Problémy s PC

[motji]

Ještě tam vidím nějaké zbytky v driverech, co v combofixu nebylo, nepoužil jste ted třeba proces explorer nebo podobný program?

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT 

- zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde

[Thrall]

Jako vir? Já jenže potom co jste mi řekla že je to už v pořádku ,pracoval jsem s citlivými informacemi a byl na mích důležitýck účtech .. Jedná se o Spyware ?

[motji]

Josu to jen zbytky, tipla bych to spíše na nějaký program jako je proces explorer a podobně, nepoužíval jste něco takového?

[Thrall]

OTL logfile created on: 5.4.2011 15:07:20 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Uživatel\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 75,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 92,00% Paging File free
Paging file location(s): C:\pagefile.sys 3070 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146,48 Gb Total Space | 31,78 Gb Free Space | 21,69% Space Free | Partition Type: NTFS
Drive D: | 319,27 Gb Total Space | 278,23 Gb Free Space | 87,15% Space Free | Partition Type: NTFS

Computer Name: PC | User Name: Uživatel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.04.05 15:05:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Uživatel\Plocha\OTL.exe
PRC - [2010.11.24 04:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe
PRC - [2010.10.20 13:23:29 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010.09.02 04:22:12 | 002,508,648 | ---- | M] (Crawler.com) -- C:\Program Files\Crawler\Toolbar\CToolbar.exe
PRC - [2008.04.14 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011.04.05 15:05:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Uživatel\Plocha\OTL.exe
MOD - [2010.12.04 08:58:45 | 000,413,112 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\asoehook.dll
MOD - [2010.08.23 18:12:33 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009.07.12 01:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2009.07.12 01:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (YRPCUJC)
SRV - File not found [On_Demand | Stopped] -- -- (UASIIKJ)
SRV - File not found [On_Demand | Stopped] -- -- (RRQODZDBK)
SRV - File not found [On_Demand | Stopped] -- -- (PXKJ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010.11.24 04:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe -- (NIS)


========== Driver Services (SafeList) ==========

DRV - [2011.03.31 07:56:07 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110404.019\NAVEX15.SYS -- (NAVEX15)
DRV - [2011.03.31 07:56:07 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110404.019\NAVENG.SYS -- (NAVENG)
DRV - [2011.03.29 18:54:32 | 000,126,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011.03.26 21:01:03 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011.03.14 20:58:34 | 000,341,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110401.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011.03.09 21:11:42 | 000,800,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010.12.01 07:24:00 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1205000.07D\SYMTDI.SYS -- (SYMTDI)
DRV - [2010.11.23 06:08:31 | 000,509,560 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NIS\1205000.07D\SRTSP.SYS -- (SRTSP)
DRV - [2010.11.23 06:08:31 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010.11.18 04:59:55 | 000,652,336 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\SYMEFA.SYS -- (SymEFA)
DRV - [2010.11.16 03:45:33 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\Ironx86.SYS -- (SymIRON)
DRV - [2010.10.21 04:28:36 | 000,340,016 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\SYMDS.SYS -- (SymDS)
DRV - [2010.08.13 11:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009.06.25 12:05:40 | 000,009,216 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2008.07.08 18:45:52 | 003,257,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.05.20 13:53:36 | 000,093,696 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008.04.14 02:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2005.08.10 14:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005.05.16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2001.08.17 22:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1078081533-1844237615-1177238915-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
IE - HKU\S-1-5-21-1078081533-1844237615-1177238915-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Centrum.cz Search"
FF - prefs.js..browser.search.order.1: "Crawler Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://centrum.cz"
FF - prefs.js..extensions.enabledItems: {4B3803EA-5230-4DC3-A7FC-33638F3D3542}:1.3
FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.0
FF - prefs.js..keyword.URL: "http://search.centrum.cz/index.php?tool ... m-1.0.0&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\Toolbar\firefox\ [2010.09.05 18:56:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF - HKLM\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011.03.05 16:25:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011.03.30 17:26:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2011.03.30 13:14:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.19 20:00:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.07 21:34:55 | 000,000,000 | ---D | M]

[2009.06.30 15:08:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Extensions
[2011.03.06 14:44:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\bmnurbgq.default\extensions
[2009.07.02 11:48:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\bmnurbgq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.01.19 12:24:12 | 000,001,331 | ---- | M] () -- C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\bmnurbgq.default\searchplugins\crawlersrch.xml
[2011.01.23 11:38:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.03.05 16:25:34 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN
[2010.09.05 18:56:02 | 000,000,000 | ---D | M] (Crawler Toolbar) -- C:\PROGRAM FILES\CRAWLER\TOOLBAR\FIREFOX
[2010.03.26 08:34:16 | 000,001,425 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Cetrumcz_igeared.xml
[2010.07.23 02:28:35 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.07.23 02:28:35 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.07.23 02:28:35 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.07.23 02:28:35 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.07.23 02:28:35 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2011.03.31 16:33:38 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&Crawler lišta) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {D5D47440-0750-463D-BAEF-A47D02414806} - No CLSID value found.
O3 - HKU\S-1-5-21-1078081533-1844237615-1177238915-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1078081533-1844237615-1177238915-1004\..\Toolbar\WebBrowser: (&Crawler lišta) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKU\S-1-5-21-1078081533-1844237615-1177238915-1004\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1078081533-1844237615-1177238915-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1078081533-1844237615-1177238915-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1078081533-1844237615-1177238915-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1078081533-1844237615-1177238915-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: 使用快车3下载 - C:\Documents and Settings\Uživatel\Data aplikací\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Documents and Settings\Uživatel\Data aplikací\FlashGetBHO\GetAllUrl.htm ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Uživatel\Data aplikací\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Uživatel\Data aplikací\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (http://www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56308606093492224)

