VIRY.CZ

Zkoušel jsem vypnout antivir a aktualizace windows, ale nepomohlo. Projel jsem pc MBAMem a tohle mi to našlo : mbamsken
Co můžu smazat a co ne? Asi bude potřeba infikovaný soubor nahradit ne?

Zdravím

Vše, co našel MBAM smažte a dejte log z RSIT.

Log z MBAMu
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databze: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

29.5.2010 15:46:22
mbam-log-2010-05-29 (15-46-22).txt

Typ skenu: pln sken (C:\|D:\|)
Skenovan objekty: 175421
Uplynul as: 1 hodina(y), 5 minuta(y), 16 sekunda(y)

Infikovan procesy v pamti: 0
Infikovan moduly v pamti: 0
Infikovan kle registru: 0
Infikovan hodnoty registru: 0
Infikovan datov poloky registru: 0
Infikovan sloky: 0
Infikovan soubory: 4

Infikovan procesy v pamti:
(dn kodliv poloky nebyly zjitny)

Infikovan moduly v pamti:
(dn kodliv poloky nebyly zjitny)

Infikovan kle registru:
(dn kodliv poloky nebyly zjitny)

Infikovan hodnoty registru:
(dn kodliv poloky nebyly zjitny)
Log po smazání položek z MBAMu
Infikovan datov poloky registru:
(dn kodliv poloky nebyly zjitny)

Infikovan sloky:
(dn kodliv poloky nebyly zjitny)

Infikovan soubory:
C:\Documents and Settings\Uivatel\Data aplikac\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uivatel\Local Settings\Temp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\games.JAMES-0T2PBMK1H\Plocha\AutoClicker.exe (Trojan.AutoClick) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BA88242C-D9BB-4643-B040-A700D9419C0F}\RP177\A0029566.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

log z RSIT

Logfile of random's system information tool 1.07 (written by random/random)
Run by Uivatel at 2010-05-29 15:53:08
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 18 GB (60%) free of 30 GB
Total RAM: 767 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:53:21, on 29.5.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Uivatel\Local Settings\Data aplikac\Google\Update\GoogleUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\RealVNC\VNC4\winvnc4.exe
C:\Documents and Settings\Uivatel\Local Settings\Data aplikac\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Documents and Settings\Uivatel\Local Settings\Data aplikac\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Uivatel\Local Settings\Data aplikac\Google\Chrome\Application\chrome.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Documents and Settings\Uivatel\Local Settings\Data aplikac\Google\Chrome\Application\chrome.exe
D:\DownloadsChrome\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Uivatel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = start.qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\games.JAMES-0T2PBMK1H\Data aplikac\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\games.JAMES-0T2PBMK1H\Data aplikac\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Uivatel\Local Settings\Data aplikac\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Run VNC Server.lnk = C:\Program Files\RealVNC\VNC4\winvnc4.exe
O4 - Startup: wwwzuc32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informac - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP Infium - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP Infium\infium.exe (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9015677671
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipamti kategori soust - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 8444 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-2025429265-725345543-1004Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-2025429265-725345543-1004UA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-2025429265-725345543-1005Core.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{391F672F-0390-47F7-B8BF-8FC56FA26AFA}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Documents and Settings\games.JAMES-0T2PBMK1H\Data aplikac\Microsoft\Internet Explorer\qipsearchbar.dll [2009-07-14 150768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
Burn4Free Toolbar Helper - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll [2010-03-20 815104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-29 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-29 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - Burn4Free Toolbar - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll [2010-03-20 815104]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-03-04 16006656]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-04 69632]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-11 61440]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=C:\Documents and Settings\Uivatel\Local Settings\Data aplikac\Google\Update\GoogleUpdate.exe [2010-03-20 136176]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2010-03-30 1820040]

C:\Documents and Settings\All Users\Nabdka Start\Programy\Po sputn
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Documents and Settings\Uivatel\Nabdka Start\Programy\Po sputn
Run VNC Server.lnk - C:\Program Files\RealVNC\VNC4\winvnc4.exe
wwwzuc32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-02-11 155648]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Documents and Settings\Uivatel\Plocha\Instalaky\Obecn\Torrent\utorrent.exe"="C:\Documents and Settings\Uivatel\Plocha\Instalaky\Obecn\Torrent\utorrent.exe:*:Enabled:Torrent"
"D:\Torrent\utorrent.exe"="D:\Torrent\utorrent.exe:*:Enabled:Torrent"
"D:\Hry\World of Warcraft\Launcher.exe"="D:\Hry\World of Warcraft\Launcher.exe:*:Disabled:Blizzard Launcher"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\RealVNC\VNC4\vncviewer.exe"="C:\Program Files\RealVNC\VNC4\vncviewer.exe:*:Enabled:Run VNC Viewer"
"C:\Program Files\RealVNC\VNC4\winvnc4.exe"="C:\Program Files\RealVNC\VNC4\winvnc4.exe:*:Enabled:winvnc4"
"C:\Program Files\RealVNC\VNC4\vncconfig.exe"="C:\Program Files\RealVNC\VNC4\vncconfig.exe:*:Enabled:vncconfig"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-05-29 15:53:09 ----D---- C:\Program Files\trend micro
2010-05-29 15:53:08 ----D---- C:\rsit
2010-05-29 14:01:16 ----A---- C:\WINDOWS\system32\javaws.exe
2010-05-29 14:01:16 ----A---- C:\WINDOWS\system32\javaw.exe
2010-05-29 14:01:16 ----A---- C:\WINDOWS\system32\java.exe
2010-05-29 14:01:16 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-05-29 14:00:23 ----D---- C:\Program Files\Java
2010-05-29 13:04:03 ----A---- C:\mbam-error.txt
2010-05-26 19:43:12 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2010-05-14 19:03:46 ----D---- C:\Documents and Settings\Uivatel\Data aplikac\skypePM
2010-05-12 19:40:47 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-05-05 10:23:48 ----D---- C:\Program Files\RealVNC
2010-05-05 09:10:29 ----D---- C:\Documents and Settings\Uivatel\Data aplikac\dvdcss
2010-05-04 19:34:14 ----D---- C:\Documents and Settings\Uivatel\Data aplikac\vlc
2010-05-04 19:33:10 ----D---- C:\Program Files\VideoLAN
2010-05-04 15:23:51 ----D---- C:\Documents and Settings\Uivatel\Data aplikac\uTorrent

