VIRY.CZ

Dobrý den, chtěla bych poprosit o kontrolu logu. Asi tak před 14 dny jsem si do počítače zanesla vir, který se projevoval zejména postupným zpomalením systému. Další znak byl, že jsem nemohla ručně zadat háček (tzn. nad d, t, n), vždy se mi podařilo toto: ˇˇd. Mám Eset SmartSecurity 4, ale ten nic nenalezl. Vyzkoušela jsem tedy další programy, ale většinou to bylo bez úspěchu. Nakonec jsem na radu známého nainstalovala Ad aware a po následném skenu mi to infekci nalezlo a vyléčilo. Jen co jsem restartovala PC, vyzkoušela jsem háčky a ty fungovaly zase normálně. Totéž platilo o systému - žádné zasekávání, běžel plynule. Jásala jsem jako blázen, ale pak jsem spustila internet a problém je znovu na světě. Systém sice ještě pořád není tak zpomalený jako na počátku, ale stále se to zhoršuje. Moc Vás prosím o radu, jsem už zoufalá.

Tady je log z RSIT:
Logfile of random's system information tool 1.07 (written by random/random)
Run by Adela at 2010-06-03 13:04:11
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 24 GB (16%) free of 153 GB
Total RAM: 895 MB (14% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:04:48, on 3.6.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\winuptdt.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Adela\Plocha\RootkitRevealer.exe
C:\DOCUME~1\Adela\LOCALS~1\Temp\KNKSY.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Adela\Plocha\RSIT.exe
C:\Program Files\trend micro\Adela.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://hosting.conduit.com/Uninstall?to ... 4.5.190.19
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [AdobeUpdateTimer2] C:\WINDOWS\system32\winuptdt.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WebCapture.dll2.htm
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WebCapture.dll1.htm
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WebCapture.dll.htm
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Capture Selection - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Capture Selection - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Save as HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Save as HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Save Selected Text - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Save Selected Text - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe
O23 - Service: DCFPZMZ - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Adela\LOCALS~1\Temp\DCFPZMZ.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Služba Google Update (gupdate1c9cbea58d66080) (gupdate1c9cbea58d66080) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KNKSY - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Adela\LOCALS~1\Temp\KNKSY.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WLXW - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Adela\LOCALS~1\Temp\WLXW.exe

--
End of file - 9220 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-31 7634944]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-31 86016]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-02-26 16125440]
"SkyTel"=SkyTel.EXE []
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe []
"Samsung PanelMgr"=C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe [2008-08-08 536576]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-11-16 2054360]
"AdobeUpdateTimer2"=C:\WINDOWS\system32\winuptdt.exe [2010-05-11 375296]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-04-13 1135912]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe [2008-02-26 443968]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

C:\Documents and Settings\Adela\Nabídka Start\Programy\Po spuštění
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoResolveSearch"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0834aa4b-54b3-11dd-81c4-001bfc79fc75}]
shell\AutoRun\command - E:\RunGame.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75eef887-bafd-11de-8631-001bfc79fc75}]
shell\AutoRun\command - F:\RunGame.exe


======List of files/folders created in the last 1 months======

2010-06-03 13:04:11 ----D---- C:\rsit
2010-06-03 01:18:40 ----SHD---- C:\found.000
2010-06-03 00:58:38 ----HDC---- C:\WINDOWS\ie8
2010-06-03 00:37:45 ----D---- C:\Program Files\WinClamAVShield
2010-06-03 00:34:49 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2010-06-03 00:34:35 ----D---- C:\Program Files\Spyware Terminator
2010-06-02 22:06:36 ----D---- C:\SOPHTEMP
2010-06-02 17:57:58 ----D---- C:\Program Files\Trend Micro
2010-06-02 17:33:44 ----D---- C:\Program Files\CCleaner
2010-06-02 17:17:45 ----HDC---- C:\Documents and Settings\All Users\Data aplikací\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-06-02 17:16:15 ----D---- C:\Program Files\Lavasoft
2010-06-02 17:15:30 ----D---- C:\Program Files\Prevx
2010-06-02 17:15:25 ----D---- C:\Documents and Settings\All Users\Data aplikací\PrevxCSI
2010-06-02 17:15:24 ----A---- C:\WINDOWS\wininit.ini
2010-05-26 23:17:32 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2010-05-26 20:45:07 ----D---- C:\Documents and Settings\Adela\Data aplikací\IObit
2010-05-25 21:15:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\IObit
2010-05-25 21:14:52 ----D---- C:\Program Files\IObit
2010-05-22 01:16:40 ----D---- C:\WINDOWS\system32\NtmsData
2010-05-22 01:05:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\Avira
2010-05-21 18:24:02 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-05-20 23:14:12 ----D---- C:\Documents and Settings\All Users\Data aplikací\Symantec
2010-05-20 23:14:12 ----D---- C:\Documents and Settings\All Users\Data aplikací\Norton
2010-05-20 23:14:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\NortonInstaller
2010-05-20 20:24:26 ----D---- C:\Documents and Settings\Adela\Data aplikací\DivX
2010-05-20 20:23:51 ----N---- C:\WINDOWS\system32\pxsfs.dll
2010-05-20 20:23:51 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2010-05-20 20:23:51 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2010-05-20 20:23:51 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2010-05-20 20:23:51 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2010-05-20 20:23:51 ----N---- C:\WINDOWS\system32\pxafs.dll
2010-05-20 20:13:25 ----D---- C:\Documents and Settings\All Users\Data aplikací\DivX
2010-05-14 17:31:27 ----A---- C:\WINDOWS\system32\Probability.txt
2010-05-13 19:31:11 ----A---- C:\WINDOWS\system32\winuptdt.exe
2010-05-13 19:31:11 ----A---- C:\WINDOWS\system32\stateprogram.txt
2010-05-13 19:31:10 ----A---- C:\WINDOWS\system32\Day.txt
2010-05-12 14:04:03 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$

