TROJAN TR/Dldr.Zlob.AT - žádost o pomoc a kontrolu logu HJT

Zpráva

dawilde · #1 Příspěvek od **dawilde** » 06 srp 2010 07:18

Dobrý den,
s nějakým programem se mi podařilo stáhnout i tohoto skřeta a AVIRA mi neustále vyskakuje s upozorněním co dělat. Přikládám log y HJT. Můžete mi někdo poradit, jak se tohoto a případných dalších problémů na mém PC Zbavit? díky David
Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:13:20, on 6.8.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Xqyxua.exe
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Xxh.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R3 - URLSearchHook: (no name) - _{0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [BSK91O3T6D] C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Xxh.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: AccountLogon - C:\WINDOWS\al-popup-david prochazka.html
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Zobrazit originál - C:\Program Files\VOLNY\akcelerator\original.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - C:\WINDOWS\al-popup-david prochazka.html (HKCU)
O9 - Extra 'Tools' menuitem: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - C:\WINDOWS\al-popup-david prochazka.html (HKCU)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} - http://lg.home.microsoft.com/search/lob ... ttings.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: winmm.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Media Center 15 Service - J. River, Inc. - C:\Program Files\J River\Media Center 15\JRService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 14008 bytes

#2 Příspěvek od **vyosek** » 06 srp 2010 08:15

Zdravim a pekne rano preji

Dejte log z RSITu (viz muj podpis), je dukladnejsi nez HJT...

dawilde · #3 Příspěvek od **dawilde** » 06 srp 2010 08:20

Dobré ráno a dík za rychlou reakci:-)Přikládám požadovaný log...

Logfile of random's system information tool 1.08 (written by random/random)
Run by David Prochazka at 2010-08-06 09:17:43
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 8 GB (14%) free of 57 GB
Total RAM: 511 MB (15% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:18:16, on 6.8.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Xqyxua.exe
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Xxh.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\David Prochazka\My Documents\My New Utilities\RSIT.exe
C:\Program Files\trend micro\David Prochazka.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R3 - URLSearchHook: (no name) - _{0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [BSK91O3T6D] C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Xxh.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: AccountLogon - C:\WINDOWS\al-popup-david prochazka.html
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Zobrazit originál - C:\Program Files\VOLNY\akcelerator\original.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - C:\WINDOWS\al-popup-david prochazka.html (HKCU)
O9 - Extra 'Tools' menuitem: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - C:\WINDOWS\al-popup-david prochazka.html (HKCU)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} - http://lg.home.microsoft.com/search/lob ... ttings.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: winmm.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Media Center 15 Service - J. River, Inc. - C:\Program Files\J River\Media Center 15\JRService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 14077 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\WINDOWS\tasks\{A9BCCC0A-576A-4AB4-BC17-A4E22B9E81D5}_DAVID_David Prochazka.job
C:\WINDOWS\tasks\{BBC01FB3-CAF1-49D9-BC50-42015706CE01}_DAVID_David Prochazka.job
C:\WINDOWS\tasks\{D9378CDF-573F-4ED2-97AD-B7C431A140CA}_DAVID_David Prochazka.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2003-08-06 106548]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-06-01 278128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [2010-06-01 814648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655}
{2CDE1A7D-A478-4291-BF31-E1B4C16F92EB}
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-06-01 278128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2003-11-20 4866048]
"nwiz"=nwiz.exe /installquiet []
"BCMSMMSG"=C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2005-06-24 77914]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-06-24 729178]
"DadApp"=C:\Program Files\Dell\AccessDirect\dadapp.exe [2003-03-07 209800]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2003-08-06 114741]
"DVDSentry"=C:\WINDOWS\System32\DSentry.exe [2003-08-13 28672]
"PCMService"=C:\Program Files\Dell\Media Experience\PCMService.exe [2003-09-23 204800]
"mmtask"=C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe [2003-12-03 53248]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2004-04-08 98304]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2006-11-12 157592]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-21 266497]
"OODefragTray"=C:\WINDOWS\system32\oodtray.exe [2007-05-11 2512392]
"CHotkey"=C:\WINDOWS\zHotkey.exe [2004-12-08 550912]
"ShowWnd"=C:\WINDOWS\ShowWnd.exe [2003-09-18 36864]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"PAC7302_Monitor"=C:\WINDOWS\PixArt\PAC7302\Monitor.exe [2006-11-03 319488]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-06-02 68856]
"ICQ"=C:\Program Files\ICQ6.5\ICQ.exe [2009-11-16 172792]
"BSK91O3T6D"=C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Xxh.exe [2010-08-04 184832]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
NkvMon.exe.lnk - C:\Program Files\Nikon\NkView6\NkvMon.exe

