Security tool

[stell]

bezne registry-vse.

[Flashka]

OTL logfile created on: 22.9.2010 20:35:25 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\uzivatel\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 67,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 372,60 Gb Total Space | 221,27 Gb Free Space | 59,38% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-F64F928CD
Current User Name: uzivatel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\uzivatel\Plocha\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
PRC - C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
PRC - C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe (Crawler.com)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\uzivatel\Local Settings\Data aplikací\TeamSpeak 3 Client\ts3client_win32.exe (TeamSpeak Systems GmbH)
PRC - C:\Program Files\Steam\Steam.exe (Valve Corporation)
PRC - C:\Documents and Settings\uzivatel\Local Settings\Apps\2.0\39P2149N.M0B\920CLX52.W55\curs..tion_eee711038731a406_0004.0000_172b37d8269e5e48\CurseClient.exe (Curse)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe (Skype Technologies S.A.)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Program Files\Search Settings\SearchSettings.exe (Vendio Services, Inc.)
PRC - C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\uzivatel\Plocha\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (sp_rssrv) -- C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe ()


========== Driver Services (SafeList) ==========

DRV - (sp_rsdrv2) -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ()
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (a42af395) -- C:\WINDOWS\System32\drivers\a42af395.sys ()
DRV - (epfwtdir) -- C:\WINDOWS\system32\drivers\epfwtdir.sys (ESET)
DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET)
DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (NAL) -- C:\WINDOWS\system32\drivers\iqvw32.sys (Intel Corporation )
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (e1express) Intel(R) -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)
DRV - (HECI) Intel(R) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)
DRV - (sfng32) -- C:\WINDOWS\system32\drivers\sfng32.sys (Sonic Focus, Inc)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (Politecnico di Torino)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60327
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.flashget.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Value error. File not found
IE - HKCU\..\URLSearchHook: {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\uzivatel\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://seznam.cz/"
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.2.3
FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.10
FF - prefs.js..keyword.URL: "http://search.qip.ru/search?from=FF&query="

FF - HKLM\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\PROGRA~1\Crawler\Toolbar\firefox\ [2009.12.30 12:48:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010.01.24 16:45:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.22 17:28:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.16 20:02:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009.07.20 16:03:07 | 000,000,000 | ---D | M]

[2008.10.25 14:52:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Extensions
[2008.10.25 14:52:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010.09.21 22:04:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\8qhuwsc0.default\extensions
[2010.07.27 13:26:03 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\8qhuwsc0.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2010.08.13 15:49:21 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\8qhuwsc0.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
[2008.11.03 17:32:51 | 000,000,523 | ---- | M] () -- C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\8qhuwsc0.default\searchplugins\daemon-search.xml
[2009.07.19 15:37:18 | 000,002,061 | ---- | M] () -- C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\8qhuwsc0.default\searchplugins\qipsearch.xml
[2010.09.22 17:29:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.09.16 20:01:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010.09.20 17:01:07 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009.05.10 11:41:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2010.09.16 20:01:56 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010.09.16 20:01:56 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009.05.27 04:18:22 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2010.09.16 20:01:59 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2008.03.24 04:00:00 | 000,144,720 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2008.03.24 04:00:00 | 000,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2009.09.21 13:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
[2010.09.10 13:38:16 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010.09.10 13:38:16 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.09.10 13:38:16 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.09.10 13:38:16 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.09.10 13:38:16 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.09.10 13:38:16 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2006.03.02 14:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Podpora odkazu pro Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - No CLSID value found.
O2 - BHO: (QIPBHO Class) - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\uzivatel\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Crawler lišta) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (no name) - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Crawler lišta) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKCU\..\Toolbar\WebBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKCU\..\Toolbar\WebBrowser: (&Odkazy) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Crawler lišta) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKCU\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe (Vendio Services, Inc.)
O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [SpywareTerminatorUpdate] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\uzivatel\Nabídka Start\Programy\Po spuštění\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: 使用快车3下载 - C:\Documents and Settings\uzivatel\Data aplikací\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Documents and Settings\uzivatel\Data aplikací\FlashGetBHO\GetAllUrl.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.com/content/DriverDow ... eqlab2.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} http://www.intel.com/design/motherbd/bo ... oardID.cab (BoardCtl Class)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Proces mezipaměti kategorií součástí - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\uzivatel\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\uzivatel\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.05.22 11:07:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{ee7fc27e-b820-11df-8c53-0019d1a90ac7}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\setup.exe -- [2006.03.02 14:00:00 | 000,023,040 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010.09.22 20:16:27 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\uzivatel\Plocha\OTL.exe
[2010.09.22 19:16:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\uzivatel\Data aplikací\Malwarebytes
[2010.09.22 19:16:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.09.22 19:16:37 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.09.22 19:16:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.09.22 19:16:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2010.09.22 19:12:21 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\uzivatel\Plocha\mbam-setup.exe
[2010.09.22 19:06:46 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010.09.22 18:55:01 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010.09.22 17:58:12 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.09.22 17:58:03 | 000,000,000 | ---D | C] -- C:\rsit
[2010.09.21 18:24:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\uzivatel\Data aplikací\Spyware Terminator
[2010.09.21 16:06:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Temp
[2010.09.20 17:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\uzivatel\Data aplikací\skypePM
[2010.09.20 17:01:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\uzivatel\Data aplikací\Skype
[2010.09.20 17:00:37 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010.09.20 17:00:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Skype
[2010.09.18 17:41:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\uzivatel\Plocha\MrFishIt
[2008.11.18 20:56:58 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\uzivatel\Data aplikací\pcouffin.sys
[6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[234 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.09.22 20:31:26 | 000,248,830 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010.09.22 20:31:25 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.09.22 20:31:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.09.22 20:31:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.09.22 20:16:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\uzivatel\Plocha\OTL.exe
[2010.09.22 20:06:03 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.09.22 19:36:05 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\World of Warcraft.lnk
[2010.09.22 19:30:37 | 005,767,168 | ---- | M] () -- C:\Documents and Settings\uzivatel\ntuser.dat
[2010.09.22 19:30:37 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\uzivatel\ntuser.ini
[2010.09.22 19:16:40 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.09.22 19:16:16 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\uzivatel\Plocha\mbam-setup.exe
[2010.09.22 19:12:20 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\uzivatel\Plocha\rkill.com
[2010.09.22 18:00:00 | 000,000,480 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for uzivatel.job
[2010.09.21 19:52:31 | 003,175,654 | -H-- | M] () -- C:\Documents and Settings\uzivatel\Local Settings\Data aplikací\IconCache.db
[2010.09.21 18:24:31 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Spyware Terminator.lnk
[2010.09.21 18:24:14 | 000,142,592 | ---- | M] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2010.09.21 18:02:04 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.09.21 16:05:51 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.09.20 21:05:15 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\uzivatel\Plocha\omgomgomg.doc
[2010.09.20 17:02:21 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.09.14 15:50:16 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\uzivatel\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[234 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.09.22 19:16:40 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.09.22 19:12:06 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\uzivatel\Plocha\rkill.com
[2010.09.21 18:24:31 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Spyware Terminator.lnk
[2010.09.21 18:24:14 | 000,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2010.09.20 20:05:49 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\uzivatel\Plocha\omgomgomg.doc
[2010.09.20 17:02:21 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.08.13 15:49:05 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI
[2010.04.26 17:21:27 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\uzivatel\Data aplikací\PnkBstrK.sys
[2010.04.26 17:21:01 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2010.04.24 11:34:45 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2010.03.26 21:00:50 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010.01.25 01:33:39 | 000,527,168 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2009.11.13 17:35:02 | 000,011,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2009.10.30 00:11:03 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009.10.30 00:10:55 | 002,085,376 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2009.10.30 00:10:54 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009.10.30 00:10:54 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.10.30 00:10:54 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.10.30 00:10:46 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.10.30 00:10:46 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009.08.03 01:21:54 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2009.06.06 19:14:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\a42af395.sys
[2009.05.03 11:00:57 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008.11.18 20:57:02 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\uzivatel\Data aplikací\pcouffin.log
[2008.11.18 20:56:58 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\uzivatel\Data aplikací\inst.exe
[2008.11.18 20:56:58 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\uzivatel\Data aplikací\pcouffin.cat
[2008.11.18 20:56:58 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\uzivatel\Data aplikací\pcouffin.inf
[2008.07.10 10:10:40 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7K.DLL
[2008.06.23 18:19:11 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.06.05 15:10:32 | 000,138,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008.05.26 14:31:59 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008.05.24 11:24:34 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\uzivatel\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.05.22 19:08:29 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.05.22 12:42:03 | 000,002,257 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2008.05.22 12:15:09 | 001,843,784 | ---- | C] () -- C:\WINDOWS\System32\igklg400.dll
[2008.05.22 12:15:09 | 001,399,880 | ---- | C] () -- C:\WINDOWS\System32\igklg450.dll
[2008.05.22 12:15:09 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2008.05.22 12:15:09 | 000,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
[2008.02.05 13:28:20 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\uzivatel\Local Settings\Data aplikací\setup.txt
[2006.03.02 14:00:00 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_004248_.tmp.dll
[2006.03.02 14:00:00 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_004216_.tmp.dll
[2005.10.14 11:56:50 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 11:56:50 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002.03.02 05:10:02 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll

========== Custom Scans ==========


< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %fystemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

Invalid Environment Variable: Systemdrive

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[234 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2008.05.27 13:55:29 | 000,717,296 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2008.05.22 12:49:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008.05.22 12:49:00 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008.05.22 12:48:59 | 000,479,232 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010.08.15 17:48:22 | 000,138,592 | ---- | M] () -- C:\WINDOWS\system32\drivers\PnkBstrK.sys
[2010.09.21 18:24:14 | 000,142,592 | ---- | M] () -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys

Invalid Environment Variable: Systemroot


< MD5 for: AGP440.SYS >
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006.03.02 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2006.03.02 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2006.03.02 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2006.03.02 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2006.03.02 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2006.03.02 14:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2006.03.02 14:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\scecli.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 498 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:05EE1EEF
< End of report >

[stell]

1:Odinstaluj programy:
C:\Program Files\Search Settings
C:\Program Files\Crawler\Toolbar

2:spust OTL-do okna skopiruj zeleny text a klik OPRAVIT-log po restarte vloz sem

Kód: Vybrat vše

:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.flashget.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Value error. File not found
IE - HKCU\..\URLSearchHook: {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\uzivatel\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.)
FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..keyword.URL: "http://search.qip.ru/search?from=FF&query="
[2009.07.19 15:37:18 | 000,002,061 | ---- | M] () -- C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\8qhuwsc0.default\searchplugins\qipsearch.xml
O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - No CLSID value found.
O2 - BHO: (QIPBHO Class) - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\uzivatel\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O3 - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Crawler lišta) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (no name) - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (&Crawler lišta) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKCU\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe (Vendio Services, Inc.)
O8 - Extra context menu item: 使用快车3下载 - C:\Documents and Settings\uzivatel\Data aplikací\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Documents and Settings\uzivatel\Data aplikací\FlashGetBHO\GetAllUrl.htm ()
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.com/content/DriverDow ... eqlab2.cab (Reg Error: Key error.)
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
[6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[234 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
[234 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
@Alternate Data Stream - 498 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:05EE1EEF

:commands
[emptytemp]
[emptyflash]
[ClearAllRestorePoints]
[resethosts]
[start explorer]
[Reboot]

3:Stiahnes na plochu a spustis-restart-
http://users.telenet.be/marcvn/tools/WUS_Fix.exe

PROSIM CITAJTE POZORNE NAVOD!!!,
4:Použij ComboFix podle tohoto návodu: http://www.bleepingcomputer.com/combofi ... t-combofix
Log znej vloz sem.

[Flashka]

log po restartu z OTL:

