Nemožnost zobrazit webové stránky ač třeba ping funguje

[fix]

Ahoj, asi před týdnem se mi na notebooku vyskytl problém. Inteligent jsem nepřemýšlel, potřeboval jsem rychle stáhnout něco z Youtube.com přes nějaký Youtube Downloader. Tak jsem stáhnul první, nefungoval, druhý, třetí atd. Jeden z nich pak již fungoval v pořádku, ale mám podezření, že se mi z jednoho z nich dostal do PC vir.

Bohužel nemůžu určit který z nich to byl, kdyžtak bych mohl najít instalačky snad všech, co jsem stánul. Nicméně NOD32 (aktualizovaný) v instalačním balíčku nic neobjevil. To až po restartu počítače. Co viděl, to jsem pomocí něj odstranil, ale problémy přetrvávají dál.

Problémem je podle mého soubor syscr.exe, který ač jsem ho smazal (nadobro) se přemístil do c:\RECYCLER\S-1-5-21-3251000683-8569685393-881129870-9238\syscr.exe a spouští další procesy pojmenované vždy nějakými (vždy jinými) čísly s postfixem .exe. Poté podle mého také spouští proces cfdrive32.exe a msvmiode.exe, ale tím si nejsem jist.

Každopádně to ve výsledku dělá to, že když chci přes jakýkoliv prohlížeč zobrazit webovou stránku, stránka se ani nezačne načítat. Všechno ale začne zase fungovat, když zmíněné procesy povypínám.

Vše jsem se snažil opravit (a procesy nadobro odstranit i se soubory) přes Lodusovo UPM, což bohužel nepomohlo. Syscr.exe z "koše" nejde ostranit (ani v nouzovém režimu) a jako služba se spouští jen na krátký okamžik, aby nastartoval zbylé procesy a pak se zase vypne.

Nevím si s tím rady. Přikládám log z RSIT.