======List of files/folders modified in the last 1 months======

2010-06-03 13:04:20 ----D---- C:\WINDOWS\Temp
2010-06-03 13:04:15 ----D---- C:\WINDOWS\Prefetch
2010-06-03 12:48:15 ----D---- C:\Program Files\Mozilla Firefox
2010-06-03 12:47:48 ----D---- C:\WINDOWS\system32
2010-06-03 12:44:11 ----D---- C:\WINDOWS\system32\drivers
2010-06-03 12:40:55 ----SD---- C:\WINDOWS\Tasks
2010-06-03 12:38:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-03 08:19:05 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-03 08:08:44 ----D---- C:\WINDOWS
2010-06-03 01:25:56 ----HD---- C:\WINDOWS\inf
2010-06-03 01:25:55 ----D---- C:\WINDOWS\system32\CatRoot
2010-06-03 01:19:53 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-06-03 01:19:53 ----D---- C:\WINDOWS\Help
2010-06-03 01:19:53 ----D---- C:\Program Files\Internet Explorer
2010-06-03 00:59:01 ----D---- C:\WINDOWS\WBEM
2010-06-03 00:59:01 ----D---- C:\WINDOWS\system32\cs-cz
2010-06-03 00:58:59 ----D---- C:\WINDOWS\Media
2010-06-03 00:54:52 ----RD---- C:\Program Files
2010-06-03 00:54:52 ----HD---- C:\Program Files\InstallShield Installation Information
2010-06-03 00:53:27 ----D---- C:\WINDOWS\Debug
2010-06-02 21:02:56 ----D---- C:\WINDOWS\ie7updates
2010-06-02 20:54:05 ----D---- C:\Program Files\BitComet
2010-06-02 20:39:18 ----D---- C:\Program Files\BSPlayer
2010-06-02 20:25:51 ----SHD---- C:\WINDOWS\Installer
2010-06-02 20:25:51 ----D---- C:\Program Files\Google
2010-06-02 19:50:37 ----D---- C:\Documents and Settings
2010-06-02 19:02:24 ----D---- C:\Program Files\Sukoku
2010-06-02 17:44:05 ----D---- C:\WINDOWS\Minidump
2010-06-02 17:25:46 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-06-02 17:16:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2010-06-02 16:19:55 ----D---- C:\Program Files\Eset
2010-05-22 01:19:10 ----SHD---- C:\System Volume Information
2010-05-22 01:16:40 ----D---- C:\WINDOWS\repair
2010-05-22 01:16:33 ----D---- C:\WINDOWS\Registration
2010-05-22 01:03:51 ----D---- C:\WINDOWS\WinSxS
2010-05-21 18:24:02 ----D---- C:\Program Files\Common Files
2010-05-20 20:25:10 ----D---- C:\Program Files\DivX
2010-05-20 20:22:13 ----D---- C:\Program Files\Common Files\DivX Shared
2010-05-19 19:47:47 ----D---- C:\Documents and Settings\Adela\Data aplikací\ICQ
2010-05-17 20:32:33 ----D---- C:\Documents and Settings\Adela\Data aplikací\Skype
2010-05-17 20:19:19 ----D---- C:\Documents and Settings\Adela\Data aplikací\skypePM
2010-05-12 14:04:45 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-05-12 14:04:06 ----D---- C:\Program Files\Outlook Express
2010-05-12 13:16:53 ----HD---- C:\WINDOWS\$hf_mig$
2010-05-10 22:44:54 ----A---- C:\WINDOWS\NeroDigital.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2009-11-16 55768]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-05-13 79488]
R2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys []
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-11-16 116520]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2009-12-18 135048]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2010-01-08 33096]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-03-01 4484608]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2008-05-27 96896]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-11 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-31 3964256]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-09-27 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-09-27 19968]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-18 26624]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-18 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-18 17024]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S2 SSPORT;SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys []
S3 FileObjInfo;STFileDriver; \??\C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator\FileObjInfo.sys []
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\Adela\LOCALS~1\Temp\VYM648.tmp []
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\SophosMEMSWEEP.SYS []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 uwtdrpob;uwtdrpob; \??\C:\DOCUME~1\Adela\LOCALS~1\Temp\uwtdrpob.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2006-03-30 96341]
R2 CSIScanner;CSIScanner; C:\Program Files\Prevx\prevx.exe [2010-06-02 4150840]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-11-16 735960]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-06-02 1314704]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-31 155715]
R3 KNKSY;KNKSY; C:\DOCUME~1\Adela\LOCALS~1\Temp\KNKSY.exe [2010-06-03 387968]
S2 gupdate1c9cbea58d66080;Služba Google Update (gupdate1c9cbea58d66080); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-03 133104]
S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-03-04 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DCFPZMZ;DCFPZMZ; C:\DOCUME~1\Adela\LOCALS~1\Temp\DCFPZMZ.exe [2010-06-03 498560]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-11-16 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-07 182768]
S3 icxihoxkrwuq;icxihoxkrwuq; C:\WINDOWS\system32\drivers\icxihoxkrwuq.sys [2010-06-03 8704]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iwrtmfgxodyp;iwrtmfgxodyp; C:\WINDOWS\system32\drivers\iwrtmfgxodyp.sys [2010-06-03 8704]
S3 jqmjiohoftpa;jqmjiohoftpa; C:\WINDOWS\system32\drivers\jqmjiohoftpa.sys [2010-06-03 8704]
S3 jyoisssmmaic;jyoisssmmaic; C:\WINDOWS\system32\drivers\jyoisssmmaic.sys [2010-06-03 8704]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WLXW;WLXW; C:\DOCUME~1\Adela\LOCALS~1\Temp\WLXW.exe [2010-06-02 527232]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Zdravím


Doporučuji odinstalovat Ad-Aware a C:\Program Files\Prevx


Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary
• Vložte do PC všechny flash disky, které používáte.
• Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrazí stránka s licenčními podmínkami, pokračujte stisknutím tlačítka "Ano"
• Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna
• Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.
• Během skenování může být počítač restartován.

ComboFix 10-06-02.04 - Adela 03.06.2010 14:35:34.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.895.576 [GMT 2:00]
Spuštěný z: c:\documents and settings\Adela\Plocha\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\winlogon.bak

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-03 do 2010-06-03 )))))))))))))))))))))))))))))))
.

2010-06-03 11:04 . 2010-06-03 11:04 -------- d-----w- C:\rsit
2010-06-03 10:42 . 2010-06-03 10:42 8704 ----a-w- c:\windows\system32\drivers\jyoisssmmaic.sys
2010-06-03 10:41 . 2010-06-03 10:41 8704 ----a-w- c:\windows\system32\drivers\jqmjiohoftpa.sys
2010-06-03 10:37 . 2010-06-03 10:36 8704 ----a-w- c:\windows\system32\drivers\icxihoxkrwuq.sys
2010-06-03 10:36 . 2010-06-03 10:36 8704 ----a-w- c:\windows\system32\drivers\iwrtmfgxodyp.sys
2010-06-03 10:36 . 2010-06-03 10:36 -------- d-----w- c:\documents and settings\Adela\Pavark
2010-06-03 06:39 . 2010-06-03 06:39 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-06-02 23:20 . 2010-06-02 23:20 -------- d-sh--w- c:\documents and settings\Adela\IETldCache
2010-06-02 23:18 . 2010-06-02 23:18 -------- d-----w- C:\found.000
2010-06-02 22:58 . 2010-06-02 22:59 -------- dc-h--w- c:\windows\ie8
2010-06-02 22:34 . 2010-06-03 12:06 -------- d-----w- c:\program files\Spyware Terminator
2010-06-02 20:06 . 2010-06-02 20:06 -------- d-----w- C:\SOPHTEMP
2010-06-02 15:57 . 2010-06-03 11:04 -------- d-----w- c:\program files\Trend Micro
2010-06-02 15:33 . 2010-06-02 15:34 -------- d-----w- c:\program files\CCleaner
2010-06-02 15:25 . 2010-06-02 15:24 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-02 15:15 . 2010-06-02 15:15 22536 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-06-02 15:15 . 2010-06-02 15:15 -------- d-----w- c:\program files\Prevx
2010-05-27 18:44 . 2010-05-27 18:44 -------- d-----w- c:\documents and settings\NetworkService\Nabídka Start
2010-05-25 19:14 . 2010-05-26 18:44 -------- d-----w- c:\program files\IObit
2010-05-21 23:16 . 2010-05-21 23:18 -------- d-----w- c:\windows\system32\NtmsData
2010-05-21 16:24 . 2010-05-21 17:23 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-20 18:23 . 2010-03-31 01:58 133616 ------w- c:\windows\system32\pxafs.dll
2010-05-20 18:23 . 2010-03-31 01:58 125424 ------w- c:\windows\system32\pxinsi64.exe
2010-05-20 18:23 . 2010-03-31 01:58 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-05-13 17:31 . 2010-05-11 14:18 375296 ----a-w- c:\windows\system32\winuptdt.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-02 22:54 . 2007-11-04 18:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-02 18:54 . 2007-11-05 18:38 -------- d-----w- c:\program files\BitComet
2010-06-02 18:39 . 2008-05-06 20:34 -------- d-----w- c:\program files\BSPlayer
2010-06-02 18:25 . 2007-11-05 18:40 -------- d-----w- c:\program files\Google
2010-06-02 17:02 . 2009-08-27 12:06 -------- d-----w- c:\program files\Sukoku
2010-06-02 14:19 . 2007-11-04 19:27 -------- d-----w- c:\program files\Eset
2010-05-20 18:25 . 2008-08-15 23:11 -------- d-----w- c:\program files\DivX
2010-05-20 18:22 . 2009-05-03 12:26 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-03-31 01:58 . 2008-11-20 19:19 44944 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-03-31 01:58 . 2008-08-16 14:26 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-03-31 01:58 . 2008-08-16 14:26 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-03-28 08:29 . 2004-08-18 12:00 79062 ----a-w- c:\windows\system32\perfc005.dat
2010-03-28 08:29 . 2004-08-18 12:00 432004 ----a-w- c:\windows\system32\perfh005.dat
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-03-05 19:50 . 2010-03-05 19:50 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
.