All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{95289393-33EA-4F8D-B952-483415B9C955} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}\ deleted successfully.
C:\Documents and Settings\uzivatel\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
File C:\Program Files\Search Settings\kb127\SearchSettings.dll not found.
Prefs.js: "QIP Search" removed from browser.search.defaultenginename
Prefs.js: "http://search.qip.ru/search?from=FF&query=" removed from keyword.URL
C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\8qhuwsc0.default\searchplugins\qipsearch.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ not found.
File C:\Program Files\Crawler\Toolbar\ctbr.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}\ not found.
File C:\Documents and Settings\uzivatel\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found.
File C:\Program Files\Crawler\Toolbar\ctbr.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ED4BD629-C1B6-4399-8A34-02CCAA921DC9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ED4BD629-C1B6-4399-8A34-02CCAA921DC9}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found.
File C:\Program Files\Crawler\Toolbar\ctbr.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings not found.
File C:\Program Files\Search Settings\SearchSettings.exe not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\使用快车3下载\ deleted successfully.
C:\Documents and Settings\uzivatel\Data aplikací\FlashGetBHO\GetUrl.htm moved successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\使用快车3下载全部链接\ deleted successfully.
C:\Documents and Settings\uzivatel\Data aplikací\FlashGetBHO\GetAllUrl.htm moved successfully.
Starting removal of ActiveX control {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy\ deleted successfully.
C:\WINDOWS\Fonts\SET688.tmp deleted successfully.
C:\WINDOWS\Fonts\SET689.tmp deleted successfully.
C:\WINDOWS\Fonts\SET68A.tmp deleted successfully.
C:\WINDOWS\Fonts\SET68B.tmp deleted successfully.
C:\WINDOWS\Fonts\SET68C.tmp deleted successfully.
C:\WINDOWS\Fonts\SET68D.tmp deleted successfully.
C:\WINDOWS\002637_.tmp deleted successfully.
C:\WINDOWS\SET25.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET682.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET1385.tmp deleted successfully.
C:\WINDOWS\System32\SET138A.tmp deleted successfully.
C:\WINDOWS\System32\SET1398.tmp deleted successfully.
C:\WINDOWS\System32\SET13C0.tmp deleted successfully.
C:\WINDOWS\System32\SET35A.tmp deleted successfully.
C:\WINDOWS\System32\SET35E.tmp deleted successfully.
C:\WINDOWS\System32\SET35F.tmp deleted successfully.
C:\WINDOWS\System32\SET361.tmp deleted successfully.
C:\WINDOWS\System32\SET363.tmp deleted successfully.
C:\WINDOWS\System32\SET364.tmp deleted successfully.
C:\WINDOWS\System32\SET365.tmp deleted successfully.
C:\WINDOWS\System32\SET36C.tmp deleted successfully.
C:\WINDOWS\System32\SET36D.tmp deleted successfully.
C:\WINDOWS\System32\SET370.tmp deleted successfully.
C:\WINDOWS\System32\SET379.tmp deleted successfully.
C:\WINDOWS\System32\SET37A.tmp deleted successfully.
C:\WINDOWS\System32\SET37B.tmp deleted successfully.
C:\WINDOWS\System32\SET37D.tmp deleted successfully.
C:\WINDOWS\System32\SET37E.tmp deleted successfully.
C:\WINDOWS\System32\SET37F.tmp deleted successfully.
C:\WINDOWS\System32\SET380.tmp deleted successfully.
C:\WINDOWS\System32\SET381.tmp deleted successfully.
C:\WINDOWS\System32\SET383.tmp deleted successfully.
C:\WINDOWS\System32\SET384.tmp deleted successfully.
C:\WINDOWS\System32\SET385.tmp deleted successfully.
C:\WINDOWS\System32\SET388.tmp deleted successfully.
C:\WINDOWS\System32\SET38F.tmp deleted successfully.
C:\WINDOWS\System32\SET390.tmp deleted successfully.
C:\WINDOWS\System32\SET391.tmp deleted successfully.
C:\WINDOWS\System32\SET394.tmp deleted successfully.
C:\WINDOWS\System32\SET396.tmp deleted successfully.
C:\WINDOWS\System32\SET397.tmp deleted successfully.
C:\WINDOWS\System32\SET39E.tmp deleted successfully.
C:\WINDOWS\System32\SET3A1.tmp deleted successfully.
C:\WINDOWS\System32\SET3A2.tmp deleted successfully.
C:\WINDOWS\System32\SET3A4.tmp deleted successfully.
C:\WINDOWS\System32\SET3A9.tmp deleted successfully.
C:\WINDOWS\System32\SET3AA.tmp deleted successfully.
C:\WINDOWS\System32\SET3AB.tmp deleted successfully.
C:\WINDOWS\System32\SET3AC.tmp deleted successfully.
C:\WINDOWS\System32\SET3AD.tmp deleted successfully.
C:\WINDOWS\System32\SET3B3.tmp deleted successfully.
C:\WINDOWS\System32\SET3B8.tmp deleted successfully.
C:\WINDOWS\System32\SET3B9.tmp deleted successfully.
C:\WINDOWS\System32\SET3BC.tmp deleted successfully.
C:\WINDOWS\System32\SET3BF.tmp deleted successfully.
C:\WINDOWS\System32\SET3C0.tmp deleted successfully.
C:\WINDOWS\System32\SET3C7.tmp deleted successfully.
C:\WINDOWS\System32\SET3C8.tmp deleted successfully.
C:\WINDOWS\System32\SET3CB.tmp deleted successfully.
C:\WINDOWS\System32\SET3D8.tmp deleted successfully.
C:\WINDOWS\System32\SET3D9.tmp deleted successfully.
C:\WINDOWS\System32\SET3DC.tmp deleted successfully.
C:\WINDOWS\System32\SET3DF.tmp deleted successfully.
