neaktualizuje se NOD, prosim kontrolu logu.

[Zakov]

Nelze se dostat na weby vyrobcu antivirovych SW, neaktualizuje se nod. Prosim o kontrolu logu.
Diky.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2010-05-04 15:12:34
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 443 GB (94%) free of 471 GB
Total RAM: 2037 MB (80% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-18 1082880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-08-16 962808]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-06-13 142104]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-06-13 162584]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-06-13 138008]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-05-16 16862720]
"Share-to-Web Namespace Daemon"=C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [2002-04-17 69632]
"gemstrmw"=C:\WINDOWS\system32\gemstrmw.exe [2003-08-29 24576]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-06-25 1414144]
"ICQ"=C:\Program Files\ICQ6.5\ICQ.exe [2009-11-16 172792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe [2009-07-18 257440]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-06-05 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoWelcomeScreen"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"\\server1\E$\ZALOHA_VELOSERVIS\Install\hp2600n_CD\SETUP.EXE"="\\server1\E$\ZALOHA_VELOSERVIS\Install\hp2600n_CD\SETUP.EXE:*:Enabled:SETUP.EXE"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

======List of files/folders created in the last 1 months======

2010-05-04 15:12:34 ----D---- C:\rsit
2010-05-04 15:12:34 ----D---- C:\Program Files\trend micro
2010-05-04 13:42:53 ----SHD---- C:\$RECYCLE.BIN
2010-05-04 10:44:06 ----D---- C:\WINDOWS\temp
2010-05-04 10:44:01 ----A---- C:\ComboFix.txt
2010-05-04 10:33:42 ----A---- C:\Boot.bak
2010-05-04 10:33:37 ----RASHD---- C:\cmdcons
2010-05-04 10:32:40 ----A---- C:\WINDOWS\MBR.exe
2010-05-04 10:32:39 ----A---- C:\WINDOWS\NIRCMD.exe
2010-05-04 10:32:37 ----A---- C:\WINDOWS\zip.exe
2010-05-04 10:32:37 ----A---- C:\WINDOWS\SWREG.exe
2010-05-04 10:32:37 ----A---- C:\WINDOWS\PEV.exe
2010-05-04 10:32:36 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-05-04 10:32:36 ----A---- C:\WINDOWS\SWSC.exe
2010-05-04 10:32:36 ----A---- C:\WINDOWS\sed.exe
2010-05-04 10:32:36 ----A---- C:\WINDOWS\grep.exe
2010-05-04 10:32:28 ----D---- C:\WINDOWS\ERDNT
2010-05-04 10:31:24 ----D---- C:\Qoobox
2010-04-30 09:43:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-04-27 08:04:52 ----A---- C:\WINDOWS\reimage.ini
2010-04-21 08:05:02 ----N---- C:\WINDOWS\system32\browserchoice.exe
2010-04-14 19:14:20 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-14 19:14:12 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-14 19:13:00 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-14 19:12:55 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-14 19:12:30 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-14 19:12:14 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$

======List of files/folders modified in the last 1 months======

2010-05-04 15:12:34 ----RD---- C:\Program Files
2010-05-04 15:12:24 ----D---- C:\WINDOWS\Prefetch
2010-05-04 15:12:17 ----SD---- C:\Documents and Settings\administrator.VELOSERVIS\Data aplikací\Microsoft
2010-05-04 15:08:26 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-04 15:04:35 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-04 15:01:49 ----SHD---- C:\WINDOWS\Installer
2010-05-04 11:04:46 ----D---- C:\WINDOWS
2010-05-04 11:02:53 ----D---- C:\WINDOWS\system32\drivers
2010-05-04 11:00:15 ----D---- C:\WINDOWS\system32\appmgmt
2010-05-04 10:45:11 ----SHD---- C:\WINDOWS\CSC
2010-05-04 10:42:38 ----A---- C:\WINDOWS\system.ini
2010-05-04 10:40:49 ----D---- C:\WINDOWS\system32
2010-05-04 10:39:05 ----D---- C:\WINDOWS\AppPatch
2010-05-04 10:39:03 ----D---- C:\Program Files\Common Files
2010-05-04 10:33:42 ----RASH---- C:\boot.ini
2010-05-04 07:31:42 ----D---- C:\WINDOWS\security
2010-04-27 15:44:59 ----SD---- C:\WINDOWS\Tasks
2010-04-22 09:07:01 ----HD---- C:\WINDOWS\inf
2010-04-14 19:14:25 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-04-14 19:14:19 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-14 19:14:17 ----A---- C:\WINDOWS\imsins.BAK
2010-04-06 19:52:54 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-06-05 5761728]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-05-20 4800000]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 catchme;catchme; \??\C:\DOCUME~1\VELOSE~1\LOCALS~1\Temp\catchme.sys []
S3 cpuz132;cpuz132; \??\C:\DOCUME~1\VELOSE~1\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys []
S3 GTwinUSB;GTwinUSB; C:\WINDOWS\System32\Drivers\GTwinUSB.sys [2002-10-04 61776]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-08-16 222968]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Caroprd111]

Zdravím


Doporučuji odinstalovat (pokud nepoužíváte) toolbary (lišty) v Přidat nebo odebrat programy.


Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe

• Spusťte, poté do spodního políčka vložte následující skript.

Kód: Vybrat vše

 netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys 
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys 
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys 
cdrom.sys 
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav 
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT 

• Označte položku Pro všechny uživatele.
• Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
• Klikněte na tlačítko Prohledat
• Po dokončení, sem vložte logy OTL.Txt a Extras.txt

[Zakov]

OTL.TXT:

OTL logfile created on: 4.5.2010 16:47:06 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\administrator.VELOSERVIS\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 80,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 94,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 459,86 Gb Total Space | 432,15 Gb Free Space | 93,97% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 3,73 Gb Total Space | 0,36 Gb Free Space | 9,67% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VELOSERVIS-ALEJ
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.05.04 16:26:04 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\administrator.VELOSERVIS\Plocha\OTL.exe
PRC - [2009.11.16 17:36:19 | 000,172,792 | ---- | M] (ICQ, LLC.) -- C:\Program Files\ICQ6.5\ICQ.exe
PRC - [2009.08.16 15:01:16 | 000,222,968 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2009.06.25 15:12:42 | 001,414,144 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2009.06.02 10:10:08 | 000,637,952 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2009.05.28 13:45:00 | 000,132,096 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2009.03.30 10:11:14 | 000,120,320 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2008.04.14 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005.09.24 07:05:26 | 000,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PRC - [2002.04.17 10:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002.04.17 10:42:56 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe


========== Modules (SafeList) ==========

MOD - [2010.05.04 16:26:04 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\administrator.VELOSERVIS\Plocha\OTL.exe
MOD - [2008.04.14 14:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2009.08.16 15:01:16 | 000,222,968 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.06.02 10:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.07.29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)


========== Driver Services (SafeList) ==========

DRV - [2009.02.09 08:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009.02.09 08:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009.02.09 08:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009.02.09 08:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.05.20 17:53:00 | 004,800,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.04.14 14:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008.01.03 22:10:16 | 000,105,856 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007.06.05 15:48:58 | 005,761,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2002.10.04 21:21:18 | 000,061,776 | ---- | M] (Gemplus) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GTwinUSB.sys -- (GTwinUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.triline.cz

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.triline.cz

IE - HKU\S-1-5-21-3244135746-602949535-1214434796-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3244135746-602949535-1214434796-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3244135746-602949535-1214434796-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchT ... f8&oe=utf8
IE - HKU\S-1-5-21-3244135746-602949535-1214434796-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKU\S-1-5-21-3244135746-602949535-1214434796-500\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3244135746-602949535-1214434796-500\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-3244135746-602949535-1214434796-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.08.29 08:23:30 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [gemstrmw] C:\WINDOWS\System32\gemstrmw.exe (Gemplus)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKU\S-1-5-21-3244135746-602949535-1214434796-500..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-3244135746-602949535-1214434796-500..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\behounek\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\uzivatel\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\veloservis\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3244135746-602949535-1214434796-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O15 - HKU\S-1-5-21-3244135746-602949535-1214434796-500\..Trusted Domains: ica.cz ( https in Důvěryhodné servery)
O16 - DPF: {1AE23F24-D3E4-4C57-8468-6618B9B8B70F} https://bb24.csob.cz/Comp/IcaSignerCZ.cab (ICASign Class)
O16 - DPF: {461A37E7-17B3-40E3-B6BB-7CAEC732C9E4} https://bb24.csob.cz/comp/CSOBEnroll.dll (CSOBEnroll Class)
O16 - DPF: {4C3CEE0B-4F2F-44C3-9586-4368F3200143} http://download.ica.cz/icapki.cab (ICApki Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 7276600033 (MUWebControl Class)
O16 - DPF: {8DB83558-B5E6-4449-8E59-B91126580A99} https://bb24.csob.cz/comp/ICAHsmEngine.dll (ICAHsmEngine Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = veloservis.local
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.11.18 07:46:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.10.28 23:49:26 | 000,000,144 | -HS- | M] () - E:\autorun.ini -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008.11.18 07:33:02 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (74885954556395520)