======List of files/folders modified in the last 1 months======

2010-05-29 15:53:09 ----RD---- C:\Program Files
2010-05-29 15:50:44 ----D---- C:\WINDOWS\Temp
2010-05-29 15:50:14 ----D---- C:\WINDOWS\system32\Lang
2010-05-29 15:49:48 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-29 15:48:30 ----D---- C:\WINDOWS\system32\drivers
2010-05-29 14:02:02 ----SHD---- C:\WINDOWS\Installer
2010-05-29 14:01:16 ----D---- C:\WINDOWS\system32
2010-05-29 13:03:58 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-05-29 09:33:17 ----D---- C:\WINDOWS\system32\config
2010-05-27 17:13:07 ----D---- C:\WINDOWS
2010-05-26 19:49:35 ----HD---- C:\WINDOWS\inf
2010-05-22 20:39:57 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-05-14 20:11:20 ----D---- C:\Documents and Settings\Uivatel\Data aplikac\Skype
2010-05-12 19:40:53 ----A---- C:\WINDOWS\imsins.BAK
2010-05-12 19:40:49 ----D---- C:\Program Files\Outlook Express
2010-05-12 15:30:08 ----HD---- C:\WINDOWS\$hf_mig$
2010-05-04 15:52:10 ----SD---- C:\Documents and Settings\Uivatel\Data aplikac\Microsoft
2010-04-30 20:51:06 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Ovlada procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 42496]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2005-12-22 5685]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-03-21 56816]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-02-11 3565056]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [2005-06-23 43008]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-02-03 26176]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-03-04 4244480]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 usbehci;Ovlada miniportu rozenho radie hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozboova umonujc USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovlada Microsoft univerzlnho hostitelskho adie USB od spolenosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2005-01-06 6912]
R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2005-06-07 11264]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-02 17536]
S3 USBSTOR;Ovlada velkokapacitnho pamovho zazen USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-02-11 602112]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-05-29 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2008-10-15 439632]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2010-02-10 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Doporučuji odinstalovat (pokud nepoužíváte) toolbary (lišty) v Přidat nebo odebrat programy.

Obrázek

Doporučuji odinstalovat Spybot - Search & Destroy.

Obrázek

Stáhněte OTL http://oldtimer.geekstogo.com/OTL.exe na plochu

Spusťte, poté do spodního políčka vložte následující skript.

Kód: Vybrat vše

 netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys 
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys 
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys 
cdrom.sys 
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav 
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT

Označte položku Pro všechny uživatele.
Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Klikněte na tlačítko Prohledat
Po dokončení, sem vložte logy OTL.Txt a Extras.txt

Toolbary odinstaluju později. Není to můj PC.
LOG OTL:

OTL logfile created on: 29.5.2010 16:00:44 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = D:\DownloadsChrome
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: esk republika | Language: CSY | Date Format: d.M.yyyy

767,00 Mb Total Physical Memory | 396,00 Mb Available Physical Memory | 52,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29,29 Gb Total Space | 17,54 Gb Free Space | 59,88% Space Free | Partition Type: NTFS
Drive D: | 45,23 Gb Total Space | 7,07 Gb Free Space | 15,63% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JAMES-0T2PBMK1H
Current User Name: Uivatel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.05.29 15:59:22 | 000,571,904 | ---- | M] (OldTimer Tools) -- D:\DownloadsChrome\OTL.exe
PRC - [2010.03.30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2010.03.20 14:31:50 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Uivatel\Local Settings\Data aplikac\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PRC - [2009.07.21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009.03.05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.03.02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.10.15 17:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\winvnc4.exe
PRC - [2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010.05.29 15:59:22 | 000,571,904 | ---- | M] (OldTimer Tools) -- D:\DownloadsChrome\OTL.exe
MOD - [2008.10.15 17:14:00 | 000,044,384 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\wm_hooks.dll
MOD - [2008.04.14 05:19:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010.03.30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2009.07.21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.10.15 17:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2008.07.29 20:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)

========== Driver Services (SafeList) ==========

DRV - [2010.03.21 18:38:11 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.02.11 09:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010.02.03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.05.11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.05.02 10:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008.04.13 19:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\changer.sys -- (Changer)
DRV - [2006.03.04 05:12:10 | 004,244,480 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005.12.22 20:22:18 | 000,005,685 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2005.03.09 16:53:00 | 000,042,496 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005.01.07 18:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004.08.13 20:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1614895754-2025429265-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
IE - HKU\S-1-5-21-1614895754-2025429265-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKU\S-1-5-21-1614895754-2025429265-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKU\S-1-5-21-1614895754-2025429265-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = start.qip.ru
IE - HKU\S-1-5-21-1614895754-2025429265-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKU\S-1-5-21-1614895754-2025429265-725345543-1004\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1614895754-2025429265-725345543-1004\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\games.JAMES-0T2PBMK1H\Data aplikac\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKU\S-1-5-21-1614895754-2025429265-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2003.04.16 14:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\games.JAMES-0T2PBMK1H\Data aplikac\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O2 - BHO: (Burn4Free Toolbar Helper) - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll ()
O3 - HKU\S-1-5-21-1614895754-2025429265-725345543-1004\..\Toolbar\WebBrowser: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll ()
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1614895754-2025429265-725345543-1004..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Nabdka Start\Programy\Po sputn\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\Uivatel\Nabdka Start\Programy\Po sputn\Run VNC Server.lnk = C:\Program Files\RealVNC\VNC4\winvnc4.exe (RealVNC Ltd.)
O4 - Startup: C:\Documents and Settings\Uivatel\Nabdka Start\Programy\Po sputn\wwwzuc32.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1614895754-2025429265-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKU\S-1-5-21-1614895754-2025429265-725345543-1004\..Trusted Domains: mojebanka.cz ([www] https in Dvryhodn servery)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 9015677671 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuln domovsk strnka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.03.18 19:30:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010.03.18 19:30:32 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (55745600305496064)