C:\WINDOWS\System32\SET3E0.tmp deleted successfully.
C:\WINDOWS\System32\SET3E1.tmp deleted successfully.
C:\WINDOWS\System32\SET3E2.tmp deleted successfully.
C:\WINDOWS\System32\SET3F2.tmp deleted successfully.
C:\WINDOWS\System32\SET3F6.tmp deleted successfully.
C:\WINDOWS\System32\SET3F7.tmp deleted successfully.
C:\WINDOWS\System32\SET3F9.tmp deleted successfully.
C:\WINDOWS\System32\SET3FB.tmp deleted successfully.
C:\WINDOWS\System32\SET3FC.tmp deleted successfully.
C:\WINDOWS\System32\SET3FD.tmp deleted successfully.
C:\WINDOWS\System32\SET400.tmp deleted successfully.
C:\WINDOWS\System32\SET401.tmp deleted successfully.
C:\WINDOWS\System32\SET406.tmp deleted successfully.
C:\WINDOWS\System32\SET409.tmp deleted successfully.
C:\WINDOWS\System32\SET40A.tmp deleted successfully.
C:\WINDOWS\System32\SET40B.tmp deleted successfully.
C:\WINDOWS\System32\SET411.tmp deleted successfully.
C:\WINDOWS\System32\SET412.tmp deleted successfully.
C:\WINDOWS\System32\SET413.tmp deleted successfully.
C:\WINDOWS\System32\SET41A.tmp deleted successfully.
C:\WINDOWS\System32\SET41B.tmp deleted successfully.
C:\WINDOWS\System32\SET421.tmp deleted successfully.
C:\WINDOWS\System32\SET422.tmp deleted successfully.
C:\WINDOWS\System32\SET423.tmp deleted successfully.
C:\WINDOWS\System32\SET424.tmp deleted successfully.
C:\WINDOWS\System32\SET426.tmp deleted successfully.
C:\WINDOWS\System32\SET42B.tmp deleted successfully.
C:\WINDOWS\System32\SET42C.tmp deleted successfully.
C:\WINDOWS\System32\SET438.tmp deleted successfully.
C:\WINDOWS\System32\SET43A.tmp deleted successfully.
C:\WINDOWS\System32\SET43C.tmp deleted successfully.
C:\WINDOWS\System32\SET43D.tmp deleted successfully.
C:\WINDOWS\System32\SET43E.tmp deleted successfully.
C:\WINDOWS\System32\SET449.tmp deleted successfully.
C:\WINDOWS\System32\SET44B.tmp deleted successfully.
C:\WINDOWS\System32\SET44C.tmp deleted successfully.
C:\WINDOWS\System32\SET44F.tmp deleted successfully.
C:\WINDOWS\System32\SET451.tmp deleted successfully.
C:\WINDOWS\System32\SET454.tmp deleted successfully.
C:\WINDOWS\System32\SET463.tmp deleted successfully.
C:\WINDOWS\System32\SET465.tmp deleted successfully.
C:\WINDOWS\System32\SET466.tmp deleted successfully.
C:\WINDOWS\System32\SET467.tmp deleted successfully.
C:\WINDOWS\System32\SET46E.tmp deleted successfully.
C:\WINDOWS\System32\SET46F.tmp deleted successfully.
C:\WINDOWS\System32\SET472.tmp deleted successfully.
C:\WINDOWS\System32\SET473.tmp deleted successfully.
C:\WINDOWS\System32\SET474.tmp deleted successfully.
C:\WINDOWS\System32\SET475.tmp deleted successfully.
C:\WINDOWS\System32\SET476.tmp deleted successfully.
C:\WINDOWS\System32\SET478.tmp deleted successfully.
C:\WINDOWS\System32\SET479.tmp deleted successfully.
C:\WINDOWS\System32\SET47A.tmp deleted successfully.
C:\WINDOWS\System32\SET47C.tmp deleted successfully.
C:\WINDOWS\System32\SET47D.tmp deleted successfully.
C:\WINDOWS\System32\SET47E.tmp deleted successfully.
C:\WINDOWS\System32\SET480.tmp deleted successfully.
C:\WINDOWS\System32\SET483.tmp deleted successfully.
C:\WINDOWS\System32\SET488.tmp deleted successfully.
C:\WINDOWS\System32\SET489.tmp deleted successfully.
C:\WINDOWS\System32\SET48A.tmp deleted successfully.
C:\WINDOWS\System32\SET48F.tmp deleted successfully.
C:\WINDOWS\System32\SET490.tmp deleted successfully.
C:\WINDOWS\System32\SET491.tmp deleted successfully.
C:\WINDOWS\System32\SET493.tmp deleted successfully.
C:\WINDOWS\System32\SET4B7.tmp deleted successfully.
C:\WINDOWS\System32\SET4B9.tmp deleted successfully.
C:\WINDOWS\System32\SET4BA.tmp deleted successfully.
C:\WINDOWS\System32\SET4BD.tmp deleted successfully.
C:\WINDOWS\System32\SET4BE.tmp deleted successfully.
C:\WINDOWS\System32\SET4C1.tmp deleted successfully.
C:\WINDOWS\System32\SET4C4.tmp deleted successfully.
C:\WINDOWS\System32\SET4C5.tmp deleted successfully.
C:\WINDOWS\System32\SET4C7.tmp deleted successfully.
C:\WINDOWS\System32\SET4CC.tmp deleted successfully.
C:\WINDOWS\System32\SET4CE.tmp deleted successfully.
C:\WINDOWS\System32\SET4D3.tmp deleted successfully.
C:\WINDOWS\System32\SET4D8.tmp deleted successfully.
C:\WINDOWS\System32\SET4DA.tmp deleted successfully.
C:\WINDOWS\System32\SET4DB.tmp deleted successfully.
C:\WINDOWS\System32\SET4DE.tmp deleted successfully.
C:\WINDOWS\System32\SET4DF.tmp deleted successfully.
C:\WINDOWS\System32\SET4E9.tmp deleted successfully.
C:\WINDOWS\System32\SET4ED.tmp deleted successfully.
C:\WINDOWS\System32\SET4EE.tmp deleted successfully.
C:\WINDOWS\System32\SET4F9.tmp deleted successfully.
C:\WINDOWS\System32\SET4FA.tmp deleted successfully.
C:\WINDOWS\System32\SET4FB.tmp deleted successfully.
C:\WINDOWS\System32\SET4FC.tmp deleted successfully.
C:\WINDOWS\System32\SET4FD.tmp deleted successfully.
C:\WINDOWS\System32\SET4FE.tmp deleted successfully.
C:\WINDOWS\System32\SET500.tmp deleted successfully.
C:\WINDOWS\System32\SET502.tmp deleted successfully.
C:\WINDOWS\System32\SET505.tmp deleted successfully.
C:\WINDOWS\System32\SET511.tmp deleted successfully.
C:\WINDOWS\System32\SET513.tmp deleted successfully.