Logfile of random's system information tool 1.08 (written by random/random)
Run by FixCZ at 2010-08-16 10:39:23
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 14 GB (6%) free of 238 GB
Total RAM: 1535 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:40:03, on 16.8.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Seznam.cz\postak.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\EasyPHP 2.0b1\EasyPHP.exe
C:\Program Files\QIP\qip.exe
C:\WINDOWS\system32\syscache.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\WINDOWS\system32\syscache.exe
C:\WINDOWS\system32\syscache.exe
C:\PROGRA~1\EASYPH~1.0B1\Apache\bin\apache.exe
C:\PROGRA~1\EASYPH~1.0B1\MySql\bin\mysqld.exe
C:\DOCUME~1\FixCZ\LOCALS~1\Temp\273.exe
C:\PROGRA~1\EASYPH~1.0B1\Apache\bin\apache.exe
C:\WINDOWS\cfdrive32.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\msvmiode.exe
C:\totalcmd\TOTALCMD.EXE
c:\Documents and Settings\fixcz\plocha\RSIT.exe
C:\Program Files\trend micro\FixCZ.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.qip.ru/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qip.ru/search?query=%s&from=IE
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\FixCZ\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\YouTube Downloader Toolbar\SearchSettings.dll (file missing)
O1 - Hosts: yp8LOcKQ8iIYJsZpoQzUDIcIQPa8yYrhdrL4s
O1 - Hosts: pSLkm1nuDr4deciKS2AQP0cg7ASJq69w5!
O1 - Hosts: l3hMMisHeCdG3w3f0u!BhuBxL6mwxJa6EGjqNXLmghfl5bk
O1 - Hosts: sfj!DbMKoaznctFlk77CM2yQx1lAlibxtVBOVR6oqQR4u9H1CK8g5GABzFnenYtbvzDtXv7NIuTHwNZEEp0F7kCfAjoUFCvRNe
O1 - Hosts: 9eaosJ0amyr2jG5qj9JUVTZHyHhwvPTXNgyp8LOcKQ8iIYJsZpoQzUDIcIQPa8yY
O1 - Hosts: hdrL4sdpSLkm1nuDr4deciKS2AQP0cg7ASJq69w5!ql3hMMis
O1 - Hosts: eCdG3w3f0u!BhuBxL6mwxJa6EGjqNXLmghfl5bkE!0sfj!DbMKoaznctFlk77CM2yQx
O1 - Hosts: lAlibxtVBOVR6oqQR4u9H1CK8g5GABzFnenYtbvzDtXv7NIuTHwNZEEp0F7kCfAjoUFCvRNeE9eaosJ0amyr2jG5
O1 - Hosts: JUVTZHyHhwvPTXNgyp8LOcKQ8iIYJsZpoQzUDIcIQPa8yYrhdrL4sdpSLkm1nuDr4deciKS2AQP0cg7ASJq69w5!ql3hMMis
O1 - Hosts: eCdG3w3f0u!BhuBxL6mwxJa6EGjqNXLmghfl5bkE!0sfj!DbMKoaznctFlk77CM2yQx
O1 - Hosts: libxtVBOVR6oqQR4u9H1CK8g5GABzFnenYtbvzDtXv7NIuTHwNZEEp0F7kC
O1 - Hosts: AjoUFCvRNeE9eaosJ0amyr2jG5qj9JUVTZHy
O1 - Hosts: vPTXNgyp8LOcKQ8iIYJsZpoQzUDIcIQPa8yYrhdrL4sdpSLkm1nuDr4
O1 - Hosts: iKS2AQP0cg7ASJq69w5!ql3hMMisHeCd
O1 - Hosts: 3f0u!BhuBxL6mwxJa6EGjqNXLmghfl5bkE!0sfj!DbMKoaznctFlk77
O1 - Hosts: M2yQx1lAlibxtVBOVR6oqQR4u9H1CK8g5GABzFnenYtbvzDtXv7NIuTHwNZEE
O1 - Hosts: 0F7kCfAjoUFCvRNeE9eaosJ0amyr2jG5qj9JUVTZHyHhwv
O1 - Hosts: TXNgyp8LOcKQ8iIYJsZpoQzUDIcIQPa8yYrhdrL4sdpSLkm1nuDr4deciKS2AQP0cg7ASJq69w5
O1 - Hosts: 3hMMisHeCdG3w3f0u!BhuBxL6mwxJa6EGjqNXLmghfl
O1 - Hosts: bkE!0sfj!DbMKoaznctFlk77CM2yQx1lAlibxtVBOVR6oqQR4u9H1CK8g5GABzFnenYtbvzDtXv7NIuTHwNZEEp0F7kC
O1 - Hosts: oUFCvRNeE9eaosJ0amyr2jG5qj9JUVTZHyHhwvPT
O1 - Hosts: Ngyp8LOcKQ8iIYJsZpoQzUDIcIQPa8yYrhdrL4sdpSLkm1nuDr4deciKS2AQP0cg7ASJq69w5!ql3hMMisHe
O1 - Hosts: dG3w3f0u!BhuBxL6mwxJa6EGjqNXLmghfl5bkE!0sfj!DbMKoaznctFlk77CM2
O1 - Hosts: 1lAlibxtVBOVR6oqQR4u9H1CK8g5GABzFnenYtbvzDtXv7NIuTHwNZEE
O1 - Hosts: 0F7kCfAjoUFCvRNeE9eaosJ0amyr2jG5qj9JUVTZHyHhwv
O1 - Hosts: TXNgyp8LOcKQ8iIYJsZpoQzUDIcIQPa8yYrhdrL4sdpSLkm1nuDr4deciKS2AQP0cg7ASJq69w5
O1 - Hosts: ql3hMMisHeCdG3w3f0u!BhuBxL6mwxJa6EGjqNXLmghfl5bkE!0sfj!DbMKoaznctFlk77CM2yQx1lAlibxtVBOVR6oqQR4u9H1
O1 - Hosts: g5GABzFnenYtbvzDtXv7NIuTHwNZEEp0F7kCfAjoUFCvRNeE9eaosJ0amyr2jG5qj9JUVTZHyHhwvPTXNgyp8LOcKQ8iIYJs
O1 - Hosts: poQzUDIcIQPa8yYrhdrL4sdpSLkm1nuDr4deciKS2AQP0cg7ASJq69w5!ql3hMMisHeCdG3w3f0u!BhuBxL6mwx
O1 - Hosts: a6EGjqNXLmghfl5bkE!0sfj!DbMKoaznctFlk77CM2yQx1lAlibxtVBOVR6oqQR4u9H1C
O1 - Hosts: 5GABzFnenYtbvzDtXv7NIuTHwNZEEp0F7kCfA
O1 - Hosts: oUFCvRNeE9eaosJ0amyr2jG5qj9JUVTZHyHhwvPT
O1 - Hosts: Ngyp8LOcKQ8iIYJsZpoQzUDIcIQPa8yYrhdrL4sdpSLkm1nuDr4deciKS2AQP0cg7ASJq69w5!ql3hMMisHe
O1 - Hosts: dG3w3f0u!BhuBxL6mwxJa6EGjqNXLmghfl5bkE!0sfj!DbMKoaznctFlk77CM2
O1 - Hosts: Qx1lAlibxtVBOVR6oqQR4u9H1CK8g5GABzFnenYtbvzDtXv7NIuTHwNZE
O1 - Hosts: F7kCfAjoUFCvRNeE9eaosJ0amyr2jG5qj9JUVTZHyHhwvPTXNgyp8LOcKQ8iIYJsZpoQzUDIcIQPa8yYrhdrL4sdpSLkm1nuDr
O1 - Hosts: deciKS2AQP0cg7ASJq69w5!ql3hMMisHeCdG3w3f0u!BhuBxL6mwxJa6EGjqNXLmghfl5bkE!0sfj!DbMKoaznctFlk
O1 - Hosts: M2yQx1lAlibxtVBOVR6oqQR4u9H1CK8g5GABzFnenYtbvzDtXv7NIuTHwNZEE
O1 - Hosts: 0F7kCfAjoUFCvRNeE9eaosJ0amyr2jG5qj9JUVTZHyHhwv
O1 - Hosts: TXNgyp8LOcKQ8iIYJsZpoQzUDIcIQPa8yYrhdrL4sdpSLkm1nuDr4deciKS2AQP0cg7ASJq69w5
O1 - Hosts: ql3hMMisHeCdG3w3f0u!BhuBxL6mwxJa6EGjqNXLmghfl5bkE!0sfj!DbMKoaznctFlk77CM2yQx1lAlibxtVBOVR6oqQR4u9H1
O1 - Hosts: K8g5GABzFnenYtbvzDtXv7NIuTHwNZEEp0F7kCfAjoUFCvRNeE9eaosJ0amyr2
O1 - Hosts: qj9JUVTZHyHhwvPTXNgyp8LOcKQ8iIYJsZpoQzUDIcIQPa8yYrhdrL4sdpSLkm1nuDr4deciKS2AQP0cg7ASJq69w5!q
O1 - Hosts: 3hMMisHeCdG3w3f0u!BhuBxL6mwxJa6EGjqNXLmghfl
O1 - Hosts: bkE!0sfj!DbMKoaznctFlk77CM2yQx1lAlibxtVBOVR6oqQR4u9H1CK8g5GABzFnenYtbvzDtXv7NIuTHwNZEEp0F7kC
O1 - Hosts: oUFCvRNeE9eaosJ0amyr2jG5qj9JUVTZHyHhwvPT
O1 - Hosts: Ngyp8LOcKQ8iIYJsZpoQzUDIcIQPa8yYrhdrL4sdpSLkm1nuDr4deciKS2AQP0cg7ASJq69w5!ql3hMMisHe
O1 - Hosts: dG3w3f0u!BhuBxL6mwxJa6EGjqNXLmghfl5bkE!0sfj!DbMKoaznctFlk77CM2
O1 - Hosts: 1lAlibxtVBOVR6oqQR4u9H1CK8g5GABzFnenYtbvzDtXv7NIuTHwNZEE
O1 - Hosts: 0F7kCfAjoUFCvRNeE9eaosJ0amyr2jG5qj9JUVTZHyHhwv
O1 - Hosts: TXNgyp8LOcKQ8iIYJsZpoQzUDIcIQPa8yYrhdrL4sdpSLkm1nuDr4deciKS2AQP0cg7ASJq69w5
O1 - Hosts: ql3hMMisHeCdG3w3f0u!BhuBxL6mwxJa6EGjqNXLmghfl5bkE!0sfj!DbMKoaznctFlk77CM2yQx1lAlibxtVBOVR6oqQR4u9H1
O1 - Hosts: g5GABzFnenYtbvzDtXv7NIuTHwNZEEp0F7kCfAjoUFCvRNeE9eaosJ0amyr2jG5qj9JUVTZHyHhwvPTXNgyp8LOcKQ8iIYJs
O1 - Hosts: poQzUDIcIQPa8yYrhdrL4sdpSLkm1nuDr4deciKS2AQP0cg7ASJq69w5!ql3hMMisHeCdG3w3f0u!BhuBxL6mwx
O1 - Hosts: a6EGjqNXLmghfl5bkE!0sfj!DbMKoaznctFlk77CM2yQx1lAlibxtVBOVR6oqQR4u9H1C
O1 - Hosts: 5GABzFnenYtbvzDtXv7NIuTHwNZEEp0F7kCfA
O1 - Hosts: oUFCvRNeE9eaosJ0amyr2jG5qj9JUVTZHyHhwvPT
O1 - Hosts: Ngyp8LOcKQ8iIYJsZpoQzUDIcIQgCz1qUKFTdvVGRjdMPrQQ7TuFGEKbjs4ihAFIy3kbSwzYwBSOtJddKV!H
O1 - Hosts: G0uZuHAQC4KX5ZcxPY1aDx70LTfpcOJJHNvDM7CBUILB6EebQD2QFV9NNxx5et2o1sN3OLDZQm5gniwRShjuXA!s6czJw
O1 - Hosts: 4428PHPpQEX36VoYyf!Qk!Zer88RB9yN5I4MRl96XifG8AHCQUbBDO1UsL9wTMzblmkq020JZYgloeI2SzdfEchyL!qaUqSQn
