VIRY.CZ

OTL Extras logfile created on: 24.3.2010 21:42:50 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Kuba\Documents\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000405 | Country: Czech Republic | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 52,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 40,00 Gb Total Space | 11,10 Gb Free Space | 27,74% Space Free | Partition Type: NTFS
Drive D: | 186,75 Gb Total Space | 21,23 Gb Free Space | 11,37% Space Free | Partition Type: NTFS
Drive E: | 4,16 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 3,76 Gb Total Space | 1,34 Gb Free Space | 35,61% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 6,13 Gb Total Space | 1,57 Gb Free Space | 25,68% Space Free | Partition Type: NTFS

Computer Name: KUBA-PC
Current User Name: Kuba
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- C:\Users\Kuba\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\program files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- d:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- d:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "d:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "d:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "d:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D2E97F9-CA1D-44EB-80B5-98D337FA9A8A}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1A1C79DB-8CA4-4125-8B10-2337BC9852BC}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1C41E33B-1263-45D5-B988-0C0BFAFC1989}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{28922F0B-73E4-4891-AC34-175545396B49}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{49893818-0E19-42C7-A812-7C364B65C093}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6F6B620D-CFDD-4CA5-93E5-40DAE92B3914}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{74780B05-C291-4BA7-A51B-5A4041FA01CB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{847F6715-07B4-490A-A711-E6D903F5474E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8C55F74C-009E-425C-A16E-0FAB7E36E80E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BE35C641-643E-40EB-A007-3F06F61EBE9B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D152D2FA-C867-41F9-88F9-44B66B953644}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DA80ECF7-4084-4A14-845B-1E768C8A3D92}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DF843FA1-50EB-4A97-9409-1EBC7DC3F54E}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FDBED5F8-0CAC-4403-9535-11A96B35C936}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A3E6F5-1238-4F4F-A121-23738509D584}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0C899536-51AB-4499-9539-D4BAB9BCBB6B}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{371D6C63-3FBD-440B-854C-FC8AE370E0C1}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{395F333A-9E63-4BA0-8EF5-1855A1B88BB3}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{3BB2E49D-276B-4B84-A760-4B44AA5AE241}" = dir=in | app=d:\program files\electronic arts\command & conquer 3\retailexe\1.2\cnc3game.dat |
"{579FE97D-A93F-4719-AFBB-1FF09C457570}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5F0F467B-E3E2-49F2-82F7-7B498474506B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7AD4F63A-2C62-4493-A690-6AE878AC47A9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7B9E131E-332B-41EF-8019-7F3C7A7F23A0}" = dir=in | app=d:\program files\skype\phone\skype.exe |
"{8FA5D933-5DA6-4194-A109-F282919CA7E8}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{9D4AC6E4-CB7C-46B1-8E73-00251369347A}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{CEEB6F25-0907-4003-B3BA-761455C66499}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{00598404-BB4B-43F2-AFC7-1738307B77C8}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{018CA8D8-6E99-451B-A0B0-0FD705CF6951}D:\program files\aspyr\tony hawks pro skater 4\game\skate4.exe" = protocol=6 | dir=in | app=d:\program files\aspyr\tony hawks pro skater 4\game\skate4.exe |
"TCP Query User{15F0FAEA-A5F1-4068-8512-6551836B6B50}C:\users\kuba\appdata\local\temp\wzse0.tmp\symnrt.exe" = protocol=6 | dir=in | app=c:\users\kuba\appdata\local\temp\wzse0.tmp\symnrt.exe |
"TCP Query User{1C3B095A-AA29-4C53-B33F-62AAD7D9F1B8}C:\users\kuba\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\kuba\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{1D0F280F-648B-41DA-A3D5-DF5C79007EEC}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{1D929FE9-CE39-46FC-9FC4-75D961A6012E}D:\program files\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=d:\program files\counter-strike 1.6\hl.exe |
"TCP Query User{210B9EF2-F0FD-42AD-90D1-0B5F2C6C248B}D:\program files\counter-strike\hl.exe" = protocol=6 | dir=in | app=d:\program files\counter-strike\hl.exe |
"TCP Query User{34A4AE5E-53DB-4647-82F5-8840B2782B48}D:\program files\dc\strongdc.exe" = protocol=6 | dir=in | app=d:\program files\dc\strongdc.exe |
"TCP Query User{3770851D-F36A-4815-BFF1-C05ECFFD6716}D:\program\ea games\command and conquer generals\game.dat" = protocol=6 | dir=in | app=d:\program\ea games\command and conquer generals\game.dat |
"TCP Query User{446168BC-2782-42B2-8C0A-27A52A33CCDD}D:\program files\counter-strike\hlds.exe" = protocol=6 | dir=in | app=d:\program files\counter-strike\hlds.exe |
"TCP Query User{4EDD3CDC-922B-42F4-844D-C65C7E1D2768}D:\program\ea games\command and conquer generals\game.dat" = protocol=6 | dir=in | app=d:\program\ea games\command and conquer generals\game.dat |
"TCP Query User{5B6B7C9B-9369-4A39-9256-01312FCF3AAA}D:\program files\dc\strongdc.exe" = protocol=6 | dir=in | app=d:\program files\dc\strongdc.exe |
"TCP Query User{6AD1BD37-869A-4F6C-8A16-F290F5F34C2D}D:\program files\icqlite\icqlite.exe" = protocol=6 | dir=in | app=d:\program files\icqlite\icqlite.exe |
"TCP Query User{733A00E2-BEE0-44EB-8D30-805AD5CCFF5E}C:\users\kuba\desktop\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\users\kuba\desktop\counter-strike\hl.exe |
"TCP Query User{78ED0A63-18FE-4CEA-8CF5-8258C57BEF1F}D:\program files\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=d:\program files\totalcmd\totalcmd.exe |
"TCP Query User{7FBBD64A-A3A1-4DB4-A4C3-6DCDF2371ECE}D:\program files\electronic arts\command & conquer 3\retailexe\1.2\cnc3game.dat" = protocol=6 | dir=in | app=d:\program files\electronic arts\command & conquer 3\retailexe\1.2\cnc3game.dat |
"TCP Query User{86426346-6668-4257-B7D2-3F7E64AFF307}D:\program files\counter-strike\hltv.exe" = protocol=6 | dir=in | app=d:\program files\counter-strike\hltv.exe |
"TCP Query User{88411809-9D7D-484E-B9B0-4CD5D15E440B}D:\program files\zero hour\command and conquer generals\game.dat" = protocol=6 | dir=in | app=d:\program files\zero hour\command and conquer generals\game.dat |
"TCP Query User{8C4EBF61-A666-420A-B36B-6DFAD69DCB23}D:\program files\aspyr\tony hawks pro skater 4\game\skate4.exe" = protocol=6 | dir=in | app=d:\program files\aspyr\tony hawks pro skater 4\game\skate4.exe |
"TCP Query User{8D326314-966E-4D40-BCCA-49FBA2A8B56A}D:\program files\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=d:\program files\counter-strike 1.6\hl.exe |
"TCP Query User{8D3730E7-55B6-4A02-99AD-3B491E7C35F8}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{99A5CD08-7273-4EF9-A4F6-9E45D900ABD2}C:\program files\diablo ii 1\game.exe" = protocol=6 | dir=in | app=c:\program files\diablo ii 1\game.exe |
"TCP Query User{AAB0A864-5B50-443E-856F-B24AA7793D76}D:\program files\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=d:\program files\totalcmd\totalcmd.exe |
"TCP Query User{C4BEF7A1-FB1D-4073-8BAD-7072CD985F32}D:\program files\icqlite\icqlite.exe" = protocol=6 | dir=in | app=d:\program files\icqlite\icqlite.exe |
"TCP Query User{CE5285C8-B467-46D0-928A-DFE02AB459AD}C:\users\kuba\desktop\tycoon\ttwin95\openttd.exe" = protocol=6 | dir=in | app=c:\users\kuba\desktop\tycoon\ttwin95\openttd.exe |
"TCP Query User{CF4BF69C-10A2-4843-90E6-5E73C5E24B8B}D:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=d:\program files\icq6.5\icq.exe |
"TCP Query User{D96FAB9C-28B8-4A1A-8CD1-4A63E5565B54}C:\users\kuba\appdata\local\temp\7zof3da.tmp\strongdc.exe" = protocol=6 | dir=in | app=c:\users\kuba\appdata\local\temp\7zof3da.tmp\strongdc.exe |
"TCP Query User{E1C03140-5F51-49DA-B524-49420E8BA630}D:\program files\counter-strike\hl.exe" = protocol=6 | dir=in | app=d:\program files\counter-strike\hl.exe |
"TCP Query User{E5975348-E98D-4EB9-86FA-66A39D1B912E}D:\program files\atube catcher 1.0\smh.exe" = protocol=6 | dir=in | app=d:\program files\atube catcher 1.0\smh.exe |