C:\WINDOWS\System32\SET514.tmp deleted successfully.
C:\WINDOWS\System32\SET515.tmp deleted successfully.
C:\WINDOWS\System32\SET517.tmp deleted successfully.
C:\WINDOWS\System32\SET519.tmp deleted successfully.
C:\WINDOWS\System32\SET51E.tmp deleted successfully.
C:\WINDOWS\System32\SET520.tmp deleted successfully.
C:\WINDOWS\System32\SET521.tmp deleted successfully.
C:\WINDOWS\System32\SET527.tmp deleted successfully.
C:\WINDOWS\System32\SET532.tmp deleted successfully.
C:\WINDOWS\System32\SET535.tmp deleted successfully.
C:\WINDOWS\System32\SET536.tmp deleted successfully.
C:\WINDOWS\System32\SET537.tmp deleted successfully.
C:\WINDOWS\System32\SET53B.tmp deleted successfully.
C:\WINDOWS\System32\SET543.tmp deleted successfully.
C:\WINDOWS\System32\SET54A.tmp deleted successfully.
C:\WINDOWS\System32\SET54C.tmp deleted successfully.
C:\WINDOWS\System32\SET54E.tmp deleted successfully.
C:\WINDOWS\System32\SET552.tmp deleted successfully.
C:\WINDOWS\System32\SET554.tmp deleted successfully.
C:\WINDOWS\System32\SET566.tmp deleted successfully.
C:\WINDOWS\System32\SET56A.tmp deleted successfully.
C:\WINDOWS\System32\SET56C.tmp deleted successfully.
C:\WINDOWS\System32\SET56E.tmp deleted successfully.
C:\WINDOWS\System32\SET574.tmp deleted successfully.
C:\WINDOWS\System32\SET578.tmp deleted successfully.
C:\WINDOWS\System32\SET586.tmp deleted successfully.
C:\WINDOWS\System32\SET58C.tmp deleted successfully.
C:\WINDOWS\System32\SET58E.tmp deleted successfully.
C:\WINDOWS\System32\SET58F.tmp deleted successfully.
C:\WINDOWS\System32\SET595.tmp deleted successfully.
C:\WINDOWS\System32\SET599.tmp deleted successfully.
C:\WINDOWS\System32\SET5A2.tmp deleted successfully.
C:\WINDOWS\System32\SET5A7.tmp deleted successfully.
C:\WINDOWS\System32\SET5A9.tmp deleted successfully.
C:\WINDOWS\System32\SET5AA.tmp deleted successfully.
C:\WINDOWS\System32\SET5AB.tmp deleted successfully.
C:\WINDOWS\System32\SET5B3.tmp deleted successfully.
C:\WINDOWS\System32\SET5B7.tmp deleted successfully.
C:\WINDOWS\System32\SET5C2.tmp deleted successfully.
C:\WINDOWS\System32\SET5D4.tmp deleted successfully.
C:\WINDOWS\System32\SET5D5.tmp deleted successfully.
C:\WINDOWS\System32\SET5DA.tmp deleted successfully.
C:\WINDOWS\System32\SET5E8.tmp deleted successfully.
C:\WINDOWS\System32\SET601.tmp deleted successfully.
C:\WINDOWS\System32\SET608.tmp deleted successfully.
C:\WINDOWS\System32\SET609.tmp deleted successfully.
C:\WINDOWS\System32\SET60A.tmp deleted successfully.
C:\WINDOWS\System32\SET60C.tmp deleted successfully.
C:\WINDOWS\System32\SET60D.tmp deleted successfully.
C:\WINDOWS\System32\SET60E.tmp deleted successfully.
C:\WINDOWS\System32\SET611.tmp deleted successfully.
C:\WINDOWS\System32\SET613.tmp deleted successfully.
C:\WINDOWS\System32\SET614.tmp deleted successfully.
C:\WINDOWS\System32\SET616.tmp deleted successfully.
C:\WINDOWS\System32\SET619.tmp deleted successfully.
C:\WINDOWS\System32\SET61B.tmp deleted successfully.
C:\WINDOWS\System32\SET620.tmp deleted successfully.
C:\WINDOWS\System32\SET621.tmp deleted successfully.
C:\WINDOWS\System32\SET629.tmp deleted successfully.
C:\WINDOWS\System32\SET62F.tmp deleted successfully.
C:\WINDOWS\System32\SET634.tmp deleted successfully.
C:\WINDOWS\System32\SET637.tmp deleted successfully.
C:\WINDOWS\System32\SET63A.tmp deleted successfully.
C:\WINDOWS\System32\SET63C.tmp deleted successfully.
C:\WINDOWS\System32\SET640.tmp deleted successfully.
C:\WINDOWS\System32\SET642.tmp deleted successfully.
C:\WINDOWS\System32\SET643.tmp deleted successfully.
C:\WINDOWS\System32\SET644.tmp deleted successfully.
C:\WINDOWS\System32\SET647.tmp deleted successfully.
C:\WINDOWS\System32\SET648.tmp deleted successfully.
C:\WINDOWS\System32\SET649.tmp deleted successfully.
C:\WINDOWS\System32\SET64C.tmp deleted successfully.
C:\WINDOWS\System32\SET64D.tmp deleted successfully.
C:\WINDOWS\System32\SET652.tmp deleted successfully.
C:\WINDOWS\System32\SET657.tmp deleted successfully.
C:\WINDOWS\System32\SET65A.tmp deleted successfully.
C:\WINDOWS\System32\SET65E.tmp deleted successfully.
C:\WINDOWS\System32\SET660.tmp deleted successfully.
C:\WINDOWS\System32\SET662.tmp deleted successfully.
C:\WINDOWS\System32\SET7DC.tmp deleted successfully.
C:\WINDOWS\System32\SET7E2.tmp deleted successfully.
C:\WINDOWS\System32\tmp14A.tmp deleted successfully.
C:\WINDOWS\System32\tmp32.tmp deleted successfully.
C:\LHT4F87.tmp deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:05EE1EEF deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 391308 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 7539014 bytes
->Flash cache emptied: 456 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: uzivatel
->Temp folder emptied: 861362691 bytes
->Temporary Internet Files folder emptied: 76563160 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 161296629 bytes
->Google Chrome cache emptied: 856432 bytes
->Flash cache emptied: 86238 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 31398991 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 3881219140 bytes