O1 - Hosts: aFangCz1qUKFTdvVGRjdMPrQQ7TuFGEKbjs4ihAFIy3kbSwzYwBSOtJddKV!H6G0uZuHAQC4KX5ZcxPY1aDx70LTfpcOJJ
O1 - Hosts: NvDM7CBUILB6EebQD2QFV9NNxx5et2o1sN3OLDZQm5gniwRShjuXA!s6czJw94428PH
O1 - Hosts: EX36VoYyf!Qk!Zer88RB9yN5I4MRl96XifG8AHCQUbBDO1UsL9wTMzblmkq020JZYgloeI2SzdfEchyL!qa
O1 - Hosts: qSQn3m7aFangCz1qUKFTdvVGRjdMPrQQ7TuFGEKbjs4ihAFIy3kbSwzYwBSOtJddKV!H6G0uZuHAQC4KX5
O1 - Hosts: PY1aDx70LTfpcOJJHNvDM7CBUILB6EebQD2QFV9NNxx5et2o1sN3OLDZ
O1 - Hosts: gniwRShjuXA!s6czJw94428PHPpQEX36VoYyf!Qk!Zer88RB9yN5I4MRl96XifG8AHCQUbBDO1UsL9wTMzblmkq020JZ
O1 - Hosts: gloeI2SzdfEchyL!qaUqSQn3m7aFangCz1qUKFTdvVGRjdMPrQQ7TuFGEKbjs4ihAFIy3kbSwzYwBSOtJddKV
O1 - Hosts: G0uZuHAQC4KX5ZcxPY1aDx70LTfpcOJJHNvDM7CBUILB6EebQD2QFV9NNxx5et2o1sN3OLDZQm5gniwRShjuXA!s6czJw
O1 - Hosts: 4428PHPpQEX36VoYyf!Qk!Zer88RB9yN5I4MRl96XifG8AHCQUbBDO1UsL9wTMzblmkq020JZYgloeI2SzdfEchyL!qaUqSQn
O1 - Hosts: m7aFangCz1qUKFTdvVGRjdMPrQQ7TuFGEKbjs4ihAFIy3kbSwzYwBSOtJddKV!H6G0uZuHAQC4KX5ZcxPY1aDx70LT
O1 - Hosts: OJJHNvDM7CBUILB6EebQD2QFV9NNxx5e
O1 - Hosts: 2o1sN3OLDZQm5gniwRShjuXA!s6czJw94428PHPpQEX36VoYyf!
O1 - Hosts: Zer88RB9yN5I4MRl96XifG8AHCQUbBDO1UsL9wTMzblmkq020JZYgloeI2SzdfEchyL!qaUqSQn3m7aFangCz1qUKFTdvVGRjdM
O1 - Hosts: rQQ7TuFGEKbjs4ihAFIy3kbSwzYwBSOtJddKV!H6G0uZuHAQC4KX5ZcxPY1aDx70LTfpcOJJHNv
O1 - Hosts: CBUILB6EebQD2QFV9NNxx5et2o1sN3OLDZQm5gniwRShjuXA!s6czJw94428PHPpQEX36VoYyf!Qk!Zer88RB9yN5I4MRl9
O1 - Hosts: XifG8AHCQUbBDO1UsL9wTMzblmkq020JZYgloeI2SzdfEchyL!qaUqSQn3m7aFangCz1qUKFTdvVGRjdMPrQQ7TuFGEKb
O1 - Hosts: s4ihAFIy3kbSwzYwBSOtJddKV!H6G0uZuHAQC4KX5
O1 - Hosts: PY1aDx70LTfpcOJJHNvDM7CBUILB6EebQD2QFV9NNxx5et2o1sN3OLDZ
O1 - Hosts: gniwRShjuXA!s6czJw94428PHPpQEX36VoYyf!Qk!Zer88RB9yN5I4MRl96XifG8AHCQUbBDO1UsL9wTMzblmkq020JZ
O1 - Hosts: gloeI2SzdfEchyL!qaUqSQn3m7aFangCz1qUKFTdvVGRjdMPrQQ7TuFGEKbjs4ihAFIy3kbSwzYwBSOtJddKV
O1 - Hosts: G0uZuHAQC4KX5ZcxPY1aDx70LTfpcOJJHNvDM7CBUILB6EebQD2QFV9NNxx5et2o1sN3OLDZQm5gniwRShjuXA!s6czJw
O1 - Hosts: 4428PHPpQEX36VoYyf!Qk!Zer88RB9yN5I4MRl96XifG8AHCQUbBDO1UsL9wTMzblmkq020JZYgloeI2SzdfEchyL!qaUqSQn
O1 - Hosts: m7aFangCz1qUKFTdvVGRjdMPrQQ7TuFGEKbjs4ihAFIy3kbSwzYwBSOtJddKV!H6G0uZuHAQC4KX5ZcxPY1aDx70LT
O1 - Hosts: OJJHNvDM7CBUILB6EebQD2QFV9NNxx5e
O1 - Hosts: 2o1sN3OLDZQm5gniwRShjuXA!s6czJw94428PHPpQEX36VoYyf!
O1 - Hosts: Zer88RB9yN5I4MRl96XifG8AHCQUbBDO1UsL9wTMzblmkq020JZYgloeI2SzdfEchyL!qaUqSQn3m7aFangCz1qUKFTdvVGRjdM
O1 - Hosts: rQQ7TuFGEKbjs4ihAFIy3kbSwzYwBSOtJddKV!H6G0uZuHAQC4KX5ZcxPY1aDx70LTfpcOJJHNv
O1 - Hosts: CBUILB6EebQD2QFV9NNxx5et2o1sN3OLDZQm5gniwRShjuXA!s6czJw94428PHPpQEX36VoYyf!Qk!Zer88RB9yN5I4MRl9
O1 - Hosts: XifG8AHCQUbBDO1UsL9wTMzblmkq020JZYgloeI2SzdfEchyL!qaUqSQn3m7aFangCz1qUKFTdvVGRjdMPrQQ7TuFGEKb
O1 - Hosts: s4ihAFIy3kbSwzYwBSOtJddKV!H6G0uZuHAQC4KX5
O1 - Hosts: PY1aDx70LTfpcOJJHNvDM7CBUILB6EebQD2QFV9NNxx5et2o1sN3OLDZ
O1 - Hosts: gniwRShjuXA!s6czJw94428PHPpQEX36VoYyf!Qk!Zer88RB9yN5I4MRl96XifG8AHCQUbBDO1UsL9wTMzblmkq020JZ
O1 - Hosts: gloeI2SzdfEchyL!qaUqSQn3m7aFangCz1qUKFTdvVGRjdMPrQQ7TuFGEKbjs4ihAFIy3kbSwzYwBSOtJddKV
O1 - Hosts: yp8LOcKQ8iIYJsZpoQzUDIcIQPa8yYrhdrL4s
O1 - Hosts: pSLkm1nuDr4deciKS2AQP0cg7ASJq69w5!
O1 - Hosts: l3hMMisHeCdG3w3f0u!BhuBxL6mwxJa6EGjqNXLmghfl5bk
O1 - Hosts: sfj!DbMKoaznctFlk77CM2yQx1lAlibxtVBOVR6oqQR4u9H1CK8g5GABzFnenYtbvzDtXv7NIuTHwNZEEp0F7kCfAjoUFCvRNe
O1 - Hosts: 9eaosJ0amyr2jG5qj9JUVTZHyHhwvPTXNgyp8LOcKQ8iIYJsZpoQzUDIcIQPa8yY
O1 - Hosts: hdrL4sdpSLkm1nuDr4deciKS2AQP0cg7ASJq69w5!ql3hMMis
O1 - Hosts: eCdG3w3f0u!BhuBxL6mwxJa6EGjqNXLmghfl5bkE!0sfj!DbMKoaznctFlk77CM2yQx
O1 - Hosts: lAlibxtVBOVR6oqQR4u9H1CK8g5GABzFnenYtbvzDtXv7NIuTHwNZEEp0F7kCfAjoUFCvRNeE9eaosJ0amyr2jG5
O1 - Hosts: JUVTZHyHhwvPTXNgyp8LOcKQ8iIYJsZpoQzUDIcIQPa8yYrhdrL4sdpSLkm1nuDr4deciKS2AQP0cg7ASJq69w5!ql3hMMis
O1 - Hosts: eCdG3w3f0u!BhuBxL6mwxJa6EGjqNXLmghfl5bkE!0sfj!DbMKoaznctFlk77CM2yQx
O1 - Hosts: libxtVBOVR6oqQR4u9H1CK8g5GABzFnenYtbvzDtXv7NIuTHwNZEEp0F7kC
O1 - Hosts: AjoUFCvRNeE9eaosJ0amyr2jG5qj9JUVTZHy
O1 - Hosts: vPTXNgyp8LOcKQ8iIYJsZpoQzUDIcIQPa8yYrhdrL4sdpSLkm1nuDr4
O1 - Hosts: iKS2AQP0cg7ASJq69w5!ql3hMMisHeCd
O1 - Hosts: 3f0u!BhuBxL6mwxJa6EGjqNXLmghfl5bkE!0sfj!DbMKoaznctFlk77
O1 - Hosts: M2yQx1lAlibxtVBOVR6oqQR4u9H1CK8g5GABzFnenYtbvzDtXv7NIuTHwNZEE
O1 - Hosts: 0F7kCfAjoUFCvRNeE9eaosJ0amyr2jG5qj9JUVTZHyHhwv
O1 - Hosts: TXNgyp8LOcKQ8iIYJsZpoQzUDIcIQPa8yYrhdrL4sdpSLkm1nuDr4deciKS2AQP0cg7ASJq69w5
O1 - Hosts: 3hMMisHeCdG3w3f0u!BhuBxL6mwxJa6EGjqNXLmghfl
O1 - Hosts: bkE!0sfj!DbMKoaznctFlk77CM2yQx1lAlibxtVBOVR6oqQR4u9H1CK8g5GABzFnenYtbvzDtXv7NIuTHwNZEEp0F7kC
O1 - Hosts: oUFCvRNeE9eaosJ0amyr2jG5qj9JUVTZHyHhwvPT
O1 - Hosts: Ngyp8LOcKQ8iIYJsZpoQzUDIcIQPa8yYrhdrL4sdpSLkm1nuDr4deciKS2AQP0cg7ASJq69w5!ql3hMMisHe
O1 - Hosts: dG3w3f0u!BhuBxL6mwxJa6EGjqNXLmghfl5bkE!0sfj!DbMKoaznctFlk77CM2
O1 - Hosts: 1lAlibxtVBOVR6oqQR4u9H1CK8g5GABzFnenYtbvzDtXv7NIuTHwNZEE
O1 - Hosts: 0F7kCfAjoUFCvRNeE9eaosJ0amyr2jG5qj9JUVTZHyHhwv
O1 - Hosts: TXNgyp8LOcKQ8iIYJsZpoQzUDIcIQPa8yYrhdrL4sdpSLkm1nuDr4deciKS2AQP0cg7ASJq69w5
O1 - Hosts: ql3hMMisHeCdG3w3f0u!BhuBxL6mwxJa6EGjqNXLmghfl5bkE!0sfj!DbMKoaznctFlk77CM2yQx1lAlibxtVBOVR6oqQR4u9H1
O1 - Hosts: g5GABzFnenYtbvzDtXv7NIuTHwNZEEp0F7kCfAjoUFCvRNeE9eaosJ0amyr2jG5qj9JUVTZHyHhwvPTXNgyp8LOcKQ8iIYJs
O1 - Hosts: poQzUDIcIQPa8yYrhdrL4sdpSLkm1nuDr4deciKS2AQP0cg7ASJq69w5!ql3hMMisHeCdG3w3f0u!BhuBxL6mwx
O1 - Hosts: a6EGjqNXLmghfl5bkE!0sfj!DbMKoaznctFlk77CM2yQx1lAlibxtVBOVR6oqQR4u9H1C
O1 - Hosts: 5GABzFnenYtbvzDtXv7NIuTHwNZEEp0F7kCfA
O1 - Hosts: oUFCvRNeE9eaosJ0amyr2jG5qj9JUVTZHyHhwvPT
O1 - Hosts: Ngyp8LOcKQ8iIYJsZpoQzUDIcIQPa8yYrhdrL4sdpSLkm1nuDr4deciKS2AQP0cg7ASJq69w5!ql3hMMisHe
O1 - Hosts: dG3w3f0u!BhuBxL6mwxJa6EGjqNXLmghfl5bkE!0sfj!DbMKoaznctFlk77CM2
O1 - Hosts: Qx1lAlibxtVBOVR6oqQR4u9H1CK8g5GABzFnenYtbvzDtXv7NIuTHwNZE
O1 - Hosts: F7kCfAjoUFCvRNeE9eaosJ0amyr2jG5qj9JUVTZHyHhwvPTXNgyp8LOcKQ8iIYJsZpoQzUDIcIQPa8yYrhdrL4sdpSLkm1nuDr
O1 - Hosts: deciKS2AQP0cg7ASJq69w5!ql3hMMisHeCdG3w3f0u!BhuBxL6mwxJa6EGjqNXLmghfl5bkE!0sfj!DbMKoaznctFlk
O1 - Hosts: M2yQx1lAlibxtVBOVR6oqQR4u9H1CK8g5GABzFnenYtbvzDtXv7NIuTHwNZEE
O1 - Hosts: 0F7kCfAjoUFCvRNeE9eaosJ0amyr2jG5qj9JUVTZHyHhwv
O1 - Hosts: TXNgyp8LOcKQ8iIYJsZpoQzUDIcIQPa8yYrhdrL4sdpSLkm1nuDr4deciKS2AQP0cg7ASJq69w5
O1 - Hosts: ql3hMMisHeCdG3w3f0u!BhuBxL6mwxJa6EGjqNXLmghfl5bkE!0sfj!DbMKoaznctFlk77CM2yQx1lAlibxtVBOVR6oqQR4u9H1