C:\Documents and Settings\David Prochazka\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="winmm.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=0
"NoDriveTypeAutoRun"=145
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\totalcmd\TOTALCMD.EXE"="C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\Program Files\Opera 9 Beta\Opera.exe"="C:\Program Files\Opera 9 Beta\Opera.exe:*:Enabled:Opera Internet Browser"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Sprite Software\Sprite Backup\SpriteService.exe"="C:\Program Files\Sprite Software\Sprite Backup\SpriteService.exe:*:Enabled:Sprite Backup PC Service"
"C:\WINDOWS\SYSTEM32\dpvsetup.exe"="C:\WINDOWS\SYSTEM32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\SYSTEM32\rundll32.exe"="C:\WINDOWS\SYSTEM32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Foxit Software\PDF Editor\PDFEdit.exe"="C:\Program Files\Foxit Software\PDF Editor\PDFEdit.exe:*:Enabled:Foxit PDF Editor, the first REAL editor for PDF files!"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======File associations======

.js - open - "C:\Program Files\Macromedia\Dreamweaver 4\Dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2010-08-06 09:17:43 ----D---- C:\rsit
2010-08-06 08:03:28 ----D---- C:\Program Files\Trend Micro
2010-08-04 18:02:43 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-08-04 18:00:14 ----D---- C:\Program Files\HDD Regenerator
2010-08-04 16:26:53 ----D---- C:\Program Files\Western Digital Corporation
2010-08-04 11:12:43 ----A---- C:\WINDOWS\Xqyxua.exe
2010-07-30 19:40:17 ----N---- C:\WINDOWS\system32\MC15.exe
2010-07-30 19:40:17 ----N---- C:\WINDOWS\system32\AudDevicePlugin.dll
2010-07-30 19:40:17 ----N---- C:\WINDOWS\system32\AReadyLB.dll
2010-07-30 19:40:17 ----A---- C:\WINDOWS\system32\aaisolv.dll
2010-07-30 19:39:58 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2010-07-30 19:39:12 ----D---- C:\WINDOWS\Logs
2010-07-30 19:38:55 ----D---- C:\Program Files\J River
2010-07-30 19:38:38 ----D---- C:\Documents and Settings\David Prochazka\Application Data\J River

======List of files/folders modified in the last 1 months======

2010-08-06 09:12:51 ----D---- C:\WINDOWS\TEMP
2010-08-06 08:40:15 ----SD---- C:\WINDOWS\Tasks
2010-08-06 08:40:02 ----D---- C:\Documents and Settings\David Prochazka\Application Data\Skype
2010-08-06 08:03:33 ----SHD---- C:\WINDOWS\Installer
2010-08-06 08:03:33 ----D---- C:\Config.Msi
2010-08-06 08:03:28 ----AD---- C:\Program Files
2010-08-06 07:40:19 ----D---- C:\Documents and Settings\David Prochazka\Application Data\skypePM
2010-08-06 07:39:39 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-05 23:51:30 ----D---- C:\WINDOWS\system32\oodag
2010-08-05 23:25:27 ----AD---- C:\WINDOWS\SYSTEM32
2010-08-05 23:25:06 ----D---- C:\WINDOWS
2010-08-05 23:02:06 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-05 08:14:37 ----D---- C:\Program Files\MPEG4 Direct Maker
2010-08-05 07:39:37 ----D---- C:\Program Files\SpeedFan
2010-08-05 07:38:54 ----D---- C:\Program Files\WebCopier
2010-08-04 17:21:03 ----D---- C:\Documents and Settings\David Prochazka\Application Data\ZipGenius
2010-08-03 16:42:11 ----D---- C:\WINDOWS\Debug
2010-08-03 07:22:55 ----D---- C:\Documents and Settings\David Prochazka\Application Data\ICQ
2010-08-02 09:15:16 ----D---- C:\Documents and Settings\David Prochazka\Application Data\Azureus
2010-07-31 08:13:24 ----D---- C:\Program Files\Azureus
2010-07-30 19:40:16 ----D---- C:\WINDOWS\system32\DirectX
2010-07-30 19:40:14 ----D---- C:\WINDOWS\INF