Total Files Cleaned = 4 788,00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: uzivatel
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

Restore points cleared and new OTL Restore Point set!
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.14.1 log created on 09222010_212311

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

[Flashka]

3:Stiahnes na plochu a spustis-restart-
http://users.telenet.be/marcvn/tools/WUS_Fix.exe

tohle nejde zapnout, jen to problikne a nic se nestane... kdyz to zapnu pres "spustit jako" tak to hodi chybu.

[stell]

to je ok, to je len cez prikazovy riadok, takze len preblikne, takze spuatit , preblikne-restart-a skontroluj wauserver uz by malo byt ok,
potom spust combofix.

[Flashka]

Log z ComboFixu:

ComboFix 10-09-22.02 - uzivatel 22.09.2010 22:13:50.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2029.1669 [GMT 2:00]
Spuštěný z: c:\documents and settings\uzivatel\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Vytvořen nový Bod Obnovení
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\uzivatel\Data aplikací\BITS
c:\documents and settings\uzivatel\Data aplikací\BITS\BITS.ini
c:\documents and settings\uzivatel\Data aplikací\BITS\DHTTable.dat
c:\documents and settings\uzivatel\Data aplikací\BITS\ProxyList.ini
c:\documents and settings\uzivatel\Data aplikací\BITS\UPnP.ini
c:\documents and settings\uzivatel\Data aplikací\FlashGetBHO
c:\documents and settings\uzivatel\Data aplikací\FlashGetBHO\FlashGetBHO3.dll
c:\documents and settings\uzivatel\Data aplikací\FlashGetBHO\FlashGetHook.dll
C:\Install.exe
c:\program files\FlashGet Network
c:\program files\FlashGet Network\FlashGet 3\dat\Appsetting.cfg
c:\program files\FlashGet Network\FlashGet 3\dat\FlashGet3db.bak
c:\program files\FlashGet Network\FlashGet 3\dat\FlashGet3db.db
c:\program files\FlashGet Network\FlashGet 3\P2PCfg.ini
c:\program files\FlashGet Network\FlashGet 3\perf.ini
c:\program files\FlashGet Network\FlashGet 3\pstat.dat
c:\program files\FlashGet Network\FlashGet 3\pup.dat
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\INSTALL.LOG
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\program files\WinPCap\Uninstall.exe
c:\windows\system32\_004205_.tmp.dll
c:\windows\system32\_004206_.tmp.dll
c:\windows\system32\_004207_.tmp.dll
c:\windows\system32\_004208_.tmp.dll
c:\windows\system32\_004215_.tmp.dll
c:\windows\system32\_004216_.tmp.dll
c:\windows\system32\_004217_.tmp.dll
c:\windows\system32\_004218_.tmp.dll
c:\windows\system32\_004220_.tmp.dll
c:\windows\system32\_004221_.tmp.dll
c:\windows\system32\_004224_.tmp.dll
c:\windows\system32\_004225_.tmp.dll
c:\windows\system32\_004227_.tmp.dll
c:\windows\system32\_004228_.tmp.dll
c:\windows\system32\_004229_.tmp.dll
c:\windows\system32\_004231_.tmp.dll
c:\windows\system32\_004234_.tmp.dll
c:\windows\system32\_004235_.tmp.dll
c:\windows\system32\_004239_.tmp.dll
c:\windows\system32\_004240_.tmp.dll
c:\windows\system32\_004242_.tmp.dll
c:\windows\system32\_004245_.tmp.dll
c:\windows\system32\_004247_.tmp.dll
c:\windows\system32\_004248_.tmp.dll
c:\windows\system32\_004249_.tmp.dll
c:\windows\system32\_004250_.tmp.dll
c:\windows\system32\_004251_.tmp.dll
c:\windows\system32\_004254_.tmp.dll
c:\windows\system32\_004255_.tmp.dll
c:\windows\system32\_004256_.tmp.dll
c:\windows\system32\_004257_.tmp.dll
c:\windows\system32\_004258_.tmp.dll
c:\windows\system32\_004263_.tmp.dll
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\secushr.dat
c:\windows\system32\secustat.dat
c:\windows\system32\winlogon.bak
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Soubory vytvořené od 2010-08-22 do 2010-09-22 )))))))))))))))))))))))))))))))
.

2010-09-22 19:23 . 2010-09-22 19:23 -------- d-----w- C:\_OTL
2010-09-22 17:16 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-22 17:16 . 2010-09-22 17:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-22 17:16 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-22 15:58 . 2010-09-22 15:58 -------- d-----w- c:\program files\trend micro
2010-09-22 15:58 . 2010-09-22 15:58 -------- d-----w- C:\rsit
2010-09-20 15:02 . 2010-09-20 15:02 56 ---ha-w- c:\windows\system32\ezsidmv.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-22 20:18 . 2010-05-09 14:33 -------- d-----w- c:\program files\Steam
2010-09-22 19:20 . 2009-12-26 18:15 -------- d-----w- c:\program files\Spyware Terminator
2010-09-22 19:15 . 2008-05-27 13:55 -------- d-----w- c:\program files\Crawler
2010-09-21 14:26 . 2008-05-29 11:01 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-09-21 14:26 . 2008-12-30 09:48 -------- d-----w- c:\program files\World of Warcraft
2010-08-15 16:27 . 2008-06-05 13:10 219128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-08-15 15:48 . 2008-06-05 13:10 138592 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-08-10 08:33 . 2009-08-01 12:47 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-08-10 08:33 . 2009-08-01 12:47 -------- d-----w- c:\program files\DivX
2010-07-27 11:30 . 2010-07-27 11:30 -------- d-----w- c:\program files\FLV Player
2010-07-27 11:27 . 2010-07-27 11:13 -------- d-----w- c:\program files\FDRLab
2010-07-27 11:19 . 2010-07-27 11:19 -------- d-----w- c:\program files\Xvid
.

------- Sigcheck -------

[7] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\SoftwareDistribution\Download\c45c7070dd9219a4a37516c02fc0d005\SP2GDR\tcpip.sys
[7] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\SoftwareDistribution\Download\c45c7070dd9219a4a37516c02fc0d005\SP2QFE\tcpip.sys
[7] 2006-03-02 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2006-03-02 . C1783498EDB152656303B5D5BCABD86C . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\tcpip.sys

[-] 2008-05-22 . 427E6DED3A2369D3432A683EB489EE14 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-23 203720]
"Steam"="c:\program files\Steam\Steam.exe" [2010-08-24 1242448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-05 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-06 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-06 13877248]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

c:\documents and settings\uzivatel\Nabˇdka Start\Programy\Po spuçtŘnˇ\
CurseClientStartup.ccip [2010-1-24 0]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Codemasters\\OperationFlashpoint\\FLASHPOINTRESISTANCE.EXE"=
"c:\\Program Files\\Codemasters\\OperationFlashpoint\\OFP Launcher.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Documents and Settings\\uzivatel\\Plocha\\ArmA Launcher.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\World of Warcraft\\Repair.exe"=
"c:\\Program Files\\Wow1\\Repair.exe"=
"c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Insane\\Game.exe"=
"c:\\Program Files\\DOOM2\\skulltag.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.4.3-to-3.0.2-enGB-Win-Final-downloader.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aom.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Age of Empires II\\empires2.exe"=
"c:\\Program Files\\Age of Empires II\\age2_x1\\age2_x1.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft Public Test\\WoW-0.3.0.10522-enGB-ptr-downloader.exe"=
"c:\\Program Files\\World of Warcraft Public Test\\WoW-0.3.0.10522-to-0.3.0.10554-enGB-ptr-downloader.exe"=
"c:\\Program Files\\World of Warcraft Public Test\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft Public Test\\WoW-0.3.0.10554-to-0.3.0.10571-enGB-ptr-downloader.exe"=
"c:\\Program Files\\World of Warcraft Public Test\\WoW-0.3.0.10571-to-0.3.0.10596-enGB-ptr-downloader.exe"=
"c:\\Documents and Settings\\uzivatel\\Dokumenty\\Stažené soubory\\winbox.exe"=
"c:\\Program Files\\EA Sports\\NHL 09\\nhl2009.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\flaashka\\counter-strike\\hl.exe"=
"c:\\Documents and Settings\\uzivatel\\Local Settings\\Apps\\2.0\\39P2149N.M0B\\920CLX52.W55\\curs..tion_eee711038731a406_0004.0000_172b37d8269e5e48\\CurseClient.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 14:23 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [6.2.2009 14:24 93336]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6.2.2009 14:23 727720]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [13.11.2009 17:10 56992]
S0 wmmxkn;wmmxkn; [x]
S1 a42af395;a42af395;c:\windows\system32\drivers\a42af395.sys [6.6.2009 19:14 0]
S2 gupdate1ca12a64c62f90a;Služba Google Update (gupdate1ca12a64c62f90a);c:\program files\Google\Update\GoogleUpdate.exe [1.8.2009 14:47 133104]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26.5.2008 14:31 717296]
.
Obsah adresáře 'Naplánované úlohy'