"TCP Query User{E665997D-CDA4-4E7F-945A-D228E8028A31}D:\program files\zero hour\command and conquer generals\game.dat" = protocol=6 | dir=in | app=d:\program files\zero hour\command and conquer generals\game.dat |
"TCP Query User{FADABFB1-4D18-4CC2-9DE7-10D5E8A1CBE5}D:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=d:\program files\icq6.5\icq.exe |
"UDP Query User{024DCD99-61AE-4C40-8386-44EFDEAB6736}D:\program files\counter-strike\hl.exe" = protocol=17 | dir=in | app=d:\program files\counter-strike\hl.exe |
"UDP Query User{0963AB5B-D155-4098-B053-2E2E99F612E0}D:\program files\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=d:\program files\totalcmd\totalcmd.exe |
"UDP Query User{1437DBD6-A242-4C20-9F9E-42C21FF6EE7F}D:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=d:\program files\icq6.5\icq.exe |
"UDP Query User{18EE3997-B1FF-4081-B2FD-40C466478A80}D:\program\ea games\command and conquer generals\game.dat" = protocol=17 | dir=in | app=d:\program\ea games\command and conquer generals\game.dat |
"UDP Query User{1CDE995A-C249-4AA4-951B-2A6E499F9890}D:\program files\counter-strike\hlds.exe" = protocol=17 | dir=in | app=d:\program files\counter-strike\hlds.exe |
"UDP Query User{35E53590-F656-431C-B289-C11F8C28C93D}D:\program files\zero hour\command and conquer generals\game.dat" = protocol=17 | dir=in | app=d:\program files\zero hour\command and conquer generals\game.dat |
"UDP Query User{38D365A6-672B-470F-BE66-52A537783188}D:\program files\dc\strongdc.exe" = protocol=17 | dir=in | app=d:\program files\dc\strongdc.exe |
"UDP Query User{3FF07D55-AF14-4A6F-87BE-BA4210873767}C:\users\kuba\appdata\local\temp\7zof3da.tmp\strongdc.exe" = protocol=17 | dir=in | app=c:\users\kuba\appdata\local\temp\7zof3da.tmp\strongdc.exe |
"UDP Query User{496A3418-4DD8-4AF2-BE92-780B0B44A7E4}D:\program files\atube catcher 1.0\smh.exe" = protocol=17 | dir=in | app=d:\program files\atube catcher 1.0\smh.exe |
"UDP Query User{567E1332-4DED-4ED0-99B3-3DA1B37F391A}D:\program files\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=d:\program files\counter-strike 1.6\hl.exe |
"UDP Query User{5B961951-E894-42AA-B06C-71E5122E2E21}D:\program files\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=d:\program files\counter-strike 1.6\hl.exe |
"UDP Query User{6F1977C7-8FFF-4507-8671-F68CCE67544B}D:\program files\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=d:\program files\totalcmd\totalcmd.exe |
"UDP Query User{6F804052-5B02-4807-8B4E-1DC5906A5CB7}D:\program\ea games\command and conquer generals\game.dat" = protocol=17 | dir=in | app=d:\program\ea games\command and conquer generals\game.dat |
"UDP Query User{71C73FE0-75FA-4191-93FB-361731EB7D3C}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{7450AAC6-9CDC-429C-A6F9-7F8D134CFEBE}D:\program files\zero hour\command and conquer generals\game.dat" = protocol=17 | dir=in | app=d:\program files\zero hour\command and conquer generals\game.dat |
"UDP Query User{74994E78-0635-4CE8-A5A4-BB674DC4742A}D:\program files\dc\strongdc.exe" = protocol=17 | dir=in | app=d:\program files\dc\strongdc.exe |
"UDP Query User{86DE3754-8177-4785-A489-A37994DE0989}C:\users\kuba\desktop\tycoon\ttwin95\openttd.exe" = protocol=17 | dir=in | app=c:\users\kuba\desktop\tycoon\ttwin95\openttd.exe |
"UDP Query User{9E313AE4-1B1B-46C4-9FED-D9149B94C981}C:\users\kuba\desktop\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\users\kuba\desktop\counter-strike\hl.exe |
"UDP Query User{AC69B7BE-6583-4F02-B945-30B4EBA6D166}D:\program files\counter-strike\hl.exe" = protocol=17 | dir=in | app=d:\program files\counter-strike\hl.exe |
"UDP Query User{B24C415B-7800-48F1-8AB6-641C3DA3E881}C:\program files\diablo ii 1\game.exe" = protocol=17 | dir=in | app=c:\program files\diablo ii 1\game.exe |
"UDP Query User{B3309444-FB63-41C6-8B0F-137307107242}D:\program files\aspyr\tony hawks pro skater 4\game\skate4.exe" = protocol=17 | dir=in | app=d:\program files\aspyr\tony hawks pro skater 4\game\skate4.exe |
"UDP Query User{B55AF50C-1CF6-48DE-845A-F09401C479B2}C:\users\kuba\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\kuba\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{B9CC2F1F-D39A-4A4A-B63D-AC8696D8AA46}D:\program files\electronic arts\command & conquer 3\retailexe\1.2\cnc3game.dat" = protocol=17 | dir=in | app=d:\program files\electronic arts\command & conquer 3\retailexe\1.2\cnc3game.dat |
"UDP Query User{C0FFB150-7ACD-45EA-A390-36470BB9990E}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{CF5FBCA8-3497-4D27-A4A4-4BFD890169D8}D:\program files\aspyr\tony hawks pro skater 4\game\skate4.exe" = protocol=17 | dir=in | app=d:\program files\aspyr\tony hawks pro skater 4\game\skate4.exe |
"UDP Query User{D5178A14-A13C-45C2-AA9C-1AB3DC4F5C2C}D:\program files\counter-strike\hltv.exe" = protocol=17 | dir=in | app=d:\program files\counter-strike\hltv.exe |
"UDP Query User{DB1926B4-5CF5-4158-B81B-308301C5C1EB}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{E43E77BA-A3D7-43D8-9E94-84923161DE15}D:\program files\icqlite\icqlite.exe" = protocol=17 | dir=in | app=d:\program files\icqlite\icqlite.exe |
"UDP Query User{E65C8C50-9599-407C-9296-B561CC4FF575}D:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=d:\program files\icq6.5\icq.exe |
"UDP Query User{E886476E-45E6-4C1A-921C-B65F18279B0E}C:\users\kuba\appdata\local\temp\wzse0.tmp\symnrt.exe" = protocol=17 | dir=in | app=c:\users\kuba\appdata\local\temp\wzse0.tmp\symnrt.exe |
"UDP Query User{EF29B084-AEFE-442F-82A2-50D039AF1809}D:\program files\icqlite\icqlite.exe" = protocol=17 | dir=in | app=d:\program files\icqlite\icqlite.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0CB0B5BF-277A-4BC0-B7CD-A824443EAD19}" = OpenOffice.org 2.4
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 18
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 4.010.00
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{430399DC-98BC-4A7F-8F8E-77981CABAE05}" = EZXVintage
"{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}" = EZdrummer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{82DF9225-13EC-41BD-BE31-AAB121B38166}" = EZXNashville
"{AA896DD9-A0BA-459D-89CF-2F8D6F560D4F}" = TL-WN422G Wireless Utility
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{C1EB6825-9339-4B18-99B0-C455B2288FF9}" = TP-LINK Wireless Client Utility
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DB1299AF-9EE0-422B-959E-F4171B2AE0F7}" = EZXDfh
"{E0F07676-2C60-4465-A727-20DE3BFCABAC}" = Tony Hawks Pro Skater 4
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3F1D08D-ABEF-4528-8383-54C46369EBB6}" = TV Jukebox 3.0
"7-Zip" = 7-Zip 4.57
"Acala DVD Audio Ripper_is1" = Acala DVD Audio Ripper 2.3.7
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ASIO4ALL" = ASIO4ALL
"avast5" = avast! Free Antivirus
"BB_is1" = Band-in-a-Box 2006
"CCleaner" = CCleaner (remove only)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Command & Conquer" = Command & Conquer
"Counter-Strike 1.6" = Counter-Strike 1.6
"Diablo II" = Diablo II
"EarMaster Pro 5_is1" = EarMaster Pro 5
"FLVPlayer" = FLV Player 1.3.3
"Free CD to MP3 Converter" = Free CD to MP3 Converter
"HijackThis" = HijackThis 2.0.2
"Lambda ASIO driver" = Lexicon Lambda ASIO (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"Native Instruments Sibelius Player" = Native Instruments Sibelius Player
"Neuratron PhotoScore Lite" = Neuratron PhotoScore Lite
"NVIDIA Drivers" = NVIDIA Drivers
"O2 Internet Konfigurator" = O2 Internet Konfigurator
"PG Music DirectX Plugins_is1" = PG Music DirectX Plugins 1.3.4.1
"PhotoFiltre" = PhotoFiltre
"PSP.Audioware.Lexicon.PSP.42.DX.RTAS.VST.v1.4.1-DAC" = PSP.Audioware.Lexicon.PSP.42.DX.RTAS.VST.v1.4.1-DAC
"rajče.net_is1" = rajče beta50
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Sibelius 4" = Sibelius 4
"SlowBlast!" = SlowBlast!
"SMail" = Seznam Pošťák
"SONAR8Producer_is1" = SONAR 8.0 Producer Edition
"Steinberg Cubase SX v3.1.1.944" = Steinberg Cubase SX v3.1.1.944
"SUPER ©" = SUPER © Version 2007.bld.22 (Mar 14, 2007)
"SyncroSoft Emu" = SyncroSoft Emu (Remove only)
"Syncrosoft's License Control" = Syncrosoft's License Control
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Totalcmd" = Total Commander (Remove or Repair)
"VLC media player" = VideoLAN VLC media player 0.8.6f
"Waves Mercury Complete VST DX RTAS_is1" = Waves Mercury Complete VST DX RTAS v1.01
"Winamp" = Winamp
"ZoneAlarm" = ZoneAlarm