========== Files/Folders - Created Within 30 Days ==========

[2011.04.05 15:05:47 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Uživatel\Plocha\OTL.exe
[2011.04.05 15:03:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Uživatel\Recent
[2011.04.03 19:11:16 | 000,000,000 | ---D | C] -- C:\rsit
[2011.03.31 19:45:21 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011.03.30 13:14:30 | 000,652,336 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\symefa.sys
[2011.03.30 13:14:30 | 000,509,560 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\srtsp.sys
[2011.03.30 13:14:30 | 000,368,248 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\symtdi.sys
[2011.03.30 13:14:30 | 000,340,016 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\symds.sys
[2011.03.30 13:14:30 | 000,330,360 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\symtdiv.sys
[2011.03.30 13:14:30 | 000,295,032 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\symnets.sys
[2011.03.30 13:14:30 | 000,136,312 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\ironx86.sys
[2011.03.30 13:14:30 | 000,050,168 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\srtspx.sys
[2011.03.30 13:14:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1205000.07D
[2011.03.29 18:54:32 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011.03.29 18:54:32 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011.03.29 18:54:32 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011.03.29 18:53:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2011.03.29 18:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2011.03.29 18:53:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Norton Internet Security
[2011.03.29 18:53:27 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011.03.29 18:43:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011.03.27 20:08:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uživatel\Plocha\sh
[2011.03.26 20:16:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011.03.26 20:06:35 | 095,635,600 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Uživatel\Plocha\NIS-TW-30-18-1-0-37-CZ.exe
[2011.03.26 20:00:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2011.03.26 19:59:14 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2011.03.26 19:59:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Norton
[2011.03.26 19:58:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\NortonInstaller
[2011.03.26 09:55:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Data aplikací\Adobe
[2011.03.20 15:12:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Electronic Arts
[2011.03.19 19:59:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uživatel\Data aplikací\FlashGet
[2011.03.19 19:59:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uživatel\Data aplikací\BITS
[2011.03.19 19:59:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uživatel\Data aplikací\FlashGetBHO
[2011.03.19 19:58:27 | 006,212,416 | ---- | C] (Trend Media Corporation Limited.) -- C:\Documents and Settings\Uživatel\Plocha\flashget3.7.0.1156en.exe
[2011.03.09 18:34:17 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshearts.exe
[2011.03.09 18:34:17 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshearts.exe
[2011.03.09 18:34:17 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe
[2011.03.09 18:34:17 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmine.exe
[2011.03.09 18:34:17 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sol.exe
[2011.03.09 18:34:17 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sol.exe
[2011.03.09 18:28:23 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\calc.exe
[2011.03.05 16:19:39 | 002,585,872 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsInstaller-KB893803-v2-x86.exe
[2009.01.15 19:43:58 | 001,821,008 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsiw.exe
[2009.01.15 19:43:58 | 001,707,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsia.exe

========== Files - Modified Within 30 Days ==========

[2011.04.05 15:05:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Uživatel\Plocha\OTL.exe
[2011.04.05 14:49:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.04.03 19:10:58 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\Uživatel\Plocha\RSIT.exe
[2011.04.03 14:10:07 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\World of Warcraft.lnk
[2011.04.02 14:47:18 | 000,688,343 | ---- | M] () -- C:\Documents and Settings\Uživatel\Plocha\Screenshot 2011-04-02_14-47-17.jpg
[2011.04.02 14:46:07 | 000,694,249 | ---- | M] () -- C:\Documents and Settings\Uživatel\Plocha\Screenshot 2011-04-02_14-46-06.jpg
[2011.04.02 14:44:02 | 000,665,007 | ---- | M] () -- C:\Documents and Settings\Uživatel\Plocha\Screenshot 2011-04-02_14-44-01.jpg
[2011.04.02 14:04:56 | 000,122,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.03.31 16:33:38 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011.03.30 17:26:28 | 000,001,984 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Norton Internet Security.LNK
[2011.03.30 17:25:48 | 000,604,342 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\Cat.DB
[2011.03.29 19:25:39 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011.03.29 18:54:32 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011.03.29 18:54:32 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011.03.29 18:54:32 | 000,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011.03.29 18:54:32 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011.03.27 20:57:37 | 000,856,654 | ---- | M] () -- C:\Documents and Settings\Uživatel\Plocha\Screenshot 2011-03-27_20-57-36.jpg
[2011.03.27 16:00:11 | 000,510,750 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2011.03.27 16:00:11 | 000,480,560 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.03.27 16:00:11 | 000,107,312 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2011.03.27 16:00:11 | 000,084,964 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.03.26 20:06:36 | 095,635,600 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Uživatel\Plocha\NIS-TW-30-18-1-0-37-CZ.exe
[2011.03.26 14:59:49 | 734,235,812 | ---- | M] () -- C:\Documents and Settings\Uživatel\Plocha\hitler-vzestup-zla-cz-dab-upload-film7-dvdrip-xvid-cd2.avi
[2011.03.24 20:58:19 | 000,460,135 | ---- | M] () -- C:\Documents and Settings\Uživatel\Dokumenty\Screenshot 2011-03-24_19-58-19.jpg
[2011.03.24 20:58:12 | 000,455,557 | ---- | M] () -- C:\Documents and Settings\Uživatel\Dokumenty\Screenshot 2011-03-24_19-58-12.jpg
[2011.03.21 22:59:19 | 000,001,735 | ---- | M] () -- C:\Documents and Settings\Uživatel\Plocha\Avira AntiVir Personal Profile Local Drives.LNK
[2011.03.20 20:14:01 | 028,437,142 | ---- | M] () -- C:\Documents and Settings\Uživatel\Plocha\nwffm.dbs
[2011.03.20 19:27:14 | 000,094,208 | ---- | M] () -- C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.20 15:57:28 | 692,865,067 | ---- | M] () -- C:\Documents and Settings\Uživatel\Plocha\Manager_11_Update_3.exe
[2011.03.20 15:40:43 | 465,087,248 | ---- | M] () -- C:\Documents and Settings\Uživatel\Plocha\Manager_11_Update_2 824.exe
[2011.03.20 15:27:01 | 105,598,840 | ---- | M] () -- C:\Documents and Settings\Uživatel\Plocha\Manager_11_Update_1.exe
[2011.03.20 15:12:22 | 000,000,889 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\EA Download Manager.lnk
[2011.03.19 20:52:47 | 000,000,204 | ---- | M] () -- C:\WINDOWS\System32\secustat.dat
[2011.03.19 20:00:15 | 000,000,025 | ---- | M] () -- C:\WINDOWS\libem.INI
[2011.03.19 19:58:41 | 006,212,416 | ---- | M] (Trend Media Corporation Limited.) -- C:\Documents and Settings\Uživatel\Plocha\flashget3.7.0.1156en.exe
[2011.03.18 19:26:09 | 000,021,618 | ---- | M] () -- C:\Documents and Settings\Uživatel\.recently-used.xbel
[2011.03.14 16:58:28 | 000,387,553 | ---- | M] () -- C:\Documents and Settings\Uživatel\Dokumenty\Screenshot 2011-03-14_15-58-28.jpg
[2011.03.14 16:58:17 | 000,395,196 | ---- | M] () -- C:\Documents and Settings\Uživatel\Dokumenty\Screenshot 2011-03-14_15-58-17.jpg
[2011.03.14 16:56:30 | 000,385,799 | ---- | M] () -- C:\Documents and Settings\Uživatel\Dokumenty\Screenshot 2011-03-14_15-56-30.jpg
[2011.03.14 16:55:46 | 000,414,066 | ---- | M] () -- C:\Documents and Settings\Uživatel\Dokumenty\Screenshot 2011-03-14_15-55-46.jpg
[2011.03.10 14:55:44 | 028,436,635 | ---- | M] () -- C:\Documents and Settings\Uživatel\Plocha\nvnffm.dbs
[2011.03.08 17:37:14 | 028,435,613 | ---- | M] () -- C:\Documents and Settings\Uživatel\Plocha\ffm.dbs
[2011.03.08 16:47:00 | 028,436,401 | ---- | M] () -- C:\Documents and Settings\Uživatel\Plocha\Kopie - fifamdva.dbs
[2011.03.08 16:47:00 | 028,436,401 | ---- | M] () -- C:\Documents and Settings\Uživatel\Plocha\fifamdva.dbs
[2011.03.07 21:34:56 | 000,001,741 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Adobe Acrobat X Pro.lnk