========== Files/Folders - Created Within 30 Days ==========

[2010.05.04 16:46:18 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\administrator.VELOSERVIS\Plocha\OTL.exe
[2010.05.04 15:12:34 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.05.04 15:12:34 | 000,000,000 | ---D | C] -- C:\rsit
[2010.05.04 13:42:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010.05.04 10:44:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.05.04 10:33:37 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.05.04 10:32:39 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.05.04 10:32:37 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.05.04 10:32:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.05.04 10:32:36 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.05.04 10:32:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.05.04 10:31:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.04.30 09:43:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Adobe
[2010.04.21 08:05:02 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.05.04 16:44:53 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.05.04 16:44:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.05.04 16:44:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.05.04 16:44:29 | 2136,461,312 | -HS- | M] () -- C:\hiberfil.sys
[2010.05.04 16:26:18 | 000,000,008 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010.05.04 16:26:04 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\administrator.VELOSERVIS\Plocha\OTL.exe
[2010.05.04 16:20:38 | 001,835,008 | -H-- | M] () -- C:\Documents and Settings\administrator.VELOSERVIS\NTUSER.DAT
[2010.05.04 16:20:36 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\administrator.VELOSERVIS\ntuser.ini
[2010.05.04 11:12:36 | 005,368,708 | -H-- | M] () -- C:\Documents and Settings\administrator.VELOSERVIS\Local Settings\Data aplikací\IconCache.db
[2010.05.04 10:42:38 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.05.04 10:33:42 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010.04.30 09:43:16 | 000,001,762 | ---- | M] () -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
[2010.04.30 09:43:16 | 000,001,745 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Adobe Reader 7.0.lnk
[2010.04.27 08:10:33 | 000,000,284 | ---- | M] () -- C:\WINDOWS\reimage.ini
[2010.04.26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010.04.21 20:12:11 | 000,001,508 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Výběr prohlížeče.lnk
[2010.04.14 19:14:17 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.05.04 10:33:42 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010.05.04 10:33:40 | 000,261,312 | ---- | C] () -- C:\cmldr
[2010.05.04 10:32:40 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.05.04 10:32:37 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.05.04 10:32:37 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.05.04 10:32:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.05.04 10:32:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.04.27 08:04:52 | 000,000,284 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2010.04.21 20:12:10 | 000,001,508 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Výběr prohlížeče.lnk
[2009.06.25 08:33:31 | 000,000,279 | ---- | C] () -- C:\WINDOWS\hpqcopy.INI
[2009.05.09 09:06:23 | 000,000,281 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008.12.09 15:43:23 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\ct.ini
[2008.11.27 13:25:12 | 000,000,062 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008.11.24 10:18:48 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.11.23 16:11:47 | 000,003,165 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2008.11.23 16:11:47 | 000,000,133 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2008.11.23 16:11:35 | 000,749,568 | ---- | C] () -- C:\WINDOWS\System32\agissi.dll
[2008.11.23 16:11:33 | 011,206,656 | ---- | C] () -- C:\WINDOWS\System32\zhhp_res.dll
[2008.11.23 16:10:49 | 000,000,628 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2008.11.18 08:38:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008.10.01 11:30:58 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\SecureStorePKCS11.dll
[2008.10.01 11:30:42 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\lowlevel.dll
[2008.10.01 11:30:38 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonUtils.dll
[2006.03.02 12:02:08 | 000,131,960 | ---- | C] () -- C:\WINDOWS\System32\ICAEnroll.dll
[2006.03.02 11:03:08 | 000,078,712 | ---- | C] () -- C:\WINDOWS\System32\ICARenewal.dll
[2004.11.08 10:25:44 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\cmfrtcsp.dll
[2004.06.24 09:49:36 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\comfp11.dll
[2003.04.09 15:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000.03.29 22:00:00 | 000,125,440 | ---- | C] () -- C:\WINDOWS\System32\UNZDLL.DLL
[1999.10.23 18:29:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\UNRAR.DLL
[1999.08.11 15:28:02 | 000,101,888 | ---- | C] () -- C:\WINDOWS\System32\LIBBZ2.DLL
[1999.05.21 21:10:00 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ZIPDLL.DLL
[1998.01.28 00:06:04 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\UNACE.DLL
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[1980.01.01 00:00:00 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4837.dll
[1980.01.01 00:00:00 | 000,000,510 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