========== Files/Folders - Created Within 30 Days ==========

[2010.05.29 15:53:09 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.05.29 15:53:08 | 000,000,000 | ---D | C] -- C:\rsit
[2010.05.29 14:01:16 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010.05.29 14:01:16 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.05.29 14:01:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.05.29 14:01:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.05.29 14:01:16 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010.05.29 14:00:23 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010.05.22 20:39:42 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\changer.sys
[2010.05.22 20:39:42 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2010.05.14 19:03:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uivatel\Data aplikac\skypePM
[2010.05.05 10:23:48 | 000,000,000 | ---D | C] -- C:\Program Files\RealVNC
[2010.05.05 09:10:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uivatel\Data aplikac\dvdcss
[2010.05.05 08:42:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uivatel\Plocha\prozatm
[2010.05.04 19:34:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uivatel\Data aplikac\vlc
[2010.05.04 19:33:10 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010.05.04 15:23:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uivatel\Data aplikac\uTorrent
[2010.04.29 20:03:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uivatel\Data aplikac\Skype
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.05.29 15:56:51 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\Uivatel\Local Settings\Data aplikac\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.29 15:53:02 | 000,824,681 | ---- | M] () -- C:\Documents and Settings\Uivatel\Plocha\RSIT.exe
[2010.05.29 15:48:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.05.29 15:48:38 | 804,573,184 | -HS- | M] () -- C:\hiberfil.sys
[2010.05.29 15:47:39 | 003,670,016 | -H-- | M] () -- C:\Documents and Settings\Uivatel\NTUSER.DAT
[2010.05.29 15:47:39 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\Uivatel\ntuser.ini
[2010.05.29 14:00:31 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.05.29 14:00:31 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.05.29 14:00:31 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.05.29 14:00:31 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010.05.29 14:00:30 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010.05.29 12:59:55 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.05.27 18:09:01 | 000,091,395 | ---- | M] () -- C:\Documents and Settings\Uivatel\Plocha\Tak rzn 2005 - doma 021.JPG
[2010.05.27 18:08:39 | 000,106,916 | ---- | M] () -- C:\Documents and Settings\Uivatel\Plocha\Tak rzn 2005 - doma 002.JPG
[2010.05.27 18:07:13 | 000,094,034 | ---- | M] () -- C:\Documents and Settings\Uivatel\Plocha\prosinec 2006 022.JPG
[2010.05.27 18:04:08 | 000,153,156 | ---- | M] () -- C:\Documents and Settings\Uivatel\Plocha\bezen 2006 004.JPG
[2010.05.27 18:02:36 | 000,103,349 | ---- | M] () -- C:\Documents and Settings\Uivatel\Plocha\Bezen 2005 012.JPG
[2010.05.27 17:11:28 | 000,013,760 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.05.18 17:12:04 | 000,000,012 | ---- | M] () -- C:\Documents and Settings\Uivatel\intlname.ols
[2010.05.14 16:04:00 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Uivatel\Plocha\Sesit 2 (2).xls
[2010.05.14 16:03:29 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Uivatel\Plocha\Filmy.xls
[2010.05.14 15:53:04 | 000,001,187 | ---- | M] () -- C:\Documents and Settings\Uivatel\Plocha\Prvodn dopis.rtf
[2010.05.14 15:13:44 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\Uivatel\Plocha\ivotopis.doc
[2010.05.12 19:40:53 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.05.12 19:07:35 | 000,002,231 | ---- | M] () -- C:\Documents and Settings\Uivatel\Plocha\obchodn zstupce.rtf
[2010.05.12 18:50:17 | 000,001,499 | ---- | M] () -- C:\Documents and Settings\Uivatel\Plocha\Dokument.rtf
[2010.05.09 17:16:33 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Uivatel\Dokumenty\Vysvtlivky.doc
[2010.05.09 16:21:44 | 000,023,137 | ---- | M] () -- C:\Documents and Settings\Uivatel\Plocha\Don't.Look.Back.2009.720p.BluRay.x264-WiKi.torrent
[2010.05.06 13:56:38 | 000,000,548 | ---- | M] () -- C:\Documents and Settings\Uivatel\Plocha\Zstupce - Wow.lnk
[2010.05.05 10:25:32 | 000,000,723 | ---- | M] () -- C:\Documents and Settings\Uivatel\Nabdka Start\Programy\Po sputn\Run VNC Server.lnk
[2010.05.05 10:23:49 | 000,000,713 | ---- | M] () -- C:\Documents and Settings\Uivatel\Plocha\Run VNC Viewer.lnk
[2010.05.04 19:33:42 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\VLC media player.lnk
[2010.05.04 14:58:43 | 000,168,448 | ---- | M] () -- C:\Documents and Settings\Uivatel\Dokumenty\CETELEM R.doc
[2010.05.03 15:17:41 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Uivatel\Dokumenty\Pozvnk1.doc
[2010.05.03 15:17:25 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Uivatel\Dokumenty\Pozvnka.doc
[2010.04.29 20:03:49 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.05.29 15:56:37 | 000,824,681 | ---- | C] () -- C:\Documents and Settings\Uivatel\Plocha\RSIT.exe
[2010.05.29 12:59:55 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.05.27 18:09:00 | 000,091,395 | ---- | C] () -- C:\Documents and Settings\Uivatel\Plocha\Tak rzn 2005 - doma 021.JPG
[2010.05.27 18:08:39 | 000,106,916 | ---- | C] () -- C:\Documents and Settings\Uivatel\Plocha\Tak rzn 2005 - doma 002.JPG
[2010.05.27 18:07:13 | 000,094,034 | ---- | C] () -- C:\Documents and Settings\Uivatel\Plocha\prosinec 2006 022.JPG
[2010.05.27 18:04:08 | 000,153,156 | ---- | C] () -- C:\Documents and Settings\Uivatel\Plocha\bezen 2006 004.JPG
[2010.05.27 18:02:36 | 000,103,349 | ---- | C] () -- C:\Documents and Settings\Uivatel\Plocha\Bezen 2005 012.JPG
[2010.05.18 17:12:04 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\Uivatel\intlname.ols
[2010.05.14 15:53:04 | 000,001,187 | ---- | C] () -- C:\Documents and Settings\Uivatel\Plocha\Prvodn dopis.rtf
[2010.05.12 19:07:35 | 000,002,231 | ---- | C] () -- C:\Documents and Settings\Uivatel\Plocha\obchodn zstupce.rtf
[2010.05.09 17:16:33 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Uivatel\Dokumenty\Vysvtlivky.doc
[2010.05.09 16:21:48 | 000,023,137 | ---- | C] () -- C:\Documents and Settings\Uivatel\Plocha\Don't.Look.Back.2009.720p.BluRay.x264-WiKi.torrent
[2010.05.05 10:25:32 | 000,000,723 | ---- | C] () -- C:\Documents and Settings\Uivatel\Nabdka Start\Programy\Po sputn\Run VNC Server.lnk
[2010.05.05 10:23:49 | 000,000,713 | ---- | C] () -- C:\Documents and Settings\Uivatel\Plocha\Run VNC Viewer.lnk
[2010.05.04 19:33:42 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\VLC media player.lnk
[2010.05.04 19:01:38 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Uivatel\Plocha\Sesit 2 (2).xls
[2010.05.04 16:16:46 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Uivatel\Plocha\Filmy.xls
[2010.05.03 15:17:41 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Uivatel\Dokumenty\Pozvnk1.doc
[2010.05.03 15:17:25 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Uivatel\Dokumenty\Pozvnka.doc
[2010.03.20 15:42:58 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010.03.20 14:55:06 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2010.03.20 14:55:06 | 000,005,685 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2010.03.20 14:54:59 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2010.03.20 14:54:59 | 000,003,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2010.03.19 19:09:32 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2010.03.19 19:07:44 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2010.03.19 19:01:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2010.03.19 18:59:55 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010.03.19 18:59:54 | 000,016,152 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010.03.19 18:59:48 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2003.04.09 16:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010.03.26 19:53:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\games.JAMES-0T2PBMK1H\Data aplikac\QIP
[2010.03.20 21:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uivatel\Data aplikac\QIP
[2010.05.04 15:23:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uivatel\Data aplikac\uTorrent
[2010.03.20 19:28:04 | 000,000,472 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{391F672F-0390-47F7-B8BF-8FC56FA26AFA}.job

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 05:22:17 | 000,015,360 | ---- | M] (Microsoft Corporation)
"Google Update" = "C:\Documents and Settings\Uivatel\Local Settings\Data aplikac\Google\Update\GoogleUpdate.exe" /c -- [2010.03.20 14:31:50 | 000,136,176 | ---- | M] (Google Inc.)
"SpybotSD TeaTimer" = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe -- [2009.03.05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.)