O1 - Hosts: K8g5GABzFnenYtbvzDtXv7NIuTHwNZEEp0F7kCfAjoUFCvRNeE9eaosJ0amyr2
O1 - Hosts: qj9JUVTZHyHhwvPTXNgyp8LOcKQ8iIYJsZpoQzUDIcIQPa8yYrhdrL4sdpSLkm1nuDr4deciKS2AQP0cg7ASJq69w5!q
O1 - Hosts: 3hMMisHeCdG3w3f0u!BhuBxL6mwxJa6EGjqNXLmghfl
O1 - Hosts: bkE!0sfj!DbMKoaznctFlk77CM2yQx1lAlibxtVBOVR6oqQR4u9H1CK8g5GABzFnenYtbvzDtXv7NIuTHwNZEEp0F7kC
O1 - Hosts: oUFCvRNeE9eaosJ0amyr2jG5qj9JUVTZHyHhwvPT
O1 - Hosts: Ngyp8LOcKQ8iIYJsZpoQzUDIcIQPa8yYrhdrL4sdpSLkm1nuDr4deciKS2AQP0cg7ASJq69w5!ql3hMMisHe
O1 - Hosts: dG3w3f0u!BhuBxL6mwxJa6EGjqNXLmghfl5bkE!0sfj!DbMKoaznctFlk77CM2
O1 - Hosts: 1lAlibxtVBOVR6oqQR4u9H1CK8g5GABzFnenYtbvzDtXv7NIuTHwNZEE
O1 - Hosts: 0F7kCfAjoUFCvRNeE9eaosJ0amyr2jG5qj9JUVTZHyHhwv
O1 - Hosts: TXNgyp8LOcKQ8iIYJsZpoQzUDIcIQPa8yYrhdrL4sdpSLkm1nuDr4deciKS2AQP0cg7ASJq69w5
O1 - Hosts: ql3hMMisHeCdG3w3f0u!BhuBxL6mwxJa6EGjqNXLmghfl5bkE!0sfj!DbMKoaznctFlk77CM2yQx1lAlibxtVBOVR6oqQR4u9H1
O1 - Hosts: g5GABzFnenYtbvzDtXv7NIuTHwNZEEp0F7kCfAjoUFCvRNeE9eaosJ0amyr2jG5qj9JUVTZHyHhwvPTXNgyp8LOcKQ8iIYJs
O1 - Hosts: poQzUDIcIQPa8yYrhdrL4sdpSLkm1nuDr4deciKS2AQP0cg7ASJq69w5!ql3hMMisHeCdG3w3f0u!BhuBxL6mwx
O1 - Hosts: a6EGjqNXLmghfl5bkE!0sfj!DbMKoaznctFlk77CM2yQx1lAlibxtVBOVR6oqQR4u9H1C
O1 - Hosts: 5GABzFnenYtbvzDtXv7NIuTHwNZEEp0F7kCfA
O1 - Hosts: oUFCvRNeE9eaosJ0amyr2jG5qj9JUVTZHyHhwvPT
O1 - Hosts: Ngyp8LOcKQ8iIYJsZpoQzUDIcIQgCz1qUKFTdvVGRjdMPrQQ7TuFGEKbjs4ihAFIy3kbSwzYwBSOtJddKV!H
O1 - Hosts: G0uZuHAQC4KX5ZcxPY1aDx70LTfpcOJJHNvDM7CBUILB6EebQD2QFV9NNxx5et2o1sN3OLDZQm5gniwRShjuXA!s6czJw
O1 - Hosts: 4428PHPpQEX36VoYyf!Qk!Zer88RB9yN5I4MRl96XifG8AHCQUbBDO1UsL9wTMzblmkq020JZYgloeI2SzdfEchyL!qaUqSQn
O1 - Hosts: aFangCz1qUKFTdvVGRjdMPrQQ7TuFGEKbjs4ihAFIy3kbSwzYwBSOtJddKV!H6G0uZuHAQC4KX5ZcxPY1aDx70LTfpcOJJ
O1 - Hosts: NvDM7CBUILB6EebQD2QFV9NNxx5et2o1sN3OLDZQm5gniwRShjuXA!s6czJw94428PH
O1 - Hosts: EX36VoYyf!Qk!Zer88RB9yN5I4MRl96XifG8AHCQUbBDO1UsL9wTMzblmkq020JZYgloeI2SzdfEchyL!qa
O1 - Hosts: qSQn3m7aFangCz1qUKFTdvVGRjdMPrQQ7TuFGEKbjs4ihAFIy3kbSwzYwBSOtJddKV!H6G0uZuHAQC4KX5
O1 - Hosts: PY1aDx70LTfpcOJJHNvDM7CBUILB6EebQD2QFV9NNxx5et2o1sN3OLDZ
O1 - Hosts: gniwRShjuXA!s6czJw94428PHPpQEX36VoYyf!Qk!Zer88RB9yN5I4MRl96XifG8AHCQUbBDO1UsL9wTMzblmkq020JZ
O1 - Hosts: gloeI2SzdfEchyL!qaUqSQn3m7aFangCz1qUKFTdvVGRjdMPrQQ7TuFGEKbjs4ihAFIy3kbSwzYwBSOtJddKV
O1 - Hosts: G0uZuHAQC4KX5ZcxPY1aDx70LTfpcOJJHNvDM7CBUILB6EebQD2QFV9NNxx5et2o1sN3OLDZQm5gniwRShjuXA!s6czJw
O1 - Hosts: 4428PHPpQEX36VoYyf!Qk!Zer88RB9yN5I4MRl96XifG8AHCQUbBDO1UsL9wTMzblmkq020JZYgloeI2SzdfEchyL!qaUqSQn
O1 - Hosts: m7aFangCz1qUKFTdvVGRjdMPrQQ7TuFGEKbjs4ihAFIy3kbSwzYwBSOtJddKV!H6G0uZuHAQC4KX5ZcxPY1aDx70LT
O1 - Hosts: OJJHNvDM7CBUILB6EebQD2QFV9NNxx5e
O1 - Hosts: 2o1sN3OLDZQm5gniwRShjuXA!s6czJw94428PHPpQEX36VoYyf!
O1 - Hosts: Zer88RB9yN5I4MRl96XifG8AHCQUbBDO1UsL9wTMzblmkq020JZYgloeI2SzdfEchyL!qaUqSQn3m7aFangCz1qUKFTdvVGRjdM
O1 - Hosts: rQQ7TuFGEKbjs4ihAFIy3kbSwzYwBSOtJddKV!H6G0uZuHAQC4KX5ZcxPY1aDx70LTfpcOJJHNv
O1 - Hosts: CBUILB6EebQD2QFV9NNxx5et2o1sN3OLDZQm5gniwRShjuXA!s6czJw94428PHPpQEX36VoYyf!Qk!Zer88RB9yN5I4MRl9
O1 - Hosts: XifG8AHCQUbBDO1UsL9wTMzblmkq020JZYgloeI2SzdfEchyL!qaUqSQn3m7aFangCz1qUKFTdvVGRjdMPrQQ7TuFGEKb
O1 - Hosts: s4ihAFIy3kbSwzYwBSOtJddKV!H6G0uZuHAQC4KX5
O1 - Hosts: PY1aDx70LTfpcOJJHNvDM7CBUILB6EebQD2QFV9NNxx5et2o1sN3OLDZ
O1 - Hosts: gniwRShjuXA!s6czJw94428PHPpQEX36VoYyf!Qk!Zer88RB9yN5I4MRl96XifG8AHCQUbBDO1UsL9wTMzblmkq020JZ
O1 - Hosts: gloeI2SzdfEchyL!qaUqSQn3m7aFangCz1qUKFTdvVGRjdMPrQQ7TuFGEKbjs4ihAFIy3kbSwzYwBSOtJddKV
O1 - Hosts: G0uZuHAQC4KX5ZcxPY1aDx70LTfpcOJJHNvDM7CBUILB6EebQD2QFV9NNxx5et2o1sN3OLDZQm5gniwRShjuXA!s6czJw
O1 - Hosts: 4428PHPpQEX36VoYyf!Qk!Zer88RB9yN5I4MRl96XifG8AHCQUbBDO1UsL9wTMzblmkq020JZYgloeI2SzdfEchyL!qaUqSQn
O1 - Hosts: m7aFangCz1qUKFTdvVGRjdMPrQQ7TuFGEKbjs4ihAFIy3kbSwzYwBSOtJddKV!H6G0uZuHAQC4KX5ZcxPY1aDx70LT
O1 - Hosts: OJJHNvDM7CBUILB6EebQD2QFV9NNxx5e
O1 - Hosts: 2o1sN3OLDZQm5gniwRShjuXA!s6czJw94428PHPpQEX36VoYyf!
O1 - Hosts: Zer88RB9yN5I4MRl96XifG8AHCQUbBDO1UsL9wTMzblmkq020JZYgloeI2SzdfEchyL!qaUqSQn3m7aFangCz1qUKFTdvVGRjdM
O1 - Hosts: rQQ7TuFGEKbjs4ihAFIy3kbSwzYwBSOtJddKV!H6G0uZuHAQC4KX5ZcxPY1aDx70LTfpcOJJHNv
O1 - Hosts: CBUILB6EebQD2QFV9NNxx5et2o1sN3OLDZQm5gniwRShjuXA!s6czJw94428PHPpQEX36VoYyf!Qk!Zer88RB9yN5I4MRl9
O1 - Hosts: XifG8AHCQUbBDO1UsL9wTMzblmkq020JZYgloeI2SzdfEchyL!qaUqSQn3m7aFangCz1qUKFTdvVGRjdMPrQQ7TuFGEKb
O1 - Hosts: s4ihAFIy3kbSwzYwBSOtJddKV!H6G0uZuHAQC4KX5
O1 - Hosts: PY1aDx70LTfpcOJJHNvDM7CBUILB6EebQD2QFV9NNxx5et2o1sN3OLDZ
O1 - Hosts: gniwRShjuXA!s6czJw94428PHPpQEX36VoYyf!Qk!Zer88RB9yN5I4MRl96XifG8AHCQUbBDO1UsL9wTMzblmkq020JZ
O1 - Hosts: gloeI2SzdfEchyL!qaUqSQn3m7aFangCz1qUKFTdvVGRjdMPrQQ7TuFGEKbjs4ihAFIy3kbSwzYwBSOtJddKV
O1 - Hosts: G0uZuHAQC4KX5ZcxPY1aDx70LTfpcOJJHNvDM7CBUILB6EebQD2QFV9NNxx5et2o1sN3OLDZQm5gniwRShjuXA!s6czJw
O1 - Hosts: 4428PHPpQEX36VoYyf!Qk!Zer88RB9yN5I4MRl96XifG8AHCQUbBDO1UsL9wTMzblmkq020JZYgloeI2SzdfEchyL!qaUqSQn
O1 - Hosts: m7aFangCz1qUKFTdvVGRjdMPrQQ7TuFGEKbjs4ihAFIy3kbSwzYwBSOtJddKV!H6G0uZuHAQC4KX5ZcxPY1aDx70LT
O1 - Hosts: OJJHNvDM7CBUILB6EebQD2QFV9NNxx5e
O1 - Hosts: 2o1sN3OLDZQm5gniwRShjuXA!s6czJw94428PHPpQEX36VoYyf!
O1 - Hosts: Zer88RB9yN5I4MRl96XifG8AHCQUbBDO1UsL9wTMzblmkq020JZYgloeI2SzdfEchyL!qaUqSQn3m7aFangCz1qUKFTdvVGRjdM
O1 - Hosts: rQQ7TuFGEKbjs4ihAFIy3kbSwzYwBSOtJddKV!H6G0uZuHAQC4KX5ZcxPY1aDx70LTfpcOJJHNv
O1 - Hosts: CBUILB6EebQD2QFV9NNxx5et2o1sN3OLDZQm5gniwRShjuXA!s6czJw94428PHPpQEX36VoYyf!Qk!Zer88RB9yN5I4MRl9
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\FixCZ\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\YouTube Downloader Toolbar\SearchSettings.dll (file missing)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\core.2.dll
O2 - BHO: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\1.0\youtubedownloaderToolbarIE.dll (file missing)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\1.0\youtubedownloaderToolbarIE.dll (file missing)
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\cfdrive32.exe
O4 - HKLM\..\Run: [MSODESNV7] C:\WINDOWS\system32\msvmiode.exe
O4 - HKLM\..\Run: [8173] C:\WINDOWS\system32\syscache.exe
O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\DOCUME~1\FixCZ\LOCALS~1\Temp\273.exe
O4 - HKLM\..\Run: [753] C:\WINDOWS\system32\syscache.exe