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Ráno, kolem 6:00 se na to podívám.

Spusťte OTL a do spodního okna vložte následující skript.

Kód: Vybrat vše

:OTL
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O33 - MountPoints2\{0555eed4-fff9-11dd-a6ae-001a73da4a48}\Shell\AutoRun\command - "" = qsqlyc.exe
O33 - MountPoints2\{0555eed4-fff9-11dd-a6ae-001a73da4a48}\Shell\open\Command - "" = qsqlyc.exe
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:CB0AACC9

:Commands
[EMPTYTEMP] 
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[RESETHOSTS] 
[CREATERESTOREPOINT]
[REBOOT]

Poté klikněte na Run fix, PC se restartuje, log vložte sem.

Obrázek

Vložte do PC všechny flash disky, které používáte.

Obrázek

Stáhněte na plochu UsbFix http://pagesperso-orange.fr/NosTools/Ch ... UsbFix.exe

Spusťte, poté zvolte jazyk E - Enter
Zvolte 1 - Enter
Po dokončení na Vás vyskočí log, vložte mi ho sem, případně ho najdete v C:\UsbFix.txt

Doporučuji odinstalovat:
d:\program files\dc\strongdc.exe

P2P sítě a jejich klienti jsou potenciálním bezpečnostním rizikem, prakticky neustále jsou zdrojem virů, zbytečně se vystavujete riziku.

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0555eed4-fff9-11dd-a6ae-001a73da4a48}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0555eed4-fff9-11dd-a6ae-001a73da4a48}\ not found.
File qsqlyc.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0555eed4-fff9-11dd-a6ae-001a73da4a48}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0555eed4-fff9-11dd-a6ae-001a73da4a48}\ not found.
File qsqlyc.exe not found.
ADS C:\ProgramData\TEMP:CB0AACC9 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kuba
->Temp folder emptied: 540544 bytes
->Temporary Internet Files folder emptied: 18567434 bytes
->Java cache emptied: 80610736 bytes
->FireFox cache emptied: 60065235 bytes
->Google Chrome cache emptied: 21517748 bytes
->Flash cache emptied: 3577 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1413064 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 174,00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Kuba
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.1.37.3 log created on 03252010_092905

Files\Folders moved on Reboot...
C:\Users\Kuba\AppData\Local\Temp\ehmsas.txt moved successfully.
C:\Users\Kuba\AppData\Local\Temp\~DF20FE.tmp moved successfully.
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\Windows\temp\ZLT04e3a.TMP not found!