========== LOP Check ==========

[2009.06.04 09:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\GARMIN
[2008.11.26 10:28:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Složka odesílání Share-to-Web
[2009.10.26 12:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator.VELOSERVIS\Data aplikací\ICQ
[2009.08.29 08:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator.VELOSERVIS\Data aplikací\Nokia
[2009.08.29 08:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator.VELOSERVIS\Data aplikací\PC Suite
[2008.11.23 18:50:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator.VELOSERVIS\Data aplikací\Složka odesílání Share-to-Web
[2008.11.21 15:34:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2009.06.04 09:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\GARMIN
[2009.10.26 12:56:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2009.12.10 18:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Installations
[2008.11.27 13:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\OrbNetworks
[2010.02.13 12:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Suite
[2008.12.19 09:18:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ZoneFiveSoftware
[2009.01.08 07:58:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\behounek\Data aplikací\ICQ
[2009.01.07 18:18:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\behounek\Data aplikací\OpenOffice.org
[2009.08.29 08:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\behounek\Data aplikací\PC Suite
[2008.11.25 13:31:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\behounek\Data aplikací\Složka odesílání Share-to-Web
[2008.11.23 15:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\ICQ
[2008.11.23 15:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\OpenOffice.org
[2008.11.23 15:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\Složka odesílání Share-to-Web
[2009.06.04 10:06:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\veloservis\Data aplikací\GARMIN
[2010.05.04 07:26:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\veloservis\Data aplikací\ICQ
[2010.04.12 10:39:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\veloservis\Data aplikací\Nokia
[2008.12.15 15:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\veloservis\Data aplikací\ntr
[2008.11.23 17:53:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\veloservis\Data aplikací\OpenOffice.org
[2010.02.13 12:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\veloservis\Data aplikací\PC Suite
[2008.11.23 17:44:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\veloservis\Data aplikací\Složka odesílání Share-to-Web
[2008.12.05 17:44:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\veloservis\Data aplikací\STORMWARE

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 14:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation)
"PC Suite Tray" = "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray -- [2009.06.25 15:12:42 | 001,414,144 | ---- | M] (Nokia)
"ICQ" = "C:\Program Files\ICQ6.5\ICQ.exe" silent -- [2009.11.16 17:36:19 | 000,172,792 | ---- | M] (ICQ, LLC.)

< c:\windows\*.* /U >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2009.07.03 12:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator.VELOSERVIS\Data aplikací\Adobe
[2009.10.26 12:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator.VELOSERVIS\Data aplikací\ICQ
[2008.11.18 07:54:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator.VELOSERVIS\Data aplikací\Identities
[2009.04.29 14:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator.VELOSERVIS\Data aplikací\Macromedia
[2010.05.04 15:12:17 | 000,000,000 | --SD | M] -- C:\Documents and Settings\administrator.VELOSERVIS\Data aplikací\Microsoft
[2009.10.26 12:56:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator.VELOSERVIS\Data aplikací\Mozilla
[2009.08.29 08:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator.VELOSERVIS\Data aplikací\Nokia
[2009.08.29 08:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator.VELOSERVIS\Data aplikací\PC Suite
[2008.11.23 18:50:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator.VELOSERVIS\Data aplikací\Složka odesílání Share-to-Web

< %APPDATA%\*.exe /s >
[2009.04.29 14:58:38 | 001,915,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\administrator.VELOSERVIS\Data aplikací\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe


< MD5 for: AGP440.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\I386\sp3.cab:AGP440.sys
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\I386\sp3.cab:atapi.sys
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.14 15:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: CDROM.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\I386\sp3.cab:cdrom.sys
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 14:00:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2008.04.14 14:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2008.04.14 14:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll
[2008.04.14 15:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\dllcache\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 15:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: HAL.DLL >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\I386\sp3.cab:hal.dll
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 14:00:00 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\hal.dll

< MD5 for: CHANGER.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\I386\sp3.cab:Changer.sys
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys

< MD5 for: ISAPNP.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\I386\sp3.cab:isapnp.sys
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 07:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys
[2008.04.14 15:00:00 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\isapnp.sys

< MD5 for: LSASS.EXE >
[2008.04.14 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ERDNT\cache\lsass.exe
[2008.04.14 15:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2008.04.14 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.14 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008.04.14 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008.04.14 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 15:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008.04.14 14:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 15:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 14:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.17 15:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2008.04.14 15:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\dllcache\smss.exe
[2008.04.14 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe
[2008.04.14 14:00:00 | 000,481,792 | ---- | M] (Microsoft Corporation) MD5=F209B5C79A87A9521DC0BD88B039EEE3 -- C:\I386\SYSTEM32\SMSS.EXE

< MD5 for: SVCHOST.EXE >
[2008.04.14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008.04.14 15:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008.04.14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008.04.14 14:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 15:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 14:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2008.04.14 14:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2008.04.14 15:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2008.04.14 14:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008.11.18 07:35:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008.11.18 07:35:06 | 001,093,632 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008.11.18 07:35:06 | 000,471,040 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2010.05.04 16:44:53 | 000,001,158 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report >



extras.txt:
OTL Extras logfile created on: 4.5.2010 16:47:06 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\administrator.VELOSERVIS\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 80,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 94,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 459,86 Gb Total Space | 432,15 Gb Free Space | 93,97% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 3,73 Gb Total Space | 0,36 Gb Free Space | 9,67% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VELOSERVIS-ALEJ
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"\\server1\E$\ZALOHA_VELOSERVIS\Install\hp2600n_CD\SETUP.EXE" = \\server1\E$\ZALOHA_VELOSERVIS\Install\hp2600n_CD\SETUP.EXE:*:Enabled:SETUP.EXE