O4 - HKLM\..\Run: [953] C:\WINDOWS\system32\syscache.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Seznam Postak] "C:\Program Files\Seznam.cz\postak.exe" -s
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\cfdrive32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: EasyPHP.exe.lnk = C:\Program Files\EasyPHP 2.0b1\EasyPHP.exe
O4 - Startup: QIP 2005.lnk = C:\Program Files\QIP\qip.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: Zaloher Server - Zalohovat.lnk = C:\WINDOWS\zaloherd.bat
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\IBM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Přeložit - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra 'Tools' menuitem: Internetový překladač... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {004DF9D9-566D-11D7-B77D-00E018901A05} (Iqeye Control) - http://10.102.95.28/iqeye.ocx.gz
O16 - DPF: {45830FF9-D9E6-4F41-86ED-B266933D8E90} (RtspVaPgCtrlNew Class) - http://80.188.9.253:6080/RtspVaPgDec.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{17CF8CB5-3295-4741-818F-3AD1EA233D7B}: NameServer = 10.102.0.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{45AB1CC2-3D11-4AA4-9DE5-F49DE1B4D1B9}: NameServer = 10.255.1.97
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 26052 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\BMMTask.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1078081533-1606980848-1343024091-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1078081533-1606980848-1343024091-1003.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-07-27 341600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Documents and Settings\FixCZ\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2008-12-30 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
C:\Program Files\YouTube Downloader Toolbar\SearchSettings.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Ukazatel S-Rank - C:\Program Files\Seznam.cz\core.2.dll [2009-09-23 1075352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}]
YouTube Downloader Toolbar - C:\Program Files\YouTube Downloader Toolbar\IE\1.0\youtubedownloaderToolbarIE.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-06-12 958712]
{F3FEE66E-E034-436a-86E4-9690573BEE8A} - YouTube Downloader Toolbar - C:\Program Files\YouTube Downloader Toolbar\IE\1.0\youtubedownloaderToolbarIE.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2008-08-21 949376]
"BMMGAG"=RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor []
"BMMLREF"=C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE [2005-04-20 20480]
"BMMMONWND"=C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll [2005-04-20 396288]
"BLOG"=C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL [2005-04-20 208896]
"TPHOTKEY"=C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe []
"TPKMAPHELPER"=C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe [2007-01-09 868352]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"Microsoft Driver Setup"=C:\WINDOWS\cfdrive32.exe [2010-08-14 81408]
"MSODESNV7"=C:\WINDOWS\system32\msvmiode.exe [2010-08-14 168448]
"8173"=C:\WINDOWS\system32\syscache.exe [2010-08-13 64512]
"Advanced DHTML Enable"=C:\DOCUME~1\FixCZ\LOCALS~1\Temp\273.exe [2010-08-14 47616]
"753"=C:\WINDOWS\system32\syscache.exe [2010-08-13 64512]
"953"=C:\WINDOWS\system32\syscache.exe [2010-08-13 64512]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Microsoft Driver Setup"=C:\WINDOWS\cfdrive32.exe [2010-08-14 81408]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-18 15360]
"Seznam Postak"=C:\Program Files\Seznam.cz\postak.exe [2009-09-23 434840]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-02-22 26101032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileUploader]
C:\Documents and Settings\FixCZ\Plocha\SRDownloader.exe /min []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\FixCZ\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe /c []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
c:\Program Files\HP\HP Software Update\HPWuSchd2.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ6.5\ICQ.exe silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-16 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -start []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kerio VPN Client]
C:\Program Files\Kerio\VPN Client\kvpnclient.exe [2008-01-16 2646016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
ICO.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSODESNV7]
C:\WINDOWS\system32\msvmiode.exe [2010-08-14 168448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
C:\Program Files\YouTube Downloader Toolbar\SearchSettings.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TP4EX]
C:\WINDOWS\system32\tp4ex.exe [2005-10-17 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrackPointSrv]
C:\WINDOWS\system32\tp4serv.exe [2005-07-13 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2004-11-04 258048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^McAfee Security Scan Plus.lnk]
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Rychlé spuštění aplikace HP Image Zone.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2004-11-04 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^FixCZ^Nabídka Start^Programy^Po spuštění^GoQ.lnk]
C:\PROGRA~1\GOQ-NE~1\GoQ.exe [2006-06-02 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^FixCZ^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.4.lnk]
C:\PROGRA~1\OPENOF~1.4\program\QUICKS~1.EXE [2008-05-30 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^FixCZ^Nabídka Start^Programy^Po spuštění^XChat.lnk]
C:\PROGRA~1\xchat\xchat.exe [2008-06-14 212480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^FixCZ^Nabídka Start^Programy^Po spuštění^Zástupce - jednotky.lnk]
C:\!batch\start_script\jednotky.bat []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^FixCZ^Nabídka Start^Programy^Po spuštění^Zástupce - sgalert.lnk]
C:\Program Files\sgalert\sgalert.exe []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
BTTray.lnk - C:\Program Files\IBM\Bluetooth Software\BTTray.exe
Post-it® Software Notes Lite.lnk - C:\Program Files\3M\PSNLite\PsnLite.exe
Zaloher Server - Zalohovat.lnk - C:\WINDOWS\zaloherd.bat