Registry entries deleted on Reboot...

OK, ještě další krok.

Nerozumim, mam cekat na dalsi instrukce?

Caroprd111 píše: Vložte do PC všechny flash disky, které používáte.

Stáhněte na plochu UsbFix http://pagesperso-orange.fr/NosTools/Ch ... UsbFix.exe
Spusťte, poté zvolte jazyk E - Enter

Zvolte 1 - Enter

Po dokončení na Vás vyskočí log, vložte mi ho sem, případně ho najdete v C:\UsbFix.txt

############################## | UsbFix V6.100 |

User : Kuba (Administrators) # KUBA-PC
Update on 18/03/2010 by El Desaparecido , C_XX & Chimay8
Start at: 16:00:09 | 25.3.2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

AMD Turion(tm) 64 X2 Mobile Technology TL-58
Microsoft® Windows Vista™ Home Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 7.0.6002.18005
Windows Firewall Status : Disabled
AV : Norton Internet Security 2007 [ Enabled | Updated ]
FW : Norton Internet Security[ Enabled ]2007
FW : ZoneAlarm Firewall[ Enabled ]8.0.298.000

C:\ -> Local Fixed Disk # 40 Go (11,25 Go free) # NTFS
D:\ -> Local Fixed Disk # 186,75 Go (21,23 Go free) [New Volume] # NTFS
E:\ -> CD-ROM Disc # 4,16 Go (0 Mo free) [Disk] # CDFS
F:\ -> Removable Disk # 3,76 Go (1,26 Go free) # FAT32
Z:\ -> Local Fixed Disk # 6,13 Go (1,57 Go free) [HP_RECOVERY] # NTFS

################## | Files # Infected Folders |

F:\autorun.inf -> Called file : "F:\qsqlyc.exe" ( Not Found ! )
F:\autorun.inf

################## | Registry |

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

################## | Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\{0555eed4-fff9-11dd-a6ae-001a73da4a48}
shell\AutoRun\command =qsqlyc.exe
shell\open\Command =qsqlyc.exe

################## | Vaccin |

################## | ! End of report # UsbFix V6.100 ! |

Poprosím o nový log z RSIT.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Kuba at 2010-03-25 17:14:18
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 12 GB (28%) free of 41 GB
Total RAM: 1982 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:14:34, on 25.3.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
D:\Program files\Seznam\Postak\Postak.exe
C:\Windows\System32\rundll32.exe
D:\Program files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\ZDWlan.exe
C:\Program Files\TO2SSM\McciTrayApp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
D:\Program files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
D:\Program files\ICQ6.5\ICQ.exe
C:\Program Files\TP-LINK\TL-WN422G Wireless Utility\ZDWlan.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Users\Kuba\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kuba\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Kuba\Desktop\RSIT.exe
C:\Program Files\trend micro\Kuba.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SMail] "d:\Program Files\Seznam\Postak\Postak.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [tvjbmonitor] d:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [ZDWlan.EXE] "C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\ZDWlan.EXE"
O4 - HKLM\..\Run: [TO2SSM_McciTrayApp] C:\Program Files\TO2SSM\McciTrayApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [ZoneAlarm Client] "d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "d:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Kuba\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ICQ] "D:\Program files\ICQ6.5\ICQ.exe" silent
O4 - Global Startup: TL-WN422G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN422G Wireless Utility\ZDWlan.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - d:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - d:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - d:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - d:\Program Files\ICQ6.5\ICQ.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7681 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2409124386-2049806598-4147022681-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2409124386-2049806598-4147022681-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-11 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-01-13 827392]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2007-04-24 176128]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-02-13 159744]
"HP Health Check Scheduler"=C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2007-03-12 50696]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-03-01 472776]
"WAWifiMessage"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2007-01-11 317128]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-17 49152]
"SMail"=d:\Program Files\Seznam\Postak\Postak.exe [2008-02-21 453936]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-12-04 13556256]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-12-04 92704]
"tvjbmonitor"=d:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe [2006-12-26 53248]
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe [2006-11-02 215552]
"H2O"=C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe [2005-10-22 385024]
"ZDWlan.EXE"=C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\ZDWlan.EXE [2009-01-14 491520]
"TO2SSM_McciTrayApp"=C:\Program Files\TO2SSM\McciTrayApp.exe [2008-08-15 1473536]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-02-11 2756488]
"ZoneAlarm Client"=d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-02-16 981384]
"Malwarebytes Anti-Malware (reboot)"=d:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-01-07 1394000]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2006-11-08 44128]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-04-19 484904]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-18 125952]
"Google Update"=C:\Users\Kuba\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-17 133104]
"ICQ"=D:\Program files\ICQ6.5\ICQ.exe [2009-11-16 172792]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
TL-WN422G Wireless Utility.lnk - C:\Program Files\TP-LINK\TL-WN422G Wireless Utility\ZDWlan.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0555eed4-fff9-11dd-a6ae-001a73da4a48}]
shell\AutoRun\command - qsqlyc.exe
shell\open\command - qsqlyc.exe