------- Sigcheck -------

[-] 2008-04-14 . CDDB1F8E1AEA356F3AD106F2CF9B7FEA . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\winlogon.exe
[-] 2007-12-04 . 427E6DED3A2369D3432A683EB489EE14 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . A756B8F0F7BAFBA6DFE39F7D169F2519 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\ctfmon.exe
[7] 2004-08-18 . A5BAA91475167161DEA02BA3C4CA4F59 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ctfmon.exe

[-] 2006-10-18 19:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-18 19:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[7] 2004-08-18 12:00 . E02E913B3841717A890A644EE167B9A5 . 52224 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll

c:\windows\System32\ctfmon.exe ... chybí !!
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-30 7634944]
"nwiz"="nwiz.exe" [2006-10-30 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-30 86016]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 16125440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-08 536576]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]
"AdobeUpdateTimer2"="c:\windows\system32\winuptdt.exe" [2010-05-11 375296]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]

c:\documents and settings\Adela\Nabˇdka Start\Programy\Po spuçtŘnˇ\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-7-18 547840]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7320:TCP"= 7320:TCP:BitComet 7320 TCP
"7320:UDP"= 7320:UDP:BitComet 7320 UDP

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2.6.2010 17:15 22536]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16.11.2009 10:03 108792]
R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2.6.2010 17:15 4150840]
R2 ekrn;ESET Service;c:\program files\Eset\Eset Smart Security\ekrn.exe [16.11.2009 10:04 735960]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4.11.2007 21:58 691696]
S2 gupdate1c9cbea58d66080;Služba Google Update (gupdate1c9cbea58d66080);c:\program files\Google\Update\GoogleUpdate.exe [3.5.2009 14:26 133104]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 DCFPZMZ;DCFPZMZ;c:\docume~1\Adela\LOCALS~1\Temp\DCFPZMZ.exe --> c:\docume~1\Adela\LOCALS~1\Temp\DCFPZMZ.exe [?]
S3 FileObjInfo;STFileDriver;\??\c:\documents and settings\All Users\Data aplikací\Spyware Terminator\FileObjInfo.sys --> c:\documents and settings\All Users\Data aplikací\Spyware Terminator\FileObjInfo.sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Adela\LOCALS~1\Temp\VYM648.tmp --> c:\docume~1\Adela\LOCALS~1\Temp\VYM648.tmp [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\SophosMEMSWEEP.SYS --> c:\windows\system32\SophosMEMSWEEP.SYS [?]
S3 WLXW;WLXW;c:\docume~1\Adela\LOCALS~1\Temp\WLXW.exe --> c:\docume~1\Adela\LOCALS~1\Temp\WLXW.exe [?]
.
Obsah adresáře 'Naplánované úlohy'

2010-04-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]

2010-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-03 12:26]

2010-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-03 12:26]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = hxxp://hosting.conduit.com/Uninstall?toolbarid=&version=4.5.190.19
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll
FF - ProfilePath - c:\documents and settings\Adela\Data aplikací\Mozilla\Firefox\Profiles\35z2t1u5.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-SkyTel - SkyTel.EXE
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
HKU-Default-Run-CTFMON.EXE - c:\windows\system32\CTFMON.EXE
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-Sukoku - c:\program files\Sukoku\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-03 14:40
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Adela\LOCALS~1\Temp\VYM648.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1993962763-287218729-682003330-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Celkový čas: 2010-06-03 14:43:47
ComboFix-quarantined-files.txt 2010-06-03 12:43

Před spuštěním: Volných bajtů: 25 610 969 088
Po spuštění: Volných bajtů: 26 005 975 040

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 8F8A9207464073D716573E14DBF6BFF5

Pokud nemáte, přesuňte Combofix na plochu

• Otevřete si Poznámkový blok a zkopírujte do něj text z bílého okénka.

• Uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
• Po uložení uchopte vámi vytvořený skript levým myšítkem a přesuňte ho nad ikonu Combofixu, kde ho upustíte:
  
  
• Po aplikaci na Vás vypadne další log,vložte ho sem

Může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci



Následující soubor/y otestujte na http://www.virustotal.com/cs/
c:\windows\system32\winlogon.exe

(Soubor/y nehledejte, jenom vložíte tučně označenou cestu, v případě hlášky "Soubor již byl testován" dejte otestovat znovu. Výsledek analýzy sem v podobě odkazu vložte.)

Zde je log z combofixu:
ComboFix 10-06-02.04 - Adela 04.06.2010 12:33:36.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.895.582 [GMT 2:00]
Spuštěný z: c:\documents and settings\Adela\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Adela\Plocha\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Vytvořen nový Bod Obnovení
* Rezidentní štít AV je zapnutý


FILE ::
"c:\docume~1\Adela\LOCALS~1\Temp\DCFPZMZ.exe"
"c:\docume~1\Adela\LOCALS~1\Temp\KNKSY.exe"
"c:\docume~1\Adela\LOCALS~1\Temp\VYM648.tmp"
"c:\docume~1\Adela\LOCALS~1\Temp\WLXW.exe"
"c:\windows\system32\drivers\icxihoxkrwuq.sys"
"c:\windows\system32\drivers\iwrtmfgxodyp.sys"
"c:\windows\system32\drivers\jqmjiohoftpa.sys"
"c:\windows\system32\drivers\jyoisssmmaic.sys"
"c:\windows\system32\SophosMEMSWEEP.SYS"
"c:\windows\system32\winuptdt.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\icxihoxkrwuq.sys
c:\windows\system32\drivers\iwrtmfgxodyp.sys
c:\windows\system32\drivers\jqmjiohoftpa.sys
c:\windows\system32\drivers\jyoisssmmaic.sys
c:\windows\system32\winuptdt.exe

.
--------------- FCopy ---------------

c:\windows\system32\dllcache\ctfmon.exe --> c:\windows\System32\ctfmon.exe
c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll --> c:\windows\system32\mspmsnsv.dll
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DCFPZMZ
-------\Legacy_GARENAPENGINE
-------\Legacy_ICXIHOXKRWUQ
-------\Legacy_IWRTMFGXODYP
-------\Legacy_JQMJIOHOFTPA
-------\Legacy_JYOISSSMMAIC
-------\Legacy_MEMSWEEP2
-------\Legacy_WLXW
-------\Service_DCFPZMZ
-------\Service_GarenaPEngine
-------\Service_icxihoxkrwuq
-------\Service_iwrtmfgxodyp
-------\Service_jqmjiohoftpa
-------\Service_jyoisssmmaic
-------\Service_MEMSWEEP2
-------\Service_WLXW


((((((((((((((((((((((((( Soubory vytvořené od 2010-05-04 do 2010-06-04 )))))))))))))))))))))))))))))))
.

2010-06-04 10:33 . 2004-08-18 12:00 15360 -c--a-w- c:\windows\system32\dllcache\ctfmon.exe
2010-06-04 10:33 . 2004-08-18 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
2010-06-03 13:00 . 2010-06-03 13:00 -------- d-----w- c:\windows\ie8updates
2010-06-03 11:04 . 2010-06-03 11:04 -------- d-----w- C:\rsit
2010-06-03 10:36 . 2010-06-03 10:36 -------- d-----w- c:\documents and settings\Adela\Pavark
2010-06-03 06:39 . 2010-06-03 06:39 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-06-03 06:16 . 2010-02-25 06:18 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-06-03 06:15 . 2010-02-25 06:18 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-06-02 23:20 . 2010-06-02 23:20 -------- d-sh--w- c:\documents and settings\Adela\IETldCache
2010-06-02 23:18 . 2010-06-02 23:18 -------- d-----w- C:\found.000
2010-06-02 22:58 . 2010-06-02 22:59 -------- dc-h--w- c:\windows\ie8
2010-06-02 22:34 . 2010-06-03 12:06 -------- d-----w- c:\program files\Spyware Terminator
2010-06-02 20:06 . 2010-06-02 20:06 -------- d-----w- C:\SOPHTEMP
2010-06-02 15:57 . 2010-06-03 11:04 -------- d-----w- c:\program files\Trend Micro
2010-06-02 15:33 . 2010-06-02 15:34 -------- d-----w- c:\program files\CCleaner
2010-06-02 15:25 . 2010-06-02 15:24 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-02 15:15 . 2010-06-02 15:15 22536 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-06-02 15:15 . 2010-06-02 15:15 -------- d-----w- c:\program files\Prevx
2010-05-27 18:44 . 2010-05-27 18:44 -------- d-----w- c:\documents and settings\NetworkService\Nabídka Start
2010-05-25 19:14 . 2010-05-26 18:44 -------- d-----w- c:\program files\IObit
2010-05-21 23:16 . 2010-05-21 23:18 -------- d-----w- c:\windows\system32\NtmsData
2010-05-21 16:24 . 2010-05-21 17:23 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-20 18:23 . 2010-03-31 01:58 133616 ------w- c:\windows\system32\pxafs.dll
2010-05-20 18:23 . 2010-03-31 01:58 125424 ------w- c:\windows\system32\pxinsi64.exe
2010-05-20 18:23 . 2010-03-31 01:58 123888 ------w- c:\windows\system32\pxcpyi64.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-02 22:54 . 2007-11-04 18:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-02 18:54 . 2007-11-05 18:38 -------- d-----w- c:\program files\BitComet
2010-06-02 18:39 . 2008-05-06 20:34 -------- d-----w- c:\program files\BSPlayer
2010-06-02 18:25 . 2007-11-05 18:40 -------- d-----w- c:\program files\Google
2010-06-02 17:02 . 2009-08-27 12:06 -------- d-----w- c:\program files\Sukoku
2010-06-02 14:19 . 2007-11-04 19:27 -------- d-----w- c:\program files\Eset
2010-05-20 18:25 . 2008-08-15 23:11 -------- d-----w- c:\program files\DivX
2010-05-20 18:22 . 2009-05-03 12:26 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-03-31 01:58 . 2008-11-20 19:19 44944 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-03-31 01:58 . 2008-08-16 14:26 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-03-31 01:58 . 2008-08-16 14:26 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-03-28 08:29 . 2004-08-18 12:00 79062 ----a-w- c:\windows\system32\perfc005.dat
2010-03-28 08:29 . 2004-08-18 12:00 432004 ----a-w- c:\windows\system32\perfh005.dat
2010-03-10 06:17 . 2004-08-18 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
.