C:\Documents and Settings\FixCZ\Nabídka Start\Programy\Po spuštění
EasyPHP.exe.lnk - C:\Program Files\EasyPHP 2.0b1\EasyPHP.exe
QIP 2005.lnk - C:\Program Files\QIP\qip.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-02-06 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
C:\WINDOWS\system32\notifyf2.dll [2005-07-05 28672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\WINDOWS\system32\tphklock.dll [2005-11-30 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-08-11 267304]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\RealVNC\VNC4\vncviewer.exe"="C:\Program Files\RealVNC\VNC4\vncviewer.exe:*:Enabled:VNC Viewer for Win32"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"D:\Compex-find.exe"="D:\Compex-find.exe:*:Enabled:Npfind"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\Opera\Opera.exe"="C:\Program Files\Opera\Opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\EasyPHP 2.0b1\apache\bin\Apache.exe"="C:\Program Files\EasyPHP 2.0b1\apache\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\Documents and Settings\FixCZ\Dokumenty\csko\hl.exe"="C:\Documents and Settings\FixCZ\Dokumenty\csko\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Counter-Strike Source\hl2.exe"="C:\Program Files\Counter-Strike Source\hl2.exe:*:Enabled:hl2"
"C:\!data\Hry\bulanci.exe"="C:\!data\Hry\bulanci.exe:*:Enabled:bulanci"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Phoner\phoner.exe"="C:\Program Files\Phoner\phoner.exe:*:Enabled:Phoner: PC-Telefonie für TAPI, CAPI und SIP"
"C:\Program Files\SJLabs\SJphone\SJphone.exe"="C:\Program Files\SJLabs\SJphone\SJphone.exe:*:Enabled:SJphone"
"C:\!zaloha_durin_flash\PortableApps\MirandaPortable\App\miranda\miranda32.exe"="C:\!zaloha_durin_flash\PortableApps\MirandaPortable\App\miranda\miranda32.exe:*:Enabled:Miranda IM"
"C:\!zaloha_durin_flash\cs_portable\hl.exe"="C:\!zaloha_durin_flash\cs_portable\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"F:\xchat\xchat.exe"="F:\xchat\xchat.exe:*:Enabled:XChat IRC Client"
"C:\Program Files\xchat\xchat.exe"="C:\Program Files\xchat\xchat.exe:*:Enabled:XChat IRC Client"
"C:\!temp\qip\qip.exe"="C:\!temp\qip\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\!!! kLfREE.NET\kopirka\hp\setup\HPZnet01.exe"="C:\!!! kLfREE.NET\kopirka\hp\setup\HPZnet01.exe:*:Enabled:Install Consumer Experience Network Plug in"
"C:\Program Files\Miranda IM\miranda32.exe"="C:\Program Files\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\SolarWinds\2003 Standard Edition\TFTP-Server.exe"="C:\Program Files\SolarWinds\2003 Standard Edition\TFTP-Server.exe:*:Enabled:SolarWinds.Net TFTP Server"
"C:\Program Files\KVIrc\kvirc.exe"="C:\Program Files\KVIrc\kvirc.exe:*:Enabled:K Visual IRC Client Executable"
"C:\Program Files\XiRCON\Xircon.exe"="C:\Program Files\XiRCON\Xircon.exe:*:Enabled:XiRCON IRC Client"
"C:\WarcraftIII\War3.exe"="C:\WarcraftIII\War3.exe:*:Enabled:Warcraft III"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\TightVNC\vncviewer.exe"="C:\Program Files\TightVNC\vncviewer.exe:*:Enabled:TightVNC Viewer"
"C:\DOCUME~1\FixCZ\LOCALS~1\Temp\3093.exe"="C:\DOCUME~1\FixCZ\LOCALS~1\Temp\3093.exe:*:C:\WINDOWS\cfdrive32.exe"
"C:\DOCUME~1\FixCZ\LOCALS~1\Temp\96498.exe"="C:\DOCUME~1\FixCZ\LOCALS~1\Temp\96498.exe:*:C:\WINDOWS\cfdrive32.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\DOCUME~1\FixCZ\LOCALS~1\Temp\464.exe"="C:\DOCUME~1\FixCZ\LOCALS~1\Temp\464.exe:*:C:\WINDOWS\cfdrive32.exe"
"C:\DOCUME~1\FixCZ\LOCALS~1\Temp\704.exe"="C:\DOCUME~1\FixCZ\LOCALS~1\Temp\704.exe:*:C:\WINDOWS\cfdrive32.exe"
"C:\DOCUME~1\FixCZ\LOCALS~1\Temp\7306.exe"="C:\DOCUME~1\FixCZ\LOCALS~1\Temp\7306.exe:*:C:\WINDOWS\cfdrive32.exe"
"C:\DOCUME~1\FixCZ\LOCALS~1\Temp\2828809.exe"="C:\DOCUME~1\FixCZ\LOCALS~1\Temp\2828809.exe:*:C:\WINDOWS\cfdrive32.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.scr - open - "%1" /S "%3"