========== Files Created - No Company Name ==========

[2011.04.03 19:10:57 | 000,339,991 | ---- | C] () -- C:\Documents and Settings\Uživatel\Plocha\RSIT.exe
[2011.04.02 14:47:17 | 000,688,343 | ---- | C] () -- C:\Documents and Settings\Uživatel\Plocha\Screenshot 2011-04-02_14-47-17.jpg
[2011.04.02 14:46:07 | 000,694,249 | ---- | C] () -- C:\Documents and Settings\Uživatel\Plocha\Screenshot 2011-04-02_14-46-06.jpg
[2011.04.02 14:44:01 | 000,665,007 | ---- | C] () -- C:\Documents and Settings\Uživatel\Plocha\Screenshot 2011-04-02_14-44-01.jpg
[2011.03.30 17:25:34 | 000,604,342 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\Cat.DB
[2011.03.30 13:14:30 | 000,007,877 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\symnetv.cat
[2011.03.30 13:14:30 | 000,007,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\iron.cat
[2011.03.30 13:14:30 | 000,007,458 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\symnet.cat
[2011.03.30 13:14:30 | 000,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\symefa.cat
[2011.03.30 13:14:30 | 000,007,454 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\srtspx.cat
[2011.03.30 13:14:30 | 000,007,450 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\symds.cat
[2011.03.30 13:14:30 | 000,007,450 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\srtsp.cat
[2011.03.30 13:14:30 | 000,003,374 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\symefa.inf
[2011.03.30 13:14:30 | 000,002,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\symds.inf
[2011.03.30 13:14:30 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\symnetv.inf
[2011.03.30 13:14:30 | 000,001,446 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\symnet.inf
[2011.03.30 13:14:30 | 000,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\srtspx.inf
[2011.03.30 13:14:30 | 000,001,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\srtsp.inf
[2011.03.30 13:14:30 | 000,000,742 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\iron.inf
[2011.03.30 13:14:04 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\isolate.ini
[2011.03.29 18:54:32 | 000,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011.03.29 18:54:32 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011.03.29 18:54:22 | 000,001,984 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Norton Internet Security.LNK
[2011.03.27 20:57:36 | 000,856,654 | ---- | C] () -- C:\Documents and Settings\Uživatel\Plocha\Screenshot 2011-03-27_20-57-36.jpg
[2011.03.26 14:59:32 | 734,235,812 | ---- | C] () -- C:\Documents and Settings\Uživatel\Plocha\hitler-vzestup-zla-cz-dab-upload-film7-dvdrip-xvid-cd2.avi
[2011.03.24 20:58:19 | 000,460,135 | ---- | C] () -- C:\Documents and Settings\Uživatel\Dokumenty\Screenshot 2011-03-24_19-58-19.jpg
[2011.03.24 20:58:12 | 000,455,557 | ---- | C] () -- C:\Documents and Settings\Uživatel\Dokumenty\Screenshot 2011-03-24_19-58-12.jpg
[2011.03.21 22:59:19 | 000,001,735 | ---- | C] () -- C:\Documents and Settings\Uživatel\Plocha\Avira AntiVir Personal Profile Local Drives.LNK
[2011.03.20 20:13:34 | 028,437,142 | ---- | C] () -- C:\Documents and Settings\Uživatel\Plocha\nwffm.dbs
[2011.03.20 15:57:01 | 692,865,067 | ---- | C] () -- C:\Documents and Settings\Uživatel\Plocha\Manager_11_Update_3.exe
[2011.03.20 15:40:33 | 465,087,248 | ---- | C] () -- C:\Documents and Settings\Uživatel\Plocha\Manager_11_Update_2 824.exe
[2011.03.20 15:26:57 | 105,598,840 | ---- | C] () -- C:\Documents and Settings\Uživatel\Plocha\Manager_11_Update_1.exe
[2011.03.20 15:12:22 | 000,000,889 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\EA Download Manager.lnk
[2011.03.19 20:01:56 | 000,000,204 | ---- | C] () -- C:\WINDOWS\System32\secustat.dat
[2011.03.19 20:00:15 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI
[2011.03.18 19:26:09 | 000,021,618 | ---- | C] () -- C:\Documents and Settings\Uživatel\.recently-used.xbel
[2011.03.14 16:58:28 | 000,387,553 | ---- | C] () -- C:\Documents and Settings\Uživatel\Dokumenty\Screenshot 2011-03-14_15-58-28.jpg
[2011.03.14 16:58:17 | 000,395,196 | ---- | C] () -- C:\Documents and Settings\Uživatel\Dokumenty\Screenshot 2011-03-14_15-58-17.jpg
[2011.03.14 16:56:30 | 000,385,799 | ---- | C] () -- C:\Documents and Settings\Uživatel\Dokumenty\Screenshot 2011-03-14_15-56-30.jpg
[2011.03.14 16:55:46 | 000,414,066 | ---- | C] () -- C:\Documents and Settings\Uživatel\Dokumenty\Screenshot 2011-03-14_15-55-46.jpg
[2011.03.10 14:55:25 | 028,436,635 | ---- | C] () -- C:\Documents and Settings\Uživatel\Plocha\nvnffm.dbs
[2011.03.10 13:59:43 | 028,436,401 | ---- | C] () -- C:\Documents and Settings\Uživatel\Plocha\Kopie - fifamdva.dbs
[2011.03.09 18:34:18 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Uživatel\Nabídka Start\Programy\Internet Explorer.lnk
[2011.03.08 17:36:47 | 028,435,613 | ---- | C] () -- C:\Documents and Settings\Uživatel\Plocha\ffm.dbs
[2011.03.08 16:43:31 | 028,436,401 | ---- | C] () -- C:\Documents and Settings\Uživatel\Plocha\fifamdva.dbs
[2011.03.05 16:19:37 | 000,076,288 | ---- | C] () -- C:\Program Files\1031.mst
[2011.03.05 16:19:37 | 000,074,752 | ---- | C] () -- C:\Program Files\1036.mst
[2011.03.05 16:19:37 | 000,003,584 | ---- | C] () -- C:\Program Files\1033.mst
[2011.03.05 16:19:06 | 008,297,472 | ---- | C] () -- C:\Program Files\AcroPro.msi
[2011.03.05 16:19:06 | 000,001,772 | ---- | C] () -- C:\Program Files\ABCPY.INI
[2011.03.05 16:15:58 | 481,143,404 | ---- | C] () -- C:\Program Files\Data1.cab
[2011.01.20 20:33:44 | 000,070,544 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2010.12.25 12:29:36 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\fusioncache.dat
[2010.12.24 22:27:59 | 000,016,788 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010.09.05 19:10:49 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010.09.04 15:58:59 | 000,084,618 | ---- | C] () -- C:\WINDOWS\War3Unin.dat
[2010.05.30 13:52:54 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.03.13 20:03:44 | 001,589,248 | ---- | C] () -- C:\WINDOWS\System32\libmysql_d.dll
[2009.07.05 12:11:39 | 000,062,232 | R--- | C] () -- C:\WINDOWS\System32\GameuxInstallHelper.dll
[2009.06.30 15:08:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009.06.25 22:27:39 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.06.25 17:09:29 | 000,094,208 | ---- | C] () -- C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.25 15:21:34 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009.06.25 15:21:32 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.06.25 15:21:32 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.06.25 15:21:31 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009.06.25 15:21:29 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.06.25 14:45:20 | 000,000,265 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2009.06.25 14:39:56 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2009.06.25 14:39:55 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe
[2009.06.25 14:39:55 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2009.06.25 14:39:55 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2009.06.25 14:39:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2009.06.25 14:39:54 | 000,266,240 | ---- | C] () -- C:\WINDOWS\CMIUninstall.exe
[2009.06.25 14:39:54 | 000,225,280 | ---- | C] () -- C:\WINDOWS\CmiRmRedundDir.exe
[2009.06.25 14:39:54 | 000,121,329 | ---- | C] () -- C:\WINDOWS\Cmuda.ini
[2009.06.25 14:39:54 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2009.06.25 13:47:53 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.06.25 13:46:53 | 000,122,136 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.06.25 13:11:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009.06.25 12:18:48 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009.06.25 12:15:17 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009.06.25 12:15:16 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009.06.25 12:15:15 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2009.06.25 12:15:15 | 000,174,820 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009.06.25 11:56:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009.06.25 11:52:47 | 000,021,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009.01.15 19:47:52 | 112,634,569 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
[2009.01.15 19:43:56 | 009,296,384 | ---- | C] () -- C:\Program Files\openofficeorg30.msi
[2009.01.15 19:43:56 | 000,000,347 | ---- | C] () -- C:\Program Files\Setup.ini
[2008.05.26 23:22:14 | 000,015,552 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008.05.26 23:22:10 | 000,021,464 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008.05.26 23:22:04 | 000,014,910 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008.05.26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008.05.26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008.04.14 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008.04.14 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008.04.14 14:00:00 | 000,510,750 | ---- | C] () -- C:\WINDOWS\System32\perfh005.dat
[2008.04.14 14:00:00 | 000,480,560 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008.04.14 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008.04.14 14:00:00 | 000,269,162 | ---- | C] () -- C:\WINDOWS\System32\perfi005.dat
[2008.04.14 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008.04.14 14:00:00 | 000,107,312 | ---- | C] () -- C:\WINDOWS\System32\perfc005.dat
[2008.04.14 14:00:00 | 000,084,964 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008.04.14 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008.04.14 14:00:00 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\perfd005.dat
[2008.04.14 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008.04.14 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008.04.14 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008.04.14 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008.04.14 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007.08.21 11:51:16 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2007.08.21 09:36:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2006.02.09 10:53:28 | 000,043,014 | ---- | C] () -- C:\WINDOWS\php.ini
[2006.01.11 18:15:20 | 001,069,056 | ---- | C] () -- C:\WINDOWS\System32\libmySQL.dll
[2001.01.12 11:52:26 | 000,044,032 | ---- | C] () -- C:\WINDOWS\System32\vbpng1.dll
[2001.01.12 11:49:38 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll

========== LOP Check ==========

[2010.11.06 10:41:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2010.11.06 10:28:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AVG10
[2010.10.06 15:16:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\Common Files
[2009.08.24 14:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
[2011.02.19 16:28:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\EA Core
[2011.03.20 15:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Electronic Arts
[2011.01.22 11:57:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\G DATA
[2009.07.05 12:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\LightScribe
[2010.11.06 10:31:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\MFAData
[2011.03.05 16:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\regid.1986-12.com.adobe
[2011.02.19 16:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Solidshield
[2009.10.03 11:54:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2010.10.06 15:17:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\AVG10
[2011.03.19 20:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\BITS
[2010.09.05 19:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\CheckPoint
[2009.08.24 14:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\DAEMON Tools Lite
[2010.11.23 18:25:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\ESET
[2011.03.19 19:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\FlashGet
[2011.03.19 19:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\FlashGetBHO
[2011.03.06 16:42:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\gtk-2.0
[2010.09.17 21:02:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\ICQ
[2009.08.16 15:11:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Nvu
[2010.02.24 19:13:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\OpenOffice.org
[2010.12.24 22:10:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Opera
[2010.12.24 23:11:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Windows Desktop Search
[2010.12.24 23:16:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Windows Search

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 14:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation)

< c:\windows\*.* /U >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2011.03.05 16:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Adobe
[2009.07.05 12:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Ahead
[2010.12.25 13:19:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Apple Computer
[2009.06.25 13:12:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\ATI
[2010.10.06 15:17:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\AVG10
[2011.03.19 20:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\BITS
[2010.09.05 19:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\CheckPoint
[2010.01.30 19:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\CyberLink
[2009.08.24 14:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\DAEMON Tools Lite
[2010.11.23 18:25:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\ESET
[2011.03.19 19:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\FlashGet
[2011.03.19 19:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\FlashGetBHO
[2009.07.02 12:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Google
[2011.03.06 16:42:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\gtk-2.0
[2010.09.17 21:02:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\ICQ
[2009.06.25 11:58:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Identities
[2009.06.25 17:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Macromedia
[2010.08.27 14:06:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Malwarebytes
[2011.03.26 20:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Media Player Classic
[2010.09.05 18:13:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Microsoft
[2009.06.30 15:08:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Mozilla
[2009.08.16 15:11:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Nvu
[2010.02.24 19:13:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\OpenOffice.org
[2010.12.24 22:10:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Opera
[2011.03.28 17:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Skype
[2011.03.28 17:17:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\skypePM
[2010.12.24 23:11:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Windows Desktop Search
[2010.12.24 23:16:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Windows Search
[2009.09.12 14:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\WinRAR

< %APPDATA%\*.exe /s >
[2009.06.25 12:19:06 | 000,009,158 | R--- | M] () -- C:\Documents and Settings\Uživatel\Data aplikací\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe
[2009.07.06 17:51:42 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Uživatel\Data aplikací\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe


< MD5 for: AGP440.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: CDROM.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 14:00:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2008.04.14 14:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll
[2008.04.14 14:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\dllcache\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: HAL.DLL >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 14:00:00 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=6F61D3287A6A15A08A9433222C09D17F -- C:\WINDOWS\system32\hal.dll

< MD5 for: CHANGER.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys

< MD5 for: ISAPNP.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 07:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\dllcache\isapnp.sys
[2008.04.14 07:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys
[2008.04.14 14:00:00 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\isapnp.sys

< MD5 for: LSASS.EXE >
[2008.04.14 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2008.04.14 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.14 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008.04.14 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008.04.14 14:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 14:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.17 15:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2008.04.14 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\dllcache\smss.exe
[2008.04.14 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008.04.14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.04.14 14:00:00 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: VIAMRAID.SYS >
[2004.03.29 16:45:36 | 000,073,600 | ---- | M] (VIA Technologies inc,.ltd) MD5=65864ABA65EEE06EA586009301834E43 -- C:\WINDOWS\OemDir\viamraid.sys
[2004.03.29 16:45:36 | 000,073,600 | ---- | M] (VIA Technologies inc,.ltd) MD5=65864ABA65EEE06EA586009301834E43 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\viamraid.sys
[2009.06.25 12:05:41 | 000,104,064 | ---- | M] (VIA Technologies inc,.ltd) MD5=85E9421C8A99D1291B43B9B59A669AC3 -- C:\WINDOWS\system32\drivers\viamraid.sys

< MD5 for: WINLOGON.EXE >
[2008.04.14 14:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 14:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2008.04.14 14:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2008.04.14 14:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009.06.25 13:41:12 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009.06.25 13:41:12 | 001,069,056 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.06.25 13:41:12 | 000,479,232 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >

< End of report >


Error - 2.4.2011 8:52:10 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Chybující aplikace ccsvchst.exe, verze 10.1.0.37, chybující modul
msvcr90.dll, verze 9.0.30729.4148, adresa chyby 0x00058289.