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{10944289-8401-4B95-8E2A-61B0024C8C3A}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{58FA5D40-E35A-47ED-8AFA-68CCC758559E}" = Garmin MapSource
"{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}" = ShareIns
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6A87A640-CB25-493C-A49D-368F29F45C7C}" = STORMWARE POHODA Klient CZ Komplet
"{6D450E19-B2C2-47E8-8BAB-4957EFB5C58C}" = STORMWARE POHODA Klient CZ
"{6F7ECD56-E224-4263-9B7E-158E5CECC43B}" = HP Photo and Imaging 2.1 - Scanjet 2400 Series
"{7668D9E4-B7FC-49C2-AF1B-C8DC4CFB0BD6}" = TOPO Czech 2
"{90E00405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Outlook 2003
"{9C429468-32CA-4386-8B53-24C60784C7A8}" = STORMWARE POHODA Klient CZ
"{9D0FB354-3D85-483A-A899-99FB3084942D}" = Garmin MapSource
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1029-7B44-A70500000002}" = Adobe Reader 7.0.5 - Czech
"{B5A465EB-DC7B-4109-87DA-60493297D49F}" = STORMWARE POHODA Klient CZ
"{BE8BE32F-F595-4693-9F82-1E0A5A047BB6}" = OpenOffice.org 3.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DBB86FEF-CA7B-4A63-AE37-BA774D799168}" = SportTracks 2.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F996DEB7-4AD7-4F15-84AA-114B8BE45911}" = Polar UpLink Tool
"{FAC5C505-D081-4F44-AFC2-A26D73B73BD8}" = STORMWARE POHODA Klient CZ Komplet
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"504244733D18C8F63FF584AEB290E3904E791693" = Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ComfortChip_is1" = ComfortChip
"E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Balíček ovladače systému Windows - Nokia Modem (06/01/2009 4.1)
"F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Balíček ovladače systému Windows - Nokia Modem (06/01/2009 7.01.0.3)
"Gemplus Smart Card Reader Tools" = Gemplus Smart Card Reader Tools
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP-Color LaserJet 2600n" = Color LaserJet 2600n
"I.CA CryptoPlus v1.0" = I.CA CryptoPlus v1.0
"ICQToolbar" = ICQ Toolbar
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IrfanView" = IrfanView (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"PowerArchiver" = PowerArchiver
"SecureStore I.CA" = SecureStore I.CA 1.31
"STORMWARE PDF Printer_is1" = STORMWARE PDF Printer 5.0.0.614
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4.5.2010 9:01:03 | Computer Name = VELOSERVIS-ALEJ | Source = Userenv | ID = 1054
Description = Systém Windows nemůže získat název řadiče domény vaší sítě. (Zadaná
doména neexistuje nebo není k dispozici. ). Zpracovávání zásad skupin bylo zastaveno.


Error - 4.5.2010 9:04:33 | Computer Name = VELOSERVIS-ALEJ | Source = Application Error | ID = 1000
Description = Chybující aplikace , verze 0.0.0.0, chybující modul unknown, verze
0.0.0.0, adresa chyby 0x00000000.

Error - 4.5.2010 10:26:17 | Computer Name = VELOSERVIS-ALEJ | Source = Userenv | ID = 1090
Description = Systém Windows nemohl protokolovat stav relace modulu snap-in RSoP.
Pokus o připojení ke službě WMI se nezdařil. Pro toto použití zásad již nebude
prováděno žádné protokolování modulu snap-in RSoP.

Error - 4.5.2010 10:27:50 | Computer Name = VELOSERVIS-ALEJ | Source = AutoEnrollment | ID = 15
Description = Automatickému zápisu certifikátu pro Local System se nezdařilo kontaktovat
adresář Active Directory(0x80070836). Není nainstalován ovladač Pracovní stanice.

Zápis nebude proveden.

Error - 4.5.2010 10:44:37 | Computer Name = VELOSERVIS-ALEJ | Source = Userenv | ID = 1054
Description = Systém Windows nemůže získat název řadiče domény vaší sítě. (Zadaná
doména neexistuje nebo není k dispozici. ). Zpracovávání zásad skupin bylo zastaveno.


Error - 4.5.2010 10:44:37 | Computer Name = VELOSERVIS-ALEJ | Source = AutoEnrollment | ID = 15
Description = Automatickému zápisu certifikátu pro Local System se nezdařilo kontaktovat
adresář Active Directory(0x8007054b). Zadaná doména neexistuje nebo není k dispozici.