======List of files/folders created in the last 1 months======

2010-08-16 10:39:23 ----D---- C:\rsit
2010-08-13 11:38:49 ----A---- C:\WINDOWS\system32\syscache.exe
2010-08-13 11:33:08 ----ASH---- C:\hiberfil.sys
2010-08-13 10:50:02 ----A---- C:\WINDOWS\ntbtlog.txt
2010-08-13 08:54:44 ----A---- C:\WINDOWS\system32\msvmiode.exe
2010-08-13 08:54:18 ----RSH---- C:\WINDOWS\cfdrive32.exe
2010-08-12 03:35:55 ----RSH---- C:\ltzqai.exe
2010-08-09 16:55:59 ----RSH---- C:\Documents and Settings\FixCZ\Data aplikací\ltzqai.exe
2010-08-09 16:55:03 ----A---- C:\WINDOWS\system32\41.exe
2010-08-09 10:02:00 ----D---- C:\Program Files\FDRLab
2010-08-02 21:32:53 ----D---- C:\Program Files\MyGC
2010-08-02 21:32:53 ----D---- C:\Program Files\Common Files\TopoLNT
2010-08-02 21:21:56 ----D---- C:\Documents and Settings\FixCZ\Data aplikací\GeoGet
2010-08-02 21:18:38 ----D---- C:\Program Files\GeoGet
2010-07-27 15:00:52 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2010-07-27 15:00:46 ----A---- C:\WINDOWS\system32\pndx5032.dll
2010-07-27 15:00:46 ----A---- C:\WINDOWS\system32\pndx5016.dll
2010-07-27 15:00:36 ----D---- C:\Program Files\Common Files\xing shared
2010-07-27 15:00:08 ----A---- C:\WINDOWS\system32\pncrt.dll
2010-07-27 15:00:07 ----D---- C:\Program Files\Real
2010-07-27 15:00:06 ----D---- C:\Program Files\Common Files\Real
2010-07-27 15:00:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\Real
2010-07-27 15:00:03 ----D---- C:\Documents and Settings\FixCZ\Data aplikací\Real
2010-07-27 03:30:38 ----D---- C:\Raine

======List of files/folders modified in the last 1 months======

2010-08-16 10:40:03 ----D---- C:\Program Files\Trend Micro
2010-08-16 10:39:37 ----D---- C:\WINDOWS\system32\drivers\etc
2010-08-16 10:39:26 ----D---- C:\WINDOWS\Prefetch
2010-08-16 10:38:58 ----A---- C:\WINDOWS\WINCMD.INI
2010-08-16 10:37:34 ----AD---- C:\WINDOWS\system32
2010-08-16 10:37:33 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-08-16 10:37:32 ----D---- C:\Documents and Settings\FixCZ\Data aplikací\skypePM
2010-08-16 10:37:20 ----D---- C:\Documents and Settings\FixCZ\Data aplikací\Skype
2010-08-16 10:37:11 ----D---- C:\WINDOWS\Temp
2010-08-16 10:16:40 ----D---- C:\Program Files\Mozilla Firefox
2010-08-16 10:13:35 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-16 10:13:05 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-14 23:21:09 ----D---- C:\Program Files\Spermie_1024x768_pruhledne
2010-08-14 12:31:45 ----SD---- C:\WINDOWS\Tasks
2010-08-13 16:33:41 ----D---- C:\!data
2010-08-13 13:05:26 ----SHD---- C:\RECYCLER
2010-08-13 11:40:15 ----AD---- C:\WINDOWS
2010-08-13 10:48:31 ----D---- C:\Program Files\Common Files
2010-08-13 07:13:37 ----D---- C:\WINDOWS\system32\drivers
2010-08-13 07:11:19 ----A---- C:\WINDOWS\wcx_ftp.ini
2010-08-12 12:20:04 ----RSH---- C:\boot.ini
2010-08-12 12:20:04 ----D---- C:\WINDOWS\pss
2010-08-12 12:20:03 ----A---- C:\WINDOWS\win.ini
2010-08-12 12:20:03 ----A---- C:\WINDOWS\system.ini
2010-08-12 12:14:11 ----D---- C:\Program Files\sgalert
2010-08-12 12:10:52 ----D---- C:\Program Files\iTunes
2010-08-12 12:07:56 ----D---- C:\Program Files\ICQ6Toolbar
2010-08-12 12:07:29 ----D---- C:\Program Files\Bonjour
2010-08-12 12:06:37 ----D---- C:\Documents and Settings\FixCZ\Data aplikací\OpenOffice.org2
2010-08-12 11:58:45 ----D---- C:\Program Files\UPM
2010-08-12 03:33:51 ----D---- C:\Program Files
2010-08-11 01:22:16 ----D---- C:\Documents and Settings\FixCZ\Data aplikací\gtk-2.0
2010-08-09 16:55:35 ----SHD---- C:\WINDOWS\Installer
2010-08-09 16:55:31 ----A---- C:\WINDOWS\OEWABLog.txt
2010-08-09 10:06:35 ----D---- C:\Program Files\YouTube Downloader
2010-08-09 09:51:16 ----D---- C:\_webs
2010-08-02 09:12:23 ----D---- C:\Program Files\Google
2010-07-17 00:55:05 ----D---- C:\!temp
2010-07-17 00:55:02 ----D---- C:\!music
2010-07-17 00:16:37 ----D---- C:\Program Files\rajce

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 a347bus;a347bus; C:\WINDOWS\system32\DRIVERS\a347bus.sys [2004-04-30 160640]
R0 a347scsi;a347scsi; C:\WINDOWS\System32\Drivers\a347scsi.sys [2004-04-30 5248]
R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-04 42368]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2004-08-18 61056]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-18 39936]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2008-08-21 15424]
R1 pelmoubt;Mouse Suite Bluetooth Driver; C:\WINDOWS\system32\DRIVERS\pelmoubt.sys [2009-01-14 18432]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\drivers\TPHKDRV.sys [2005-07-05 17699]
R1 TPPWR;TPPWR; C:\WINDOWS\System32\drivers\Tppwr.sys [2005-04-20 16384]
R1 truecrypt;truecrypt; C:\WINDOWS\System32\drivers\truecrypt.sys [2008-10-13 235840]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2008-08-21 512096]
R2 EGATHDRV;IBM Access Support; \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS []
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424]
R2 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 34064]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-18 88448]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-18 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-18 55936]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-04-07 116176]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2003-06-27 1196352]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-05-02 472224]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-02-06 1133568]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2007-01-24 530861]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-10-10 30459]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-03 17024]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-03 18944]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-02-27 868042]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2002-09-25 140800]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidBth;Miniport Bluetooth HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidbth.sys [2004-08-17 25600]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2007-11-02 21808]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2004-08-04 28672]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2004-08-18 163584]
R3 pelbtm;Bluetooth Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\pelbtm.sys [2009-01-14 13312]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-03 59648]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-18 5888]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-06-23 266880]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-10-24 6784]
R3 Tp4Track;PS/2 TrackPoint Driver; C:\WINDOWS\system32\DRIVERS\tp4track.sys [2005-07-13 13840]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-18 20480]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-03 48128]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-18 60800]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-03 38912]
S3 BTHMODEM;Ovladač komunikace modemu Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2004-08-03 38016]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-10-15 149123]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2004-01-20 43299]
S3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2006-10-15 30285]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2004-01-20 52856]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 E1000;Intel(R) PRO/1000 Adapter Driver; C:\WINDOWS\system32\DRIVERS\e1000325.sys [2004-10-26 125952]
S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2008-03-13 57536]
S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2008-03-13 72000]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2009-01-14 9600]
S3 kvpndev;Kerio VPN adapter; C:\WINDOWS\system32\DRIVERS\kvpndrv.sys [2008-01-16 65024]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-08-03 51328]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2004-08-03 22016]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-18 61824]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-18 40320]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\NSNDIS5.SYS []
S3 PCX504;Cisco Systems Wireless LAN Adapter Driver; C:\WINDOWS\system32\DRIVERS\PCX504.sys [2004-05-04 119296]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 TwoTrack;IBM PS/2 TrackPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\TwoTrack.sys [2001-08-17 11520]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-18 26496]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-08-24 477696]
S3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2004-10-25 17664]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]
R2 btwdins;Bluetooth Service; C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe [2004-01-20 135168]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2008-08-21 552064]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]
S2 NWCWorkstation;Klient systému NetWare; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]
S2 NwSapAgent;Agent SAP; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-12-09 654848]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe []
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792]
S4 Akamai;Akamai NetSession Interface; C:\WINDOWS\System32\svchost.exe [2004-08-18 14336]

-----------------EOF-----------------

Díky za pomoc.

[vyosek]

Zdravim a pekne dopoledne preji

Zasrane jak jetel

Odstrante prosim log z code - spatne se to lusti a boli z toho oci...

[JaRon]

1. pouzi Avenger - jeho script:
Files to delete:
C:\WINDOWS\cfdrive32.exe
C:\ltzqai.exe
C:\Documents and Settings\FixCZ\Data aplikací\ltzqai.exe
C:\WINDOWS\system32\41.exe


2. prescanuj PC s MBAM

[fix]

Zdravim a pekne dopoledne preji

Zasrane jak jetel

Odstrante prosim log z code - spatne se to lusti a boli z toho oci...