< c:\windows\*.* /U >
[5 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010.03.20 16:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uivatel\Data aplikac\Adobe
[2010.03.20 16:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uivatel\Data aplikac\AdobeUM
[2010.03.20 16:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uivatel\Data aplikac\ATI
[2010.05.11 11:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uivatel\Data aplikac\dvdcss
[2010.03.18 19:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uivatel\Data aplikac\Identities
[2010.03.19 18:46:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uivatel\Data aplikac\Macromedia
[2010.03.20 16:27:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uivatel\Data aplikac\Malwarebytes
[2010.05.04 15:52:10 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Uivatel\Data aplikac\Microsoft
[2010.03.20 21:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uivatel\Data aplikac\QIP
[2010.05.14 20:11:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uivatel\Data aplikac\Skype
[2010.05.14 19:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uivatel\Data aplikac\skypePM
[2010.03.20 17:36:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uivatel\Data aplikac\Sun
[2010.05.04 15:23:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uivatel\Data aplikac\uTorrent
[2010.05.13 15:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uivatel\Data aplikac\vlc
[2010.03.20 19:07:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uivatel\Data aplikac\WinRAR

< %APPDATA%\*.exe /s >

< MD5 for: AGP440.SYS >
[2010.03.20 12:30:29 | 022,286,602 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010.03.23 13:03:13 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010.03.20 12:30:29 | 022,286,602 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2010.03.23 13:03:13 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.04 08:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2003.04.16 14:00:00 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2010.03.20 12:30:29 | 022,286,602 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010.03.23 13:03:13 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010.03.20 12:30:29 | 022,286,602 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2010.03.23 13:03:13 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 07:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: CDROM.SYS >
[2003.04.16 14:00:00 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:cdrom.sys
[2010.03.20 12:30:29 | 022,286,602 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2010.03.23 13:03:13 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2010.03.20 12:30:29 | 022,286,602 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:cdrom.sys
[2010.03.23 13:03:13 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004.08.04 07:59:52 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2004.08.18 00:49:03 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2004.08.18 00:49:06 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004.08.18 00:49:22 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: HAL.DLL >
[2003.04.16 14:00:00 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:hal.dll
[2010.03.20 12:30:29 | 022,286,602 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2010.03.23 13:03:13 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2010.03.20 12:30:29 | 022,286,602 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:hal.dll
[2010.03.23 13:03:13 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2008.04.13 20:31:28 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=6F61D3287A6A15A08A9433222C09D17F -- C:\WINDOWS\system32\HAL.DLL
[2004.08.04 07:59:09 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll

< MD5 for: CHANGER.SYS >
[2010.03.20 12:30:29 | 022,286,602 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2010.03.23 13:03:13 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2010.03.20 12:30:29 | 022,286,602 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:Changer.sys
[2010.03.23 13:03:13 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys
[2008.04.13 19:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\system32\dllcache\changer.sys
[2008.04.13 19:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\system32\drivers\changer.sys
[2004.08.04 08:00:12 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=DAF1A8193B6CAF0FB858CADCC5C4AF4A -- C:\WINDOWS\$NtServicePackUninstall$\changer.sys

< MD5 for: ISAPNP.SYS >
[2010.03.23 13:03:13 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2010.03.23 13:03:13 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2001.10.24 12:44:12 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
[2003.04.16 14:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2004.08.18 00:49:23 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004.08.04 08:14:28 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004.08.18 00:49:13 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004.08.18 00:49:16 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.18 00:49:27 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2004.08.18 00:49:27 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2006.04.20 13:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2GDR\tcpip.sys
[2006.04.20 13:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2003.04.16 14:00:00 | 000,332,928 | ---- | M] (Microsoft Corporation) MD5=244A2F9816BC9B593957281EF577D976 -- C:\WINDOWS\$NtUninstallKB917953_0$\tcpip.sys
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004.08.04 08:14:40 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006.04.20 14:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2004.08.18 00:49:27 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.18 00:49:27 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2004.08.18 00:49:20 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2006.05.19 14:40:46 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=3F8C60A9CBE3BA6B163E51A4D4397090 -- C:\WINDOWS\$NtUninstallKB922819_0$\ws2_32.dll
[2003.04.16 14:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=748494B94A871A828C64D1D5C738D2B7 -- C:\WINDOWS\$NtUninstallKB914388_0$\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010.02.11 06:46:14 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010.03.18 20:06:50 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010.03.18 20:06:50 | 000,606,208 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010.03.18 20:06:49 | 000,425,984 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[2010.02.11 06:46:14 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2010.05.29 14:00:30 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\deployJava1.dll
[2010.05.29 14:00:31 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\java.exe
[2010.05.29 14:00:31 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\javacpl.cpl
[2010.05.29 14:00:31 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\javaw.exe
[2010.05.29 14:00:31 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\javaws.exe
[2010.05.26 19:49:35 | 000,008,196 | ---- | M] () -- C:\WINDOWS\system32\TZLog.log
[2010.05.27 17:11:28 | 000,013,760 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report >

LOG EXTRAS

OTL Extras logfile created on: 29.5.2010 16:00:44 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = D:\DownloadsChrome
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: esk republika | Language: CSY | Date Format: d.M.yyyy