Zápis nebude proveden.

Error - 4.5.2010 10:44:48 | Computer Name = VELOSERVIS-ALEJ | Source = Userenv | ID = 1054
Description = Systém Windows nemůže získat název řadiče domény vaší sítě. (Zadaná
doména neexistuje nebo není k dispozici. ). Zpracovávání zásad skupin bylo zastaveno.


Error - 4.5.2010 10:44:58 | Computer Name = VELOSERVIS-ALEJ | Source = Application Error | ID = 1004
Description = Chybující aplikace svchost.exe, verze 0.0.0.0, chybující modul unknown,
verze 0.0.0.0, adresa chyby 0x00000000.

Error - 4.5.2010 10:45:48 | Computer Name = VELOSERVIS-ALEJ | Source = MsiInstaller | ID = 11606
Description = Produkt: STORMWARE POHODA Klient CZ - Chyba 1606. Nelze získat přístup
k umístění v síti \\SERVER1\POHODA.

Error - 4.5.2010 10:45:49 | Computer Name = VELOSERVIS-ALEJ | Source = MsiInstaller | ID = 11606
Description = Produkt: STORMWARE POHODA Klient CZ - Chyba 1606. Nelze získat přístup
k umístění v síti \\SERVER1\POHODA.

[ System Events ]
Error - 4.5.2010 7:33:38 | Computer Name = VELOSERVIS-ALEJ | Source = Service Control Manager | ID = 7034
Description = Služba ICQ Service byla neočekávaně ukončena. Tento stav nastal již
1krát.

Error - 4.5.2010 8:53:52 | Computer Name = VELOSERVIS-ALEJ | Source = NETLOGON | ID = 5719
Description = V doméně VELOSERVIS není k dispozici žádný řadič domény z důvodu:
%%1311. Přesvědčte se, zda je počítač připojen k síti a akci opakujte. Pokud budou
potíže trvat, obraťte se na správce domény.

Error - 4.5.2010 8:54:09 | Computer Name = VELOSERVIS-ALEJ | Source = Print | ID = 33
Description = Nelze nalézt kontejner tiskové fronty, protože nebyl získán název
domény DNS. Kód chyby: 54b

Error - 4.5.2010 8:55:44 | Computer Name = VELOSERVIS-ALEJ | Source = NETLOGON | ID = 5719
Description = V doméně VELOSERVIS není k dispozici žádný řadič domény z důvodu:
%%1311. Přesvědčte se, zda je počítač připojen k síti a akci opakujte. Pokud budou
potíže trvat, obraťte se na správce domény.

Error - 4.5.2010 8:56:52 | Computer Name = VELOSERVIS-ALEJ | Source = Print | ID = 33
Description = Nelze nalézt kontejner tiskové fronty, protože nebyl získán název
domény DNS. Kód chyby: 54b

Error - 4.5.2010 9:00:38 | Computer Name = VELOSERVIS-ALEJ | Source = NETLOGON | ID = 5719
Description = V doméně VELOSERVIS není k dispozici žádný řadič domény z důvodu:
%%1311. Přesvědčte se, zda je počítač připojen k síti a akci opakujte. Pokud budou
potíže trvat, obraťte se na správce domény.

Error - 4.5.2010 9:00:46 | Computer Name = VELOSERVIS-ALEJ | Source = Print | ID = 33
Description = Nelze nalézt kontejner tiskové fronty, protože nebyl získán název
domény DNS. Kód chyby: 54b

Error - 4.5.2010 9:04:28 | Computer Name = VELOSERVIS-ALEJ | Source = W32Time | ID = 39452701
Description = Klient NTP zprostředkovatele časových údajů je konfigurován pro získávání
časových údajů z jednoho nebo více zdrojů času. Žádný z těchto zdrojů však není
aktuálně k dispozici. Po dobu 15 minut nebude proveden žádný pokus o kontaktování
zdroje. Klient NTP nemá k dispozici žádný zdroj času.

Error - 4.5.2010 10:44:37 | Computer Name = VELOSERVIS-ALEJ | Source = NETLOGON | ID = 5719
Description = V doméně VELOSERVIS není k dispozici žádný řadič domény z důvodu:
%%1311. Přesvědčte se, zda je počítač připojen k síti a akci opakujte. Pokud budou
potíže trvat, obraťte se na správce domény.

Error - 4.5.2010 10:44:51 | Computer Name = VELOSERVIS-ALEJ | Source = Print | ID = 33
Description = Nelze nalézt kontejner tiskové fronty, protože nebyl získán název
domény DNS. Kód chyby: 54b


< End of report >

[Caroprd111]

Poprosím o log C:\ComboFix.txt

Nedoporučuji používat ComboFix z vlastní iniciativy, může dojít k poškození systému!