Error - 2.4.2011 8:52:17 | Computer Name = PC | Source = Application Error | ID = 1001
Description = Chybný blok -2068220160

Error - 3.4.2011 9:10:18 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Chybující aplikace iexplore.exe, verze 8.0.6001.18702, chybující modul
mshtml.dll, verze 8.0.6001.19019, adresa chyby 0x00077fbd.

Error - 3.4.2011 9:10:29 | Computer Name = PC | Source = Application Error | ID = 1001
Description = Chybný blok -1992149654

[ System Events ]
Error - 3.4.2011 13:38:30 | Computer Name = PC | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: sptd

Error - 4.4.2011 2:06:04 | Computer Name = PC | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: sptd

Error - 4.4.2011 5:56:27 | Computer Name = PC | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: sptd

Error - 4.4.2011 7:34:12 | Computer Name = PC | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: sptd

Error - 4.4.2011 11:18:04 | Computer Name = PC | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: sptd

Error - 4.4.2011 13:21:00 | Computer Name = PC | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: sptd

Error - 4.4.2011 16:02:19 | Computer Name = PC | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: sptd

Error - 5.4.2011 1:50:03 | Computer Name = PC | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: sptd

Error - 5.4.2011 7:24:33 | Computer Name = PC | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: sptd

Error - 5.4.2011 8:50:06 | Computer Name = PC | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: sptd


< End of report >

Snad jsem to blbě nezadal.. Po testu tam bylo

Kód: Vybrat vše

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3

[motji]

Spustte OTL
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
SRV - File not found [On_Demand | Stopped] -- -- (YRPCUJC)
SRV - File not found [On_Demand | Stopped] -- -- (UASIIKJ)
SRV - File not found [On_Demand | Stopped] -- -- (RRQODZDBK)
SRV - File not found [On_Demand | Stopped] -- -- (PXKJ)

:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s
C:\Documents and Settings\All Users\Data aplikací\Alwil Software
 C:\Documents and Settings\All Users\Data aplikací\AVG10
c:\Documents and Settings\Uživatel\Data aplikací\AVG10
C:\Documents and Settings\Uživatel\Data aplikací\ESET

:commands
[emptytemp]
[EMPTYFLASH]
[clearallrestorepoints]
[Reboot]

-klikněte na tlačítko opravit.
-Následně se pc restartuje.
- Log vložte zde


Přeinstalujte Daemona

[Thrall]

Prosim vás . Nerad jsem klikl na reklamu . Bylo to ala Green Card USA , atd... Ja to rychle zavrel a teprve potom co jsem to schodil nabehl Web Security Guard ze je to nebezpecna zavirovana stranka a jestli ze vsupovat či ne .

kouknete se na to :

Logfile of random's system information tool 1.08 (written by random/random)
Run by Uživatel at 2011-04-05 18:51:17
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 32 GB (22%) free of 150 GB
Total RAM: 2047 MB (85% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:51:18, on 5.4.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Uživatel\Plocha\RSIT.exe
C:\Program Files\trend micro\Uživatel.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\IPS\IPSBHO.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: (no name) - {D5D47440-0750-463D-BAEF-A47D02414806} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{76A64D52-3A80-4DC2-9245-002ED15E29DC}: NameServer = 217.31.204.130,217.31.204.131
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Služba Google Update (gupdate1c9faffc1c539a5) (gupdate1c9faffc1c539a5) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PXKJ - Unknown owner - C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\PXKJ.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RRQODZDBK - Unknown owner - C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\RRQODZDBK.exe (file missing)
O23 - Service: UASIIKJ - Unknown owner - C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\UASIIKJ.exe (file missing)
O23 - Service: YRPCUJC - Unknown owner - C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\YRPCUJC.exe (file missing)

--
End of file - 6318 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2010-09-02 1241448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll [2010-12-04 433080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\IPS\IPSBHO.DLL [2010-12-01 210360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-01-30 340384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-01-30 340384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2010-09-02 1241448]
{D5D47440-0750-463D-BAEF-A47D02414806}
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-01-30 340384]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll [2010-12-04 433080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2011-01-30 821144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [2011-01-30 36760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EADM]
C:\Program Files\Electronic Arts\EADM\EADMUI\EADMUI.exe [2011-03-14 11857920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
C:\Program Files\lg_fwupdate\fwupdate.exe [2007-02-26 249856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-01-24 2289664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Uživatel^Nabídka Start^Programy^Po spuštění^_uninst_setup_9.0.0.722_27.02.2011_14-23.exe.lnk]
C:\Documents and Settings\Uživatel\Local Settings\temp\_uninst_setup_9.0.0.722_27.02.2011_14-23.exe.bat []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-07-08 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"\\macek\storage\Instalace\!predinstalace\Nero CZ a Power DVD\CDS\Nero\Installation\SetupX.exe"="\\macek\storage\Instalace\!predinstalace\Nero CZ a Power DVD\CDS\Nero\Installation\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\Program Files\SEGA\SEGA Rally\SEGA Rally.exe"="C:\Program Files\SEGA\SEGA Rally\SEGA Rally.exe:*:Enabled:SEGA Rally"
"C:\Program Files\SEGA\SEGA Rally\SEGA Rally_SSE1.exe"="C:\Program Files\SEGA\SEGA Rally\SEGA Rally_SSE1.exe:*:Enabled:SEGA Rally"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Counter-Strike Source\hl2.exe"="C:\Program Files\Counter-Strike Source\hl2.exe:*:Disabled:hl2"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Disabled:Garena"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\World of Warcraft\Launcher.exe"="C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe"="C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Disabled:Google Earth"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2011-04-05 18:40:49 ----D---- C:\WINDOWS\temp
2011-04-05 18:40:47 ----A---- C:\ComboFix.txt
2011-04-05 18:04:41 ----A---- C:\WINDOWS\zip.exe
2011-04-05 18:04:41 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-04-05 18:04:41 ----A---- C:\WINDOWS\SWSC.exe
2011-04-05 18:04:41 ----A---- C:\WINDOWS\SWREG.exe
2011-04-05 18:04:41 ----A---- C:\WINDOWS\sed.exe
2011-04-05 18:04:41 ----A---- C:\WINDOWS\PEV.exe
2011-04-05 18:04:41 ----A---- C:\WINDOWS\NIRCMD.exe
2011-04-05 18:04:41 ----A---- C:\WINDOWS\MBR.exe
2011-04-05 18:04:41 ----A---- C:\WINDOWS\grep.exe
2011-04-05 18:04:32 ----D---- C:\WINDOWS\ERDNT
2011-04-05 18:04:01 ----D---- C:\Qoobox
2011-04-03 19:11:16 ----D---- C:\rsit
2011-03-29 18:59:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-03-29 18:54:32 ----D---- C:\Program Files\Symantec
2011-03-29 18:54:32 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2011-03-29 18:54:32 ----A---- C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2011-03-29 18:53:47 ----D---- C:\WINDOWS\system32\drivers\NIS
2011-03-29 18:53:42 ----D---- C:\Program Files\Norton Internet Security
2011-03-29 18:53:27 ----D---- C:\Program Files\NortonInstaller
2011-03-26 20:16:57 ----D---- C:\Program Files\Common Files\Symantec Shared
2011-03-26 20:00:03 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-03-26 19:59:14 ----D---- C:\Program Files\Windows Sidebar
2011-03-26 19:59:13 ----D---- C:\Documents and Settings\All Users\Data aplikací\Norton
2011-03-26 19:58:50 ----D---- C:\Documents and Settings\All Users\Data aplikací\NortonInstaller
2011-03-24 08:32:51 ----HDC---- C:\WINDOWS\$NtUninstallKB2524375$
2011-03-19 20:00:15 ----A---- C:\WINDOWS\libem.INI
2011-03-19 19:59:20 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\FlashGet
2011-03-19 19:59:20 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\BITS
2011-03-19 19:59:10 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\FlashGetBHO
2011-03-09 18:34:17 ----A---- C:\WINDOWS\system32\winmine.exe
2011-03-09 18:34:17 ----A---- C:\WINDOWS\system32\sol.exe
2011-03-09 18:34:17 ----A---- C:\WINDOWS\system32\mshearts.exe
2011-03-09 16:17:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2479943$
2011-03-09 16:14:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2481109$