767,00 Mb Total Physical Memory | 396,00 Mb Available Physical Memory | 52,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29,29 Gb Total Space | 17,54 Gb Free Space | 59,88% Space Free | Partition Type: NTFS
Drive D: | 45,23 Gb Total Space | 7,07 Gb Free Space | 15,63% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JAMES-0T2PBMK1H
Current User Name: Uivatel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1614895754-2025429265-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Uivatel\Plocha\Instalaky\Obecn\Torrent\utorrent.exe" = C:\Documents and Settings\Uivatel\Plocha\Instalaky\Obecn\Torrent\utorrent.exe:*:Enabled:Torrent -- File not found
"D:\Torrent\utorrent.exe" = D:\Torrent\utorrent.exe:*:Enabled:Torrent -- (BitTorrent, Inc.)
"D:\Hry\World of Warcraft\Launcher.exe" = D:\Hry\World of Warcraft\Launcher.exe:*:Disabled:Blizzard Launcher -- File not found
"C:\Program Files\RealVNC\VNC4\vncviewer.exe" = C:\Program Files\RealVNC\VNC4\vncviewer.exe:*:Enabled:Run VNC Viewer -- (RealVNC Ltd.)
"C:\Program Files\RealVNC\VNC4\winvnc4.exe" = C:\Program Files\RealVNC\VNC4\winvnc4.exe:*:Enabled:winvnc4 -- (RealVNC Ltd.)
"C:\Program Files\RealVNC\VNC4\vncconfig.exe" = C:\Program Files\RealVNC\VNC4\vncconfig.exe:*:Enabled:vncconfig -- (RealVNC Ltd.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03ADC8AB-C130-0C3D-1FF9-2C385DF25689}" = CCC Help Czech
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07021185-008D-ABF9-7716-475AC035F8B3}" = CCC Help Spanish
"{0F8D0406-7755-AC37-6529-73AD649DBE32}" = Catalyst Control Center Graphics Previews Common
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22072CC8-7230-96F8-52F4-05EAF3F906B6}" = CCC Help Polish
"{2368ADBD-6FDF-4B9F-FE41-E20B4D78E79E}" = CCC Help Chinese Standard
"{25EF0DC4-B072-2E04-4581-A13C91423CE6}" = CCC Help Portuguese
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{26F7855C-443B-00A6-F7B8-A97A5403F617}" = CCC Help Danish
"{2CB4A925-48A7-DA65-DCEE-D4DE224B7D84}" = CCC Help English
"{306D75B9-7FFF-FF65-0C76-57F2FE4FE1D6}" = Catalyst Control Center Core Implementation
"{32B12FE4-5A51-751A-1FB6-A14E97EBDD5C}" = CCC Help German
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{351512E5-01BD-E878-6F57-AA3E517D9ECE}" = Skins
"{354A387E-0374-21A3-6832-335674A6D7D1}" = CCC Help French
"{3C00BEE9-26D0-D9E0-A2D1-62F70D412A12}" = CCC Help Turkish
"{4346F7AA-3D56-0941-424C-4454E04D37F6}" = CCC Help Italian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CAE2F2C-75CD-A0DE-7520-449BCBBCC833}" = CCC Help Korean
"{57F7F0A5-8F22-8E63-E819-803B5C9CA3A5}" = CCC Help Dutch
"{5EA437D2-7A57-B60E-E8F2-76BFAC0895A5}" = CCC Help Chinese Traditional
"{61AF4E75-050E-0304-3417-8BC16417FEB1}" = CCC Help Greek
"{632005DA-C291-5275-284C-5EE96B05C714}" = Catalyst Control Center HydraVision Full
"{6C72BE0C-3E25-CACD-0070-2FD9C02ABA14}" = ccc-core-preinstall
"{880BB617-914E-17E8-D877-A96BAC5794D2}" = Catalyst Control Center Graphics Full New
"{8897CF22-DB6C-8248-895C-12BFA2677F51}" = CCC Help Hungarian
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AC76BA86-7AD7-5464-3428-7E8A450000A7}" = Spelling Dictionaries For Adobe Reader Package
"{AF710FDE-2815-8C8D-5281-8004C2654AA6}" = CCC Help Russian
"{AFF2D965-C6F2-A210-FBF7-532612AA1D23}" = CCC Help Swedish
"{B21336EE-4AEF-9940-4AC7-EDB89854B8D3}" = CCC Help Thai
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BBA69346-61A1-BD34-E75A-4D81232DB1FE}" = Catalyst Control Center Localization All
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{BFD5ED08-F066-92D5-BE67-3B9AE5DCFF0C}" = CCC Help Japanese
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C4609F15-FB3C-D97E-BAA1-4F10815039C2}" = Catalyst Control Center Graphics Full Existing
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D01FAC3D-86B4-3A19-9D10-9156A0EB3EBE}" = CCC Help Finnish
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype 4.2
"{D73722C8-3F65-C75B-A631-5D36894DAB92}" = ccc-core-static
"{DDAD33B6-8C00-428D-087B-A7088355B9BE}" = Catalyst Control Center Graphics Light
"{E333F074-FC7F-596D-3D61-44F0EC28E8C0}" = ccc-utility
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA38F9E4-BED7-E021-B660-8FDFF7EC6E1A}" = CCC Help Norwegian
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = Softarov utilita ATI - Odinstalovat
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Burn4Free" = Burn4Free CD and DVD
"Burn4Free Toolbar" = Burn4Free Toolbar
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"RealVNC_is1" = VNC Free Edition 4.1.3
"VLC media player" = VLC media player 1.0.5
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1614895754-2025429265-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"QIP Infium" = QIP Infium 2.0.9032 RC4

Pokračování Extras

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 27.5.2010 11:13:57 | Computer Name = JAMES-0T2PBMK1H | Source = crypt32 | ID = 131075
Description = Naten automatick aktualizace souboru CAB koenovho seznamu jinho
vrobce z: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdailo. Chyba: Dan operace se vrtila, protoe vyprel asov limit.

Error - 28.5.2010 6:11:02 | Computer Name = JAMES-0T2PBMK1H | Source = WinVNC4 | ID = 1
Description = ManagedListener: unable to bind listening socket: Normln je povoleno
pouze jedno pouit kad adresy (protokolu, sov adresy, portu) soketu. (10048)

Error - 28.5.2010 6:11:02 | Computer Name = JAMES-0T2PBMK1H | Source = WinVNC4 | ID = 1
Description = ManagedListener: unable to bind listening socket: Normln je povoleno
pouze jedno pouit kad adresy (protokolu, sov adresy, portu) soketu. (10048)

Error - 28.5.2010 6:11:02 | Computer Name = JAMES-0T2PBMK1H | Source = WinVNC4 | ID = 1
Description = ManagedListener: unable to bind listening socket: Normln je povoleno
pouze jedno pouit kad adresy (protokolu, sov adresy, portu) soketu. (10048)

Error - 29.5.2010 3:12:27 | Computer Name = JAMES-0T2PBMK1H | Source = WinVNC4 | ID = 1
Description = ManagedListener: unable to bind listening socket: Normln je povoleno
pouze jedno pouit kad adresy (protokolu, sov adresy, portu) soketu. (10048)

Error - 29.5.2010 3:12:27 | Computer Name = JAMES-0T2PBMK1H | Source = WinVNC4 | ID = 1
Description = ManagedListener: unable to bind listening socket: Normln je povoleno
pouze jedno pouit kad adresy (protokolu, sov adresy, portu) soketu. (10048)

Error - 29.5.2010 3:12:27 | Computer Name = JAMES-0T2PBMK1H | Source = WinVNC4 | ID = 1
Description = ManagedListener: unable to bind listening socket: Normln je povoleno
pouze jedno pouit kad adresy (protokolu, sov adresy, portu) soketu. (10048)

Error - 29.5.2010 7:39:28 | Computer Name = JAMES-0T2PBMK1H | Source = WinVNC4 | ID = 1
Description = ManagedListener: unable to bind listening socket: Normln je povoleno
pouze jedno pouit kad adresy (protokolu, sov adresy, portu) soketu. (10048)

Error - 29.5.2010 7:39:28 | Computer Name = JAMES-0T2PBMK1H | Source = WinVNC4 | ID = 1
Description = ManagedListener: unable to bind listening socket: Normln je povoleno
pouze jedno pouit kad adresy (protokolu, sov adresy, portu) soketu. (10048)

Error - 29.5.2010 7:39:28 | Computer Name = JAMES-0T2PBMK1H | Source = WinVNC4 | ID = 1
Description = ManagedListener: unable to bind listening socket: Normln je povoleno
pouze jedno pouit kad adresy (protokolu, sov adresy, portu) soketu. (10048)

[ System Events ]
Error - 5.5.2010 4:52:48 | Computer Name = JAMES-0T2PBMK1H | Source = DCOM | ID = 10005
Description = Sluba DCOM zjistila chybu %1058 pi pokusu o sputn sluby helpsvc
s argumenty za elem sputn serveru: {833E4010-AFF7-4AC3-AAC2-9F24C1457BCE}

Error - 5.5.2010 10:22:15 | Computer Name = JAMES-0T2PBMK1H | Source = Windows Update Agent | ID = 20
Description = Instalace se nezdaila: Instalace nsledujc aktualizace se nezdaila
z dvodu chyby (0x80070003): Aktualizace zabezpeen systmu Windows XP (KB980232).