2010-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-01 12:47]

2010-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-01 12:47]
.
.
------- Doplňkový sken -------
.
uLocal Page =
uStart Page =
uDefault_Search_URL =
uSearchAssistant =
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {493CCF47-49CD-4D4E-9356-9CFF80A91476} = 77.48.254.254,77.48.100.254
DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} - hxxp://www.intel.com/design/motherbd/boardid/BoardID.cab
FF - ProfilePath - c:\documents and settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\8qhuwsc0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - component: c:\documents and settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\8qhuwsc0.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashGetXPI.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-WinPcapInst - c:\program files\WinPcap\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-22 22:18
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(1972)
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\PnkBstrA.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-09-22 22:23:02 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-09-22 20:23

Před spuštěním: Volných bajtů: 245 629 321 216
Po spuštění: Volných bajtů: 245 451 452 416

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 8920D86CDD489798B793942E704E5560

[stell]

Otestuj na www.virustotal.com
c:\windows\system32\winlogon.exe
c:\windows\system32\drivers\tcpip.sys
Daj reanalyse, nakolko ti vypise ze subor uz bolo testovane,, link vloz sem.
este tam mas zopar drobnosti, zajtra to docistime, dnes koncim,

Doinstaluj Firewall, bez spyware doctora.
http://www.viry.cz/forum/viewtopic.php? ... 36#p868836

[Flashka]

Zitra kolem 16:00 tu budu a dodelam co jsi mi napsal, dneska uz to taky balim. Zatim diky moc za vsechny rady

[stell]

ok, ,,
zatial nemas zaco,islo to dobre, vela si sa nevypytoval,, a secutity tool, nie je hocijaky smekjd.

[Flashka]

jestli myslis tohle tak tady to je:

winlogon.exe: http://www.virustotal.com/file-scan/rep ... 1285250979
tcpip.sys: http://www.virustotal.com/file-scan/rep ... 1285251358

[stell]

Pri tejto akcii je nutné mať ComboFix na ploche.

Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.

Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex:

Kód: Vybrat vše

KILLALL::
FCOPY::
c:\windows\system32\dllcache\tcpip.sys | c:\windows\system32\drivers\tcpip.sys
srpeek::
c:\windows\system32\winlogon.exe
FileLook::
c:\windows\system32\winlogon.exe
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]"CustomizeSearch"=
http://www.Google.com
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]"Default_Search_URL"=
http://www.Google.com
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]"Search Bar"=
http://www.Google.com
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]"Search Page"=
http://www.Google.com
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]"SearchAssistant"=
http://www.Google.com
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]"Search Bar"=
http://www.Google.com
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]"Default_Page_URL"=
http://www.Google.com
DDS::
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE

Potom klik na Subor -> Uložiť ako.. .. -> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :


Po skonceni skenu vlož log čo ComboFix vytvorí

[Flashka]

ComboFix 10-09-22.06 - uzivatel 23.09.2010 16:54:44.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2029.845 [GMT 2:00]
Spuštěný z: c:\documents and settings\uzivatel\Plocha\Viry.cz\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\uzivatel\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\system32\dllcache\tcpip.sys --> c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-23 do 2010-09-23 )))))))))))))))))))))))))))))))
.

2010-09-23 14:26 . 2009-11-23 11:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-09-23 14:26 . 2009-11-09 09:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-09-23 14:26 . 2010-01-07 10:40 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-09-23 14:26 . 2010-09-23 14:26 -------- d-----w- c:\program files\Common Files\PC Tools
2010-09-23 14:26 . 2010-01-12 07:34 70664 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2010-09-23 14:26 . 2010-01-07 09:35 58816 ----a-w- c:\windows\system32\drivers\pctNdis.sys
2010-09-23 14:26 . 2010-01-07 09:35 32680 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2010-09-23 14:26 . 2010-01-13 06:59 115216 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2010-09-23 14:26 . 2010-09-23 14:30 -------- d-----w- c:\program files\PC Tools Firewall Plus
2010-09-23 14:15 . 2010-09-23 14:15 -------- d-----w- c:\windows\system32\Nová složka
2010-09-22 19:23 . 2010-09-22 19:23 -------- d-----w- C:\_OTL
2010-09-22 17:16 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-22 17:16 . 2010-09-22 17:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-22 17:16 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-22 15:58 . 2010-09-22 15:58 -------- d-----w- c:\program files\trend micro
2010-09-22 15:58 . 2010-09-22 15:58 -------- d-----w- C:\rsit
2010-09-20 15:02 . 2010-09-20 15:02 56 ---ha-w- c:\windows\system32\ezsidmv.dat
1601-01-01 00:00 . 1601-01-01 00:00 -------- d-----w- c:\windows\LastGood.Tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-23 15:01 . 2010-05-09 14:33 -------- d-----w- c:\program files\Steam
2010-09-23 14:40 . 2008-12-30 09:48 -------- d-----w- c:\program files\World of Warcraft
2010-09-22 19:20 . 2009-12-26 18:15 -------- d-----w- c:\program files\Spyware Terminator
2010-09-22 19:15 . 2008-05-27 13:55 -------- d-----w- c:\program files\Crawler
2010-09-21 14:26 . 2008-05-29 11:01 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-08-15 16:27 . 2008-06-05 13:10 219128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-08-15 15:48 . 2008-06-05 13:10 138592 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-08-10 08:33 . 2009-08-01 12:47 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-08-10 08:33 . 2009-08-01 12:47 -------- d-----w- c:\program files\DivX
2010-07-27 11:30 . 2010-07-27 11:30 -------- d-----w- c:\program files\FLV Player
2010-07-27 11:27 . 2010-07-27 11:13 -------- d-----w- c:\program files\FDRLab
2010-07-27 11:19 . 2010-07-27 11:19 -------- d-----w- c:\program files\Xvid
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\system32\winlogon.exe ---
Company: Microsoft Corporation
File Description: Windows NT Logon Application
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Product Name: Operační systém Microsoft® Windows®
Copyright: © Microsoft Corporation. Všechna práva vyhrazena.
Original Filename: WINLOGON.EXE
File size: 502272
Created time: 2006-03-02 12:00
Modified time: 2008-05-22 10:33
MD5: 427E6DED3A2369D3432A683EB489EE14
SHA1: BF7612516A2A23D57C17913C9DB0DD02C25371BE