======List of files/folders modified in the last 1 months======

2011-04-05 18:51:17 ----D---- C:\Program Files\trend micro
2011-04-05 18:40:49 ----D---- C:\WINDOWS\system32\drivers
2011-04-05 18:40:49 ----D---- C:\WINDOWS
2011-04-05 18:39:11 ----A---- C:\WINDOWS\system.ini
2011-04-05 18:37:17 ----D---- C:\WINDOWS\system32
2011-04-05 18:37:17 ----D---- C:\WINDOWS\AppPatch
2011-04-05 18:37:15 ----D---- C:\Program Files\Common Files
2011-04-05 18:33:44 ----D---- C:\WINDOWS\system32\CatRoot2
2011-04-05 18:29:37 ----RASH---- C:\boot.ini
2011-04-05 18:29:37 ----A---- C:\WINDOWS\win.ini
2011-04-05 18:29:03 ----SHD---- C:\System Volume Information
2011-04-05 18:28:52 ----D---- C:\WINDOWS\Prefetch
2011-04-05 18:11:35 ----D---- C:\WINDOWS\system32\drivers\etc
2011-04-05 17:11:25 ----D---- C:\Program Files\World of Warcraft
2011-04-02 14:48:42 ----RD---- C:\Program Files
2011-04-02 14:05:22 ----D---- C:\WINDOWS\system32\Restore
2011-03-29 16:35:06 ----D---- C:\Program Files\Unlocker
2011-03-28 17:51:51 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\Skype
2011-03-28 17:17:17 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\skypePM
2011-03-27 16:00:11 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-03-26 20:25:42 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\Media Player Classic
2011-03-26 20:00:04 ----HD---- C:\WINDOWS\inf
2011-03-26 19:56:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\Avira
2011-03-26 17:12:25 ----D---- C:\WINDOWS\system32\NtmsData
2011-03-26 17:10:23 ----D---- C:\WINDOWS\Registration
2011-03-24 08:32:44 ----HD---- C:\WINDOWS\$hf_mig$
2011-03-20 19:25:32 ----SHD---- C:\WINDOWS\Installer
2011-03-20 15:12:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\Electronic Arts
2011-03-20 13:06:37 ----D---- C:\Program Files\Mozilla Firefox
2011-03-09 21:20:30 ----D---- C:\WINDOWS\security
2011-03-09 20:28:31 ----D---- C:\WINDOWS\Debug
2011-03-09 18:34:28 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-03-09 18:34:18 ----D---- C:\WINDOWS\Help
2011-03-09 16:15:07 ----A---- C:\WINDOWS\system32\MRT.exe
2011-03-06 16:42:03 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\gtk-2.0

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-08-10 50688]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 SymDS;Symantec Data Store; C:\WINDOWS\system32\drivers\NIS\1205000.07D\SYMDS.SYS [2010-10-21 340016]
R0 SymEFA;Symantec Extended File Attributes; C:\WINDOWS\system32\drivers\NIS\1205000.07D\SYMEFA.SYS [2010-11-18 652336]
R0 uagp35;Filtr Microsoft AGPv3.5; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-14 44672]
R0 viamraid;viamraid; C:\WINDOWS\system32\drivers\viamraid.sys [2009-06-25 104064]
R0 videX32;videX32; C:\WINDOWS\system32\DRIVERS\videX32.sys [2009-06-25 9216]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R3 catchme;catchme; \??\C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\catchme.sys []
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys []
S1 BHDrvx86;BHDrvx86; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx86.sys []
S1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
S1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
S1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\drivers\NIS\1205000.07D\SRTSPX.SYS [2010-11-23 50168]
S1 SymIRON;Symantec Iron Driver; C:\WINDOWS\system32\drivers\NIS\1205000.07D\Ironx86.SYS [2010-11-16 136312]
S1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\System32\Drivers\NIS\1205000.07D\SYMTDI.SYS [2010-12-01 368248]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-07-08 3257344]
S3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-05-20 93696]
S3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2005-12-15 1368000]
S3 ctljystk;Game port pro zařízení Creative SB Live!; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110401.001\IDSxpx86.sys []
S3 mbr;mbr; \??\C:\ComboFix\mbr.sys []
S3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110404.033\NAVENG.SYS []
S3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110404.033\NAVEX15.SYS []
S3 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\NIS\1205000.07D\SRTSP.SYS [2010-11-23 509560]
S3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-07-08 573440]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate1c9faffc1c539a5;Služba Google Update (gupdate1c9faffc1c539a5); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-02 133104]
S2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-01-24 73728]
S2 NIS;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe [2010-11-24 130000]
S2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-05-14 272024]
S2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-09-17 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 PXKJ;PXKJ; C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\PXKJ.exe []
S3 RRQODZDBK;RRQODZDBK; C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\RRQODZDBK.exe []
S3 UASIIKJ;UASIIKJ; C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\UASIIKJ.exe []
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 YRPCUJC;YRPCUJC; C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\YRPCUJC.exe []
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Děkuju .

[motji]

Stránka je v pořádku, udělejte prosím ten skript na OTL.