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Intel AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]
R0 drvmcdb;drvmcdb; C:\WINDOWS\system32\drivers\drvmcdb.sys [2003-07-31 84576]
R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [2006-10-18 36624]
R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2006-09-24 5248]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2007-01-09 639224]
R0 xmasbus;xmasbus; C:\WINDOWS\System32\DRIVERS\xmasbus.sys [2003-12-22 140800]
R0 xmasscsi;xmasscsi; C:\WINDOWS\System32\Drivers\xmasscsi.sys [2003-12-21 5504]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-01-21 75096]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2003-01-08 17217]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2003-07-14 5621]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2003-07-14 23219]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2003-06-20 40448]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\System32\drivers\PfModNT.sys []
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2003-08-06 25685]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2003-08-06 34837]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2003-08-06 4117]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2003-08-06 2233]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2003-08-06 83284]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2003-08-06 14229]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2003-08-06 6357]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2003-08-06 98068]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2003-08-06 100373]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 BCM43XX;Dell TrueMobile WLAN Card Driver; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2003-06-13 254208]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2003-06-02 43136]
R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
R3 MaBtPort;MA Bluetooth VCOM Driver; C:\WINDOWS\system32\DRIVERS\mabtport.sys [2003-11-21 120800]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2005-10-26 28256]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-11-20 1378172]
R3 ReallusionVirtualAudio;Reallusion Virtual Audio; C:\WINDOWS\system32\DRIVERS\RLVrtAuCbl.sys [2007-03-19 31616]
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\STAC97.sys [2003-04-26 220176]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\System32\DRIVERS\SynTP.sys [2005-06-24 190560]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication; C:\WINDOWS\system32\DRIVERS\adusbser.sys [2006-10-23 93440]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 AteksoftAudio;WebCamera Plus Audio; C:\WINDOWS\system32\drivers\ateksoftaudio.sys [2007-12-25 11776]
S3 avqai6pt;avqai6pt; C:\WINDOWS\system32\drivers\avqai6pt.sys []
S3 Bridge;MAC Bridge; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-04 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-04 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-04 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-04 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-04 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-04 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-04 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-04 19551]
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-04 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-04 23615]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys []
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys []
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys []
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys []
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys []
S3 MaBtc;MA Bluetooth Core Driver; C:\WINDOWS\system32\DRIVERS\MABTC.sys [2003-11-25 80736]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NETMDUSB;Net MD; C:\WINDOWS\System32\Drivers\NETMDUSB.sys [2002-08-08 38951]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\NSNDIS5.SYS []
S3 PAC7302;Eye 312; C:\WINDOWS\system32\DRIVERS\PAC7302.SYS [2007-06-14 457856]
S3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2008-03-07 47360]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-23 151297]
R2 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-23 68865]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTSvcCDA.EXE [1999-12-13 44032]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2003-11-20 77824]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2007-05-11 1050120]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WLTRYSVC;WLTRYSVC; C:\WINDOWS\System32\WLTRYSVC.EXE [2003-06-13 45056]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-06-26 53520]
S2 SSHNAS;SSHNAS; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-07-02 654848]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-05-31 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 Media Center 15 Service;Media Center 15 Service; C:\Program Files\J River\Media Center 15\JRService.exe [2010-06-29 378880]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344]
S3 SonicStage Back-End Service;SonicStage Back-End Service; C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe [2007-02-05 112184]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632]
S3 SSScsiSV;SonicStage SCSI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [2007-02-05 75320]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

-----------------EOF-----------------

#4 Příspěvek od **vyosek** » 06 srp 2010 08:40

Stahnete OTM (viz muj podpis)

Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

Kód: Vybrat vše

:services
SSHNAS

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"_{0428FFC7-1931-45b7-95CB-3CBB919777E1}"=-
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{BA52B914-B692-46c4-B683-905236F6F655}"=-
"{2CDE1A7D-A478-4291-BF31-E1B4C16F92EB}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
"DAEMON Tools"=-
"Adobe Reader Speed Launcher"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=-
"BSK91O3T6D"=-

:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp
C:\WINDOWS\Xqyxua.exe
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\WINDOWS\tasks\{A9BCCC0A-576A-4AB4-BC17-A4E22B9E81D5}_DAVID_David Prochazka.job
C:\WINDOWS\tasks\{BBC01FB3-CAF1-49D9-BC50-42015706CE01}_DAVID_David Prochazka.job
C:\WINDOWS\tasks\{D9378CDF-573F-4ED2-97AD-B7C431A140CA}_DAVID_David Prochazka.job

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]

Kliknete na cervene tlacitko MoveIt!
Sem pote dejte obsah okna Results (pod zelenou carou)
Pokud budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles

dawilde · #5 Příspěvek od **dawilde** » 06 srp 2010 09:08

Tak tady to je, jen mi při procesu vyskakovala okna Aviry s nalezenými objekty (mj. trojan TR/Drop.Renos.B.39) tak jsem dával deny acces a ignore...
Musím teď odjet, vrátím se až odpoledne, takže zatím děkuju za pomoc, snad se Vám z toho podaří něco vyčíst..
log:

All processes killed
========== SERVICES/DRIVERS ==========
Service SSHNAS stopped successfully!
Service SSHNAS deleted successfully!
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\_{0428FFC7-1931-45b7-95CB-3CBB919777E1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\_{0428FFC7-1931-45b7-95CB-3CBB919777E1}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{BA52B914-B692-46c4-B683-905236F6F655} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA52B914-B692-46c4-B683-905236F6F655}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2CDE1A7D-A478-4291-BF31-E1B4C16F92EB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\swg deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\BSK91O3T6D deleted successfully.
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\000001_.tmp moved successfully.
C:\WINDOWS\005513_.tmp moved successfully.
C:\WINDOWS\msdownld.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP27B.tmp folder moved successfully.
C:\WINDOWS\Installer\MSI13.tmp moved successfully.
C:\WINDOWS\Installer\MSI17.tmp moved successfully.
C:\WINDOWS\Installer\MSI1F9.tmp moved successfully.
C:\WINDOWS\Installer\MSI202.tmp moved successfully.
C:\WINDOWS\Installer\MSI21.tmp moved successfully.
C:\WINDOWS\Installer\MSI2A.tmp moved successfully.
C:\WINDOWS\Installer\MSI2C0.tmp moved successfully.
C:\WINDOWS\Installer\MSI3E.tmp moved successfully.
C:\WINDOWS\Installer\MSI43.tmp moved successfully.
C:\WINDOWS\Installer\MSI47.tmp moved successfully.
C:\WINDOWS\Installer\MSI4A.tmp moved successfully.
C:\WINDOWS\Installer\MSI4C5.tmp moved successfully.
C:\WINDOWS\Installer\MSI4E.tmp moved successfully.
C:\WINDOWS\Installer\MSI57.tmp moved successfully.
C:\WINDOWS\Installer\MSIC.tmp moved successfully.
C:\WINDOWS\Installer\MSIDE.tmp moved successfully.
C:\WINDOWS\Installer\MSIE.tmp moved successfully.
C:\WINDOWS\Installer\MSIE4.tmp moved successfully.
C:\WINDOWS\Installer\MSIEA.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\MST8B.tmp moved successfully.
C:\WINDOWS\TEMP\~DFF43.tmp moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\{AB5B687F-0078-43C6-BE4F-8E624075B29E}\{60DE4033-9503-48D1-A483-7846BD217CA9} folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\{AB5B687F-0078-43C6-BE4F-8E624075B29E} folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\{8374FDF4-6817-4577-9C98-D07A35ABA873}\{60DE4033-9503-48D1-A483-7846BD217CA9} folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\{8374FDF4-6817-4577-9C98-D07A35ABA873} folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\{6D7F8CB0-F699-4DE2-90CB-0585EF6A3234} folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\{29A11A1F-BFA9-436A-B4CD-F624D8189EFC}\Disk1 folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\{29A11A1F-BFA9-436A-B4CD-F624D8189EFC} folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\{0ABF7487-CF30-440D-9A83-5FEEF3FEC0C4}\{60DE4033-9503-48D1-A483-7846BD217CA9} folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\{0ABF7487-CF30-440D-9A83-5FEEF3FEC0C4} folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\{02D78191-B7B0-4CA3-BDAF-F2C17C8A56FA}\Disk1 folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\{02D78191-B7B0-4CA3-BDAF-F2C17C8A56FA} folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\_PASFX389 folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\_ISTMP4.DIR folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\_ISTMP3.DIR folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\_ISTMP2.DIR folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\_ISTMP1.DIR folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\ZGTemp folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\WLTB Custom Button Feeds folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\VSD20F.tmp\DotNetFX folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\VSD20F.tmp folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\VSD192.tmp\DotNetFX folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\VSD192.tmp folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Temporary Directory 2 for KTM.zip folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Temporary Directory 1 for zprava_2313.zip folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Temporary Directory 1 for zprava_1952.zip folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Temporary Directory 1 for KTM.zip folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\soniclauc folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\sonicdl.tmp folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\pft2C.tmp folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Patcher\Patcher3868\ZippedStagingArea folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Patcher\Patcher3868\StagingArea folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Patcher\Patcher3868\RTPatch folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Patcher\Patcher3868\PBSLocalizedStrings folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Patcher\Patcher3868\CAPS folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Patcher\Patcher3868 folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Patcher\Patcher3188\ZippedStagingArea folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Patcher\Patcher3188\StagingArea folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Patcher\Patcher3188\RTPatch folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Patcher\Patcher3188\PBSLocalizedStrings folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Patcher\Patcher3188\CAPS folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Patcher\Patcher3188 folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Patcher\Patcher3084\CAPS folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Patcher\Patcher3084 folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Patcher\Patcher2864\ZippedStagingArea folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Patcher\Patcher2864\StagingArea folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Patcher\Patcher2864\RTPatch folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Patcher\Patcher2864\PBSLocalizedStrings folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Patcher\Patcher2864\CAPS folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Patcher\Patcher2864 folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Patcher\Patcher2260\ZippedStagingArea folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Patcher\Patcher2260\StagingArea folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Patcher\Patcher2260\RTPatch folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Patcher\Patcher2260\PBSLocalizedStrings folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Patcher\Patcher2260\CAPS folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Patcher\Patcher2260 folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Patcher\Patcher2160\CAPS folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Patcher\Patcher2160 folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Patcher\Patcher1948\ZippedStagingArea folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Patcher\Patcher1948\StagingArea folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Patcher\Patcher1948\RTPatch folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Patcher\Patcher1948\PBSLocalizedStrings folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Patcher\Patcher1948\CAPS folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Patcher\Patcher1948 folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Patcher\Patcher1452\ZippedStagingArea folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Patcher\Patcher1452\StagingArea folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Patcher\Patcher1452\RTPatch folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Patcher\Patcher1452\PBSLocalizedStrings folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Patcher\Patcher1452\CAPS folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Patcher\Patcher1452 folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Patcher\Patcher1000\ZippedStagingArea folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Patcher\Patcher1000\StagingArea folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Patcher\Patcher1000\RTPatch folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Patcher\Patcher1000\PBSLocalizedStrings folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Patcher\Patcher1000\CAPS folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Patcher\Patcher1000 folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Patcher folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\OWP30C.tmp\Office.en-us\1033 folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\OWP30C.tmp\Office.en-us folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\OWP30C.tmp\InfoPath.en-us folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\OWP30C.tmp\Groove.en-us\Groove.en-us folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\OWP30C.tmp\Groove.en-us folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\OWP30C.tmp\Excel.en-us folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\OWP30C.tmp\Access.en-us\Access.en-us folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\OWP30C.tmp\Access.en-us folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\OWP30C.tmp folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\O&O Defrag Professional folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\msohtmlclip1\01 folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\msohtmlclip1 folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\MessengerCache folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\MapSource folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Low\ICQToolbar folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Low folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\kbpki folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\hsperfdata_David Prochazka folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Foxit PDF Editor folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\EALight\System\Space folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\EALight\System folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\EALight\Mk\Runtime folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\EALight\Mk folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\EALight folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\e4j1C.tmp_dir5876 folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\ckz_8SJV\USB_Drivers\I386 folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\ckz_8SJV\USB_Drivers\Amd64 folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\ckz_8SJV\USB_Drivers folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\ckz_8SJV\Bin\MSI\2.0 folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\ckz_8SJV\Bin\MSI folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\ckz_8SJV\Bin folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\ckz_8SJV folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\AVCBack folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Adobe Reader 8 folder moved successfully.
C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp folder moved successfully.
C:\WINDOWS\Xqyxua.exe moved successfully.
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job moved successfully.
C:\WINDOWS\tasks\MP Scheduled Scan.job moved successfully.
C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job moved successfully.
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job moved successfully.
C:\WINDOWS\tasks\{A9BCCC0A-576A-4AB4-BC17-A4E22B9E81D5}_DAVID_David Prochazka.job moved successfully.
C:\WINDOWS\tasks\{BBC01FB3-CAF1-49D9-BC50-42015706CE01}_DAVID_David Prochazka.job moved successfully.
C:\WINDOWS\tasks\{D9378CDF-573F-4ED2-97AD-B7C431A140CA}_DAVID_David Prochazka.job moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator

User: All Users

User: David Prochazka
->Temporary Internet Files folder emptied: 15609617 bytes
->Java cache emptied: 3578140 bytes
->FireFox cache emptied: 53366699 bytes
->Opera cache emptied: 41478476 bytes
->Flash cache emptied: 5588 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: El Perron.MICROSOF-CUQ7G8

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 5798775 bytes

User: NetworkService
->Temp folder emptied: 487034 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14422880 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 146156 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 129,00 mb

Restore points cleared and new OTM Restore Point set!

OTM by OldTimer - Version 3.1.15.0 log created on 08062010_094331

Files moved on Reboot...
C:\Documents and Settings\David Prochazka\Local Settings\Temporary Internet Files\Content.IE5\KN83PLO0\ads[3].htm moved successfully.
C:\Documents and Settings\David Prochazka\Local Settings\Temporary Internet Files\Content.IE5\KN83PLO0\ads[4].htm moved successfully.
C:\Documents and Settings\David Prochazka\Local Settings\Temporary Internet Files\Content.IE5\KN83PLO0\afr[1].htm moved successfully.
C:\Documents and Settings\David Prochazka\Local Settings\Temporary Internet Files\Content.IE5\995F2O6G\ads[1].htm moved successfully.
C:\Documents and Settings\David Prochazka\Local Settings\Temporary Internet Files\Content.IE5\995F2O6G\hijackthis290ba78d[1].htm moved successfully.
C:\Documents and Settings\David Prochazka\Local Settings\Temporary Internet Files\Content.IE5\995F2O6G\mail[1].htm moved successfully.
C:\Documents and Settings\David Prochazka\Local Settings\Temporary Internet Files\Content.IE5\995F2O6G\mail[2].htm moved successfully.
C:\Documents and Settings\David Prochazka\Local Settings\Temporary Internet Files\Content.IE5\995F2O6G\search[2].htm moved successfully.
C:\Documents and Settings\David Prochazka\Local Settings\Temporary Internet Files\Content.IE5\7CF3A78S\mail[2].htm moved successfully.

Registry entries deleted on Reboot...

#6 Příspěvek od **vyosek** » 06 srp 2010 09:12

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) (viz muj podpis)

Provedte aktualizaci - treti zalozka
Provedte uplny sken - nic nemazte
MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

#7 Příspěvek od **vyosek** » 06 srp 2010 09:24

Kde presne Avira tu havet hlasila

dawilde · #8 Příspěvek od **dawilde** » 06 srp 2010 19:18

Tady:
O4 - HKCU\..\Run: [BSK91O3T6D] C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Xxh.exe

dawilde · #9 Příspěvek od **dawilde** » 06 srp 2010 19:25

Tady je MBAM log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4399

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6.8.2010 20:23:05
mbam-log-2010-08-06 (20-23-05).txt

Scan type: Quick scan
Objects scanned: 156175
Time elapsed: 30 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 15
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.AntiVirus2008) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000020040000} (Trojan.Dialer) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9aa57522-2ecd-47df-bd38-20e7e577a464} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\10DPP6O2VE (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\BSK91O3T6D (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bsk91o3t6d (Trojan.FakeAlert) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\SYSTEM32\sshnas21.VIR (Trojan.Downloader) -> No action taken.
C:\WINDOWS\BM67defea7.txt (Trojan.Vundo) -> No action taken.
C:\WINDOWS\didduid.ini (Fake.Dropped.Malware) -> No action taken.