------- Sigcheck -------

[-] 2008-04-14 . CDDB1F8E1AEA356F3AD106F2CF9B7FEA . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\winlogon.exe
[-] 2007-12-04 . 427E6DED3A2369D3432A683EB489EE14 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-30 7634944]
"nwiz"="nwiz.exe" [2006-10-30 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-30 86016]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 16125440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-08 536576]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]

c:\documents and settings\Adela\Nabˇdka Start\Programy\Po spuçtŘnˇ\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-7-18 547840]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7320:TCP"= 7320:TCP:BitComet 7320 TCP
"7320:UDP"= 7320:UDP:BitComet 7320 UDP

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2.6.2010 17:15 22536]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4.11.2007 21:58 691696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16.11.2009 10:03 108792]
R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2.6.2010 17:15 4150840]
R2 ekrn;ESET Service;c:\program files\Eset\Eset Smart Security\ekrn.exe [16.11.2009 10:04 735960]
S2 gupdate1c9cbea58d66080;Služba Google Update (gupdate1c9cbea58d66080);c:\program files\Google\Update\GoogleUpdate.exe [3.5.2009 14:26 133104]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 FileObjInfo;STFileDriver;\??\c:\documents and settings\All Users\Data aplikací\Spyware Terminator\FileObjInfo.sys --> c:\documents and settings\All Users\Data aplikací\Spyware Terminator\FileObjInfo.sys [?]
.
Obsah adresáře 'Naplánované úlohy'

2010-04-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]

2010-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-03 12:26]

2010-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-03 12:26]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = hxxp://hosting.conduit.com/Uninstall?toolbarid=&version=4.5.190.19
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll
FF - ProfilePath - c:\documents and settings\Adela\Data aplikací\Mozilla\Firefox\Profiles\35z2t1u5.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-AdobeUpdateTimer2 - c:\windows\system32\winuptdt.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-04 12:44
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys >>UNKNOWN [0x84AB11F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74dbfc3
\Driver\ACPI -> ACPI.sys @ 0xf7253cb8
\Driver\atapi -> prosync1.sys @ 0xf798d661
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578086
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578086
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce8
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xf70fdba0
PacketIndicateHandler -> NDIS.sys @ 0xf710ab21
SendHandler -> NDIS.sys @ 0xf70e887b
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1993962763-287218729-682003330-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3996)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Canon\CAL\CALMAIN.exe
.
**************************************************************************
.
Celkový čas: 2010-06-04 12:48:53 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-06-04 10:48
ComboFix2.txt 2010-06-03 12:43

Před spuštěním: Volných bajtů: 25 817 075 712
Po spuštění: Volných bajtů: 25 694 363 648

- - End Of File - - EA83E5C04913C8BC854D042B9A1C3D9B

A tady odkaz na tu analýzu: http://www.virustotal.com/cs/analisis/b ... 1273357096

Odinstalujte všechny emulátory virtuálních mechanik.

Stáhněte SPTD http://www.duplexsecure.com/en/downloads

• Vyberte verzi podle svého operačního systému (64 & 32b). Uložte na plochu a spusťte.
• zvolte možnost Uninstall a restartujte PC.

Stáhněte a spusťte http://www.jpshortstuff.247fixes.com/Defogger.exe

• Klikněte na "Disable" a restartujte PC.

Stáhněte MBR na plochu http://www2.gmer.net/mbr/mbr.exe

Start > Spustit (Win + R)

• Vyskočí okénko, zkopírujte do něj:

• Klikněte na OK

• Vytvoří se log s názvem mbr.log, vložte ho sem.

Dejte log z Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878

Tak tady je tedy ten mbr.log:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys nvata.sys
kernel: MBR read successfully
user & kernel MBR OK

A z Gmeru se mi bohužel podařilo získat jen ten kratší první log. Ten druhý se mi nedaří vygenerovat, jelikož v určité fázi skenu se mi vždy zobrazí modrá obrazovka s textem, kde je psáno, že systém musel být ukončen, aby nedošlo k poškození PC (nebo tak nějak) a že je to nejspíš způsobeno tímto souborem: uwtdrpob.sys. Když jsem ten soubor pak hledala, nenalezla jsem ho. Co s tím?

Jinak tady je ten 1. log z Gmeru:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-06-04 14:22:08
Windows 5.1.2600 Service Pack 2
Running: k5gql3zd.exe; Driver: C:\DOCUME~1\Adela\LOCALS~1\Temp\uwtdrpob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

---- EOF - GMER 1.0.15 ----

Zkuste Gmer přejmenovat na cokoliv.com a spustit v nouzovém režimu.

Tak jsem opět nepochodila. I po přejmenování Gmeru se mi sken v určité části přeruší a ukáže se zmiňovaná modrá obrazovka...

Stáhněte OTL http://oldtimer.geekstogo.com/OTL.exe na plochu

• Spusťte, poté do spodního políčka vložte následující skript.

• Označte položku Pro všechny uživatele.
• Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
• Klikněte na tlačítko Prohledat
• Po dokončení, sem vložte logy OTL.Txt a Extras.txt

Log OTL.Txt:

OTL logfile created on: 4.6.2010 22:01:03 - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Adela\Plocha
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

895,00 Mb Total Physical Memory | 440,00 Mb Available Physical Memory | 49,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 23,93 Gb Free Space | 16,06% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADELKA
Current User Name: Adela
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.06.04 21:56:30 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Adela\Plocha\OTL.exe
PRC - [2010.06.02 17:15:31 | 004,150,840 | ---- | M] (Prevx) -- C:\Program Files\Prevx\prevx.exe
PRC - [2010.04.13 00:46:36 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.04.01 12:50:28 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009.11.16 10:04:30 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\Eset\Eset Smart Security\ekrn.exe
PRC - [2009.11.16 10:03:32 | 002,054,360 | ---- | M] (ESET) -- C:\Program Files\Eset\Eset Smart Security\egui.exe
PRC - [2008.08.08 07:27:51 | 000,536,576 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
PRC - [2008.02.26 03:23:34 | 000,443,968 | ---- | M] (Google Inc.) -- C:\Program Files\Picasa2\PicasaMediaDetector.exe
PRC - [2007.06.13 15:23:39 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.03.30 10:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe


========== Modules (SafeList) ==========

MOD - [2010.06.04 21:56:30 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Adela\Plocha\OTL.exe
MOD - [2006.08.25 17:51:20 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004.08.18 14:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010.06.02 17:15:31 | 004,150,840 | ---- | M] (Prevx) [Auto | Running] -- C:\Program Files\Prevx\prevx.exe -- (CSIScanner)
SRV - [2009.11.16 10:12:54 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009.11.16 10:04:30 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2008.07.29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2006.03.30 10:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - [2010.06.02 17:15:33 | 000,022,536 | ---- | M] (Prevx) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\pxscan.sys -- (pxscan)
DRV - [2010.01.08 09:13:12 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009.12.18 16:02:26 | 000,135,048 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2009.11.16 10:06:48 | 000,055,768 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2009.11.16 10:03:36 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009.11.16 09:56:12 | 000,116,520 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2008.01.03 06:50:32 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2007.03.01 11:27:00 | 004,484,608 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006.10.31 00:35:00 | 003,964,256 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006.10.18 02:31:38 | 000,105,472 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006.09.27 09:04:16 | 000,019,968 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006.09.27 09:04:12 | 000,057,856 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006.07.01 23:42:58 | 000,043,008 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005.01.07 18:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004.08.11 18:00:00 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004.05.13 15:00:04 | 000,111,808 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004.05.13 13:19:36 | 000,079,488 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2003.12.01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003.09.06 14:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1993962763-287218729-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://seznam.cz/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_result ... id=afex&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.icq.com/search/afe_result ... id=afex&q="