[Thrall]

Aha .. To je divné Web Security Guard hlasí že tam jsou viry..Jdu se kouknout na to OTL .

[Thrall]

Tak jsem se spletl .. Ta stranka byla hxxp://usagc.org/ Web Security Guard hlasí že tam jsou viry.

[Thrall]

Pc se chová opravdu divně ,je pomalé a např. mi samovolně do adresy na internet explorer skočilo ip http://0.0.7.177/ .

[motji]

Můžete prosím udělat to otl a potom vložit nový log ze rsitu ?

[Thrall]

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
Service YRPCUJC stopped successfully!
Service YRPCUJC deleted successfully!
Service UASIIKJ stopped successfully!
Service UASIIKJ deleted successfully!
Service RRQODZDBK stopped successfully!
Service RRQODZDBK deleted successfully!
Service PXKJ stopped successfully!
Service PXKJ deleted successfully!
========== FILES ==========
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\Installer\MSI30.tmp moved successfully.
C:\WINDOWS\Installer\MSI6E.tmp moved successfully.
C:\WINDOWS\Installer\MSI6F.tmp moved successfully.
C:\WINDOWS\Installer\MSI70.tmp moved successfully.
C:\WINDOWS\Installer\MSI71.tmp moved successfully.
C:\WINDOWS\Installer\MSID2.tmp moved successfully.
C:\WINDOWS\Installer\MSID3.tmp moved successfully.
C:\WINDOWS\Installer\MSID4.tmp moved successfully.
C:\WINDOWS\Installer\MSID5.tmp moved successfully.
C:\WINDOWS\Installer\MSID6.tmp moved successfully.
C:\WINDOWS\Installer\MSID7.tmp moved successfully.
C:\WINDOWS\Installer\MSID8.tmp moved successfully.
C:\WINDOWS\Installer\MSID9.tmp moved successfully.
C:\WINDOWS\Installer\MSIDA.tmp moved successfully.
C:\WINDOWS\Installer\MSIDB.tmp moved successfully.
C:\WINDOWS\Installer\MSIDC.tmp moved successfully.
C:\WINDOWS\Installer\MSIDD.tmp moved successfully.
C:\WINDOWS\Installer\MSIDE.tmp moved successfully.
C:\WINDOWS\Installer\MSIDF.tmp moved successfully.
C:\WINDOWS\Installer\MSIE0.tmp moved successfully.
C:\WINDOWS\Installer\MSIE1.tmp moved successfully.
C:\WINDOWS\Installer\MSIE2.tmp moved successfully.
C:\WINDOWS\Installer\MSIE3.tmp moved successfully.
C:\WINDOWS\Installer\MSIE4.tmp moved successfully.
C:\WINDOWS\Installer\MSIE5.tmp moved successfully.
C:\WINDOWS\Installer\MSIE6.tmp moved successfully.
C:\WINDOWS\Installer\MSIE7.tmp moved successfully.
C:\WINDOWS\Installer\MSIE8.tmp moved successfully.
C:\WINDOWS\Installer\MSIE9.tmp moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5\log folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5 folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Alwil Software folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\AVG10\log folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\AVG10\Chjw folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\AVG10 folder moved successfully.
c:\Documents and Settings\Uživatel\Data aplikací\AVG10\cfgall folder moved successfully.
c:\Documents and Settings\Uživatel\Data aplikací\AVG10 folder moved successfully.
C:\Documents and Settings\Uživatel\Data aplikací\ESET\ESET Smart Security folder moved successfully.
C:\Documents and Settings\Uživatel\Data aplikací\ESET folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Uživatel
->Temp folder emptied: 29075658 bytes
->Temporary Internet Files folder emptied: 23729500 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 843 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 32768 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 50,00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Uživatel
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.22.3 log created on 04062011_204820

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_94.dat not found!

Registry entries deleted on Reboot...

Logfile of random's system information tool 1.08 (written by random/random)
Run by Uživatel at 2011-04-06 20:57:03
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 32 GB (22%) free of 150 GB
Total RAM: 2047 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:57:09, on 6.4.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Uživatel\Plocha\RSIT.exe
C:\Program Files\trend micro\Uživatel.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\IPS\IPSBHO.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: (no name) - {D5D47440-0750-463D-BAEF-A47D02414806} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{76A64D52-3A80-4DC2-9245-002ED15E29DC}: NameServer = 217.31.204.130,217.31.204.131
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Služba Google Update (gupdate1c9faffc1c539a5) (gupdate1c9faffc1c539a5) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 6725 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2010-09-02 1241448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll [2010-12-04 433080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\IPS\IPSBHO.DLL [2010-12-01 210360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-01-30 340384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-01-30 340384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2010-09-02 1241448]
{D5D47440-0750-463D-BAEF-A47D02414806}
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-01-30 340384]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll [2010-12-04 433080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2011-01-30 821144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [2011-01-30 36760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EADM]
C:\Program Files\Electronic Arts\EADM\EADMUI\EADMUI.exe [2011-03-14 11857920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
C:\Program Files\lg_fwupdate\fwupdate.exe [2007-02-26 249856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-01-24 2289664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Uživatel^Nabídka Start^Programy^Po spuštění^_uninst_setup_9.0.0.722_27.02.2011_14-23.exe.lnk]
C:\Documents and Settings\Uživatel\Local Settings\temp\_uninst_setup_9.0.0.722_27.02.2011_14-23.exe.bat []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-07-08 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"\\macek\storage\Instalace\!predinstalace\Nero CZ a Power DVD\CDS\Nero\Installation\SetupX.exe"="\\macek\storage\Instalace\!predinstalace\Nero CZ a Power DVD\CDS\Nero\Installation\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\Program Files\SEGA\SEGA Rally\SEGA Rally.exe"="C:\Program Files\SEGA\SEGA Rally\SEGA Rally.exe:*:Enabled:SEGA Rally"
"C:\Program Files\SEGA\SEGA Rally\SEGA Rally_SSE1.exe"="C:\Program Files\SEGA\SEGA Rally\SEGA Rally_SSE1.exe:*:Enabled:SEGA Rally"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Counter-Strike Source\hl2.exe"="C:\Program Files\Counter-Strike Source\hl2.exe:*:Disabled:hl2"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Disabled:Garena"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\World of Warcraft\Launcher.exe"="C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe"="C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Disabled:Google Earth"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2011-04-06 20:48:41 ----SHD---- C:\RECYCLER
2011-04-06 20:48:20 ----D---- C:\_OTL
2011-04-05 18:40:49 ----D---- C:\WINDOWS\temp
2011-04-05 18:40:47 ----A---- C:\ComboFix.txt
2011-04-05 18:04:41 ----A---- C:\WINDOWS\zip.exe
2011-04-05 18:04:41 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-04-05 18:04:41 ----A---- C:\WINDOWS\SWSC.exe
2011-04-05 18:04:41 ----A---- C:\WINDOWS\SWREG.exe
2011-04-05 18:04:41 ----A---- C:\WINDOWS\sed.exe
2011-04-05 18:04:41 ----A---- C:\WINDOWS\PEV.exe
2011-04-05 18:04:41 ----A---- C:\WINDOWS\NIRCMD.exe
2011-04-05 18:04:41 ----A---- C:\WINDOWS\MBR.exe
2011-04-05 18:04:41 ----A---- C:\WINDOWS\grep.exe
2011-04-05 18:04:32 ----D---- C:\WINDOWS\ERDNT
2011-04-05 18:04:01 ----D---- C:\Qoobox
2011-04-03 19:11:16 ----D---- C:\rsit
2011-03-29 18:59:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-03-29 18:54:32 ----D---- C:\Program Files\Symantec
2011-03-29 18:54:32 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2011-03-29 18:54:32 ----A---- C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2011-03-29 18:53:47 ----D---- C:\WINDOWS\system32\drivers\NIS
2011-03-29 18:53:42 ----D---- C:\Program Files\Norton Internet Security
2011-03-29 18:53:27 ----D---- C:\Program Files\NortonInstaller
2011-03-26 20:16:57 ----D---- C:\Program Files\Common Files\Symantec Shared
2011-03-26 20:00:03 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-03-26 19:59:14 ----D---- C:\Program Files\Windows Sidebar
2011-03-26 19:59:13 ----D---- C:\Documents and Settings\All Users\Data aplikací\Norton
2011-03-26 19:58:50 ----D---- C:\Documents and Settings\All Users\Data aplikací\NortonInstaller
2011-03-24 08:32:51 ----HDC---- C:\WINDOWS\$NtUninstallKB2524375$
2011-03-19 20:00:15 ----A---- C:\WINDOWS\libem.INI
2011-03-19 19:59:20 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\FlashGet
2011-03-19 19:59:20 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\BITS
2011-03-19 19:59:10 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\FlashGetBHO
2011-03-09 18:34:17 ----A---- C:\WINDOWS\system32\winmine.exe
2011-03-09 18:34:17 ----A---- C:\WINDOWS\system32\sol.exe
2011-03-09 18:34:17 ----A---- C:\WINDOWS\system32\mshearts.exe
2011-03-09 16:17:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2479943$
2011-03-09 16:14:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2481109$