Zasrane to je, to vim. Je to 3 roky stara instalace Widli, ktera uz bezi na v poradi druhem hardwaru. Nicmene to porad funguje rychle, svizne a do ted bez problemu a nez bych tam naflakal vsechno, co tam potrebuju, asi bych se z toho zblaznil.

1. pouzi Avenger - jeho script:
Files to delete:
C:\WINDOWS\cfdrive32.exe
C:\ltzqai.exe
C:\Documents and Settings\FixCZ\Data aplikací\ltzqai.exe
C:\WINDOWS\system32\41.exe


2. prescanuj PC s MBAM

Udelam, dam vedet.

[vyosek]

Dobra, pak sem mrsknete log z Avengeru a pokracujte s kolegou - jaksi jsme se potkali v case odpovedi - proto jsme tu na Vas dva...ale je lepsi kdyz topic resi jeden radce, takze je to na kolegovi, pac uz zacal mazat a nechci mu prerusit jeho myslenku co zamysli...

Pekny den a uspesne zbaveni se haveti

[fix]

Dobra, pak sem mrsknete log z Avengeru a pokracujte s kolegou - jaksi jsme se potkali v case odpovedi - proto jsme tu na Vas dva...ale je lepsi kdyz topic resi jeden radce, takze je to na kolegovi, pac uz zacal mazat a nechci mu prerusit jeho myslenku co zamysli...

Pekny den a uspesne zbaveni se haveti

Ok . Ve sve podstate vim jak to tu chodi, ale uz jsem si nevzpomnel, co jsem tu mel drive za login, tak jsem zaregistroval novy.

Diky, vam take.

Avenger log je zde:
-----------------------
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\cfdrive32.exe" deleted successfully.
File "C:\ltzqai.exe" deleted successfully.
File "C:\Documents and Settings\FixCZ\Data aplikací\ltzqai.exe" deleted successfully.
File "C:\WINDOWS\system32\41.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
-----------------------

Internet ted beha v pohode, ale porad jsou spusteny procesy 273.exe a msvmiode.exe.

Zde je log rychleho scanu MBAMu:
-----------------------
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4052

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

16.8.2010 11:43:57
mbam-log-2010-08-16 (11-43-57).txt

Typ skenu: Rychlý sken
Skenované objekty: 154998
Uplynulý čas: 10 minuta(y), 14 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 7
Infikované datové položky registru: 1
Infikované složky: 0
Infikované soubory: 8

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Trojan.Agent) -> No action taken.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msodesnv7 (Trojan.FakeAlert.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft driver setup (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\ktlibeay80_0.9.8.2.dll (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\ktssleay80_0.9.8.2.dll (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\microsoft driver setup (Worm.Palevo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\advanced dhtml enable (Trojan.Agent) -> No action taken.

Infikované datové položky registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\RECYCLER\S-1-5-21-3251000683-8569685393-881129870-9238\syscr.exe,explorer.exe,C:\Documents and Settings\FixCZ\Data aplikací\ltzqai.exe) Good: (Explorer.exe) -> No action taken.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\WINDOWS\system32\msvmiode.exe (Trojan.FakeAlert.H) -> No action taken.
C:\RECYCLER\S-1-5-21-3251000683-8569685393-881129870-9238\syscr.exe (Worm.Autorun.B) -> No action taken.
C:\WINDOWS\system32\ktlibeay80_0.9.8.2.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\ktssleay80_0.9.8.2.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\hosts (Trojan.Agent) -> No action taken.
C:\Documents and Settings\FixCZ\SETUP.EXE (Trojan.Agent) -> No action taken.
C:\WINDOWS\hosts (Trojan.Agent) -> No action taken.
C:\Documents and Settings\FixCZ\Local Settings\Temp\273.exe (Trojan.Agent) -> No action taken.
-----------------------

Při scanu MBAMu mi NOD32 nahlásil pár dalších virů. Všechny jsem dal odstranit.
http://sharex.cz/files/8141-virus-1177275875.png
http://sharex.cz/files/161-virus-1135496134.png
http://sharex.cz/files/254541-virus-1288119601.png
http://sharex.cz/files/245994-virus-1338401049.png
http://sharex.cz/files/426-virus-1362107064.png
http://sharex.cz/files/acalc-virus-1297213556.png
http://sharex.cz/files/ms5-virus-1405576501.png

Jo a jeste jsem zapomnel jeden problem. Po restartu (po intalaci toho Youtube Downloaderu) se mi Widle nastavily do zakladniho grafickeho vzhledu (normalne mam nastavene "Klasicke nastaveni") a zaroven s tim se v kontextove nabidce plochy zobrazila zaskrtla polozka "Zobrazit ikony". Nikdy jsem se s tim nesetkal, tak jsem to schvalne odkliknul a ikony zmizly. No a ted uz to v te kontextove nabidce neni, takze nevim jak je dat zpet . Nevim jestli je to zpusobeno virem nebo mou blbosti (tedy, ze je to tam stale a jen jsem si toho za tech X let pouzivani XP nevsimnul) ...

[JaRon]

OKi - polozky najdene v MBAM nechaj zmazat - restart - a zopakuj uplnu kontrolu s MBAM

[fix]

OKi - polozky najdene v MBAM nechaj zmazat - restart - a zopakuj uplnu kontrolu s MBAM

Smazáno, tady je jeste vystupni log z MBAMu, jdu na restart a kompletni test:
------------
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4052

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

16.8.2010 12:32:39
mbam-log-2010-08-16 (12-32-39).txt

Typ skenu: Rychlý sken
Skenované objekty: 154998
Uplynulý čas: 10 minuta(y), 14 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 7
Infikované datové položky registru: 1
Infikované složky: 0
Infikované soubory: 8

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Trojan.Agent) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msodesnv7 (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft driver setup (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\ktlibeay80_0.9.8.2.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\ktssleay80_0.9.8.2.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\microsoft driver setup (Worm.Palevo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\advanced dhtml enable (Trojan.Agent) -> Quarantined and deleted successfully.

Infikované datové položky registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\RECYCLER\S-1-5-21-3251000683-8569685393-881129870-9238\syscr.exe,explorer.exe,C:\Documents and Settings\FixCZ\Data aplikací\ltzqai.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\WINDOWS\system32\msvmiode.exe (Trojan.FakeAlert.H) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-3251000683-8569685393-881129870-9238\syscr.exe (Worm.Autorun.B) -> Delete on reboot.
C:\WINDOWS\system32\ktlibeay80_0.9.8.2.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ktssleay80_0.9.8.2.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hosts (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\FixCZ\SETUP.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\hosts (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\FixCZ\Local Settings\Temp\273.exe (Trojan.Agent) -> Delete on reboot.
------------

[fix]

Tak jsem dal scanovat, mezitím jsme zajeli nakoupit do města a mám tu log.

Našlo to 6 dalších virů.

Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Verze databáze: 4052

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

16.8.2010 17:11:05
mbam-log-2010-08-16 (17-11-05).txt

Typ skenu: Úplný sken (C:\|)
Skenované objekty: 363750
Uplynulý čas: 3 hodina(y), 51 minuta(y), 55 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 6

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\System Volume Information\_restore{26CC7A28-A2E2-4D2D-B273-F1C206520B3C}\RP370\A0283512.sys (Rootkit.Agent) -> No action taken.
C:\_webs\!bin\!bin_geo.fix.nhx.cz\alcohol\CRACK\Alcohol.exe (Trojan.Agent) -> No action taken.
C:\_webs\!bin\!bin_geo.fix.nhx.cz\alcohol\CRACK\patch_ssc.exe (Trojan.Patcher) -> No action taken.
C:\Documents and Settings\FixCZ\Plocha\old\old\old\WPA-Kill-1306641897.exe (Trojan.Hacktool) -> No action taken.
C:\WINDOWS\system32\hosts (Trojan.Agent) -> No action taken.
C:\WINDOWS\hosts (Trojan.Agent) -> No action taken.

EDIT: Když na to tak koukám, tak nás může zajímat akorát ten první a poslední dva.

[JaRon]

ja by som to zmazal vsetko, no mozes zmazat aj Tebou uvedene v cervenej poznamke
+
vypni obnovu systemu - restart - zapni obnovu
+
napis ci su este nejake problemy

[fix]

Ještě bych se zeptal k čemu je syscache.exe a jestli je opravdu normalni to mit spusteny v procesech 3x pod mym uzivatelem?

Plus pokud bys vedel jak zobrazit ty ikony na plose, polozka Zobrazit ani Zobrazit ikony na plose v kontextove nabidce Plochy neni ...

[JaRon]

to bude smejd - nainstaluj SUPERAntiSpyware a vycisti nim Pc
+
restart a vloz na kontrolu aktualny log RSIT