FF - HKLM\software\mozilla\Firefox\extensions\\{2224E955-00E9-4613-A844-CE69FCCAAE91}: C:\Program Files\Internet Saving Optimizer\3.7.0.4550\FF
FF - HKLM\software\mozilla\Firefox\extensions\\{0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC}: C:\Program Files\Media Access Startup\1.5.6.910\FF
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.24 20:22:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.05.24 20:22:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010.03.05 21:56:18 | 000,000,000 | ---D | M]

[2008.09.17 19:37:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adela\Data aplikací\Mozilla\Extensions
[2010.06.03 00:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adela\Data aplikací\Mozilla\Firefox\Profiles\35z2t1u5.default\extensions
[2010.01.30 16:20:02 | 000,002,055 | ---- | M] () -- C:\Documents and Settings\Adela\Data aplikací\Mozilla\Firefox\Profiles\35z2t1u5.default\searchplugins\daemon-search.xml
[2010.05.31 12:51:34 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Adela\Data aplikací\Mozilla\Firefox\Profiles\35z2t1u5.default\searchplugins\icqplugin-1.xml
[2009.09.11 01:24:06 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Adela\Data aplikací\Mozilla\Firefox\Profiles\35z2t1u5.default\searchplugins\icqplugin-10.xml
[2009.10.30 10:05:57 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Adela\Data aplikací\Mozilla\Firefox\Profiles\35z2t1u5.default\searchplugins\icqplugin-11.xml
[2009.12.17 19:54:07 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Adela\Data aplikací\Mozilla\Firefox\Profiles\35z2t1u5.default\searchplugins\icqplugin-12.xml
[2010.01.08 16:19:03 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Adela\Data aplikací\Mozilla\Firefox\Profiles\35z2t1u5.default\searchplugins\icqplugin-13.xml
[2010.02.21 10:37:13 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Adela\Data aplikací\Mozilla\Firefox\Profiles\35z2t1u5.default\searchplugins\icqplugin-14.xml
[2010.04.01 13:14:01 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Adela\Data aplikací\Mozilla\Firefox\Profiles\35z2t1u5.default\searchplugins\icqplugin-15.xml
[2008.09.17 19:38:07 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Adela\Data aplikací\Mozilla\Firefox\Profiles\35z2t1u5.default\searchplugins\icqplugin-2.xml
[2008.09.25 22:30:14 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Adela\Data aplikací\Mozilla\Firefox\Profiles\35z2t1u5.default\searchplugins\icqplugin-3.xml
[2008.09.28 00:26:09 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Adela\Data aplikací\Mozilla\Firefox\Profiles\35z2t1u5.default\searchplugins\icqplugin-4.xml
[2008.11.16 23:53:02 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Adela\Data aplikací\Mozilla\Firefox\Profiles\35z2t1u5.default\searchplugins\icqplugin-5.xml
[2008.12.21 01:00:55 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Adela\Data aplikací\Mozilla\Firefox\Profiles\35z2t1u5.default\searchplugins\icqplugin-6.xml
[2009.02.07 11:25:18 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Adela\Data aplikací\Mozilla\Firefox\Profiles\35z2t1u5.default\searchplugins\icqplugin-7.xml
[2009.08.27 18:35:41 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Adela\Data aplikací\Mozilla\Firefox\Profiles\35z2t1u5.default\searchplugins\icqplugin-8.xml
[2009.08.27 23:27:22 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Adela\Data aplikací\Mozilla\Firefox\Profiles\35z2t1u5.default\searchplugins\icqplugin-9.xml
[2009.07.13 17:12:02 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\Adela\Data aplikací\Mozilla\Firefox\Profiles\35z2t1u5.default\searchplugins\icqplugin.xml
[2009.01.28 00:52:23 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\Adela\Data aplikací\Mozilla\Firefox\Profiles\35z2t1u5.default\searchplugins\sweetim.xml
[2010.06.04 13:08:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.02.20 18:13:37 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.02.20 18:13:37 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.02.20 18:13:37 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.02.20 18:13:37 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2009.09.05 20:18:41 | 000,002,381 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\sukoku117.xml
[2010.02.20 18:13:37 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.06.04 12:41:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKU\S-1-5-21-1993962763-287218729-682003330-1004..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\Adela\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1993962763-287218729-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1993962763-287218729-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1993962763-287218729-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-1993962763-287218729-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1993962763-287218729-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WEBCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WEBCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WEBCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll ()
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Adela\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Adela\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.11.04 20:10:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007.11.04 20:10:01 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: Msacm.dvacm - C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm File not found
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.mpegacm - mpegacm.acm File not found
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.ulmp3acm - ulmp3acm.acm File not found
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (55745656140070912)