Error - 6.5.2010 8:23:21 | Computer Name = JAMES-0T2PBMK1H | Source = DCOM | ID = 10005
Description = Sluba DCOM zjistila chybu %1058 pi pokusu o sputn sluby helpsvc
s argumenty za elem sputn serveru: {833E4010-AFF7-4AC3-AAC2-9F24C1457BCE}

Error - 6.5.2010 8:51:50 | Computer Name = JAMES-0T2PBMK1H | Source = Windows Update Agent | ID = 20
Description = Instalace se nezdaila: Instalace nsledujc aktualizace se nezdaila
z dvodu chyby (0x80070003): Aktualizace zabezpeen systmu Windows XP (KB980232).

Error - 6.5.2010 10:50:36 | Computer Name = JAMES-0T2PBMK1H | Source = Windows Update Agent | ID = 20
Description = Instalace se nezdaila: Instalace nsledujc aktualizace se nezdaila
z dvodu chyby (0x80070003): Aktualizace zabezpeen systmu Windows XP (KB980232).

Error - 6.5.2010 11:33:28 | Computer Name = JAMES-0T2PBMK1H | Source = Windows Update Agent | ID = 20
Description = Instalace se nezdaila: Instalace nsledujc aktualizace se nezdaila
z dvodu chyby (0x80070003): Aktualizace zabezpeen systmu Windows XP (KB980232).

Error - 9.5.2010 4:11:51 | Computer Name = JAMES-0T2PBMK1H | Source = Windows Update Agent | ID = 20
Description = Instalace se nezdaila: Instalace nsledujc aktualizace se nezdaila
z dvodu chyby (0x80070003): Aktualizace zabezpeen systmu Windows XP (KB980232).

Error - 9.5.2010 11:39:01 | Computer Name = JAMES-0T2PBMK1H | Source = Windows Update Agent | ID = 20
Description = Instalace se nezdaila: Instalace nsledujc aktualizace se nezdaila
z dvodu chyby (0x80070003): Aktualizace zabezpeen systmu Windows XP (KB980232).

Error - 11.5.2010 3:23:01 | Computer Name = JAMES-0T2PBMK1H | Source = Service Control Manager | ID = 7011
Description = Vyprel asov limit (30000 milisekund) ekn na odezvu transakce
sluby AntiVirSchedulerService.

Error - 11.5.2010 9:15:38 | Computer Name = JAMES-0T2PBMK1H | Source = Windows Update Agent | ID = 20
Description = Instalace se nezdaila: Instalace nsledujc aktualizace se nezdaila
z dvodu chyby (0x80070003): Aktualizace zabezpeen systmu Windows XP (KB980232).

< End of report >

Spusťte OTL a do spodního okna vložte následující skript.

Kód: Vybrat vše

:OTL
IE - HKU\S-1-5-21-1614895754-2025429265-725345543-1004\..\URLSearchHook: - Reg Error: Key error. File not found
O4 - Startup: C:\Documents and Settings\Uivatel\Nabdka Start\Programy\Po sputn\wwwzuc32.exe ()
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

:Commands
[EMPTYTEMP] 
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[CREATERESTOREPOINT]

Poté klikněte na Opravit, PC se restartuje, log vložte sem.

Obrázek

Doporučuji odinstalovat:
D:\Torrent\utorrent.exe

P2P sítě a jejich klienti jsou potenciálním bezpečnostním rizikem, prakticky neustále jsou zdrojem virů, zbytečně se vystavujete riziku.

Tady je log. Jinak Avira mi dokola hlásí červa: bezop.zz
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1614895754-2025429265-725345543-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
File C:\Documents and Settings\Uivatel\Nabdka Start\Programy\Po sputn\wwwzuc32.exe not found.
C:\WINDOWS\002147_.tmp deleted successfully.
C:\WINDOWS\005364_.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET7.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: games

User: games.JAMES-0T2PBMK1H
->Temp folder emptied: 33612630 bytes
->Temporary Internet Files folder emptied: 27378112 bytes
->Java cache emptied: 3576369 bytes
->Google Chrome cache emptied: 47553007 bytes
->Flash cache emptied: 5902 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes

User: Uivatel
->Temp folder emptied: 52608020 bytes
->Temporary Internet Files folder emptied: 204430866 bytes
->Java cache emptied: 5276736 bytes
->Google Chrome cache emptied: 232700478 bytes
->Flash cache emptied: 11666 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18900165 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 12999926 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33728 bytes
RecycleBin emptied: 4462484542 bytes

Total Files Cleaned = 4865,00 mb

[EMPTYFLASH]

User: All Users

User: Default User

User: games

User: games.JAMES-0T2PBMK1H
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Uivatel
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

Restore points cleared and new OTL Restore Point set!
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

OTL by OldTimer - Version 3.2.5.0 log created on 06022010_151631

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Kde přesně Avira vir hlásí

Programy po spuštění.

Dejte nový log z RSIT.

A po použití OTL a restartu to začalo házet Agenty a Trojany v system32. Jdu na ten Log z RSIT

Logfile of random's system information tool 1.07 (written by random/random)
Run by Uivatel at 2010-06-02 19:27:20
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 21 GB (69%) free of 30 GB
Total RAM: 767 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:27:27, on 2.6.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Uivatel\Local Settings\Data aplikac\Google\Update\GoogleUpdate.exe
C:\Program Files\RealVNC\VNC4\winvnc4.exe
C:\Documents and Settings\Uivatel\Local Settings\Data aplikac\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\services.exe
C:\Documents and Settings\Uivatel\Plocha\RSIT.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\services.exe
C:\Program Files\trend micro\Uivatel.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\netsh.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = start.qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\games.JAMES-0T2PBMK1H\Data aplikac\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\games.JAMES-0T2PBMK1H\Data aplikac\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Uivatel\Local Settings\Data aplikac\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Run VNC Server.lnk = C:\Program Files\RealVNC\VNC4\winvnc4.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informac - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP Infium - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP Infium\infium.exe (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9015677671
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipamti kategori soust - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 7644 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-2025429265-725345543-1004Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-2025429265-725345543-1004UA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-2025429265-725345543-1005Core.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{391F672F-0390-47F7-B8BF-8FC56FA26AFA}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Documents and Settings\games.JAMES-0T2PBMK1H\Data aplikac\Microsoft\Internet Explorer\qipsearchbar.dll [2009-07-14 150768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
Burn4Free Toolbar Helper - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll [2010-03-20 815104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-29 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-29 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - Burn4Free Toolbar - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll [2010-03-20 815104]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-03-04 16006656]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-04 69632]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-11 61440]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"services"=C:\WINDOWS\services.exe [2010-06-02 55808]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=C:\Documents and Settings\Uivatel\Local Settings\Data aplikac\Google\Update\GoogleUpdate.exe [2010-03-20 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2010-03-30 1820040]