[Zakov]

ComboFix 10-05-03.05 - veloservis 04.05.2010 10:34:54.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2037.1474 [GMT 2:00]
Spuštěný z: c:\documents and settings\veloservis\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\veloservis\Cookies\hpothb07.dat
c:\documents and settings\veloservis\Recent\hpothb07.tif
c:\program files\WindowsUpdate
c:\recycled\Dc195
c:\recycled\Dc196
c:\recycled\Dc197
c:\windows\system32\reboot.txt

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-04 do 2010-05-04 )))))))))))))))))))))))))))))))
.

2010-05-04 08:29 . 2010-05-04 08:29 -------- d-sh--w- c:\documents and settings\veloservis\IECompatCache
2010-04-21 06:05 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-28 19:35 . 1979-12-31 22:00 83742 ----a-w- c:\windows\system32\perfc005.dat
2010-03-28 19:35 . 1979-12-31 22:00 441086 ----a-w- c:\windows\system32\perfh005.dat
2010-03-10 06:17 . 1979-12-31 22:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:18 . 1979-12-31 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 15:42 . 2008-11-23 13:27 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-02-24 13:11 . 1979-12-31 22:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:08 . 2008-04-14 07:06 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 19:08 . 2008-04-14 07:06 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-12 04:35 . 1979-12-31 22:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 1979-12-31 22:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-11-16 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"gemstrmw"="c:\windows\system32\gemstrmw.exe" [2003-08-29 24576]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\behounek\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-4 393216]

c:\documents and settings\uzivatel\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-4 393216]

c:\documents and settings\veloservis\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-4 393216]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"\\\\server1\\E$\\ZALOHA_VELOSERVIS\\Install\\hp2600n_CD\\SETUP.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [1.7.2008 9:04 35168]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7.10.2009 10:16 472280]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [13.3.2009 7:50 222968]
R3 GTwinUSB;GTwinUSB;c:\windows\system32\drivers\GTwinUSB.sys [26.11.2008 10:29 61776]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.idnes.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
Trusted Zone: csob.cz
Trusted Zone: csob.cz\bb24
DPF: {1AE23F24-D3E4-4C57-8468-6618B9B8B70F} - hxxps://bb24.csob.cz/Comp/IcaSignerCZ.cab
DPF: {461A37E7-17B3-40E3-B6BB-7CAEC732C9E4} - hxxps://bb24.csob.cz/comp/CSOBEnroll.dll
DPF: {4C3CEE0B-4F2F-44C3-9586-4368F3200143} - hxxp://download.ica.cz/icapki.cab
DPF: {8DB83558-B5E6-4449-8E59-B91126580A99} - hxxps://bb24.csob.cz/comp/ICAHsmEngine.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-Polar Sync - (no file)
HKLM-Run-Toolbar_eula_launcher - c:\install\google\eula\EULALauncher.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-04 10:42
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Polar Sync = ?:\program files\polar\polar sync\?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2010-05-04 10:43:58
ComboFix-quarantined-files.txt 2010-05-04 08:43

Před spuštěním: Volných bajtů: 461 957 891 072
Po spuštění: Volných bajtů: 463 975 087 104

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 21BD88B9BEC2679FC4D8E891A4B61873

[Caroprd111]

Spusťte OTL a do spodního okna vložte následující skript.

Kód: Vybrat vše

:OTL
IE - HKU\S-1-5-21-3244135746-602949535-1214434796-500\..\URLSearchHook: - Reg Error: Key error. File not found
O15 - HKU\S-1-5-21-3244135746-602949535-1214434796-500\..Trusted Domains: ica.cz ([b] https in Důvěryhodné servery)
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

:Commands
[EMPTYTEMP] 
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[CREATERESTOREPOINT]

Poté klikněte na Opravit, PC se restartuje, log vložte sem.

[Zakov]

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-3244135746-602949535-1214434796-500\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3244135746-602949535-1214434796-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ica.cz\b\ deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->Flash cache emptied: 405 bytes

User: administrator.VELOSERVIS
->Temp folder emptied: 6618676 bytes
->Temporary Internet Files folder emptied: 2355692 bytes
->Flash cache emptied: 1916467 bytes

User: All Users

User: behounek
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->Flash cache emptied: 348 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 53011 bytes

User: LocalService
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: uzivatel
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->Flash cache emptied: 1146 bytes

User: veloservis
->Temp folder emptied: 210618 bytes
->Temporary Internet Files folder emptied: 29055026 bytes
->Flash cache emptied: 1938077 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 41,00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: administrator.VELOSERVIS
->Flash cache emptied: 0 bytes

User: All Users

User: behounek
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

User: uzivatel
->Flash cache emptied: 0 bytes

User: veloservis
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

Restore points cleared and new OTL Restore Point set!
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