(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
------- Sigcheck -------

[-] 2008-05-22 . 427E6DED3A2369D3432A683EB489EE14 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-09-22_20.18.24 )))))))))))))))))))))))))))))))))))))))))
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-23 203720]
"Steam"="c:\program files\Steam\Steam.exe" [2010-08-24 1242448]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-05 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-06 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-06 13877248]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-12 3168216]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

c:\documents and settings\uzivatel\Nabˇdka Start\Programy\Po spuçtŘnˇ\
CurseClientStartup.ccip [2010-1-24 0]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Codemasters\\OperationFlashpoint\\FLASHPOINTRESISTANCE.EXE"=
"c:\\Program Files\\Codemasters\\OperationFlashpoint\\OFP Launcher.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Documents and Settings\\uzivatel\\Plocha\\ArmA Launcher.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\World of Warcraft\\Repair.exe"=
"c:\\Program Files\\Wow1\\Repair.exe"=
"c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Insane\\Game.exe"=
"c:\\Program Files\\DOOM2\\skulltag.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.4.3-to-3.0.2-enGB-Win-Final-downloader.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aom.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Age of Empires II\\empires2.exe"=
"c:\\Program Files\\Age of Empires II\\age2_x1\\age2_x1.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft Public Test\\WoW-0.3.0.10522-enGB-ptr-downloader.exe"=
"c:\\Program Files\\World of Warcraft Public Test\\WoW-0.3.0.10522-to-0.3.0.10554-enGB-ptr-downloader.exe"=
"c:\\Program Files\\World of Warcraft Public Test\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft Public Test\\WoW-0.3.0.10554-to-0.3.0.10571-enGB-ptr-downloader.exe"=
"c:\\Program Files\\World of Warcraft Public Test\\WoW-0.3.0.10571-to-0.3.0.10596-enGB-ptr-downloader.exe"=
"c:\\Documents and Settings\\uzivatel\\Dokumenty\\Stažené soubory\\winbox.exe"=
"c:\\Program Files\\EA Sports\\NHL 09\\nhl2009.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\flaashka\\counter-strike\\hl.exe"=
"c:\\Documents and Settings\\uzivatel\\Local Settings\\Apps\\2.0\\00LWHB09.6GB\\OYCOWDXW.OBQ\\curs..tion_eee711038731a406_0004.0000_172b37d8269e5e48\\CurseClient.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 14:23 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [6.2.2009 14:24 93336]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [23.9.2010 16:26 233136]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6.2.2009 14:23 727720]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [23.9.2010 16:26 88040]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [13.11.2009 17:10 56992]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [23.9.2010 16:26 70664]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [23.9.2010 16:26 58816]
S0 wmmxkn;wmmxkn; [x]
S1 a42af395;a42af395;c:\windows\system32\drivers\a42af395.sys [6.6.2009 19:14 0]
S2 gupdate1ca12a64c62f90a;Služba Google Update (gupdate1ca12a64c62f90a);c:\program files\Google\Update\GoogleUpdate.exe [1.8.2009 14:47 133104]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [23.9.2010 16:26 115216]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26.5.2008 14:31 717296]
.
Obsah adresáře 'Naplánované úlohy'

2010-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-01 12:47]

2010-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-01 12:47]
.
.
------- Doplňkový sken -------
.
uLocal Page =
uStart Page =
uDefault_Search_URL =
uSearchAssistant =
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {493CCF47-49CD-4D4E-9356-9CFF80A91476} = 77.48.254.254,77.48.100.254
DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} - hxxp://www.intel.com/design/motherbd/boardid/BoardID.cab
FF - ProfilePath - c:\documents and settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\8qhuwsc0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - component: c:\documents and settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\8qhuwsc0.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashGetXPI.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-23 17:01
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PEVSystemStart]
"ImagePath"="\"c:\combofix\PEV.cfxxe\" EXEC /i \"c:\combofix\REGT.cfxxe\" /S \"c:\combofix\CregB.dat\""
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2436)
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\PC Tools Firewall Plus\FWService.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\DllHost.exe
c:\program files\Java\jre1.6.0_06\bin\jucheck.exe
.
**************************************************************************
.
Celkový čas: 2010-09-23 17:06:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-09-23 15:06
ComboFix2.txt 2010-09-22 20:23

Před spuštěním: Volných bajtů: 243 578 966 016
Po spuštění: Volných bajtů: 244 093 300 736

- - End Of File - - 57B709C19D63D2A679B1498B88609569

[stell]

start spustit-do okna skopiruj prikaz combofix /uninstall
ok
Combofix sa odinstaluje.
Spust OTL-klik Vycistit-ano, ano,
Stiahnes>>OTMoveIt3 by OldTimer >.podla navodu vloz text a klik-Moveit>>log po restarte vloz sem

Kód: Vybrat vše

:processes
explorer.exe

:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s


:reg
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]"CustomizeSearch"=
"http://www.Google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]"Default_Search_URL"=
"http://www.Google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]"Search Bar"=
"http://www.Google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]"Search Page"=
http://www.Google.com
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]"SearchAssistant"=
"http://www.Google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]"Search Bar"=
"http://www.Google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]"Default_Page_URL"=
"http://www.Google.com"
:services
wmmxkn

:Commands
[emptytemp]
[EMPTYFLASH]
[start explorer]
[Reboot]

Ak vsetko funguje tak ako ma to je vsetko.

[Flashka]

Stahnul sem to OTMoveIt3, spustim to, zkopiruju zeleny text z tvyho postu, dam Move It a sekne se me to pri tom kdyz vpravo nabehne slovo REGISTRY, cekal sem 10 minut jestli se to nahodou nerozbehne ale nic.. stalo se me to uz 2x, nahore se proste objevi (Neodpovídá)