C:\Documents and Settings\All Users\Nabdka Start\Programy\Po sputn
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Documents and Settings\Uivatel\Nabdka Start\Programy\Po sputn
Run VNC Server.lnk - C:\Program Files\RealVNC\VNC4\winvnc4.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-02-11 155648]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Documents and Settings\Uivatel\Plocha\Instalaky\Obecn\Torrent\utorrent.exe"="C:\Documents and Settings\Uivatel\Plocha\Instalaky\Obecn\Torrent\utorrent.exe:*:Enabled:Torrent"
"D:\Torrent\utorrent.exe"="D:\Torrent\utorrent.exe:*:Enabled:Torrent"
"D:\Hry\World of Warcraft\Launcher.exe"="D:\Hry\World of Warcraft\Launcher.exe:*:Disabled:Blizzard Launcher"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\RealVNC\VNC4\vncviewer.exe"="C:\Program Files\RealVNC\VNC4\vncviewer.exe:*:Enabled:Run VNC Viewer"
"C:\Program Files\RealVNC\VNC4\winvnc4.exe"="C:\Program Files\RealVNC\VNC4\winvnc4.exe:*:Enabled:winvnc4"
"C:\Program Files\RealVNC\VNC4\vncconfig.exe"="C:\Program Files\RealVNC\VNC4\vncconfig.exe:*:Enabled:vncconfig"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-06-02 18:41:27 ----A---- C:\WINDOWS\services.exe
2010-05-29 15:53:09 ----D---- C:\Program Files\trend micro
2010-05-29 15:53:08 ----D---- C:\rsit
2010-05-29 14:01:16 ----A---- C:\WINDOWS\system32\javaws.exe
2010-05-29 14:01:16 ----A---- C:\WINDOWS\system32\javaw.exe
2010-05-29 14:01:16 ----A---- C:\WINDOWS\system32\java.exe
2010-05-29 14:01:16 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-05-29 14:00:23 ----D---- C:\Program Files\Java
2010-05-29 13:04:03 ----A---- C:\mbam-error.txt
2010-05-26 19:43:12 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2010-05-14 19:03:46 ----D---- C:\Documents and Settings\Uivatel\Data aplikac\skypePM
2010-05-12 19:40:47 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-05-05 10:23:48 ----D---- C:\Program Files\RealVNC
2010-05-05 09:10:29 ----D---- C:\Documents and Settings\Uivatel\Data aplikac\dvdcss
2010-05-04 19:34:14 ----D---- C:\Documents and Settings\Uivatel\Data aplikac\vlc
2010-05-04 19:33:10 ----D---- C:\Program Files\VideoLAN
2010-05-04 15:23:51 ----D---- C:\Documents and Settings\Uivatel\Data aplikac\uTorrent

======List of files/folders modified in the last 1 months======

2010-06-02 19:27:26 ----D---- C:\WINDOWS
2010-06-02 18:53:54 ----D---- C:\WINDOWS\system32\Lang
2010-06-02 18:50:32 ----D---- C:\WINDOWS\Temp
2010-06-02 18:50:29 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-02 18:49:24 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-06-02 18:48:22 ----D---- C:\Documents and Settings\All Users\Data aplikac\Spybot - Search & Destroy
2010-06-02 18:41:25 ----D---- C:\WINDOWS\system32
2010-06-02 15:18:43 ----SHD---- C:\System Volume Information
2010-06-02 15:18:43 ----D---- C:\WINDOWS\system32\Restore
2010-05-29 18:42:39 ----D---- C:\WINDOWS\system32\config
2010-05-29 15:53:09 ----RD---- C:\Program Files
2010-05-29 15:48:30 ----HDC---- C:\WINDOWS\$NtUninstallWdf01005$
2010-05-29 15:48:30 ----D---- C:\WINDOWS\system32\drivers
2010-05-29 14:02:02 ----SHD---- C:\WINDOWS\Installer
2010-05-29 13:03:58 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-05-26 19:49:35 ----HD---- C:\WINDOWS\inf
2010-05-22 20:39:57 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-05-14 20:11:20 ----D---- C:\Documents and Settings\Uivatel\Data aplikac\Skype
2010-05-12 19:40:53 ----A---- C:\WINDOWS\imsins.BAK
2010-05-12 19:40:49 ----D---- C:\Program Files\Outlook Express
2010-05-12 15:30:08 ----HD---- C:\WINDOWS\$hf_mig$
2010-05-04 15:52:10 ----SD---- C:\Documents and Settings\Uivatel\Data aplikac\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Ovlada procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 42496]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2005-12-22 5685]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-03-21 56816]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-02-11 3565056]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [2005-06-23 43008]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-02-03 26176]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-03-04 4244480]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 usbehci;Ovlada miniportu rozenho radie hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozboova umonujc USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovlada Microsoft univerzlnho hostitelskho adie USB od spolenosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2005-01-06 6912]
R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2005-06-07 11264]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-02 17536]
S3 USBSTOR;Ovlada velkokapacitnho pamovho zazen USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-02-11 602112]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-05-29 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2008-10-15 439632]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2010-02-10 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary
Vložte do PC všechny flash disky, které používáte.
Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrazí stránka s licenčními podmínkami, pokračujte stisknutím tlačítka "Ano"
Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna
Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.
Během skenování může být počítač restartován.

ComboFix 10-06-02.04 - Uivatel 03.06.2010 18:11:48.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.767.487 [GMT 2:00]
Sputn z: c:\documents and settings\Uivatel\Plocha\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Vytvoen nov Bod Obnoven
.

((((((((((((((((((((((((((((((((((((((( Ostatn vmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\file.bat
c:\windows\services.exe

.
((((((((((((((((((((((((( Soubory vytvoen od 2010-05-03 do 2010-06-03 )))))))))))))))))))))))))))))))
.

2010-06-02 14:57 . 2010-06-02 14:57 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-05-29 13:53 . 2010-06-02 17:27 -------- d-----w- c:\program files\trend micro
2010-05-29 13:53 . 2010-05-29 13:53 -------- d-----w- C:\rsit
2010-05-29 12:01 . 2010-05-29 12:00 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-29 12:00 . 2010-05-29 12:00 -------- d-----w- c:\program files\Java
2010-05-22 18:39 . 2008-04-13 17:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-05-22 18:39 . 2008-04-13 17:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-05-05 08:23 . 2010-05-05 08:23 -------- d-----w- c:\program files\RealVNC
2010-05-04 17:33 . 2010-05-04 17:33 -------- d-----w- c:\program files\VideoLAN