OTL by OldTimer - Version 3.2.4.1 log created on 05042010_182905

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

[Caroprd111]

Jak to vypadá s PC

[Zakov]

Pc nabiha svizneji. Stale se ale nedostanu na stranky esetu a symantecu. Na AVG se dostanu

[Caroprd111]

Stáhněte HostsXpert http://www.funkytoad.com/download/HostsXpert.zip

• Rozbalte do vlastní složky
• Klikněte na tlačítko Restore MS Hosts File, hlášku potvrďte "OK"
• Pokud by program vyhodil chybovou hlášku: ERROR: Cannot create file C:\WINDOWS\system32\DRIVERS\ETC\hosts, tak klikněte tlačítko Make Writeable? a pak teprve klikněte na tlačítko Restore MS Hosts File
• Po proběhnutí klikněte na tlačítko Make ReadOnly?
• Ukončete program a restartujte Počítač

[Zakov]

Provedeno. Na eset se stale nedostanu. Po restartu PC zustalo viset na "nastavení počítače". Nechal jsem to cca 40 minut, pak jsem ho restartoval. Nezminil jsem se ze PC je v domene, muze to mit vliv?

[Caroprd111]

Ještě to prověříme.


Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary
• Vložte do PC všechny flash disky, které používáte.
• Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrazí stránka s licenčními podmínkami, pokračujte stisknutím tlačítka "Ano"
• Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna
• Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.
• Během skenování může být počítač restartován.

[Zakov]

ComboFix 10-05-04.01 - Administrator 04.05.2010 22:08:40.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2037.1633 [GMT 2:00]
Spuštěný z: c:\documents and settings\administrator.VELOSERVIS\Plocha\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-4163810485-1416016701-3834283497-1001

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-04 do 2010-05-04 )))))))))))))))))))))))))))))))
.

2010-05-04 16:29 . 2010-05-04 16:29 -------- d-----w- C:\_OTL
2010-05-04 13:12 . 2010-05-04 13:12 -------- d-----w- C:\rsit
2010-05-04 13:12 . 2010-05-04 13:12 -------- d-----w- c:\program files\trend micro
2010-05-04 08:29 . 2010-05-04 08:29 -------- d-sh--w- c:\documents and settings\veloservis\IECompatCache
2010-04-21 06:05 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-28 19:35 . 1979-12-31 22:00 83742 ----a-w- c:\windows\system32\perfc005.dat
2010-03-28 19:35 . 1979-12-31 22:00 441086 ----a-w- c:\windows\system32\perfh005.dat
2010-03-10 06:17 . 1979-12-31 22:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:18 . 1979-12-31 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 15:42 . 2008-11-23 13:27 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-02-24 13:11 . 1979-12-31 22:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:08 . 2008-04-14 07:06 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 19:08 . 2008-04-14 07:06 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-12 04:35 . 1979-12-31 22:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 1979-12-31 22:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-11-16 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"gemstrmw"="c:\windows\system32\gemstrmw.exe" [2003-08-29 24576]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\behounek\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-4 393216]

c:\documents and settings\uzivatel\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-4 393216]

c:\documents and settings\veloservis\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-4 393216]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"\\\\server1\\E$\\ZALOHA_VELOSERVIS\\Install\\hp2600n_CD\\SETUP.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

S3 GTwinUSB;GTwinUSB;c:\windows\system32\drivers\GTwinUSB.sys [26.11.2008 10:29 61776]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
DPF: {1AE23F24-D3E4-4C57-8468-6618B9B8B70F} - hxxps://bb24.csob.cz/Comp/IcaSignerCZ.cab
DPF: {461A37E7-17B3-40E3-B6BB-7CAEC732C9E4} - hxxps://bb24.csob.cz/comp/CSOBEnroll.dll
DPF: {4C3CEE0B-4F2F-44C3-9586-4368F3200143} - hxxp://download.ica.cz/icapki.cab
DPF: {8DB83558-B5E6-4449-8E59-B91126580A99} - hxxps://bb24.csob.cz/comp/ICAHsmEngine.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-04 22:15
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-3244135746-602949535-1214434796-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c0,fd,d5,4d,5a,21,2b,49,83,af,74,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,06,ed,1e,53,14,ec,77,4f,8a,5d,7b,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c0,fd,d5,4d,5a,21,2b,49,83,af,74,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2356)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-05-04 22:16:44
ComboFix-quarantined-files.txt 2010-05-04 20:16
ComboFix2.txt 2010-05-04 08:44

Před spuštěním: Volných bajtů: 465 486 786 560
Po spuštění: Volných bajtů: 465 461 664 768

- - End Of File - - A9C859E198694909DCF4A664C5BA119A

[Caroprd111]

Jak to vypadá s PC

[Zakov]

Stale stejny problem. Nedostanu se na eset ani symantec.