#10 Příspěvek od **vyosek** » 06 srp 2010 21:09

Vse co nasel MBAM smazte

Provedte uplny(kompletni) sken - opet nic nemazat a log sem

To hlaseni Avastu jsem podchytil uz skriptem z OTM

dawilde · #11 Příspěvek od **dawilde** » 07 srp 2010 14:55

Tak tady je log, opět mi vyskakovala Avira s trojany, které jsou v karanténě OTM...

Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Database version: 4399

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7.8.2010 15:31:01
mbam-log-2010-08-07 (15-31-01).txt

Scan type: Full scan (C:\|)
Objects scanned: 298558
Time elapsed: 3 hour(s), 43 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\DAEMON Tools\SetupDTSB.exe (Adware.WhenU) -> No action taken.
C:\_OTM\MovedFiles\08062010_094331\C_DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Xxf.exe (Trojan.Downloader) -> No action taken.
C:\_OTM\MovedFiles\08062010_094331\C_DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Xxg.exe (Trojan.Downloader) -> No action taken.
C:\_OTM\MovedFiles\08062010_094331\C_DOCUME~1\DAVIDP~1\LOCALS~1\Temp\Xxh.exe (Trojan.Downloader) -> No action taken.
C:\_OTM\MovedFiles\08062010_094331\C_WINDOWS\Xqyxua.exe (Trojan.Downloader) -> No action taken.

#12 Příspěvek od **vyosek** » 07 srp 2010 15:08

Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)

C:\Program Files\DAEMON Tools\SetupDTSB.exe
Kliknete na Prochazet
Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
Pokud napise Soubor byl jiz testovan, dejte otestovat znovu
Kliknete na Otestovat soubor
Vysledek analyzy sem vlozte (jako odkaz)

V karantene je havet neskodna, samozrejme ji na zaver smazu

dawilde · #13 Příspěvek od **dawilde** » 07 srp 2010 15:23

a tady je výsledek analýzy..:

http://www.virustotal.com/cs/analisis/a ... 1281190856

#14 Příspěvek od **vyosek** » 07 srp 2010 15:24

Takze jej take v MBAM smazte, chtel jsem jen overit ze se nejedna o falesny poplach MBAMu - nejednalo

Jak se chova PC

dawilde · #15 Příspěvek od **dawilde** » 07 srp 2010 15:25

jen pro sichr-mám tedy smazat vše co mbam našel?

VIRY.CZ

TROJAN TR/Dldr.Zlob.AT - žádost o pomoc a kontrolu logu HJT

TROJAN TR/Dldr.Zlob.AT - žádost o pomoc a kontrolu logu HJT

Re: TROJAN TR/Dldr.Zlob.AT - žádost o pomoc a kontrolu logu

Re: TROJAN TR/Dldr.Zlob.AT - žádost o pomoc a kontrolu logu

Re: TROJAN TR/Dldr.Zlob.AT - žádost o pomoc a kontrolu logu

Re: TROJAN TR/Dldr.Zlob.AT - žádost o pomoc a kontrolu logu

Re: TROJAN TR/Dldr.Zlob.AT - žádost o pomoc a kontrolu logu

Re: TROJAN TR/Dldr.Zlob.AT - žádost o pomoc a kontrolu logu

Re: TROJAN TR/Dldr.Zlob.AT - žádost o pomoc a kontrolu logu

Re: TROJAN TR/Dldr.Zlob.AT - žádost o pomoc a kontrolu logu

Re: TROJAN TR/Dldr.Zlob.AT - žádost o pomoc a kontrolu logu

Re: TROJAN TR/Dldr.Zlob.AT - žádost o pomoc a kontrolu logu

Re: TROJAN TR/Dldr.Zlob.AT - žádost o pomoc a kontrolu logu

Re: TROJAN TR/Dldr.Zlob.AT - žádost o pomoc a kontrolu logu

Re: TROJAN TR/Dldr.Zlob.AT - žádost o pomoc a kontrolu logu

Re: TROJAN TR/Dldr.Zlob.AT - žádost o pomoc a kontrolu logu