.
(((((((((((((((((((((((((((((((((((((((( Find3M vpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-02 16:49 . 2010-03-20 16:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-29 11:03 . 2010-03-20 14:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-29 13:39 . 2010-03-20 14:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2010-03-20 14:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-26 16:54 . 2003-04-16 12:00 79242 ----a-w- c:\windows\system32\perfc005.dat
2010-04-26 16:54 . 2003-04-16 12:00 432278 ----a-w- c:\windows\system32\perfh005.dat
2010-04-11 17:42 . 2010-03-20 17:12 -------- d-----w- c:\program files\Burn4Free
2010-04-11 09:59 . 2010-04-11 09:59 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2010-04-11 09:59 . 2010-04-11 09:59 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-04-08 10:52 . 2010-04-08 10:52 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-26 17:59 . 2010-03-26 17:59 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-03-21 16:38 . 2010-03-20 14:20 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-03-20 17:13 . 2010-03-20 17:13 234071 ----a-w- c:\windows\Burn4Free_Toolbar_Uninstaller_8015.exe
2010-03-20 13:29 . 2010-03-20 13:29 0 ----a-w- c:\windows\ativpsrm.bin
2010-03-20 10:38 . 2010-03-18 17:30 76487 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2010-03-20 10:38 . 2010-03-18 17:30 2676 ----a-w- c:\windows\PCHealth\HelpCtr\PackageStore\SkuStore.bin
2010-03-20 10:36 . 2010-03-18 17:30 8972 ----a-w- c:\windows\PCHealth\HelpCtr\Config\Cntstore.bin
2010-03-18 17:28 . 2010-03-18 17:28 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-10 06:17 . 2003-04-16 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
.

(((((((((((((((((((((((((((((((((( Spoutc body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznmka* przdn zznamy a legitimn vchoz daje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
2010-03-20 17:13 815104 ----a-w- c:\program files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "c:\program files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll" [2010-03-20 815104]

[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "c:\program files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll" [2010-03-20 815104]

[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Uivatel\Local Settings\Data aplikac\Google\Update\GoogleUpdate.exe" [2010-03-20 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-04 16006656]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Uivatel\Nabdka Start\Programy\Po sputn\
Run VNC Server.lnk - c:\program files\RealVNC\VNC4\winvnc4.exe [2010-5-5 439632]

c:\documents and settings\All Users\Nabdka Start\Programy\Po sputn\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2010-03-30 09:16 1820040 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Torrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\vncconfig.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [20.3.2010 16:20 108289]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [30.3.2010 11:16 1107336]
.
Obsah adrese 'Naplnovan lohy'

2010-03-20 c:\windows\Tasks\User_Feed_Synchronization-{391F672F-0390-47F7-B8BF-8FC56FA26AFA}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Doplkov sken -------
.
uStart Page = start.qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\www
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-03 18:15
Windows 5.1.2600 Service Pack 3 NTFS

skenovn skrytch proces ...

skenovn skrytch poloek 'Po sputn' ...

skenovn skrytch soubor ...

sken byl spen dokonen
skryt soubory: 0

**************************************************************************
.
--------------------- ZAMKNUT KLE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="CE626E35124B4403517512336D87330590B6C8A4BD8E200E0DDEC56B6516C2DAE220D46DCA9B96AC2FFC657CA6778AB9C22BE0CB9C8D05A92882D1F22A862CA4F7825E0BE39510747CE413CFFED8962D263F76D6B1C23A71D135F45BDB119DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CFEBC9E127BECC74CA2D97226D213B5558A9D966ED76361D76C305F207E2A8CCC4611AE3B7899DDBA8710A98A3FB491ACD76EF7DF0EC2DD49D020F5F7A700EF69CEDFFBB4B318F47451162AA69B733411E509D26508543BA9A9E7E335663F1635D319F1047B3E1C5E5BE1C52D8EE8C7F21C5AFD179BC023A19D3148189EDDC28D5DC2992C676F4EAB2E780C087D821EF6248336649C23DFED1A5CA6B13744D864B79862868C002A239613F4F2D2A42D5A6CDA9A0EE78C62DECCF969699CCEE1BE720B1B3D0CBA709E271E5C7E7B2592EAA769ADAA5A003D5828515BF9BDCF0AB5E23DFA52035E860C34B87D10EACE8B8B4A6CD7A357772AD164DCADF20F8AA37720069917179BF7EDD639FCE01462FA3590D5E336455C83D9FCCB743688BAA2C386F176337119F15A6CA761FC7290E7F1F6CB01748F904A8E3000287A248A207135BF71A4BE7145FB963F14C483827D62C0A64344A36721250111A44B621D5A681263D0B92FB1E99138F2636E49D20A38F275A1DFF4A9D0E53848AC874706AFA645843E17F75C786CFDE48281471002BB58F6F8D4FA92C52C5FA36161DACE26BDB97E46B3D0E6AFF252EE085B0ABC7AC680A30683AE520FE845D6CC5F277566D120DF59DBF63C70A0E79D6DAC9D50AE4B3BA46DA40F0CE0227E48DB5CBDE93F1E6C6E4F2EABB9C002B23011F81436FEC99E55383FA0D9936DE0925D87B0909EED579EDF20B2B24C3AEC9D361C024DEBDA0749CE32E64622F6098387E398C41CA35C9F297854EA5E7E928B03BF02689E2A91C503AE6FD22C02D59EF0489151ED343CCDAD53DD1EE99BE55881E5B24F6076204387BBC77076E06999185EB9F7F3287B3E50A0217A066DEA9420E3B4BB2112D8707232810AE9FAAB5FDB26366E2C9EE0385B2470A06A676D833262AC5DF3E6A6AD41BFB47B104E470E01F1ADDCBD47F9377C7426A7F68FF61F6C5CC5D70E6DB69252E67C131B6AABF82FE74CDFF0E795EA467F1F1A2C80DA136AA4AD414CB6FA6669FC75165C720D267403418A32D9C8B62C83BAF331682EBF2B6015A4AC65AAA72D2C443D4EA1E0D0409340DF920B6BB109945D294F88C8BA0F06B10152AF4088A9F00E320C416266E63A8159C6FA1AA8989AF09F7338C9CBDE63BECA0463F76CCD9EFE17D4339189227040E3A841B4997ED0E1303161916FC39A7767ACDDD5EE6D5AC3FE0D6BB1110CFCBC61B3055F"
.
--------------------- Knihovny navzan na bc procesy ---------------------

- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\Ati2evxx.dll
.
Celkov as: 2010-06-03 18:16:41
ComboFix-quarantined-files.txt 2010-06-03 16:16

Ped sputnm: Volnch bajt: 21574983680
Po sputn: Volnch bajt: 21540454400

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 667047F3655994884F868887296F7F59

VIRY.CZ

svchost.exe si bere 99% z CPU

svchost.exe si bere 99% z CPU

Re: svchost.exe si bere 99% z CPU

Re: svchost.exe si bere 99% z CPU

Re: svchost.exe si bere 99% z CPU

Re: svchost.exe si bere 99% z CPU

Re: svchost.exe si bere 99% z CPU

Re: svchost.exe si bere 99% z CPU

Re: svchost.exe si bere 99% z CPU

Re: svchost.exe si bere 99% z CPU

Re: svchost.exe si bere 99% z CPU

Re: svchost.exe si bere 99% z CPU

Re: svchost.exe si bere 99% z CPU

Re: svchost.exe si bere 99% z CPU

Re: svchost.exe si bere 99% z CPU

Re: svchost.exe si bere 99% z CPU