========== Files/Folders - Created Within 30 Days ==========

[2010.06.04 21:56:02 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Adela\Plocha\OTL.exe
[2010.06.04 16:39:53 | 000,000,000 | -HSD | C] -- C:\found.002
[2010.06.04 15:35:40 | 000,000,000 | -HSD | C] -- C:\found.001
[2010.06.04 13:54:22 | 000,882,672 | ---- | C] (Duplex Secure Ltd.) -- C:\Documents and Settings\Adela\Plocha\SPTDinst-v169-x86.exe
[2010.06.04 13:45:16 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.06.04 12:33:35 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ctfmon.exe
[2010.06.03 15:00:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010.06.03 14:33:48 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.06.03 14:30:11 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.06.03 14:30:07 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.06.03 14:30:05 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.06.03 14:30:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.06.03 14:29:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.06.03 14:27:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.06.03 13:04:11 | 000,000,000 | ---D | C] -- C:\rsit
[2010.06.03 12:36:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adela\Pavark
[2010.06.03 01:20:03 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Adela\IETldCache
[2010.06.03 01:18:40 | 000,000,000 | ---D | C] -- C:\found.000
[2010.06.03 00:58:38 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010.06.03 00:34:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adela\Application Data
[2010.06.03 00:34:35 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2010.06.03 00:33:23 | 003,025,296 | ---- | C] (Crawler Inc. ) -- C:\Documents and Settings\Adela\Plocha\SpywareTerminator.exe
[2010.06.02 22:10:59 | 000,401,408 | ---- | C] (Sophos Plc) -- C:\Documents and Settings\Adela\Plocha\sargui.exe
[2010.06.02 22:06:36 | 000,000,000 | ---D | C] -- C:\SOPHTEMP
[2010.06.02 21:24:52 | 000,334,720 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Adela\Plocha\RootkitRevealer.exe
[2010.06.02 21:08:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Adela\Recent
[2010.06.02 17:57:58 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010.06.02 17:33:44 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.06.02 17:25:12 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010.06.02 17:15:33 | 000,022,536 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2010.06.02 17:15:30 | 000,000,000 | ---D | C] -- C:\Program Files\Prevx
[2010.06.02 17:15:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\PrevxCSI
[2010.06.02 17:12:39 | 000,866,360 | ---- | C] (Prevx) -- C:\Documents and Settings\Adela\Plocha\runprevxcsi.exe
[2010.06.02 17:02:41 | 003,387,040 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Adela\Plocha\ccsetup232.exe
[2010.06.02 17:00:36 | 097,364,760 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\Adela\Plocha\Ad-AwareInstaller.exe
[2010.05.26 20:45:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adela\Data aplikací\IObit
[2010.05.25 21:15:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\IObit
[2010.05.25 21:14:52 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010.05.25 20:14:17 | 005,011,368 | ---- | C] (IObit ) -- C:\Documents and Settings\Adela\Plocha\is360setup.exe
[2010.05.22 01:16:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010.05.22 01:05:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Avira
[2010.05.21 18:24:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010.05.20 23:14:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Symantec
[2010.05.20 23:14:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Norton
[2010.05.20 23:14:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\NortonInstaller
[2010.05.20 20:24:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adela\Data aplikací\DivX
[2010.05.20 20:23:51 | 002,083,312 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll
[2010.05.20 20:23:51 | 000,133,616 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll
[2010.05.20 20:23:51 | 000,125,424 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe
[2010.05.20 20:23:51 | 000,123,888 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe
[2010.05.20 20:23:51 | 000,068,080 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe
[2010.05.20 20:23:51 | 000,068,080 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe
[2010.05.20 20:13:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\DivX
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Adela\Plocha\*.tmp files -> C:\Documents and Settings\Adela\Plocha\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.06.04 21:56:30 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Adela\Plocha\OTL.exe
[2010.06.04 21:32:01 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.06.04 21:26:32 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.06.04 21:26:30 | 000,081,496 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.06.04 21:26:28 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.06.04 21:26:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.06.04 16:51:12 | 006,553,600 | -H-- | M] () -- C:\Documents and Settings\Adela\NTUSER.DAT
[2010.06.04 16:51:12 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Adela\ntuser.ini
[2010.06.04 16:09:47 | 011,796,196 | -H-- | M] () -- C:\Documents and Settings\Adela\Local Settings\Data aplikací\IconCache.db
[2010.06.04 13:59:05 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Adela\defogger_reenable
[2010.06.04 13:58:52 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Adela\Plocha\mbr.exe
[2010.06.04 13:58:31 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Adela\Plocha\Defogger.exe
[2010.06.04 13:54:22 | 000,882,672 | ---- | M] (Duplex Secure Ltd.) -- C:\Documents and Settings\Adela\Plocha\SPTDinst-v169-x86.exe
[2010.06.04 12:41:56 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.06.04 12:41:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.06.03 15:01:16 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.06.03 14:33:52 | 000,000,293 | RHS- | M] () -- C:\boot.ini
[2010.06.03 14:08:08 | 003,702,808 | R--- | M] () -- C:\Documents and Settings\Adela\Plocha\ComboFix.exe
[2010.06.03 13:03:58 | 000,824,681 | ---- | M] () -- C:\Documents and Settings\Adela\Plocha\RSIT.exe
[2010.06.03 12:32:43 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Adela\Plocha\cokoliv.com.exe
[2010.06.03 11:42:47 | 000,002,441 | ---- | M] () -- C:\Documents and Settings\Adela\Plocha\HiJackThis.lnk
[2010.06.03 00:34:03 | 003,025,296 | ---- | M] (Crawler Inc. ) -- C:\Documents and Settings\Adela\Plocha\SpywareTerminator.exe
[2010.06.02 21:24:40 | 000,231,390 | ---- | M] () -- C:\Documents and Settings\Adela\Plocha\RootkitRevealer.zip
[2010.06.02 20:08:20 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Adela\Plocha\~$porucena literatura-prijimacky.doc
[2010.06.02 17:38:12 | 000,000,064 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010.06.02 17:34:10 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Adela\Plocha\CCleaner.lnk
[2010.06.02 17:24:31 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010.06.02 17:15:33 | 000,022,536 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2010.06.02 17:13:37 | 000,866,360 | ---- | M] (Prevx) -- C:\Documents and Settings\Adela\Plocha\runprevxcsi.exe
[2010.06.02 17:09:51 | 097,364,760 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Adela\Plocha\Ad-AwareInstaller.exe
[2010.06.02 17:04:30 | 003,387,040 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Adela\Plocha\ccsetup232.exe
[2010.06.02 16:19:41 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\Adela\Plocha\esetsmartinstaller_csy.exe
[2010.06.02 15:31:47 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.05.31 15:10:07 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Adela\Plocha\Doporucena literatura-prijimacky.doc
[2010.05.27 21:41:43 | 730,712,064 | ---- | M] () -- C:\Documents and Settings\Adela\Plocha\rodinna-dovolena-a-jina-nestesti-cz-2006.avi
[2010.05.27 21:22:35 | 000,131,072 | ---- | M] () -- C:\Documents and Settings\Adela\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.26 23:02:58 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Adela\Plocha\HiJackThis.msi
[2010.05.26 20:51:08 | 000,000,150 | ---- | M] () -- C:\Documents and Settings\Adela\Plocha\IObit Freeware.url
[2010.05.25 20:18:22 | 005,011,368 | ---- | M] (IObit ) -- C:\Documents and Settings\Adela\Plocha\is360setup.exe
[2010.05.23 17:34:09 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Adela\Plocha\Nový objekt - Dokument aplikace Microsoft Office Word (2).docx
[2010.05.23 17:33:03 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Adela\Plocha\Nový objekt - Dokument aplikace Microsoft Office Word.docx
[2010.05.21 19:56:58 | 000,033,101 | ---- | M] () -- C:\Documents and Settings\Adela\Plocha\kote v bote.jpg
[2010.05.20 20:25:10 | 000,001,436 | ---- | M] () -- C:\Documents and Settings\Adela\Plocha\DivX Movies.lnk
[2010.05.20 20:24:23 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\DivX Plus Player.lnk
[2010.05.20 20:23:27 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\DivX Plus Converter.lnk
[2010.05.17 20:35:09 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Google Earth.lnk
[2010.05.12 14:02:41 | 000,011,782 | ---- | M] () -- C:\Documents and Settings\Adela\Data aplikací\SmarThruOptions.xml
[2010.05.10 22:44:54 | 000,000,135 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Adela\Plocha\*.tmp files -> C:\Documents and Settings\Adela\Plocha\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.06.04 14:05:46 | 000,000,195 | ---- | C] () -- C:\Documents and Settings\Adela\mbr.log
[2010.06.04 13:59:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Adela\defogger_reenable
[2010.06.04 13:58:46 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\Adela\Plocha\mbr.exe
[2010.06.04 13:58:31 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Adela\Plocha\Defogger.exe
[2010.06.03 14:33:52 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2010.06.03 14:33:51 | 000,261,312 | ---- | C] () -- C:\cmldr
[2010.06.03 14:30:12 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.06.03 14:30:08 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.06.03 14:30:07 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.06.03 14:30:06 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.06.03 14:30:06 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.06.03 14:08:05 | 003,702,808 | R--- | C] () -- C:\Documents and Settings\Adela\Plocha\ComboFix.exe
[2010.06.03 13:03:56 | 000,824,681 | ---- | C] () -- C:\Documents and Settings\Adela\Plocha\RSIT.exe
[2010.06.03 12:32:35 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Adela\Plocha\cokoliv.com.exe
[2010.06.03 00:59:12 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010.06.02 21:24:52 | 000,102,160 | ---- | C] () -- C:\Documents and Settings\Adela\Plocha\RootkitRevealer.chm
[2010.06.02 21:24:39 | 000,231,390 | ---- | C] () -- C:\Documents and Settings\Adela\Plocha\RootkitRevealer.zip
[2010.06.02 20:08:20 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Adela\Plocha\~$porucena literatura-prijimacky.doc
[2010.06.02 17:58:03 | 000,002,441 | ---- | C] () -- C:\Documents and Settings\Adela\Plocha\HiJackThis.lnk
[2010.06.02 17:34:09 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\Adela\Plocha\CCleaner.lnk
[2010.06.02 17:15:24 | 000,000,064 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010.06.02 16:19:40 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\Adela\Plocha\esetsmartinstaller_csy.exe
[2010.05.31 15:10:06 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Adela\Plocha\Doporucena literatura-prijimacky.doc
[2010.05.27 21:24:18 | 730,712,064 | ---- | C] () -- C:\Documents and Settings\Adela\Plocha\rodinna-dovolena-a-jina-nestesti-cz-2006.avi
[2010.05.26 23:01:25 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Adela\Plocha\HiJackThis.msi
[2010.05.26 20:51:08 | 000,000,150 | ---- | C] () -- C:\Documents and Settings\Adela\Plocha\IObit Freeware.url
[2010.05.23 17:34:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Adela\Plocha\Nový objekt - Dokument aplikace Microsoft Office Word (2).docx
[2010.05.23 17:33:03 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Adela\Plocha\Nový objekt - Dokument aplikace Microsoft Office Word.docx
[2010.05.21 19:56:57 | 000,033,101 | ---- | C] () -- C:\Documents and Settings\Adela\Plocha\kote v bote.jpg
[2010.05.20 20:24:23 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\DivX Plus Player.lnk
[2010.05.20 20:23:27 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\DivX Plus Converter.lnk
[2010.05.17 20:35:09 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Google Earth.lnk
[2010.03.05 21:50:01 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009.06.25 15:16:19 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SecSNMP.dll
[2009.06.25 15:12:21 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\sse1ml3.dll
[2009.06.09 22:16:38 | 000,138,240 | R--- | C] () -- C:\WINDOWS\System32\Ssuiext.dll
[2009.06.09 22:16:38 | 000,087,040 | ---- | C] () -- C:\WINDOWS\System32\WIASTIIO.dll
[2009.06.09 22:16:37 | 000,265,216 | ---- | C] () -- C:\WINDOWS\System32\Sswiadrv.dll
[2009.06.09 22:16:37 | 000,139,776 | ---- | C] () -- C:\WINDOWS\System32\WIAEH.dll
[2009.06.09 22:16:37 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\WIAIPH.dll
[2009.04.28 12:06:11 | 000,000,037 | ---- | C] () -- C:\WINDOWS\CONTEXT.INI
[2009.02.15 13:50:16 | 000,000,014 | ---- | C] () -- C:\WINDOWS\dswplug.ini
[2008.08.12 00:40:04 | 000,000,049 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2008.01.24 18:31:51 | 000,000,135 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.11.30 22:17:42 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007.11.04 20:24:49 | 000,014,945 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2007.11.04 20:24:36 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2007.11.04 20:24:35 | 000,014,693 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007.11.04 20:24:26 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006.10.31 00:35:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006.10.31 00:35:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006.10.31 00:35:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006.10.31 00:35:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006.10.31 00:35:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006.10.31 00:35:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006.10.31 00:35:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005.10.14 11:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 11:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 11:56:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 11:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 11:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 11:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 11:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 11:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002.03.17 02:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000019.DLL

