:15:00 | 000,000,476 | ---- | M] () -- C:\WINDOWS\Tasks\Automatická údržba.job

========== Alternate Data Streams ==========

@Alternate Data Stream - 168 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:1CE11B51
< End of report >

Ryder3.0 · #4 Příspěvek od **Ryder3.0** » 07 črc 2010 18:43

Extras se mi tu teď neobjevil. Dal jsem scan podruhé, poprvé se mi pc zasekl i v nouzovém režimu.

#5 Příspěvek od **Caroprd111** » 07 črc 2010 18:50

Spusťte OTL a do spodního okna vložte následující skript.

Kód: Vybrat vše

:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\NTGLM7X.sys -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\install4\MSICPL.sys -- (MSICPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\admin\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2005.11.29 16:01:20 | 000,019,200 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Cheat Engine\dbk32.sys -- (CEDRIVER52)
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-299502267-1580436667-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKU\S-1-5-21-299502267-1580436667-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKU\S-1-5-21-299502267-1580436667-725345543-1003\..\URLSearchHook: - Reg Error: Key error. File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
IE - HKU\S-1-5-21-299502267-1580436667-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 75.127.97.213:3128
O33 - MountPoints2\{213a3dcc-4326-11df-8264-26f3f2f66547}\Shell - "" = AutoRun
[2010.06.09 09:32:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2010.02.08 11:52:22 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\admin\Data aplikací\.#
@Alternate Data Stream - 168 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:1CE11B51

:Commands
[EMPTYTEMP] 
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]

Klikněte na Opravit, PC se restartuje, log vložte sem.

Ryder3.0 · #6 Příspěvek od **Ryder3.0** » 07 črc 2010 19:04

Systém už mi naběhl : ) Je to tím pornem. Jinak co o té IP?

All processes killed
========== OTL ==========
Service SetupNTGLM7X stopped successfully!
Service SetupNTGLM7X deleted successfully!
File F:\NTGLM7X.sys not found.
Service NTACCESS stopped successfully!
Service NTACCESS deleted successfully!
File F:\NTACCESS.sys not found.
Service MSICPL stopped successfully!
Service MSICPL deleted successfully!
File F:\install4\MSICPL.sys not found.
Service GMSIPCI stopped successfully!
Service GMSIPCI deleted successfully!
File F:\INSTALL\GMSIPCI.SYS not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\DOCUME~1\admin\LOCALS~1\Temp\catchme.sys not found.
Service CEDRIVER52 stopped successfully!
Service CEDRIVER52 deleted successfully!
C:\Program Files\Cheat Engine\dbk32.sys moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
HKU\S-1-5-21-299502267-1580436667-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-299502267-1580436667-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-299502267-1580436667-725345543-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
HKU\S-1-5-21-299502267-1580436667-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{213a3dcc-4326-11df-8264-26f3f2f66547}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{213a3dcc-4326-11df-8264-26f3f2f66547}\ not found.
C:\Documents and Settings\All Users\Data aplikací\TEMP folder moved successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET1E.tmp deleted successfully.
C:\WINDOWS\System32\tmp29.tmp deleted successfully.
C:\WINDOWS\System32\tmp2F.tmp deleted successfully.
C:\WINDOWS\System32\tmp35.tmp deleted successfully.
C:\WINDOWS\System32\tmp36.tmp deleted successfully.
C:\WINDOWS\System32\tmp39.tmp deleted successfully.
C:\WINDOWS\System32\tmp3E.tmp deleted successfully.
C:\WINDOWS\002692_.tmp deleted successfully.
C:\WINDOWS\DUMP518b.tmp deleted successfully.
C:\WINDOWS\DUMP5544.tmp deleted successfully.
C:\WINDOWS\DUMP566d.tmp deleted successfully.
C:\WINDOWS\DUMP5999.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\Documents and Settings\admin\Data aplikací\.# folder moved successfully.
Unable to delete ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:1CE11B51 .
========== COMMANDS ==========

[EMPTYTEMP]

User: admin
->Temp folder emptied: 58917448 bytes
->Temporary Internet Files folder emptied: 102696945 bytes
->Java cache emptied: 253553 bytes
->FireFox cache emptied: 144282927 bytes
->Google Chrome cache emptied: 24697461 bytes
->Flash cache emptied: 20596 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 53524 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 305392 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 184537 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 40759954 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 132960299 bytes

Total Files Cleaned = 482,00 mb

[EMPTYFLASH]

User: admin
->Flash cache emptied: 0 bytes

User: Administrator

User: All Users

User: Default User

User: Guest

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.7.1 log created on 07072010_195341

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#7 Příspěvek od **Caroprd111** » 07 črc 2010 19:07

Proxy jsem smazal skriptem.

Doporučuji odinstalovat:
C:\Program Files\uTorrent\uTorrent.exe

P2P sítě a jejich klienti jsou potenciálním bezpečnostním rizikem, prakticky neustále jsou zdrojem virů, zbytečně se vystavujete riziku.

Obrázek

Stáhněte T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe

Spusťte, pro potvrzení volby mačkejte klávesu A, Enter
Po použití program vymažte. Pozor, antiviry ho mohou falešně označit za vir.

Stáhněte TFC http://oldtimer.geekstogo.com/TFC.exe

Spusťte.
Klikněte na "Start". Potvrďte hlášku kliknutím na "Ok" (Bude následovat restart)

Stáhněte OTC http://oldtimer.geekstogo.com/OTC.exe

Spusťte.
Klikněte na "CleanUp!". Potvrďte hlášky kliknutím na "Yes" (Bude následovat restart)

Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478

Nainstalujte a v průběhu instalace odškrtněte, že chcete instalovat yahoo toolbar.

Záložka Čistič
Dejte analyzovat, po dokončení dejte Spustit Ccleaner.

Záložka Registry
Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, potom dejte Opravit všechny problémy.
OK Zavřít

Dejte nový log z RSIT.

VIRY.CZ

nejde naběhnout systém

nejde naběhnout systém

Re: nejde naběhnout systém

Re: nejde naběhnout systém

Re: nejde naběhnout systém

Re: nejde naběhnout systém

Re: nejde naběhnout systém

Re: nejde naběhnout systém