======List of files/folders created in the last 1 months======

2010-03-25 15:57:54 ----A---- C:\UsbFix.txt
2010-03-25 09:29:05 ----D---- C:\_OTL
2010-03-24 19:42:41 ----D---- C:\Users\Kuba\AppData\Roaming\Malwarebytes
2010-03-24 19:42:36 ----D---- C:\ProgramData\Malwarebytes
2010-03-24 18:56:19 ----D---- C:\Windows\temp
2010-03-24 18:56:17 ----A---- C:\ComboFix.txt
2010-03-24 18:56:10 ----SHD---- C:\$RECYCLE.BIN
2010-03-24 18:43:56 ----A---- C:\Windows\zip.exe
2010-03-24 18:43:56 ----A---- C:\Windows\SWSC.exe
2010-03-24 18:43:56 ----A---- C:\Windows\SWREG.exe
2010-03-24 18:43:56 ----A---- C:\Windows\sed.exe
2010-03-24 18:43:56 ----A---- C:\Windows\PEV.exe
2010-03-24 18:43:56 ----A---- C:\Windows\NIRCMD.exe
2010-03-24 18:43:56 ----A---- C:\Windows\MBR.exe
2010-03-24 18:43:56 ----A---- C:\Windows\grep.exe
2010-03-24 18:43:49 ----D---- C:\ComboFix
2010-03-24 18:43:20 ----D---- C:\Qoobox
2010-03-24 18:43:05 ----A---- C:\Windows\SWXCACLS.exe
2010-03-24 18:07:12 ----D---- C:\rsit
2010-03-10 15:30:58 ----A---- C:\Windows\system32\nshhttp.dll
2010-03-10 15:30:55 ----A---- C:\Windows\system32\httpapi.dll
2010-03-07 22:11:39 ----A---- C:\Windows\system32\browserchoice.exe
2010-03-07 19:49:01 ----A---- C:\Windows\system32\vsregexp.dll
2010-03-07 19:48:58 ----A---- C:\Windows\system32\zlcommdb.dll
2010-03-07 19:48:58 ----A---- C:\Windows\system32\zlcomm.dll
2010-03-07 19:48:53 ----A---- C:\Windows\system32\vswmi.dll
2010-03-07 19:48:51 ----A---- C:\Windows\system32\zpeng25.dll
2010-03-07 19:48:51 ----A---- C:\Windows\system32\vsxml.dll
2010-03-07 19:48:50 ----A---- C:\Windows\system32\vspubapi.dll
2010-03-07 19:48:50 ----A---- C:\Windows\system32\vsmonapi.dll
2010-03-07 19:48:48 ----A---- C:\Windows\system32\vsdata.dll
2010-03-07 19:46:52 ----D---- C:\ProgramData\CheckPoint
2010-03-07 19:46:51 ----A---- C:\Windows\system32\vsutil.dll
2010-03-07 19:46:51 ----A---- C:\Windows\system32\vsinit.dll
2010-02-26 19:09:39 ----A---- C:\Windows\system32\tzres.dll
2010-02-26 19:08:56 ----D---- C:\ProgramData\Sun
2010-02-26 19:08:08 ----A---- C:\Windows\system32\secproc_isv.dll
2010-02-26 19:08:07 ----A---- C:\Windows\system32\javaws.exe
2010-02-26 19:08:06 ----A---- C:\Windows\system32\javaw.exe
2010-02-26 19:08:06 ----A---- C:\Windows\system32\java.exe
2010-02-26 19:08:03 ----A---- C:\Windows\system32\secproc.dll
2010-02-26 19:07:35 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-02-26 19:07:31 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-02-26 19:07:31 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-02-26 19:07:30 ----A---- C:\Windows\system32\RMActivate.exe
2010-02-26 19:07:29 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-02-26 19:07:29 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-02-26 19:07:29 ----A---- C:\Windows\system32\msdrm.dll
2010-02-26 19:07:22 ----A---- C:\Windows\system32\gameux.dll
2010-02-26 19:07:20 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-02-26 19:07:17 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll

======List of files/folders modified in the last 1 months======

2010-03-25 17:14:34 ----D---- C:\Windows\Prefetch
2010-03-25 17:14:27 ----D---- C:\Program Files\trend micro
2010-03-25 17:14:14 ----D---- C:\Windows\Internet Logs
2010-03-25 16:01:22 ----D---- C:\UsbFix
2010-03-25 09:33:03 ----D---- C:\Windows\SMINST
2010-03-25 09:32:59 ----D---- C:\Windows\system32\Tasks
2010-03-24 21:40:10 ----D---- C:\Users\Kuba\AppData\Roaming\ICQ
2010-03-24 21:38:17 ----D---- C:\Windows\system32\drivers
2010-03-24 21:38:17 ----D---- C:\Windows\Help
2010-03-24 19:42:36 ----D---- C:\ProgramData
2010-03-24 19:02:16 ----D---- C:\Windows
2010-03-24 18:53:01 ----A---- C:\Windows\system.ini
2010-03-24 18:49:03 ----D---- C:\Windows\System32
2010-03-24 18:49:03 ----D---- C:\Windows\AppPatch
2010-03-24 18:49:02 ----D---- C:\Program Files\Common Files
2010-03-24 18:43:49 ----D---- C:\Windows\erdnt
2010-03-23 13:05:00 ----D---- C:\Windows\inf
2010-03-23 13:05:00 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-03-17 08:59:02 ----D---- C:\Users\Kuba\AppData\Roaming\OpenOffice.org2
2010-03-12 12:35:36 ----D---- C:\Windows\Debug
2010-03-11 08:08:21 ----D---- C:\Windows\system32\WDI
2010-03-10 21:21:16 ----D---- C:\Windows\system32\catroot2
2010-03-10 18:02:18 ----D---- C:\Windows\winsxs
2010-03-10 17:51:36 ----D---- C:\Windows\system32\catroot
2010-03-10 17:49:30 ----D---- C:\Program Files\Windows Mail
2010-03-10 17:49:30 ----D---- C:\Program Files\Movie Maker
2010-03-07 19:52:21 ----SHD---- C:\Windows\Installer
2010-03-07 19:49:05 ----D---- C:\Windows\system32\ZoneLabs
2010-03-02 06:30:12 ----A---- C:\Windows\system32\mrt.exe
2010-02-28 09:56:05 ----D---- C:\Windows\rescache
2010-02-28 09:38:35 ----D---- C:\Windows\system32\en-US
2010-02-28 09:38:34 ----RSD---- C:\Windows\Fonts
2010-02-26 19:08:48 ----D---- C:\Program Files\Common Files\Java
2010-02-26 19:08:02 ----D---- C:\Program Files\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-02-11 23376]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-02-11 162512]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-02-11 46672]
R1 eabfiltr;eabfiltr; C:\Windows\system32\DRIVERS\eabfiltr.sys [2006-11-30 8192]
R1 Vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2009-02-16 293528]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-02-11 19024]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-02-11 51792]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-01-23 37376]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 8704]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2008-10-23 1331192]
R3 CLEDX;Team H2O CLEDX service; C:\Windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-18 14208]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 188416]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-06-20 984064]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-06-20 208896]
R3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-08-01 1052704]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-12-04 7606688]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-17 12032]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-01-13 181432]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-18 134016]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-06-20 660480]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-18 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S3 AF15BDA;AF9015 BDA Filter; C:\Windows\system32\DRIVERS\AF15BDA.sys [2007-03-20 300544]
S3 athrusb;Atheros Wireless LAN USB device driver; C:\Windows\system32\DRIVERS\athrusb.sys [2008-07-29 904192]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2008-10-23 1331192]
S3 catchme;catchme; \??\C:\Users\Kuba\AppData\Local\Temp\catchme.sys []
S3 DfuUsb;DfuUsb; C:\Windows\SYSTEM32\DRIVERS\DFUUsb.sys [2001-11-27 10880]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2007-04-12 160768]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 MAUSBRI;M-Audio Fast Track Ultra Service; C:\Windows\system32\DRIVERS\mausbftu.sys []
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2008-03-29 21248]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2008-03-29 20096]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 s125bus;Sony Ericsson Device 125 driver (WDM); C:\Windows\system32\DRIVERS\s125bus.sys [2007-04-24 83336]
S3 s616bus;Sony Ericsson Device 616 driver (WDM); C:\Windows\system32\DRIVERS\s616bus.sys [2007-04-03 83208]
S3 s616mdfl;Sony Ericsson Device 616 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s616mdfl.sys [2007-04-03 15112]
S3 s616mdm;Sony Ericsson Device 616 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s616mdm.sys [2007-04-03 108680]
S3 s616mgmt;Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s616mgmt.sys [2007-04-03 100360]
S3 s616nd5;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS); C:\Windows\system32\DRIVERS\s616nd5.sys [2007-04-03 23176]
S3 s616obex;Sony Ericsson Device 616 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s616obex.sys [2007-04-03 98568]
S3 s616unic;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM); C:\Windows\system32\DRIVERS\s616unic.sys [2007-04-03 99080]
S3 s916bus;Sony Ericsson Device 916 driver (WDM); C:\Windows\system32\DRIVERS\s916bus.sys [2007-11-02 83496]
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-04-11 15872]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 ZDPSp60;ZDPSp60 NDIS Protocol Driver; C:\Windows\System32\Drivers\ZDPSp60.sys []
S4 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2008-05-12 717296]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [2007-04-24 262243]
R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [2007-04-24 106593]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-03-14 62984]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-04-19 75304]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-10-15 303104]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-12-04 203296]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 vsmon;TrueVector Internet Monitor; C:\Windows\System32\ZoneLabs\vsmon.exe [2009-02-16 2402184]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-07-10 386560]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-01-09 110592]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-02-12 880640]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-02-17 74656]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