========== LOP Check ==========

[2010.03.06 00:00:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adela\Data aplikací\Atari
[2008.08.16 18:34:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adela\Data aplikací\COWON
[2008.07.17 12:32:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adela\Data aplikací\DAEMON Tools
[2010.01.30 16:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adela\Data aplikací\DAEMON Tools Lite
[2007.11.05 18:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adela\Data aplikací\ESET
[2010.05.19 19:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adela\Data aplikací\ICQ
[2008.01.07 18:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adela\Data aplikací\ICQ Toolbar
[2007.12.15 22:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adela\Data aplikací\ICQLite
[2010.05.26 20:45:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adela\Data aplikací\IObit
[2010.03.05 21:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adela\Data aplikací\Leadertech
[2009.01.30 19:26:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adela\Data aplikací\OpenOffice.org
[2008.05.06 22:37:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adela\Data aplikací\RadLight Company
[2009.06.25 15:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adela\Data aplikací\SmarThru4
[2009.02.15 13:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adela\Data aplikací\Ulead Systems
[2008.01.02 20:39:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adela\Data aplikací\Zoner
[2010.01.30 16:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
[2009.08.27 18:35:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Electronic Arts
[2007.11.04 21:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Eset
[2009.07.16 18:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2010.05.25 21:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\IObit
[2010.06.02 17:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PrevxCSI
[2009.09.06 13:21:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Sukoku
[2010.04.02 10:41:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Ulead Systems

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Picasa Media Detector" = C:\Program Files\Picasa2\PicasaMediaDetector.exe -- [2008.02.26 03:23:34 | 000,443,968 | ---- | M] (Google Inc.)

< c:\windows\*.* /U >
[4 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2009.10.09 21:28:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adela\Data aplikací\Adobe
[2008.05.23 00:57:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adela\Data aplikací\Ahead
[2008.10.19 15:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adela\Data aplikací\Apple Computer
[2010.03.06 00:00:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adela\Data aplikací\Atari
[2008.08.16 18:34:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adela\Data aplikací\COWON
[2008.07.17 12:32:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adela\Data aplikací\DAEMON Tools
[2010.01.30 16:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adela\Data aplikací\DAEMON Tools Lite
[2010.05.20 20:24:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adela\Data aplikací\DivX
[2007.11.05 18:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adela\Data aplikací\ESET
[2010.03.02 18:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adela\Data aplikací\Google
[2009.05.31 22:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adela\Data aplikací\Help
[2010.05.19 19:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adela\Data aplikací\ICQ
[2008.01.07 18:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adela\Data aplikací\ICQ Toolbar
[2007.12.15 22:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adela\Data aplikací\ICQLite
[2007.11.04 20:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adela\Data aplikací\Identities
[2007.11.04 20:25:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adela\Data aplikací\InstallShield
[2010.05.26 20:45:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adela\Data aplikací\IObit
[2010.03.05 21:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adela\Data aplikací\Leadertech
[2007.11.05 18:32:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adela\Data aplikací\Macromedia
[2009.11.18 23:39:23 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Adela\Data aplikací\Microsoft
[2008.09.17 19:37:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adela\Data aplikací\Mozilla
[2009.01.30 19:26:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adela\Data aplikací\OpenOffice.org
[2008.05.06 22:37:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adela\Data aplikací\RadLight Company
[2010.05.17 20:32:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adela\Data aplikací\Skype
[2010.05.17 20:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adela\Data aplikací\skypePM
[2009.06.25 15:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adela\Data aplikací\SmarThru4
[2009.03.09 21:01:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adela\Data aplikací\Sun
[2009.02.15 13:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adela\Data aplikací\Ulead Systems
[2008.01.02 20:39:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adela\Data aplikací\Zoner
[2009.07.02 18:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adela\Data aplikací\ZoomBrowser EX

< %APPDATA%\*.exe /s >
[2010.06.02 17:58:03 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Adela\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
[2009.07.10 00:24:43 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Adela\Data aplikací\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe


< MD5 for: AGP440.SYS >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\agp440.sys

< MD5 for: ATAPI.SYS >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\atapi.sys
[2004.08.18 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004.08.18 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.18 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys

< MD5 for: CDROM.SYS >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\cdrom.sys
[2004.08.18 14:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\drivers\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2004.08.18 14:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2004.08.18 14:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\cryptsvc.dll
[2004.08.18 14:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\dllcache\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\eventlog.dll
[2004.08.18 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004.08.18 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004.08.18 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\explorer.exe
[2004.08.18 14:00:00 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007.06.13 15:11:59 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=9B32416BD5988C97B6397CE0B02CAF97 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007.06.13 15:23:39 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=ED7B460B142A32097B8A8F6ECC941815 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2007.06.13 15:23:39 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=ED7B460B142A32097B8A8F6ECC941815 -- C:\WINDOWS\explorer.exe
[2007.06.13 15:23:39 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=ED7B460B142A32097B8A8F6ECC941815 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: HAL.DLL >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\hal.dll
[2004.08.18 14:00:00 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\system32\hal.dll

< MD5 for: CHANGER.SYS >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\changer.sys

< MD5 for: ISAPNP.SYS >
[2004.08.18 14:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\drivers\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\isapnp.sys

< MD5 for: LSASS.EXE >
[2004.08.18 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\ERDNT\cache\lsass.exe
[2004.08.18 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2004.08.18 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\ndis.sys
[2004.08.18 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2004.08.18 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\dllcache\ndis.sys
[2004.08.18 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004.08.18 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2004.08.18 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004.08.18 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\netlogon.dll

< MD5 for: NVATA.SYS >
[2006.10.18 02:31:38 | 000,105,472 | R--- | M] (NVIDIA Corporation) MD5=EF9941593B2E9B436F64A87DDB570D1A -- C:\WINDOWS\system32\drivers\nvata.sys

< MD5 for: SCECLI.DLL >
[2004.08.18 14:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004.08.18 14:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004.08.18 14:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.18 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\dllcache\smss.exe
[2004.08.18 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\smss.exe
[2004.08.17 15:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\svchost.exe
[2004.08.18 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2004.08.18 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\system32\dllcache\svchost.exe
[2004.08.18 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\system32\drivers\tcpip.sys
[2007.10.30 18:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2007.10.30 19:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2004.08.18 14:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\userinit.exe
[2004.08.18 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2004.08.18 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004.08.18 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2007.12.04 23:00:45 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=427E6DED3A2369D3432A683EB489EE14 -- C:\WINDOWS\system32\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\winlogon.exe

< MD5 for: WS2_32.DLL >
[2004.08.18 14:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2004.08.18 14:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2004.08.18 14:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\system32\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\ws2_32.dll

OTL.Txt - pokračování:
< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007.11.04 18:25:55 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007.11.04 18:25:55 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007.11.04 18:25:55 | 000,458,752 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >
[2010.06.02 17:15:33 | 000,022,536 | ---- | M] (Prevx) -- C:\WINDOWS\system32\drivers\pxscan.sys
[2010.06.02 17:24:31 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\system32\drivers\SBREDrv.sys

< %systemroot%\system32\*.* /3 >
[2010.06.03 20:02:44 | 000,000,001 | ---- | M] () -- C:\WINDOWS\system32\Day.txt
[2010.06.04 21:26:30 | 000,081,496 | ---- | M] () -- C:\WINDOWS\system32\nvapps.xml
[2010.06.02 15:31:47 | 000,002,278 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report >

Log Extras.Txt:
OTL Extras logfile created on: 4.6.2010 22:01:03 - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Adela\Plocha
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

895,00 Mb Total Physical Memory | 440,00 Mb Available Physical Memory | 49,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 23,93 Gb Free Space | 16,06% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADELKA
Current User Name: Adela
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1993962763-287218729-682003330-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"7320:TCP" = 7320:TCP:*:Enabled:BitComet 7320 TCP
"7320:UDP" = 7320:UDP:*:Enabled:BitComet 7320 UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{14B7A9EF-BB68-4529-9190-8CE164E0F548}" = ESET Smart Security
"{16B6279B-9FF5-41fb-8BF9-404324F5DD1F}}_is1" = Media Access Startup
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims™ 2 Mazlíčci
"{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = The Sims™ 2 Pro Teenagery Kolekce
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = The Sims 2 Pro rodinnou zábavu - Kolekce
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Ve světě podnikání
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = The Sims™ 2 H&M® Móda Kolekce
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = The Sims™ 2 FreeTime
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}" = The Sims 2 University
"{90120000-0010-0405-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Czech) 12
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_ENTERPRISER_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISER_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0405-0000-0000000FF1CE}_HOMESTUDENTR_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISER_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0405-0000-0000000FF1CE}_HOMESTUDENTR_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_ENTERPRISER_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_ENTERPRISER_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISER_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0405-0000-0000000FF1CE}_HOMESTUDENTR_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_ENTERPRISER_{294B4278-CF7B-40B9-86A1-2D3FF0C2C524}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0405-0000-0000000FF1CE}_HOMESTUDENTR_{294B4278-CF7B-40B9-86A1-2D3FF0C2C524}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_ENTERPRISER_{10EC59E5-9BCE-4884-BB1A-E28627220232}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-041B-0000-0000000FF1CE}_HOMESTUDENTR_{10EC59E5-9BCE-4884-BB1A-E28627220232}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_ENTERPRISER_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_ENTERPRISER_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0405-0000-0000000FF1CE}_HOMESTUDENTR_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_ENTERPRISER_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0405-0000-0000000FF1CE}_HOMESTUDENTR_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_ENTERPRISER_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90AF0405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9C244239-ED8E-40f1-937F-51C706CD2160}" = The Sims™ 2 Deluxe
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = The Sims™ 2 Pro luxusní život - Kolekce
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-A81200000003}" = Adobe Reader 8 - Czech
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = The Sims™ 2 Apartment Life
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5096216-7703-409E-B85A-8A6EE7395128}}_is1" = System Search Dispatcher
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims 2 Seasons
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E42D62BA-2D98-4D08-8242-9F410ACA4727}" = Testy Autoškola
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EAA38532-7AD0-4f78-918A-4F4F02096ECE}" = The Sims™ 2 Pojďme slavit! Kolekce
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims™ 2 Šťastnou cestu
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"3FA1705966809259F916AF817C59B4F389F4572C" = Balíček ovladače systému Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player
"Bonito_is1" = Bonito v1.49
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CCleaner" = CCleaner
"CSCLIB" = Canon Camera Support Core Library
"DivX Setup.divx.com" = DivX Setup
"ENTERPRISER" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"Google Chrome" = Google Chrome
"Heroes of Might and Magic III Complete" = Heroes of Might and Magic III Complete
"High Quality Photo Resizer_is1" = High Quality Photo Resizer 1.60
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Magic ISO Maker v5.4 (build 0251)" = Magic ISO Maker v5.4 (build 0251)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PCSI" = Prevx CSI
"Picasa 3" = Picasa 3
"RadLight 4.0" = RadLight 4.0 FINAL
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Samsung SCX-4300 Series" = Samsung SCX-4300 Series
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 21.5.2010 19:21:27 | Computer Name = ADELKA | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace firefox.exe, verze 1.9.0.3725, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 25.5.2010 16:33:49 | Computer Name = ADELKA | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace firefox.exe, verze 1.9.0.3725, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 25.5.2010 16:38:54 | Computer Name = ADELKA | Source = ISservice | ID = 0
Description =

Error - 26.5.2010 16:42:54 | Computer Name = ADELKA | Source = WmiAdapter | ID = 4099
Description = Otevření služby se nezdařil

Error - 28.5.2010 4:32:39 | Computer Name = ADELKA | Source = WmiAdapter | ID = 4099
Description = Otevření služby se nezdařil

Error - 28.5.2010 5:43:34 | Computer Name = ADELKA | Source = ESENT | ID = 490
Description = svchost (1356) Pokus o otevření souboru C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
pro čtení nebo zápis se nezdařil. Došlo k systémové chybě 32 (0x00000020): Proces
nemá přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření
souboru se nezdaří a dojde k chybě -1032 (0xfffffbf8).

Error - 2.6.2010 11:20:19 | Computer Name = ADELKA | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 3.6.2010 6:36:50 | Computer Name = ADELKA | Source = Application Error | ID = 1000
Description = Chybující aplikace pavark.exe, verze 5.0.0.4, chybující modul jscript.dll,
verze 5.8.6001.18702, adresa chyby 0x00009248.

Error - 3.6.2010 6:37:10 | Computer Name = ADELKA | Source = Application Error | ID = 1000
Description = Chybující aplikace pavark.exe, verze 5.0.0.4, chybující modul jscript.dll,
verze 5.8.6001.18702, adresa chyby 0x00009248.

Error - 3.6.2010 6:42:49 | Computer Name = ADELKA | Source = Application Error | ID = 1000
Description = Chybující aplikace pavark.exe, verze 5.0.0.4, chybující modul ntdll.dll,
verze 5.1.2600.3520, adresa chyby 0x00010a19.

[ System Events ]
Error - 4.6.2010 10:58:33 | Computer Name = ADELKA | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk0\D.

Error - 4.6.2010 11:19:38 | Computer Name = ADELKA | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk0\D.

Error - 4.6.2010 11:22:23 | Computer Name = ADELKA | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk0\D.

Error - 4.6.2010 11:36:10 | Computer Name = ADELKA | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk0\D.

Error - 4.6.2010 15:26:41 | Computer Name = ADELKA | Source = Service Control Manager | ID = 7023
Description = Služba Windows Driver Foundation - User-mode Driver Framework byla
ukončena s následující chybou: %%31

Error - 4.6.2010 15:26:41 | Computer Name = ADELKA | Source = Service Control Manager | ID = 7000
Description = Služba SSPORT neuspěla při spuštění v důsledku následující chyby:
%%2

Error - 4.6.2010 15:26:42 | Computer Name = ADELKA | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: WudfPf

Error - 4.6.2010 15:27:42 | Computer Name = ADELKA | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk0\D.

Error - 4.6.2010 15:27:42 | Computer Name = ADELKA | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk0\D.

Error - 4.6.2010 15:27:42 | Computer Name = ADELKA | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk0\D.


< End of report >

Spusťte OTL a do spodního okna vložte následující skript. Poté klikněte na Opravit, PC se restartuje, log vložte sem.

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SETAE6.tmp deleted successfully.
C:\WINDOWS\System32\SETAEA.tmp deleted successfully.
C:\WINDOWS\System32\SETAEB.tmp deleted successfully.
C:\WINDOWS\System32\SETAF2.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\Documents and Settings\Adela\Plocha\~WRL3386.tmp deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Adela
->Temp folder emptied: 1856898 bytes
->Temporary Internet Files folder emptied: 58460 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 88877153 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1159 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2140835 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1207176 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1371495 bytes

Total Files Cleaned = 91,00 mb


[EMPTYFLASH]

User: Adela
->Flash cache emptied: 0 bytes

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

Restore points cleared and new OTL Restore Point set!
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

OTL by OldTimer - Version 3.2.5.3 log created on 06042010_224235

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...