======List of files/folders modified in the last 1 months======

2011-04-06 20:57:08 ----D---- C:\Program Files\trend micro
2011-04-06 20:53:18 ----SHD---- C:\System Volume Information
2011-04-06 20:53:11 ----D---- C:\WINDOWS
2011-04-06 20:48:48 ----D---- C:\WINDOWS\system32\Restore
2011-04-06 20:48:35 ----SHD---- C:\WINDOWS\Installer
2011-04-06 19:42:33 ----D---- C:\WINDOWS\Prefetch
2011-04-05 18:51:55 ----RASH---- C:\boot.ini
2011-04-05 18:51:55 ----A---- C:\WINDOWS\win.ini
2011-04-05 18:51:55 ----A---- C:\WINDOWS\system.ini
2011-04-05 18:40:49 ----D---- C:\WINDOWS\system32\drivers
2011-04-05 18:37:17 ----D---- C:\WINDOWS\system32
2011-04-05 18:37:17 ----D---- C:\WINDOWS\AppPatch
2011-04-05 18:37:15 ----D---- C:\Program Files\Common Files
2011-04-05 18:33:44 ----D---- C:\WINDOWS\system32\CatRoot2
2011-04-05 18:11:35 ----D---- C:\WINDOWS\system32\drivers\etc
2011-04-05 17:11:25 ----D---- C:\Program Files\World of Warcraft
2011-04-02 14:48:42 ----RD---- C:\Program Files
2011-03-29 16:35:06 ----D---- C:\Program Files\Unlocker
2011-03-28 17:51:51 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\Skype
2011-03-28 17:17:17 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\skypePM
2011-03-27 16:00:11 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-03-26 20:25:42 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\Media Player Classic
2011-03-26 20:00:04 ----HD---- C:\WINDOWS\inf
2011-03-26 19:56:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\Avira
2011-03-26 17:12:25 ----D---- C:\WINDOWS\system32\NtmsData
2011-03-26 17:10:23 ----D---- C:\WINDOWS\Registration
2011-03-24 08:32:44 ----HD---- C:\WINDOWS\$hf_mig$
2011-03-20 15:12:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\Electronic Arts
2011-03-20 13:06:37 ----D---- C:\Program Files\Mozilla Firefox
2011-03-09 21:20:30 ----D---- C:\WINDOWS\security
2011-03-09 20:28:31 ----D---- C:\WINDOWS\Debug
2011-03-09 18:34:28 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-03-09 18:34:18 ----D---- C:\WINDOWS\Help
2011-03-09 16:15:07 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-08-10 50688]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 SymDS;Symantec Data Store; C:\WINDOWS\system32\drivers\NIS\1205000.07D\SYMDS.SYS [2010-10-21 340016]
R0 SymEFA;Symantec Extended File Attributes; C:\WINDOWS\system32\drivers\NIS\1205000.07D\SYMEFA.SYS [2010-11-18 652336]
R0 uagp35;Filtr Microsoft AGPv3.5; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-14 44672]
R0 viamraid;viamraid; C:\WINDOWS\system32\drivers\viamraid.sys [2009-06-25 104064]
R0 videX32;videX32; C:\WINDOWS\system32\DRIVERS\videX32.sys [2009-06-25 9216]
R1 BHDrvx86;BHDrvx86; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx86.sys []
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\NIS\1205000.07D\SRTSP.SYS [2010-11-23 509560]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\drivers\NIS\1205000.07D\SRTSPX.SYS [2010-11-23 50168]
R1 SymIRON;Symantec Iron Driver; C:\WINDOWS\system32\drivers\NIS\1205000.07D\Ironx86.SYS [2010-11-16 136312]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\System32\Drivers\NIS\1205000.07D\SYMTDI.SYS [2010-12-01 368248]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-07-08 3257344]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-05-20 93696]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2005-12-15 1368000]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110405.001\IDSxpx86.sys []
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110406.003\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110406.003\NAVEX15.SYS []
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\catchme.sys []
S3 ctljystk;Game port pro zařízení Creative SB Live!; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-07-08 573440]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-01-24 73728]
R2 NIS;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe [2010-11-24 130000]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-05-14 272024]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate1c9faffc1c539a5;Služba Google Update (gupdate1c9faffc1c539a5); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-02 133104]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-09-17 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Koukla by jste se jestli teda v PC ted neco nemám ? PC jede fakt pomalu a Web Security Guard opravdu hlasil ze je to zavirovana stranka (adresu jsem vam napsal ,ze zacatku jsem se spletl ,nekonci to na .com ale na .org ) .

Jinak velmi děkuji za ochotu .

[motji]

Spustte ještě mbam, viz můj pdopis.
Já ve vašem pc nic nevidím

[Thrall]

MBAM nic nenašlo . Je to divné že tam není nic vidět ,ještě jednou jsem si to kontroloval na http://www.websecurityguard.com a opravdu ta stranka s koncovkou .org je zavirovaná . Tak nevím . Je možné že ty nebezpečné sekvence WSG zablokoval i když se stranka otevřela .

[motji]

A problémy s pc přetrvávají?