-----------------EOF-----------------

Vložte do PC všechny flash disky, které používáte.

Obrázek

Stáhněte a uložte na plochu SystemLook http://jpshortstuff.247fixes.com/SystemLook.exe

Spusťte, do okénka zkopírujte text z bílého okna.

Kód: Vybrat vše

:filefind
qsqlyc.exe

:regfind
qsqlyc

klikněte na Look, po dokončení skenu na Vás vyskočí log, zkopírujte ho sem.

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 18:00 on 25/03/2010 by Kuba (Administrator - Elevation successful)

========== filefind ==========

Searching for "qsqlyc.exe"
No files found.

========== regfind ==========

Searching for "qsqlyc"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0555eed4-fff9-11dd-a6ae-001a73da4a48}\shell\AutoRun\command]
@="qsqlyc.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0555eed4-fff9-11dd-a6ae-001a73da4a48}\shell\open\Command]
@="qsqlyc.exe"
[HKEY_USERS\S-1-5-21-2409124386-2049806598-4147022681-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0555eed4-fff9-11dd-a6ae-001a73da4a48}\shell\AutoRun\command]
@="qsqlyc.exe"
[HKEY_USERS\S-1-5-21-2409124386-2049806598-4147022681-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0555eed4-fff9-11dd-a6ae-001a73da4a48}\shell\open\Command]
@="qsqlyc.exe"

-=End Of File=-

Spusťte OTL a do spodního okna vložte následující skript.

Kód: Vybrat vše

:Reg
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0555eed4-fff9-11dd-a6ae-001a73da4a48}\shell\AutoRun\command]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0555eed4-fff9-11dd-a6ae-001a73da4a48}\shell\open\Command]
[-HKEY_USERS\S-1-5-21-2409124386-2049806598-4147022681-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0555eed4-fff9-11dd-a6ae-001a73da4a48}\shell\AutoRun\command]
[-HKEY_USERS\S-1-5-21-2409124386-2049806598-4147022681-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0555eed4-fff9-11dd-a6ae-001a73da4a48}\shell\open\Command]

:Commands
[REBOOT]

Poté klikněte na Run fix, PC se restartuje, log vložte sem.

log nevybehl, takz ejsem dal scan

OTL logfile created on: 25.3.2010 18:09:22 - Run 2
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Kuba\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000405 | Country: Czech Republic | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 40,00 Gb Total Space | 11,25 Gb Free Space | 28,12% Space Free | Partition Type: NTFS
Drive D: | 186,75 Gb Total Space | 21,23 Gb Free Space | 11,37% Space Free | Partition Type: NTFS
Drive E: | 4,16 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 3,76 Gb Total Space | 1,26 Gb Free Space | 33,58% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 6,13 Gb Total Space | 1,57 Gb Free Space | 25,68% Space Free | Partition Type: NTFS

Computer Name: KUBA-PC
Current User Name: Kuba
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.03.24 21:36:04 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Kuba\Desktop\OTL.exe
PRC - [2010.03.13 16:58:34 | 000,530,928 | ---- | M] (Google Inc.) -- C:\Users\Kuba\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010.02.11 19:53:42 | 002,756,488 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010.02.11 19:53:39 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009.11.16 16:36:19 | 000,172,792 | ---- | M] (ICQ, LLC.) -- D:\Program files\ICQ6.5\ICQ.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.02.16 00:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe
PRC - [2009.02.16 00:10:22 | 000,981,384 | ---- | M] (Check Point Software Technologies LTD) -- D:\Program files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2008.10.15 01:04:34 | 000,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2008.08.18 09:17:06 | 000,491,520 | ---- | M] (TP-LINK TECHNOLOGIES CO., LTD.) -- C:\Program Files\TP-LINK\TL-WN422G Wireless Utility\ZDWlan.exe
PRC - [2008.08.15 17:33:08 | 001,473,536 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\TO2SSM\McciTrayApp.exe
PRC - [2008.02.21 20:22:50 | 000,453,936 | ---- | M] (Seznam.cz a.s.) -- D:\Program files\Seznam\Postak\Postak.exe
PRC - [2007.04.24 02:11:44 | 000,106,593 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
PRC - [2007.04.24 02:11:42 | 000,262,243 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
PRC - [2007.03.12 19:54:24 | 000,050,696 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
PRC - [2006.12.26 17:08:48 | 000,053,248 | ---- | M] () -- D:\Program files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe
PRC - [2006.11.02 00:46:00 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2005.10.22 23:00:00 | 000,385,024 | ---- | M] (Team H2O) -- C:\Program Files\Syncrosoft\POS\H2O\cledx.exe

========== Modules (SafeList) ==========

MOD - [2010.03.24 21:36:04 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Kuba\Desktop\OTL.exe
MOD - [2009.04.11 07:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010.02.11 19:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010.02.11 19:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010.02.11 19:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009.09.25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.02.18 19:38:43 | 000,129,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009.02.16 00:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2008.01.18 22:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.18 22:36:50 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.18 22:36:16 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007.04.24 02:11:44 | 000,106,593 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2007.04.24 02:11:42 | 000,262,243 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2007.01.19 20:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007.01.09 22:55:34 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2005.11.14 00:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)

========== Driver Services (SafeList) ==========

DRV - [2010.02.11 19:42:34 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010.02.11 19:42:13 | 000,162,512 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010.02.11 19:39:01 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010.02.11 19:38:45 | 000,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010.02.11 19:38:23 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009.04.11 05:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009.02.16 00:11:48 | 000,293,528 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2008.12.04 02:42:00 | 007,606,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.10.23 02:16:28 | 001,331,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008.10.23 02:16:28 | 001,331,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2008.08.01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008.07.29 04:45:00 | 000,904,192 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb)
DRV - [2008.05.12 21:52:52 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2008.03.29 10:20:55 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008.03.29 10:20:55 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008.03.03 11:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007.11.02 11:47:38 | 000,083,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s916bus.sys -- (s916bus) Sony Ericsson Device 916 driver (WDM)
DRV - [2007.07.10 06:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.06.20 03:29:56 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007.06.20 03:28:34 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007.06.20 03:28:22 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007.04.24 08:33:34 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125bus.sys -- (s125bus) Sony Ericsson Device 125 driver (WDM)
DRV - [2007.04.12 03:30:52 | 000,160,768 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007.04.03 12:59:42 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616unic.sys -- (s616unic) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM)
DRV - [2007.04.03 12:59:42 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616obex.sys -- (s616obex)
DRV - [2007.04.03 12:59:42 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616nd5.sys -- (s616nd5) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS)
DRV - [2007.04.03 12:59:40 | 000,100,360 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616mgmt.sys -- (s616mgmt) Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM)
DRV - [2007.04.03 12:59:38 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616mdm.sys -- (s616mdm)
DRV - [2007.04.03 12:59:36 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616mdfl.sys -- (s616mdfl)
DRV - [2007.04.03 12:59:30 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616bus.sys -- (s616bus) Sony Ericsson Device 616 driver (WDM)
DRV - [2007.03.20 15:13:38 | 000,300,544 | ---- | M] (AfaTech ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AF15BDA.sys -- (AF15BDA)
DRV - [2007.02.24 15:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.02.17 00:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007.01.23 18:03:28 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.01.23 17:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.01.13 04:59:02 | 000,181,432 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2006.11.30 18:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006.11.02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006.10.19 03:10:57 | 001,380,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2006.06.28 17:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005.05.09 19:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cledx.sys -- (CLEDX)
DRV - [2001.11.27 23:46:10 | 000,010,880 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DFUUsb.sys -- (DfuUsb)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "About:Blank"

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\program files\Mozilla Firefox\components [2009.07.02 14:14:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\program files\Mozilla Firefox\plugins [2010.02.27 12:35:25 | 000,000,000 | ---D | M]

[2008.06.24 15:11:17 | 000,000,000 | ---D | M] -- C:\Users\Kuba\AppData\Roaming\Mozilla\Extensions
[2010.02.27 14:48:20 | 000,000,000 | ---D | M] -- C:\Users\Kuba\AppData\Roaming\Mozilla\Firefox\Profiles\hw1q6g9a.default\extensions
[2010.01.20 18:08:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kuba\AppData\Roaming\Mozilla\Firefox\Profiles\hw1q6g9a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.02.26 19:08:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.07.02 14:14:04 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2009.07.02 14:14:04 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2009.07.02 14:14:04 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2009.07.02 14:14:04 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2009.07.02 14:14:04 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.03.25 09:29:58 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [H2O] C:\Program Files\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] d:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SMail] d:\Program Files\Seznam\Postak\Postak.exe (Seznam.cz a.s.)
O4 - HKLM..\Run: [TO2SSM_McciTrayApp] C:\Program Files\TO2SSM\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [tvjbmonitor] d:\Program files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe ()
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZDWlan.EXE] C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\ZDWlan.EXE (TP-LINK TECHNOLOGIES CO., LTD.)
O4 - HKLM..\Run: [ZoneAlarm Client] d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [ICQ] D:\Program files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - d:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - d:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - d:\Program files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - d:\Program files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.50.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Kuba\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Kuba\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004.08.18 19:44:56 | 000,000,381 | RHS- | M] () - F:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2005.09.11 16:18:54 | 000,000,340 | -HS- | M] () - Z:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010.03.25 09:29:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.03.24 21:35:51 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\Kuba\Desktop\OTL.exe
[2010.03.24 19:42:41 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Roaming\Malwarebytes
[2010.03.24 19:42:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.03.24 19:42:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.03.24 19:42:35 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.03.24 18:56:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010.03.24 18:56:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010.03.24 18:43:56 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.03.24 18:43:56 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.03.24 18:43:56 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.03.24 18:43:49 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010.03.24 18:43:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.03.24 18:43:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.03.24 18:07:12 | 000,000,000 | ---D | C] -- C:\rsit
[2010.03.23 13:04:39 | 000,509,952 | ---- | C] (n/a) -- C:\Users\Kuba\Desktop\Sudoku.exe
[2010.03.10 15:30:58 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010.03.10 15:30:55 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010.03.07 22:11:39 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010.03.07 19:49:01 | 000,058,248 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsregexp.dll
[2010.03.07 19:48:58 | 000,103,816 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zlcommdb.dll
[2010.03.07 19:48:58 | 000,069,000 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zlcomm.dll
[2010.03.07 19:48:53 | 000,035,208 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vswmi.dll
[2010.03.07 19:48:51 | 001,221,512 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zpeng25.dll
[2010.03.07 19:48:51 | 000,109,960 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsxml.dll
[2010.03.07 19:48:50 | 000,309,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vspubapi.dll
[2010.03.07 19:48:50 | 000,107,912 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsmonapi.dll
[2010.03.07 19:48:48 | 000,110,472 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsdata.dll
[2010.03.07 19:48:12 | 000,293,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\drivers\vsdatant.sys
[2010.03.07 19:46:52 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2010.03.07 19:46:51 | 000,482,184 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsutil.dll
[2010.03.07 19:46:51 | 000,229,256 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsinit.dll
[2010.02.26 19:09:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.02.26 19:08:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.02.26 19:08:08 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010.02.26 19:08:07 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.02.26 19:08:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.02.26 19:08:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.02.26 19:08:03 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010.02.26 19:07:35 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010.02.26 19:07:31 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010.02.26 19:07:31 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010.02.26 19:07:30 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010.02.26 19:07:29 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010.02.26 19:07:29 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010.02.26 19:07:29 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010.02.26 19:07:22 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010.02.26 19:07:20 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010.02.26 19:07:17 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll

========== Files - Modified Within 30 Days ==========

[2010.03.25 18:12:27 | 007,340,032 | -HS- | M] () -- C:\Users\Kuba\NTUSER.DAT
[2010.03.25 18:07:45 | 000,117,544 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.03.25 18:07:21 | 000,000,149 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010.03.25 18:07:07 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.03.25 18:07:05 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.03.25 18:07:04 | 000,350,192 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2010.03.25 18:07:04 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.03.25 18:06:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.03.25 18:05:39 | 000,524,288 | -HS- | M] () -- C:\Users\Kuba\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.03.25 18:05:39 | 000,065,536 | -HS- | M] () -- C:\Users\Kuba\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.03.25 18:05:14 | 006,291,456 | -H-- | M] () -- C:\Users\Kuba\AppData\Local\IconCache.db
[2010.03.25 18:00:23 | 000,100,908 | ---- | M] () -- C:\Users\Kuba\Desktop\SystemLook.exe
[2010.03.25 17:39:00 | 000,000,958 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2409124386-2049806598-4147022681-1000UA.job
[2010.03.25 15:56:51 | 001,776,011 | ---- | M] () -- C:\Users\Kuba\Desktop\UsbFix.exe
[2010.03.25 10:44:32 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2409124386-2049806598-4147022681-1000Core.job
[2010.03.25 09:29:58 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010.03.25 09:10:49 | 000,117,544 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.03.24 21:36:04 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Kuba\Desktop\OTL.exe
[2010.03.24 19:42:40 | 000,000,626 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.03.24 18:53:01 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010.03.24 18:42:03 | 003,898,837 | R--- | M] () -- C:\Users\Kuba\Desktop\ComboFix.exe
[2010.03.24 18:37:08 | 000,359,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.03.24 18:05:38 | 000,781,909 | ---- | M] () -- C:\Users\Kuba\Desktop\RSIT.exe
[2010.03.24 13:45:56 | 000,000,664 | ---- | M] () -- C:\Users\Kuba\Desktop\PhotoFiltre.lnk
[2010.03.23 13:05:00 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.03.23 13:05:00 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.03.23 13:05:00 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.03.22 15:49:00 | 000,002,074 | ---- | M] () -- C:\Users\Kuba\Desktop\Google Chrome.lnk
[2010.03.16 16:49:35 | 000,387,425 | ---- | M] () -- C:\Users\Kuba\Desktop\jak zabit cas.odp
[2010.03.16 12:18:53 | 000,057,118 | ---- | M] () -- C:\Users\Kuba\Desktop\1654883-nuz.jpg
[2010.03.12 18:02:38 | 000,261,632 | ---- | M] () -- C:\Windows\PEV.exe
[2010.03.12 13:20:11 | 000,184,832 | ---- | M] () -- C:\Users\Kuba\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.03 11:45:56 | 000,000,666 | ---- | M] () -- C:\Users\Kuba\Desktop\Total Commander.lnk
[2010.02.28 09:42:47 | 000,099,104 | ---- | M] () -- C:\Users\Kuba\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.02.24 10:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

========== Files Created - No Company Name ==========

[2010.03.25 18:00:23 | 000,100,908 | ---- | C] () -- C:\Users\Kuba\Desktop\SystemLook.exe
[2010.03.25 15:56:17 | 001,776,011 | ---- | C] () -- C:\Users\Kuba\Desktop\UsbFix.exe
[2010.03.24 19:42:40 | 000,000,626 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.03.24 18:43:56 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010.03.24 18:43:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.03.24 18:43:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.03.24 18:43:56 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.03.24 18:43:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.03.24 18:40:45 | 003,898,837 | R--- | C] () -- C:\Users\Kuba\Desktop\ComboFix.exe
[2010.03.24 18:05:18 | 000,781,909 | ---- | C] () -- C:\Users\Kuba\Desktop\RSIT.exe
[2010.03.24 13:45:56 | 000,000,664 | ---- | C] () -- C:\Users\Kuba\Desktop\PhotoFiltre.lnk
[2010.03.22 13:55:16 | 000,002,074 | ---- | C] () -- C:\Users\Kuba\Desktop\Google Chrome.lnk
[2010.03.16 12:31:48 | 000,387,425 | ---- | C] () -- C:\Users\Kuba\Desktop\jak zabit cas.odp
[2010.03.16 12:18:53 | 000,057,118 | ---- | C] () -- C:\Users\Kuba\Desktop\1654883-nuz.jpg
[2010.03.07 19:48:12 | 000,350,192 | -H-- | C] () -- C:\Windows\System32\drivers\vsconfig.xml
[2010.03.03 11:45:56 | 000,000,666 | ---- | C] () -- C:\Users\Kuba\Desktop\Total Commander.lnk
[2009.10.29 17:04:33 | 000,028,672 | ---- | C] () -- C:\Windows\System32\InsDrvZD.dll
[2009.10.29 17:04:33 | 000,015,872 | ---- | C] () -- C:\Windows\System32\InsDrvZD64.DLL
[2009.09.24 10:10:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.04.05 16:24:15 | 000,000,054 | ---- | C] () -- C:\Windows\wininit.ini
[2009.02.16 20:42:13 | 000,117,544 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.02.16 20:42:13 | 000,117,544 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.01.21 15:45:28 | 000,000,016 | ---- | C] () -- C:\Windows\System32\msvcsv60.dll
[2008.09.30 13:49:30 | 000,028,915 | ---- | C] () -- C:\Users\Kuba\AppData\Roaming\UserTile.png
[2008.06.19 20:43:40 | 000,471,552 | ---- | C] () -- C:\Windows\System32\Smab.dll
[2008.06.19 20:43:40 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2008.06.03 08:29:02 | 000,109,853 | ---- | C] () -- C:\ProgramData\BM67058dc5.xml
[2008.06.03 08:29:02 | 000,102,590 | ---- | C] () -- C:\ProgramData\BM67058dc5.txt
[2008.06.03 08:29:02 | 000,000,022 | ---- | C] () -- C:\ProgramData\pskt.ini
[2008.06.01 16:32:21 | 000,000,066 | ---- | C] () -- C:\Windows\BBW_INFO.INI
[2008.05.26 09:23:37 | 000,000,680 | ---- | C] () -- C:\Users\Kuba\AppData\Local\d3d9caps.dat
[2008.05.20 10:10:26 | 000,000,604 | -H-- | C] () -- C:\ProgramData\T2
[2008.05.20 10:10:26 | 000,000,604 | -H-- | C] () -- C:\Program Files\STLL Notifier
[2008.05.20 08:45:51 | 000,510,976 | ---- | C] () -- C:\Windows\System32\synsoacc.dll
[2008.05.18 19:27:56 | 000,000,000 | ---- | C] () -- C:\Users\Kuba\AppData\Local\FnF4.txt
[2008.05.13 13:18:09 | 000,184,832 | ---- | C] () -- C:\Users\Kuba\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.05.12 22:50:36 | 000,027,744 | ---- | C] () -- C:\Users\Kuba\AppData\Roaming\nvModes.001
[2008.05.12 22:50:34 | 000,027,744 | ---- | C] () -- C:\Users\Kuba\AppData\Roaming\nvModes.dat
[2008.05.12 11:48:50 | 000,000,000 | ---- | C] () -- C:\Users\Kuba\AppData\Local\QSwitch.txt
[2008.05.12 11:48:50 | 000,000,000 | ---- | C] () -- C:\Users\Kuba\AppData\Local\DSwitch.txt
[2008.05.12 11:48:50 | 000,000,000 | ---- | C] () -- C:\Users\Kuba\AppData\Local\AtStart.txt
[2008.03.13 04:58:25 | 000,000,320 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007.02.27 21:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006.12.14 07:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006.12.14 07:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.03.10 01:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005.10.14 10:56:50 | 000,921,600 | ---- | C] () -- C:\Windows\System32\VorbisEnc.dll
[2005.10.14 10:56:50 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2005.10.14 10:56:50 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2005.10.14 10:56:50 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2005.05.07 13:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
< End of report >

VIRY.CZ

prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu