T8SoB.exe a 5a9v7.exe

Zpráva

JelenJelcin · #1 Příspěvek od **JelenJelcin** » 01 črc 2010 14:31

dobrej mam problem s virama a nevim jak je odstranit kdyz dam v HiJackThis fix checked tak se nic nezmeni tady je log :

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:29:43, on 1.7.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\COMODO\EasyVPN\crdphService.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\COMODO\EasyVPN\Vpnservice.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\LogMeIn Hamachi\hamachi-2.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\explorer.exe
D:\WINDOWS\explorer.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\WINDOWS\system32\RunDll32.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\DAEMON Tools Lite\daemon.exe
D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
D:\Program Files\Steam\Steam.exe
D:\Program Files\OpenOffice.org 3\program\soffice.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Program Files\OpenOffice.org 3\program\soffice.bin
D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
D:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
D:\hry\Diablo II\Game.exe
D:\Program Files\mIRC\mirc.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\DOCUME~1\ondra\LOCALS~1\Temp\5a9v7.exe
D:\DOCUME~1\ondra\LOCALS~1\Temp\T8SoB.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [HKLM] D:\DOCUME~1\ondra\LOCALS~1\Temp\5a9v7.exe
O4 - HKLM\..\Run: [L07WGZr36fRQtwyzUcj] D:\DOCUME~1\ondra\LOCALS~1\Temp\T8SoB.exe
O4 - HKLM\..\Run: [3i0xcLrEpJlGBlzL4rqM3AO] D:\DOCUME~1\ondra\LOCALS~1\Temp\5a9v7.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Comodo EasyVPN] "D:\Program Files\COMODO\EasyVPN\EasyVPN.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Steam] "D:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [HKCU] D:\DOCUME~1\ondra\LOCALS~1\Temp\5a9v7.exe
O4 - HKCU\..\Run: [7EfxRIQSMJOUgwF3QES4ujzx1] D:\DOCUME~1\ondra\LOCALS~1\Temp\T8SoB.exe
O4 - HKCU\..\Run: [rVSL8Klen6Kveo4] D:\DOCUME~1\ondra\LOCALS~1\Temp\5a9v7.exe
O4 - HKLM\..\Policies\Explorer\Run: [Policies] D:\DOCUME~1\ondra\LOCALS~1\Temp\5a9v7.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] D:\DOCUME~1\ondra\LOCALS~1\Temp\5a9v7.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = D:\Program Files\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFA7F045-795D-48A2-AA35-770727246063}: NameServer = 85.255.112.126
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO EasyVPN VNC Service (CrdphService) - COMODO - D:\Program Files\COMODO\EasyVPN\crdphService.exe
O23 - Service: COMODO EasyVPN Service (EasyVpnAdpt) - Unknown owner - D:\Program Files\COMODO\EasyVPN\Vpnservice.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - D:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8097 bytes

#2 Příspěvek od **Caroprd111** » 01 črc 2010 14:48

Zdravím

Příště dávejte log z RSIT.

Obrázek

Stáhněte OTL http://oldtimer.geekstogo.com/OTL.exe na plochu

Spusťte, poté do spodního políčka vložte následující skript.

Kód: Vybrat vše

 netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys 
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys 
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys 
cdrom.sys 
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav 
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT

Označte položku Pro všechny uživatele.
Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Klikněte na tlačítko Prohledat
Po dokončení, sem vložte logy OTL.Txt a Extras.txt

JelenJelcin · #3 Příspěvek od **JelenJelcin** » 01 črc 2010 15:42

OTL logfile created on: 1.7.2010 16:07:05 - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = D:\Documents and Settings\ondra\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1 023,00 Mb Total Physical Memory | 343,00 Mb Available Physical Memory | 34,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): D:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 39,06 Gb Total Space | 0,70 Gb Free Space | 1,78% Space Free | Partition Type: NTFS
Drive D: | 109,99 Gb Total Space | 0,99 Gb Free Space | 0,90% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 494,61 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JELEN
Current User Name: ondra
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.07.01 16:05:22 | 000,574,464 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\ondra\Plocha\OTL.exe
PRC - [2010.06.17 11:28:53 | 001,238,352 | ---- | M] (Valve Corporation) -- D:\Program Files\Steam\Steam.exe
PRC - [2010.05.30 09:31:50 | 000,892,928 | RHS- | M] (PSY7cWk) -- D:\Documents and Settings\ondra\Local Settings\Temp\T8SoB.exe
PRC - [2010.05.09 14:30:16 | 000,483,395 | RHS- | M] (QoSxssp) -- D:\Documents and Settings\ondra\Local Settings\Temp\5a9v7.exe
PRC - [2010.03.30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) -- D:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2010.03.25 18:42:36 | 000,388,096 | ---- | M] (Trend Micro Inc.) -- D:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
PRC - [2009.11.11 11:57:36 | 001,451,520 | ---- | M] (Nokia) -- D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2009.10.27 10:26:36 | 000,657,408 | ---- | M] (Nokia) -- D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2009.10.27 10:15:44 | 000,132,608 | ---- | M] (Nokia) -- D:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2009.10.27 10:15:02 | 000,120,832 | ---- | M] (Nokia) -- D:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009.08.11 19:47:02 | 000,491,768 | ---- | M] (COMODO) -- D:\Program Files\COMODO\EasyVPN\crdphService.exe
PRC - [2009.08.11 19:46:24 | 000,045,304 | ---- | M] () -- D:\Program Files\COMODO\EasyVPN\Vpnservice.exe
PRC - [2009.07.03 16:49:06 | 001,029,456 | ---- | M] (Lavasoft) -- D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009.04.23 15:51:38 | 000,691,656 | ---- | M] (DT Soft Ltd) -- D:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2009.02.05 22:08:45 | 000,081,000 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009.02.05 22:08:40 | 000,138,680 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009.02.05 22:08:26 | 000,254,040 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009.02.05 22:06:04 | 000,352,920 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009.02.05 22:01:25 | 000,018,752 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009.01.15 18:42:46 | 007,430,144 | ---- | M] (OpenOffice.org) -- D:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009.01.15 18:42:44 | 007,434,240 | ---- | M] (OpenOffice.org) -- D:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008.10.17 10:39:50 | 002,810,880 | ---- | M] (mIRC Co. Ltd.) -- D:\Program Files\mIRC\mirc.exe
PRC - [2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe
PRC - [2001.06.26 20:44:14 | 000,424,067 | ---- | M] (Blizzard North) -- D:\hry\Diablo II\Game.exe

========== Modules (SafeList) ==========

MOD - [2010.07.01 16:05:22 | 000,574,464 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\ondra\Plocha\OTL.exe
MOD - [2009.02.05 22:07:43 | 000,139,264 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\AhJsctNs.dll
MOD - [2008.04.14 08:49:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010.03.30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010.03.03 14:45:11 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.10.27 10:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Running] -- D:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009.08.11 19:47:02 | 000,491,768 | ---- | M] (COMODO) [Auto | Running] -- D:\Program Files\COMODO\EasyVPN\crdphService.exe -- (CrdphService)
SRV - [2009.08.11 19:46:24 | 000,045,304 | ---- | M] () [Auto | Running] -- D:\Program Files\COMODO\EasyVPN\Vpnservice.exe -- (EasyVpnAdpt)
SRV - [2009.07.03 16:49:06 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009.02.05 22:08:40 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- D:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009.02.05 22:08:26 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009.02.05 22:06:04 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- D:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009.02.05 22:01:25 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2008.07.29 20:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)

========== Driver Services (SafeList) ==========

DRV - [2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009.11.16 12:31:49 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.08.04 06:34:57 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- D:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.07.03 16:49:08 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009.02.05 22:08:10 | 000,094,032 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- D:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009.02.05 22:07:23 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009.02.05 22:07:12 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- D:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009.02.05 22:06:20 | 000,051,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009.02.05 22:06:10 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009.02.05 22:05:11 | 000,026,944 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008.12.10 11:08:54 | 000,017,424 | ---- | M] (Comodo, Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\cmdatp.sys -- (ATP)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.05.12 18:30:02 | 003,007,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.01.30 03:41:42 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2004.11.09 17:04:26 | 001,342,080 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\cmuda3.sys -- (cmuda3)
DRV - [2001.08.17 22:05:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\OVCD.sys -- (QCDonner)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1060284298-287218729-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
IE - HKU\S-1-5-21-1060284298-287218729-1606980848-1003\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1060284298-287218729-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.723
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3789
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: D:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.01.07 16:44:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2010.06.26 13:00:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2010.06.26 13:00:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: D:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2009.07.31 20:28:03 | 000,000,000 | ---D | M] -- D:\Documents and Settings\ondra\Data aplikací\Mozilla\Extensions
[2010.06.30 17:00:41 | 000,000,000 | ---D | M] -- D:\Documents and Settings\ondra\Data aplikací\Mozilla\Firefox\Profiles\qtn4qc4n.default\extensions
[2010.03.01 13:29:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\Documents and Settings\ondra\Data aplikací\Mozilla\Firefox\Profiles\qtn4qc4n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.08.03 23:42:03 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- D:\Documents and Settings\ondra\Data aplikací\Mozilla\Firefox\Profiles\qtn4qc4n.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2009.08.04 06:38:15 | 000,002,399 | ---- | M] () -- D:\Documents and Settings\ondra\Data aplikací\Mozilla\Firefox\Profiles\qtn4qc4n.default\searchplugins\daemon-search.xml
[2010.06.30 17:00:42 | 000,000,955 | ---- | M] () -- D:\Documents and Settings\ondra\Data aplikací\Mozilla\Firefox\Profiles\qtn4qc4n.default\searchplugins\icqplugin.xml
[2010.06.30 16:50:42 | 000,000,000 | ---D | M] -- D:\Program Files\Mozilla Firefox\extensions
[2009.07.31 20:30:05 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2008.11.11 09:38:54 | 000,663,552 | ---- | M] (BitComet) -- D:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2009.07.15 20:42:42 | 000,000,638 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2009.07.15 20:42:42 | 000,001,687 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2009.07.15 20:42:42 | 000,001,367 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2009.07.15 20:42:42 | 000,000,654 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2009.07.15 20:42:42 | 000,001,179 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2001.10.25 16:00:00 | 000,000,737 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)
O3 - HKU\S-1-5-21-1060284298-287218729-1606980848-1003\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [3i0xcLrEpJlGBlzL4rqM3AO] D:\Documents and Settings\ondra\Local Settings\Temp\5a9v7.exe (QoSxssp)
O4 - HKLM..\Run: [avast!] D:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [CmPCIaudio] File not found
O4 - HKLM..\Run: [HKLM] D:\Documents and Settings\ondra\Local Settings\Temp\T8SoB.exe (PSY7cWk)
O4 - HKLM..\Run: [L07WGZr36fRQtwyzUcj] D:\Documents and Settings\ondra\Local Settings\Temp\T8SoB.exe (PSY7cWk)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [StartCCC] D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1060284298-287218729-1606980848-1003..\Run: [7EfxRIQSMJOUgwF3QES4ujzx1] D:\Documents and Settings\ondra\Local Settings\Temp\T8SoB.exe (PSY7cWk)
O4 - HKU\S-1-5-21-1060284298-287218729-1606980848-1003..\Run: [Comodo EasyVPN] D:\Program Files\COMODO\EasyVPN\EasyVPN.exe (COMODO)
O4 - HKU\S-1-5-21-1060284298-287218729-1606980848-1003..\Run: [DAEMON Tools Lite] D:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1060284298-287218729-1606980848-1003..\Run: [HKCU] D:\Documents and Settings\ondra\Local Settings\Temp\T8SoB.exe (PSY7cWk)
O4 - HKU\S-1-5-21-1060284298-287218729-1606980848-1003..\Run: [PC Suite Tray] D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-21-1060284298-287218729-1606980848-1003..\Run: [rVSL8Klen6Kveo4] D:\Documents and Settings\ondra\Local Settings\Temp\5a9v7.exe (QoSxssp)
O4 - HKU\S-1-5-21-1060284298-287218729-1606980848-1003..\Run: [Steam] D:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: D:\Documents and Settings\ondra\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.0.lnk = D:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = D:\DOCUME~1\ondra\LOCALS~1\Temp\T8SoB.exe (PSY7cWk)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1060284298-287218729-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1060284298-287218729-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = D:\DOCUME~1\ondra\LOCALS~1\Temp\5a9v7.exe (QoSxssp)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - D:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: D:\Documents and Settings\ondra\Data aplikací\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: D:\Documents and Settings\ondra\Data aplikací\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.09.18 21:54:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.08.21 10:31:07 | 000,000,053 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009.08.21 10:31:07 | 000,000,053 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2001.04.18 16:23:00 | 000,000,041 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{61e6dbd8-80b0-11de-ba81-00690009b26d}\Shell - "" = AutoRun
O33 - MountPoints2\{61e6dbd8-80b0-11de-ba81-00690009b26d}\Shell\AutoRun\command - "" = G:\SETUP.EXE -- [2001.04.30 18:33:00 | 000,032,768 | R--- | M] ()
O33 - MountPoints2\{7dda6af3-4cff-11de-b11b-00690009b26d}\Shell\AutoRun\command - "" = cv8j.exe
O33 - MountPoints2\{7dda6af3-4cff-11de-b11b-00690009b26d}\Shell\open\Command - "" = cv8j.exe
O33 - MountPoints2\{c9c842de-0a33-11dd-b276-806d6172696f}\Shell\AutoRun\command - "" = lcw.exe
O33 - MountPoints2\{c9c842de-0a33-11dd-b276-806d6172696f}\Shell\open\Command - "" = lcw.exe
O33 - MountPoints2\{c9c842df-0a33-11dd-b276-806d6172696f}\Shell\AutoRun\command - "" = lcw.exe
O33 - MountPoints2\{c9c842df-0a33-11dd-b276-806d6172696f}\Shell\open\Command - "" = lcw.exe
O33 - MountPoints2\C\Shell\AutoRun\command - "" = lcw.exe
O33 - MountPoints2\C\Shell\open\Command - "" = lcw.exe
O33 - MountPoints2\D\Shell\AutoRun\command - "" = lcw.exe
O33 - MountPoints2\D\Shell\open\Command - "" = lcw.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - D:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - D:\WINDOWS\system32\ias [2009.07.31 18:22:23 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - D:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - D:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - D:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - D:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - D:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - D:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - D:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - D:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - D:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - D:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - D:\WINDOWS\System32\ir41_32.ax ()
Drivers32: vidc.iv50 - D:\WINDOWS\System32\ir50_32.dll ()
Drivers32: vidc.VP60 - D:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - D:\WINDOWS\system32\vp6vfw.dll (On2.com)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (32664708049797120)

========== Files/Folders - Created Within 30 Days ==========

[2010.07.01 16:05:16 | 000,574,464 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\ondra\Plocha\OTL.exe
[2010.06.29 20:59:13 | 000,000,000 | ---D | C] -- D:\Documents and Settings\ondra\Plocha\gp4
[2010.06.29 20:59:05 | 000,000,000 | ---D | C] -- D:\Documents and Settings\ondra\Plocha\fotky
[2010.06.29 20:58:46 | 000,000,000 | ---D | C] -- D:\Documents and Settings\ondra\Plocha\Tomas_Klus
[2010.06.29 20:58:00 | 000,000,000 | ---D | C] -- D:\Documents and Settings\ondra\Plocha\Guitar Pro 5
[2010.06.29 10:28:26 | 000,000,000 | ---D | C] -- D:\Program Files\mIRC
[2010.06.24 17:31:24 | 003,516,965 | ---- | C] (Max Prasak) -- D:\Documents and Settings\ondra\Plocha\D2instcz.exe
[2010.06.24 17:28:22 | 000,094,208 | ---- | C] (Blizzard Entertainment) -- D:\WINDOWS\DIIUnin.exe
[2010.06.24 12:38:35 | 000,000,000 | ---D | C] -- D:\Program Files\Diablo II
[2010.06.24 11:39:52 | 000,000,000 | ---D | C] -- D:\Documents and Settings\ondra\Plocha\Rehoc Leader Roster
[2010.06.23 14:01:01 | 000,000,000 | ---D | C] -- D:\Program Files\Guitar Pro 5
[2010.06.23 09:30:18 | 000,000,000 | ---D | C] -- D:\Documents and Settings\ondra\Data aplikací\Turbine
[2010.06.23 09:26:29 | 000,000,000 | ---D | C] -- D:\Documents and Settings\ondra\Plocha\Need For Speed Pro Street - Soundtrack
[2010.06.22 17:53:09 | 000,000,000 | ---D | C] -- D:\Documents and Settings\ondra\Local Settings\Data aplikací\Turbine
[2010.06.22 16:46:13 | 000,000,000 | ---D | C] -- D:\Documents and Settings\ondra\Local Settings\Data aplikací\ApplicationHistory
[2010.06.22 16:43:44 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\URTTEMP
[2010.06.22 14:04:22 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\ondra\Recent
[2010.06.19 10:49:16 | 000,000,000 | ---D | C] -- D:\Program Files\Trend Micro
[2010.06.18 13:11:53 | 000,000,000 | ---D | C] -- D:\Documents and Settings\ondra\Dokumenty\Electronic Arts
[2010.06.18 13:02:45 | 000,447,752 | R--- | C] (On2.com) -- D:\WINDOWS\System32\vp6vfw.dll
[2010.06.18 13:02:44 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft WSE
[2010.06.17 11:27:08 | 000,000,000 | ---D | C] -- D:\Program Files\Steam
[2010.06.16 12:24:13 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Data aplikací\Trymedia
[2010.06.08 13:19:27 | 000,000,000 | -HSD | C] -- D:\Documents and Settings\ondra\IECompatCache
[2010.06.06 21:36:43 | 000,000,000 | ---D | C] -- D:\Documents and Settings\ondra\Plocha\WowBgTweaker_v2.1
[2010.06.05 18:38:04 | 000,293,376 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\browserchoice.exe
[2010.06.04 22:42:43 | 001,342,080 | ---- | C] (C-Media Inc) -- D:\WINDOWS\System32\drivers\cmuda3.sys
[2010.06.04 22:42:43 | 000,036,864 | ---- | C] (C-Media) -- D:\WINDOWS\System32\CMUDA3.DLL
[2010.06.04 22:42:43 | 000,032,768 | ---- | C] (C-Media Corporation) -- D:\WINDOWS\System32\UDAPROP3.DLL
[2010.06.04 22:42:42 | 002,596,864 | ---- | C] (C-Media Corporation) -- D:\WINDOWS\System\CMICNFG3.CPL
[2010.06.04 22:42:42 | 000,917,504 | ---- | C] (C-Media Electronics Inc.) -- D:\WINDOWS\System\CMDS3D3.DLL
[2010.06.04 22:42:42 | 000,712,704 | ---- | C] (Sensaura Ltd) -- D:\WINDOWS\System32\AUDIO3D3.DLL
[2010.06.04 22:42:42 | 000,712,704 | ---- | C] (Sensaura Ltd) -- D:\WINDOWS\System32\dllcache\a3d.dll
[2010.06.04 22:42:42 | 000,712,704 | ---- | C] (Sensaura Ltd) -- D:\WINDOWS\System32\a3d.dll
[2010.06.04 22:42:42 | 000,000,000 | ---D | C] -- D:\Program Files\C-Media PCI Audio
[2010.06.04 22:22:13 | 000,000,000 | ---D | C] -- D:\Documents and Settings\ondra\Data aplikací\GetRightToGo
[2010.06.04 22:12:49 | 000,000,000 | ---D | C] -- D:\Documents and Settings\ondra\Dokumenty\Přijaté soubory
[4 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]
[3 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.07.01 16:08:40 | 001,179,612 | -H-- | M] () -- D:\Documents and Settings\ondra\Data aplikací\cglogs.dat
[2010.07.01 16:05:22 | 000,574,464 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\ondra\Plocha\OTL.exe
[2010.07.01 15:29:05 | 000,002,441 | ---- | M] () -- D:\Documents and Settings\ondra\Plocha\HiJackThis.lnk
[2010.07.01 13:37:05 | 000,000,472 | ---- | M] () -- D:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010.07.01 11:15:12 | 000,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2010.07.01 11:13:56 | 000,000,430 | ---- | M] () -- D:\WINDOWS\System32\drivers\etc\hosts.ics
[2010.07.01 11:13:14 | 000,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT
[2010.07.01 11:13:05 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2010.07.01 11:12:57 | 1072,549,888 | -HS- | M] () -- D:\hiberfil.sys
[2010.06.30 17:10:04 | 006,029,312 | -H-- | M] () -- D:\Documents and Settings\ondra\NTUSER.DAT
[2010.06.30 17:10:04 | 000,000,178 | -HS- | M] () -- D:\Documents and Settings\ondra\ntuser.ini
[2010.06.30 17:09:35 | 002,107,604 | -H-- | M] () -- D:\Documents and Settings\ondra\Local Settings\Data aplikací\IconCache.db
[2010.06.30 12:26:48 | 260,814,907 | ---- | M] () -- D:\Documents and Settings\ondra\Plocha\CZ+CZ_titulky_by_Striker.rar
[2010.06.29 22:19:56 | 183,533,664 | ---- | M] () -- D:\Documents and Settings\ondra\Plocha\HIMYM-S04E17-The_Front_Porch.rar
[2010.06.29 22:07:38 | 183,531,606 | ---- | M] () -- D:\Documents and Settings\ondra\Plocha\HIMYM-S04E16-Sorry__Bro.rar
[2010.06.29 21:24:04 | 183,496,886 | ---- | M] () -- D:\Documents and Settings\ondra\Plocha\HIMYM-S04E14-The_Possimpible.rar
[2010.06.29 21:12:20 | 183,531,619 | ---- | M] () -- D:\Documents and Settings\ondra\Plocha\HIMYM-S04E13-Three_Days_of_Snow.rar
[2010.06.29 10:28:27 | 000,000,626 | ---- | M] () -- D:\Documents and Settings\All Users\Plocha\mIRC.lnk
[2010.06.27 16:10:36 | 000,178,176 | ---- | M] () -- D:\Documents and Settings\ondra\Plocha\zpevnik_tabor2010.doc
[2010.06.24 19:33:50 | 000,073,820 | ---- | M] () -- D:\Documents and Settings\ondra\Plocha\snow_hey_oh.gp3
[2010.06.24 19:31:27 | 000,060,304 | ---- | M] () -- D:\Documents and Settings\ondra\Plocha\dani_california_ver4.gp3
[2010.06.24 19:25:05 | 000,024,940 | ---- | M] () -- D:\Documents and Settings\ondra\Plocha\Blue_Effect_-_Sluneční_hrob.gp5
[2010.06.24 19:04:16 | 000,037,407 | ---- | M] () -- D:\Documents and Settings\ondra\Plocha\Divokej_Bill_-_Malování.gp3
[2010.06.24 18:44:28 | 000,011,295 | ---- | M] () -- D:\Documents and Settings\ondra\Plocha\Nohavica, Jaromir - Kometa.gp5-by-www.get-the-tab.com.zip
[2010.06.24 18:44:00 | 000,021,242 | ---- | M] () -- D:\Documents and Settings\ondra\Plocha\Nohavica, Jaromir - Kometa.gp5
[2010.06.24 17:33:46 | 000,028,761 | ---- | M] () -- D:\WINDOWS\DIIUnin.dat
[2010.06.24 17:32:31 | 000,001,452 | ---- | M] () -- D:\Documents and Settings\ondra\Plocha\Diablo II - Lord of Destruction.lnk
[2010.06.24 17:31:32 | 003,516,965 | ---- | M] (Max Prasak) -- D:\Documents and Settings\ondra\Plocha\D2instcz.exe
[2010.06.24 17:28:25 | 000,001,452 | ---- | M] () -- D:\Documents and Settings\All Users\Plocha\Diablo II.lnk
[2010.06.24 17:28:22 | 000,094,208 | ---- | M] (Blizzard Entertainment) -- D:\WINDOWS\DIIUnin.exe
[2010.06.24 17:28:22 | 000,002,829 | ---- | M] () -- D:\WINDOWS\DIIUnin.pif
[2010.06.24 12:59:01 | 000,021,840 | ---- | M] () -- D:\WINDOWS\System32\SIntfNT.dll
[2010.06.24 12:59:00 | 000,017,212 | ---- | M] () -- D:\WINDOWS\System32\SIntf32.dll
[2010.06.24 12:59:00 | 000,012,067 | ---- | M] () -- D:\WINDOWS\System32\SIntf16.dll
[2010.06.24 12:56:46 | 011,759,475 | ---- | M] () -- D:\Documents and Settings\ondra\Plocha\Diablo 2 Crack.rar
[2010.06.24 11:38:03 | 002,437,442 | ---- | M] () -- D:\Documents and Settings\ondra\Plocha\1277149710_sb_rehocleaderroster.rar
[2010.06.24 10:04:24 | 001,417,608 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2010.06.23 14:02:08 | 000,020,880 | ---- | M] () -- D:\Documents and Settings\ondra\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
[2010.06.23 14:01:23 | 000,000,619 | ---- | M] () -- D:\Documents and Settings\ondra\Plocha\Guitar Pro 5.lnk
[2010.06.23 11:24:49 | 000,001,889 | ---- | M] () -- D:\Documents and Settings\All Users\Plocha\The Sims™ 3 Povolání snů.lnk
[2010.06.22 16:46:14 | 000,000,125 | ---- | M] () -- D:\Documents and Settings\ondra\Local Settings\Data aplikací\fusioncache.dat
[2010.06.22 16:45:47 | 001,021,366 | ---- | M] () -- D:\WINDOWS\System32\PerfStringBackup.INI
[2010.06.22 16:45:47 | 000,440,684 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat
[2010.06.22 16:45:47 | 000,437,056 | ---- | M] () -- D:\WINDOWS\System32\perfh005.dat
[2010.06.22 16:45:47 | 000,082,440 | ---- | M] () -- D:\WINDOWS\System32\perfc005.dat
[2010.06.22 16:45:47 | 000,071,002 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat
[2010.06.22 16:43:12 | 000,001,638 | ---- | M] () -- D:\Documents and Settings\ondra\Plocha\The Lord of the Rings Online.lnk
[2010.06.22 15:03:12 | 000,053,760 | ---- | M] () -- D:\Documents and Settings\ondra\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.19 11:02:50 | 000,530,701 | ---- | M] () -- D:\Documents and Settings\ondra\Plocha\RobertVarga_8-6-2009-21-06-54_Sims_3_Censor.rar
[2010.06.18 13:02:16 | 000,001,723 | ---- | M] () -- D:\Documents and Settings\All Users\Plocha\The Sims™ 3.lnk
[2010.06.17 15:59:58 | 182,298,881 | ---- | M] () -- D:\Documents and Settings\ondra\Plocha\04-13 - Three Days of Snow.rar
[2010.06.17 11:34:12 | 000,000,664 | ---- | M] () -- D:\Documents and Settings\All Users\Plocha\Steam.lnk
[2010.06.17 11:26:33 | 001,588,224 | ---- | M] () -- D:\Documents and Settings\ondra\Plocha\SteamInstall.msi
[2010.06.07 11:51:59 | 000,089,829 | ---- | M] () -- D:\Documents and Settings\ondra\Plocha\NHL MATCH.JPG
[2010.06.06 21:36:18 | 004,147,105 | ---- | M] () -- D:\Documents and Settings\ondra\Plocha\WowBgTweaker_v2.1.rar
[2010.06.06 08:53:07 | 000,001,503 | ---- | M] () -- D:\Documents and Settings\All Users\Plocha\Výběr prohlížeče.lnk
[2010.06.04 22:44:34 | 000,000,165 | ---- | M] () -- D:\WINDOWS\System\Cmicnfg3.ini
[2010.06.04 22:22:41 | 000,000,404 | ---- | M] () -- D:\Documents and Settings\All Users\Plocha\Resume Driver Detective.lnk
[2010.06.04 21:57:58 | 000,000,016 | ---- | M] () -- D:\WINDOWS\wininit.ini
[2010.06.04 21:38:50 | 000,001,324 | ---- | M] () -- D:\WINDOWS\System32\d3d9caps.dat
[2010.06.03 21:14:02 | 000,551,398 | ---- | M] () -- D:\Documents and Settings\ondra\Plocha\HIMYM titulky.rar
[2010.06.03 00:09:44 | 000,000,439 | ---- | M] () -- D:\Documents and Settings\ondra\Plocha\Zástupce - RelicCOH.lnk
[4 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]
[3 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.06.30 12:25:06 | 260,814,907 | ---- | C] () -- D:\Documents and Settings\ondra\Plocha\CZ+CZ_titulky_by_Striker.rar
[2010.06.29 22:19:33 | 183,533,664 | ---- | C] () -- D:\Documents and Settings\ondra\Plocha\HIMYM-S04E17-The_Front_Porch.rar
[2010.06.29 22:07:27 | 183,531,606 | ---- | C] () -- D:\Documents and Settings\ondra\Plocha\HIMYM-S04E16-Sorry__Bro.rar
[2010.06.29 21:23:57 | 183,496,886 | ---- | C] () -- D:\Documents and Settings\ondra\Plocha\HIMYM-S04E14-The_Possimpible.rar
[2010.06.29 21:11:49 | 183,531,619 | ---- | C] () -- D:\Documents and Settings\ondra\Plocha\HIMYM-S04E13-Three_Days_of_Snow.rar
[2010.06.29 20:59:05 | 000,178,176 | ---- | C] () -- D:\Documents and Settings\ondra\Plocha\zpevnik_tabor2010.doc
[2010.06.29 10:28:27 | 000,000,626 | ---- | C] () -- D:\Documents and Settings\All Users\Plocha\mIRC.lnk
[2010.06.24 19:53:07 | 000,021,242 | ---- | C] () -- D:\Documents and Settings\ondra\Plocha\Nohavica, Jaromir - Kometa.gp5
[2010.06.24 19:33:50 | 000,073,820 | ---- | C] () -- D:\Documents and Settings\ondra\Plocha\snow_hey_oh.gp3
[2010.06.24 19:31:27 | 000,060,304 | ---- | C] () -- D:\Documents and Settings\ondra\Plocha\dani_california_ver4.gp3
[2010.06.24 19:25:04 | 000,024,940 | ---- | C] () -- D:\Documents and Settings\ondra\Plocha\Blue_Effect_-_Sluneční_hrob.gp5
[2010.06.24 19:04:15 | 000,037,407 | ---- | C] () -- D:\Documents and Settings\ondra\Plocha\Divokej_Bill_-_Malování.gp3
[2010.06.24 18:44:27 | 000,011,295 | ---- | C] () -- D:\Documents and Settings\ondra\Plocha\Nohavica, Jaromir - Kometa.gp5-by-www.get-the-tab.com.zip
[2010.06.24 17:32:31 | 000,001,452 | ---- | C] () -- D:\Documents and Settings\ondra\Plocha\Diablo II - Lord of Destruction.lnk
[2010.06.24 17:28:25 | 000,028,761 | ---- | C] () -- D:\WINDOWS\DIIUnin.dat
[2010.06.24 17:28:25 | 000,001,452 | ---- | C] () -- D:\Documents and Settings\All Users\Plocha\Diablo II.lnk
[2010.06.24 17:28:22 | 000,002,829 | ---- | C] () -- D:\WINDOWS\DIIUnin.pif
[2010.06.24 12:57:17 | 000,021,840 | ---- | C] () -- D:\WINDOWS\System32\SIntfNT.dll
[2010.06.24 12:57:16 | 000,017,212 | ---- | C] () -- D:\WINDOWS\System32\SIntf32.dll
[2010.06.24 12:57:16 | 000,012,067 | ---- | C] () -- D:\WINDOWS\System32\SIntf16.dll
[2010.06.24 12:56:36 | 011,759,475 | ---- | C] () -- D:\Documents and Settings\ondra\Plocha\Diablo 2 Crack.rar
[2010.06.24 11:37:47 | 002,437,442 | ---- | C] () -- D:\Documents and Settings\ondra\Plocha\1277149710_sb_rehocleaderroster.rar
[2010.06.23 14:01:23 | 000,000,619 | ---- | C] () -- D:\Documents and Settings\ondra\Plocha\Guitar Pro 5.lnk
[2010.06.23 11:24:41 | 000,001,889 | ---- | C] () -- D:\Documents and Settings\All Users\Plocha\The Sims™ 3 Povolání snů.lnk
[2010.06.22 16:46:14 | 000,000,125 | ---- | C] () -- D:\Documents and Settings\ondra\Local Settings\Data aplikací\fusioncache.dat
[2010.06.22 16:43:12 | 000,001,638 | ---- | C] () -- D:\Documents and Settings\ondra\Plocha\The Lord of the Rings Online.lnk
[2010.06.19 11:02:48 | 000,530,701 | ---- | C] () -- D:\Documents and Settings\ondra\Plocha\RobertVarga_8-6-2009-21-06-54_Sims_3_Censor.rar
[2010.06.19 10:49:17 | 000,002,441 | ---- | C] () -- D:\Documents and Settings\ondra\Plocha\HiJackThis.lnk
[2010.06.18 13:02:16 | 000,001,723 | ---- | C] () -- D:\Documents and Settings\All Users\Plocha\The Sims™ 3.lnk
[2010.06.17 15:59:45 | 182,298,881 | ---- | C] () -- D:\Documents and Settings\ondra\Plocha\04-13 - Three Days of Snow.rar
[2010.06.17 15:53:18 | 183,517,184 | ---- | C] () -- D:\Documents and Settings\ondra\Plocha\HIMYM-S04E12-Benefits.avi
[2010.06.17 11:27:11 | 000,000,664 | ---- | C] () -- D:\Documents and Settings\All Users\Plocha\Steam.lnk
[2010.06.17 11:26:23 | 001,588,224 | ---- | C] () -- D:\Documents and Settings\ondra\Plocha\SteamInstall.msi
[2010.06.06 21:36:05 | 004,147,105 | ---- | C] () -- D:\Documents and Settings\ondra\Plocha\WowBgTweaker_v2.1.rar
[2010.06.06 08:53:07 | 000,001,503 | ---- | C] () -- D:\Documents and Settings\All Users\Plocha\Výběr prohlížeče.lnk
[2010.06.04 22:44:34 | 000,000,165 | ---- | C] () -- D:\WINDOWS\System\Cmicnfg3.ini
[2010.06.04 22:43:10 | 000,028,672 | ---- | C] () -- D:\WINDOWS\CmiPCIUninstall.exe
[2010.06.04 22:42:43 | 000,233,472 | ---- | C] () -- D:\WINDOWS\System32\CMRMDRV3.exe
[2010.06.04 22:42:43 | 000,028,672 | ---- | C] () -- D:\WINDOWS\System32\CMRMDRV3.DLL
[2010.06.04 22:22:41 | 000,000,404 | ---- | C] () -- D:\Documents and Settings\All Users\Plocha\Resume Driver Detective.lnk
[2010.06.04 21:57:58 | 000,000,016 | ---- | C] () -- D:\WINDOWS\wininit.ini
[2010.06.04 21:40:10 | 1072,549,888 | -HS- | C] () -- D:\hiberfil.sys
[2010.06.03 21:14:01 | 000,551,398 | ---- | C] () -- D:\Documents and Settings\ondra\Plocha\HIMYM titulky.rar
[2010.06.03 00:09:44 | 000,000,439 | ---- | C] () -- D:\Documents and Settings\ondra\Plocha\Zástupce - RelicCOH.lnk
[2010.04.26 20:28:53 | 000,000,262 | ---- | C] () -- D:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009.08.13 16:07:09 | 000,139,456 | ---- | C] () -- D:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009.08.04 06:34:57 | 000,721,904 | ---- | C] () -- D:\WINDOWS\System32\drivers\sptd.sys
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- D:\WINDOWS\System32\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelFrench.dll
[2008.04.14 08:51:46 | 000,755,200 | ---- | C] () -- D:\WINDOWS\System32\ir50_32.dll
[2008.04.14 08:51:46 | 000,338,432 | ---- | C] () -- D:\WINDOWS\System32\ir41_qcx.dll
[2008.04.14 08:51:46 | 000,200,192 | ---- | C] () -- D:\WINDOWS\System32\ir50_qc.dll
[2008.04.14 08:51:46 | 000,183,808 | ---- | C] () -- D:\WINDOWS\System32\ir50_qcx.dll
[2008.04.14 08:51:46 | 000,120,320 | ---- | C] () -- D:\WINDOWS\System32\ir41_qc.dll
[1999.08.12 00:00:00 | 001,708,032 | ---- | C] () -- D:\WINDOWS\System32\MSO97V.DLL
[1999.08.12 00:00:00 | 000,036,864 | ---- | C] () -- D:\WINDOWS\System32\DOCOBJ.DLL
[1999.08.12 00:00:00 | 000,032,768 | ---- | C] () -- D:\WINDOWS\System32\MSORFS.DLL
[1999.08.12 00:00:00 | 000,032,768 | ---- | C] () -- D:\WINDOWS\System32\HLINKPRX.DLL
[1997.06.13 23:56:08 | 000,056,832 | ---- | C] () -- D:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2009.08.04 06:38:46 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
[2009.08.07 10:23:06 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Data aplikací\ESET
[2009.07.31 20:30:07 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Data aplikací\ICQ
[2010.01.07 16:27:11 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Data aplikací\Installations
[2010.01.19 20:16:31 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Data aplikací\OviInstallerCache
[2009.08.07 11:11:35 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Data aplikací\PC Suite
[2009.11.09 12:16:34 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Data aplikací\TrackMania
[2009.08.20 13:36:47 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\All Users\Data aplikací\{EF63305C-BAD7-4144-9208-D65528260864}
[2009.08.04 06:46:12 | 000,000,000 | ---D | M] -- D:\Documents and Settings\ondra\Data aplikací\DAEMON Tools Lite
[2009.08.05 20:46:20 | 000,000,000 | ---D | M] -- D:\Documents and Settings\ondra\Data aplikací\ESET
[2010.06.20 00:38:37 | 000,000,000 | ---D | M] -- D:\Documents and Settings\ondra\Data aplikací\Facebook
[2010.06.04 22:22:39 | 000,000,000 | ---D | M] -- D:\Documents and Settings\ondra\Data aplikací\GetRightToGo
[2010.06.28 16:15:42 | 000,000,000 | ---D | M] -- D:\Documents and Settings\ondra\Data aplikací\ICQ
[2009.08.02 13:26:24 | 000,000,000 | ---D | M] -- D:\Documents and Settings\ondra\Data aplikací\Nokia
[2009.08.13 17:10:16 | 000,000,000 | ---D | M] -- D:\Documents and Settings\ondra\Data aplikací\OpenOffice.org
[2009.08.02 13:26:26 | 000,000,000 | ---D | M] -- D:\Documents and Settings\ondra\Data aplikací\PC Suite
[2009.08.28 15:29:49 | 000,000,000 | ---D | M] -- D:\Documents and Settings\ondra\Data aplikací\SPORE
[2010.03.12 20:11:56 | 000,000,000 | ---D | M] -- D:\Documents and Settings\ondra\Data aplikací\TeamViewer
[2010.06.23 09:30:18 | 000,000,000 | ---D | M] -- D:\Documents and Settings\ondra\Data aplikací\Turbine
[2010.07.01 13:37:05 | 000,000,472 | ---- | M] () -- D:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = D:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 08:52:18 | 000,015,360 | ---- | M] (Microsoft Corporation)
"DAEMON Tools Lite" = "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun -- [2009.04.23 15:51:38 | 000,691,656 | ---- | M] (DT Soft Ltd)
"Comodo EasyVPN" = "D:\Program Files\COMODO\EasyVPN\EasyVPN.exe" -- [2009.09.28 18:36:40 | 003,563,768 | ---- | M] (COMODO)
"PC Suite Tray" = "D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray -- [2009.11.11 11:57:36 | 001,451,520 | ---- | M] (Nokia)
"Steam" = "D:\Program Files\Steam\Steam.exe" -silent -- [2010.06.17 11:28:53 | 001,238,352 | ---- | M] (Valve Corporation)
"HKCU" = D:\DOCUME~1\ondra\LOCALS~1\Temp\T8SoB.exe -- [2010.05.30 09:31:50 | 000,892,928 | RHS- | M] (PSY7cWk)
"rVSL8Klen6Kveo4" = D:\DOCUME~1\ondra\LOCALS~1\Temp\5a9v7.exe -- [2010.05.09 14:30:16 | 000,483,395 | RHS- | M] (QoSxssp)
"7EfxRIQSMJOUgwF3QES4ujzx1" = D:\DOCUME~1\ondra\LOCALS~1\Temp\T8SoB.exe -- [2010.05.30 09:31:50 | 000,892,928 | RHS- | M] (PSY7cWk)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
"" =

< c:\windows\*.* /U >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010.03.03 16:59:28 | 000,000,000 | ---D | M] -- D:\Documents and Settings\ondra\Data aplikací\Adobe
[2009.07.31 20:00:19 | 000,000,000 | ---D | M] -- D:\Documents and Settings\ondra\Data aplikací\ATI
[2009.12.28 14:08:24 | 000,000,000 | ---D | M] -- D:\Documents and Settings\ondra\Data aplikací\COMODO
[2009.08.04 06:46:12 | 000,000,000 | ---D | M] -- D:\Documents and Settings\ondra\Data aplikací\DAEMON Tools Lite
[2010.03.06 21:59:32 | 000,000,000 | ---D | M] -- D:\Documents and Settings\ondra\Data aplikací\dvdcss
[2009.08.05 20:46:20 | 000,000,000 | ---D | M] -- D:\Documents and Settings\ondra\Data aplikací\ESET
[2010.06.20 00:38:37 | 000,000,000 | ---D | M] -- D:\Documents and Settings\ondra\Data aplikací\Facebook
[2010.06.04 22:22:39 | 000,000,000 | ---D | M] -- D:\Documents and Settings\ondra\Data aplikací\GetRightToGo
[2010.06.29 12:04:06 | 000,000,000 | ---D | M] -- D:\Documents and Settings\ondra\Data aplikací\Hamachi
[2010.06.28 16:15:42 | 000,000,000 | ---D | M] -- D:\Documents and Settings\ondra\Data aplikací\ICQ
[2009.07.31 18:33:06 | 000,000,000 | ---D | M] -- D:\Documents and Settings\ondra\Data aplikací\Identities
[2009.07.31 20:41:27 | 000,000,000 | ---D | M] -- D:\Documents and Settings\ondra\Data aplikací\Macromedia
[2009.07.31 22:24:50 | 000,000,000 | ---D | M] -- D:\Documents and Settings\ondra\Data aplikací\Malwarebytes
[2010.06.22 17:53:06 | 000,000,000 | --SD | M] -- D:\Documents and Settings\ondra\Data aplikací\Microsoft
[2010.07.01 14:51:18 | 000,000,000 | ---D | M] -- D:\Documents and Settings\ondra\Data aplikací\mIRC
[2009.07.31 20:28:03 | 000,000,000 | ---D | M] -- D:\Documents and Settings\ondra\Data aplikací\Mozilla
[2009.08.02 13:26:24 | 000,000,000 | ---D | M] -- D:\Documents and Settings\ondra\Data aplikací\Nokia
[2009.08.13 17:10:16 | 000,000,000 | ---D | M] -- D:\Documents and Settings\ondra\Data aplikací\OpenOffice.org
[2009.08.02 13:26:26 | 000,000,000 | ---D | M] -- D:\Documents and Settings\ondra\Data aplikací\PC Suite
[2010.06.20 15:52:21 | 000,000,000 | ---D | M] -- D:\Documents and Settings\ondra\Data aplikací\Skype
[2010.06.20 16:02:27 | 000,000,000 | ---D | M] -- D:\Documents and Settings\ondra\Data aplikací\skypePM
[2009.08.28 15:29:49 | 000,000,000 | ---D | M] -- D:\Documents and Settings\ondra\Data aplikací\SPORE
[2010.03.31 07:25:51 | 000,000,000 | ---D | M] -- D:\Documents and Settings\ondra\Data aplikací\Sun
[2010.06.01 13:08:20 | 000,000,000 | ---D | M] -- D:\Documents and Settings\ondra\Data aplikací\teamspeak2
[2010.03.12 20:11:56 | 000,000,000 | ---D | M] -- D:\Documents and Settings\ondra\Data aplikací\TeamViewer
[2010.06.23 09:30:18 | 000,000,000 | ---D | M] -- D:\Documents and Settings\ondra\Data aplikací\Turbine
[2010.03.05 15:47:34 | 000,000,000 | ---D | M] -- D:\Documents and Settings\ondra\Data aplikací\Ventrilo
[2010.06.22 13:55:04 | 000,000,000 | ---D | M] -- D:\Documents and Settings\ondra\Data aplikací\vlc
[2009.07.31 23:14:09 | 000,000,000 | ---D | M] -- D:\Documents and Settings\ondra\Data aplikací\WinRAR

< %APPDATA%\*.exe /s >
[2010.05.16 20:59:42 | 000,050,354 | ---- | M] (Facebook, Inc.) -- D:\Documents and Settings\ondra\Data aplikací\Facebook\uninstall.exe
[2009.09.02 22:19:33 | 001,961,720 | ---- | M] (Adobe Systems Incorporated) -- D:\Documents and Settings\ondra\Data aplikací\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
[2010.06.19 10:49:17 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- D:\Documents and Settings\ondra\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
[2010.06.18 13:02:45 | 000,010,134 | R--- | M] () -- D:\Documents and Settings\ondra\Data aplikací\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe

< MD5 for: AGP440.SYS >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- D:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: CDROM.SYS >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- D:\WINDOWS\system32\drivers\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2008.04.14 08:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- D:\WINDOWS\system32\cryptsvc.dll
[2008.04.14 08:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- D:\WINDOWS\system32\dllcache\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 08:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- D:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 08:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- D:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- D:\WINDOWS\explorer.exe
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- D:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: HAL.DLL >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 00:01:30 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=6F61D3287A6A15A08A9433222C09D17F -- D:\WINDOWS\system32\hal.dll

< MD5 for: CHANGER.SYS >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys

< MD5 for: ISAPNP.SYS >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 07:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- D:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2008.04.14 08:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- D:\WINDOWS\system32\dllcache\lsass.exe
[2008.04.14 08:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- D:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- D:\WINDOWS\system32\dllcache\ndis.sys
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- D:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008.04.14 08:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- D:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 08:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- D:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- D:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- D:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2008.04.14 08:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- D:\WINDOWS\system32\dllcache\smss.exe
[2008.04.14 08:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- D:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- D:\WINDOWS\system32\dllcache\svchost.exe
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- D:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.04.14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- D:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- D:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- D:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- D:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- D:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- D:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- D:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- D:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2008.04.14 08:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- D:\WINDOWS\system32\dllcache\ws2_32.dll
[2008.04.14 08:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- D:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008.05.12 17:56:04 | 000,397,312 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- D:\WINDOWS\system32\ATIDEMGX.dll
[2009.03.08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- D:\WINDOWS\system32\dxtmsft.dll
[2009.03.08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- D:\WINDOWS\system32\dxtrans.dll
[2008.04.14 08:51:50 | 001,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- D:\WINDOWS\system32\msvbvm60.dll
[4 D:\WINDOWS\system32\*.tmp files -> D:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009.08.04 06:34:57 | 000,721,904 | ---- | M] () Unable to obtain MD5 -- D:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2009.07.31 20:06:37 | 000,094,208 | ---- | M] () -- D:\WINDOWS\system32\config\default.sav
[2009.07.31 20:06:36 | 001,093,632 | ---- | M] () -- D:\WINDOWS\system32\config\software.sav
[2009.07.31 20:06:36 | 000,507,904 | ---- | M] () -- D:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[2008.05.12 17:56:04 | 000,397,312 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- D:\WINDOWS\system32\ATIDEMGX.dll
[2009.03.08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- D:\WINDOWS\system32\dxtmsft.dll
[2009.03.08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- D:\WINDOWS\system32\dxtrans.dll
[2008.04.14 08:51:50 | 001,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- D:\WINDOWS\system32\msvbvm60.dll
[4 D:\WINDOWS\system32\*.tmp files -> D:\WINDOWS\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2010.07.01 11:13:15 | 000,000,795 | ---- | M] () -- D:\WINDOWS\system32\VpnService.log
[2010.07.01 11:15:12 | 000,002,206 | ---- | M] () -- D:\WINDOWS\system32\wpa.dbl
[4 D:\WINDOWS\system32\*.tmp files -> D:\WINDOWS\system32\*.tmp -> ]
< End of report >

JelenJelcin · #4 Příspěvek od **JelenJelcin** » 01 črc 2010 15:42

OTL Extras logfile created on: 1.7.2010 16:07:05 - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = D:\Documents and Settings\ondra\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1 023,00 Mb Total Physical Memory | 343,00 Mb Available Physical Memory | 34,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): D:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 39,06 Gb Total Space | 0,70 Gb Free Space | 1,78% Space Free | Partition Type: NTFS
Drive D: | 109,99 Gb Total Space | 0,99 Gb Free Space | 0,90% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 494,61 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JELEN
Current User Name: ondra
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1060284298-287218729-1606980848-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "D:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"13909:TCP" = 13909:TCP:*:Enabled:BitComet 13909 TCP
"13909:UDP" = 13909:UDP:*:Enabled:BitComet 13909 UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Program Files\ICQ6.5\ICQ.exe" = D:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\hry\Left4Dead\hl2.exe" = C:\hry\Left4Dead\hl2.exe:*:Enabled:hl2 -- File not found
"D:\Documents and Settings\ondra\Local Settings\Temp\Rar$EX00.438\StrongDC.exe" = D:\Documents and Settings\ondra\Local Settings\Temp\Rar$EX00.438\StrongDC.exe:*:Enabled:StrongDC++ -- File not found
"D:\Documents and Settings\ondra\Plocha\StrongDC.exe" = D:\Documents and Settings\ondra\Plocha\StrongDC.exe:*:Enabled:StrongDC++ -- File not found
"F:\CSS\hl2.exe" = F:\CSS\hl2.exe:*:Enabled:hl2 -- File not found
"D:\Program Files\BitComet\BitComet.exe" = D:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe -- (www.BitComet.com)
"C:\hry\World of Warcraft\Launcher.exe" = C:\hry\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\hry\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enGB-downloader.exe" = C:\hry\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe" = D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe:*:Enabled:Sunbelt Firewall GUI -- File not found
"D:\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe" = D:\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\hry\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe" = C:\hry\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"D:\CSS\hl2.exe" = D:\CSS\hl2.exe:*:Enabled:hl2 -- ()
"D:\Program Files\Garena\Garena.exe" = D:\Program Files\Garena\Garena.exe:*:Enabled:Garena -- (Garena Online PTE LTD)
"D:\Program Files\Left4Dead\left4dead.exe" = D:\Program Files\Left4Dead\left4dead.exe:*:Enabled:left4dead -- ()
"C:\hry\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe" = C:\hry\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"D:\Documents and Settings\ondra\Plocha\Audiosurf\DC++\StrongDC.exe" = D:\Documents and Settings\ondra\Plocha\Audiosurf\DC++\StrongDC.exe:*:Enabled:StrongDC++ -- File not found
"D:\Documents and Settings\ondra\Plocha\DC++\StrongDC.exe" = D:\Documents and Settings\ondra\Plocha\DC++\StrongDC.exe:*:Enabled:StrongDC++ -- File not found
"C:\hry\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe" = C:\hry\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\hry\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe" = C:\hry\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"D:\NHL\NHL 09\nhl2009.exe" = D:\NHL\NHL 09\nhl2009.exe:*:Enabled:nhl2009 -- File not found
"D:\hry\Warcraft III\Warcraft III.exe" = D:\hry\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- File not found
"D:\Program Files\mIRC\mirc.exe" = D:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"D:\hry\Warcraft III\war3.exe" = D:\hry\Warcraft III\war3.exe:*:Enabled:Warcraft III -- File not found
"D:\hry\TmNationsForever\TmForever.exe" = D:\hry\TmNationsForever\TmForever.exe:*:Enabled:TmForever -- ()
"D:\NHL 09-EVROPA\nhl2009.exe" = D:\NHL 09-EVROPA\nhl2009.exe:*:Enabled:nhl2009 -- File not found
"D:\NHL 09\nhl2009.exe" = D:\NHL 09\nhl2009.exe:*:Enabled:nhl2009 -- ()
"C:\hry\World of Warcraft\WoW-3.2.0-enGB-downloader.exe" = C:\hry\World of Warcraft\WoW-3.2.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"D:\Documents and Settings\ondra\Plocha\WoW_FotLK_ESRB_EN_XVID_F-avi-downloader.exe" = D:\Documents and Settings\ondra\Plocha\WoW_FotLK_ESRB_EN_XVID_F-avi-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"D:\Program Files\COMODO\EasyVPN\EasyVPN.exe" = D:\Program Files\COMODO\EasyVPN\EasyVPN.exe:*:Enabled:COMODO EasyVPN -- (COMODO)
"D:\hry\Wow 3.1.3\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe" = D:\hry\Wow 3.1.3\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"D:\hry\Wow 3.1.3\Launcher.exe" = D:\hry\Wow 3.1.3\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"D:\hry\Wow 3.1.3\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe" = D:\hry\Wow 3.1.3\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"D:\hry\Wow 3.1.3\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe" = D:\hry\Wow 3.1.3\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"D:\Program Files\Hamachi\hamachi.exe" = D:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client -- (LogMeIn Inc.)
"D:\Documents and Settings\ondra\Plocha\programy\DC++\StrongDC.exe" = D:\Documents and Settings\ondra\Plocha\programy\DC++\StrongDC.exe:*:Enabled:StrongDC++ -- ()
"D:\hry\Warcraft III\Warcraft III\Warcraft III.exe" = D:\hry\Warcraft III\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"D:\Program Files\TeamViewer\Version5\TeamViewer.exe" = D:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"D:\Program Files\Ventrilo\Ventrilo.exe" = D:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"D:\WINDOWS\system32\dpvsetup.exe" = D:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\hry\Microsoft Games\Age of Empires II\age2_x1\age2_x1.exe" = C:\hry\Microsoft Games\Age of Empires II\age2_x1\age2_x1.exe:*:Enabled:Age of Empires II Expansion -- (Microsoft Corporation)
"D:\WINDOWS\system32\dplaysvr.exe" = D:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\CoH\RelicCOH.exe" = C:\CoH\RelicCOH.exe:*:Enabled:RelicCOH -- (THQ Canada Inc.)
"D:\hry\Wow 3.1.3\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe" = D:\hry\Wow 3.1.3\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"D:\Program Files\Steam\Steam.exe" = D:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0901FCE8-5415-4499-BBC8-1AA106DD66E2}" = Adobe Setup
"{129DDEC1-A6A3-3D60-AABE-76E6E5334922}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - CSY
"{13F7A77E-8B11-75C0-6DA1-D7C201DD0B77}" = Catalyst Control Center Graphics Light
"{16622757-3724-4DA8-A5CC-3CE75636E8B9}" = COMODO EasyVPN
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{26599B5C-19CC-2FF7-408A-3FE86E881CE0}" = ccc-core-static
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{293D5729-7C01-4FA4-A4DE-BB6A1587BBB9}" = PDF Settings
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2F3140FA-11CC-FA89-5F25-924E36D1EAE8}" = ccc-utility
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{5178C1BB-1EB1-4468-894B-7DE964DDCAA2}" = Adobe Photoshop CS3
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{564D0000-547B-4ED8-8070-85286CC8C9BF}" = OpenOffice.org 3.0
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6179A7D2-A668-4F1D-BC9A-DCC6A10C7871}" = Adobe Color NA Extra Settings
"{6869591A-7DD8-46D2-837F-57CBF7358955}" = Nokia Connectivity Cable Driver
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D12B99F-EAAA-49D8-8E2F-74FA7459CCB2}" = Adobe Asset Services CS3
"{6D316D67-DA52-4659-9C98-F479963534D6}" = Audiosurf
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{6FE8B722-4D7E-3CD7-BB3A-3AD1684B1295}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - CSY
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74DCC43B-33C9-3389-BD0D-33EB37973657}" = Microsoft .NET Framework 3.5 Language Pack - csy
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B32B8D8-76D7-FB63-470E-67DFB7DEA0DA}" = Catalyst Control Center Graphics Full Existing
"{7ECCA66F-9809-239A-BAD1-12BAA6080D67}" = Catalyst Control Center Graphics Previews Common
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8A7F6127-CF84-476E-B2DE-F3CC912CBF6C}" = RuneScape
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Povolání snů
"{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}" = Nokia PC Suite
"{997AD8E5-DBD1-60E1-4D47-20991B45622F}" = Catalyst Control Center Graphics Full New
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1029-7B44-A92000000001}" = Adobe Reader 9.2 - Czech
"{AE84E7FF-4DEC-48EC-BBA9-9A808E48DF8E}_is1" = Free MP3 Recorder 1.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B434CA41-53B0-D745-79FC-64AAAD7509B7}" = Skins
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD087F50-46B2-43E4-BD73-5DB3DC20B47C}" = Adobe Color EU Recommended Settings
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{D92B72E2-C854-4738-8ED6-4C3661CC17AE}" = Adobe Color JA Extra Settings
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DE922DA2-CB04-90DD-E230-AECEA81F381D}" = CCC Help English
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EEA77270-476A-2172-C3FC-DCAE572CF61B}" = Catalyst Control Center Core Implementation
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F68563C0-2CCD-4799-A014-017A370D627B}" = Sběratelská edice Heroes of Might and Magic V
"{FE67045B-AD41-C190-AFDC-009F28D3B195}" = ccc-core-preinstall
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Balíček ovladače systému Windows - Nokia Modem (10/05/2009 4.2)
"3FA1705966809259F916AF817C59B4F389F4572C" = Balíček ovladače systému Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"4f6dcc3b-179d-4b1b-80f0-b6083a0b3ce6_is1" = The Lord of the Rings Online™: Shadows of Angmar™ v07.12.30.70
"504244733D18C8F63FF584AEB290E3904E791693" = Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Balíček ovladače systému Windows - Nokia Modem (06/01/2009 7.01.0.4)
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_4977c84bcdc298c444ccfbdcccb660d" = Adobe Photoshop CS3
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II - The Conquerors - 1.0e Patch FINAL_is1" = Age of Empires II - The Conquerors - 1.0e Patch FINAL
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"All ATI Software" = Softarová utilita ATI - Odinstalovat
"All2WAV Recorder_is1" = All2WAV Recorder 3.20
"ATI Display Driver" = ATI Display Driver
"Audiosurf_is1" = Audiosurf Beta
"avast!" = avast! Antivirus
"BitComet" = BitComet 1.13
"BSPlayer1" = BSPlayer
"CCleaner" = CCleaner (remove only)
"CD Ripper a WAV - MP3 Encoder_is1" = CD Ripper a WAV - MP3 Encoder (14.04.2009)
"C-Media PCI Sound" = C-Media PCI Audio
"Diablo II" = Diablo II
"Fiddler2" = Fiddler2 (remove only)
"Fraps" = Fraps
"GameParkClient_is1" = GamePark
"Garena" = Garena
"Guitar Pro 5_is1" = Guitar Pro 5.2
"Hamachi" = Hamachi 1.0.3.0
"ie8" = Windows Internet Explorer 8
"Karaoke Editor_is1" = Verze 1.12
"L4DSP" = Left 4 Dead Standalone Patch
"Left 4 Dead_is1" = Left 4 Dead v1.0.0.5
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack - csy" = Microsoft .NET Framework 3.5 Language Pack - CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox (3.5.10)" = Mozilla Firefox (3.5.10)
"n2n Gui_is1" = n2n Gui 0.31
"Nokia PC Suite" = Nokia PC Suite
"PPTView97" = Microsoft PowerPoint Viewer 97
"PunkBusterSvc" = PunkBuster Services
"QIP Infium JadrisPack 2.5.0" = QIP Infium JadrisPack 2.5.0
"Re-Volt Demo" = Re-Volt Demo
"RocketDock_is1" = RocketDock 1.3.5
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 5" = TeamViewer 5
"TmNationsForever_is1" = TmNationsForever
"VLC media player" = VLC media player 1.0.0
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1060284298-287218729-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Warcraft III" = Warcraft III

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 10.11.2009 9:17:11 | Computer Name = JELEN | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of http://www.facebook.com/home.php failed, 0000A413.

Error - 19.2.2010 4:14:45 | Computer Name = JELEN | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of http://dl.s7.uloz.to/Ps;Hs;fid=3299904; ... Chaos%20CZ
failed, 00000084.

Error - 18.5.2010 10:06:14 | Computer Name = JELEN | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of D:\DOCUME~1\ondra\LOCALS~1\Temp\XxX.xXx failed, 00000005.

Error - 18.5.2010 16:02:57 | Computer Name = JELEN | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of D:\DOCUME~1\ondra\LOCALS~1\Temp\XxX.xXx failed, 00000005.

Error - 22.5.2010 7:00:59 | Computer Name = JELEN | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of F:\karneval kochánky 27.3.2010\IMG_5787.JPG failed, 0000045D.

Error - 31.5.2010 9:14:10 | Computer Name = JELEN | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of D:\DOCUME~1\ondra\LOCALS~1\Temp\XxX.xXx failed, 00000005.

Error - 1.6.2010 10:52:29 | Computer Name = JELEN | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of D:\DOCUME~1\ondra\LOCALS~1\Temp\XxX.xXx failed, 00000005.

Error - 24.6.2010 16:34:52 | Computer Name = JELEN | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of D:\DOCUME~1\ondra\LOCALS~1\Temp\XxX.xXx failed, 00000005.

Error - 25.6.2010 6:02:30 | Computer Name = JELEN | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of D:\DOCUME~1\ondra\LOCALS~1\Temp\XxX.xXx failed, 00000005.

Error - 26.6.2010 7:53:59 | Computer Name = JELEN | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of D:\DOCUME~1\ondra\LOCALS~1\Temp\XxX.xXx failed, 00000005.

[ Application Events ]
Error - 20.4.2010 12:01:56 | Computer Name = JELEN | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: A connection with the server could not be established

Error - 20.4.2010 12:02:05 | Computer Name = JELEN | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Takové síťové připojení neexistuje.

Error - 20.4.2010 12:02:05 | Computer Name = JELEN | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Takové síťové připojení neexistuje.

Error - 22.4.2010 9:48:53 | Computer Name = JELEN | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.

Error - 22.4.2010 9:49:48 | Computer Name = JELEN | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: 404 (Stav odpovědi HTTP)

Error - 22.4.2010 9:49:48 | Computer Name = JELEN | Source = crypt32 | ID = 131077
Description = Načtení automatické aktualizace kořenového certifikátu jiného výrobce
z: <http://www.download.windowsupdate.com/m ... 2A58FE.crt>
se nezdařilo. Chyba: 404 (Stav odpovědi HTTP)

Error - 22.4.2010 9:49:48 | Computer Name = JELEN | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Takové síťové připojení neexistuje.

Error - 25.4.2010 14:34:51 | Computer Name = JELEN | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.

Error - 25.4.2010 14:45:06 | Computer Name = JELEN | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: 404 (Stav odpovědi HTTP)

Error - 25.4.2010 14:45:06 | Computer Name = JELEN | Source = crypt32 | ID = 131077
Description = Načtení automatické aktualizace kořenového certifikátu jiného výrobce
z: <http://www.download.windowsupdate.com/m ... 2A58FE.crt>
se nezdařilo. Chyba: 404 (Stav odpovědi HTTP)

[ System Events ]
Error - 26.6.2010 17:17:19 | Computer Name = JELEN | Source = NetBT | ID = 4307
Description = Inicializace se nezdařila, protože přenos odmítl otevřít počáteční
adresy.

Error - 26.6.2010 17:17:38 | Computer Name = JELEN | Source = Dhcp | ID = 1001
Description = Počítači nebyla přiřazena síťová adresa (serverem DHCP) pro síťovou
kartu se síťovou adresou 0023C33D48CC. Došlo k následující chybě: %%1223. Počítač
se bude pokoušet získat síťovou adresu samostatně ze serveru DHCP.

Error - 26.6.2010 17:17:40 | Computer Name = JELEN | Source = ipnathlp | ID = 30013
Description = Přidělování DHCP bylo automaticky vypnuto u adresy IP 5.61.72.204,
protože
tato adresa nespadá do oboru 192.168.0.0/255.255.255.0, ze kterého jsou přidělovány
adresy klientům DHCP. Chcete-li přidělování DHCP u této adresy IP zapnout, změňte
obor tak, aby tuto adresu IP zahrnoval, nebo změňte adresu IP tak, aby spadala do
oboru.

Error - 28.6.2010 4:21:17 | Computer Name = JELEN | Source = ipnathlp | ID = 30013
Description = Přidělování DHCP bylo automaticky vypnuto u adresy IP 5.61.72.204,
protože
tato adresa nespadá do oboru 192.168.0.0/255.255.255.0, ze kterého jsou přidělovány
adresy klientům DHCP. Chcete-li přidělování DHCP u této adresy IP zapnout, změňte
obor tak, aby tuto adresu IP zahrnoval, nebo změňte adresu IP tak, aby spadala do
oboru.

Error - 28.6.2010 11:33:06 | Computer Name = JELEN | Source = Windows Update Agent | ID = 16
Description = Připojení se nezdařilo: Připojení ke službě automatických aktualizací
nelze navázat. Stažení a instalaci aktualizací podle tohoto plánu nelze spustit.
Pokus o navázání spojení bude opakován.

Error - 30.6.2010 5:49:55 | Computer Name = JELEN | Source = ipnathlp | ID = 30013
Description = Přidělování DHCP bylo automaticky vypnuto u adresy IP 5.61.72.204,
protože
tato adresa nespadá do oboru 192.168.0.0/255.255.255.0, ze kterého jsou přidělovány
adresy klientům DHCP. Chcete-li přidělování DHCP u této adresy IP zapnout, změňte
obor tak, aby tuto adresu IP zahrnoval, nebo změňte adresu IP tak, aby spadala do
oboru.

Error - 30.6.2010 10:48:59 | Computer Name = JELEN | Source = Dhcp | ID = 1000
Description = Zapůjčení adresy IP počítače 5.61.72.204 pro síťovou kartu se síťovou
adresou 0023053D48CC byla ukončena.

Error - 1.7.2010 5:13:56 | Computer Name = JELEN | Source = ipnathlp | ID = 30013
Description = Přidělování DHCP bylo automaticky vypnuto u adresy IP 5.61.72.204,
protože
tato adresa nespadá do oboru 192.168.0.0/255.255.255.0, ze kterého jsou přidělovány
adresy klientům DHCP. Chcete-li přidělování DHCP u této adresy IP zapnout, změňte
obor tak, aby tuto adresu IP zahrnoval, nebo změňte adresu IP tak, aby spadala do
oboru.

Error - 1.7.2010 5:16:59 | Computer Name = JELEN | Source = ipnathlp | ID = 31008
Description = Agentu serveru proxy služby DNS se nepodařilo načíst místní seznam
serverů pro překlad adres IP z registru. Uvedený údaj je kód chyby.

Error - 1.7.2010 5:19:36 | Computer Name = JELEN | Source = Windows Update Agent | ID = 16
Description = Připojení se nezdařilo: Připojení ke službě automatických aktualizací
nelze navázat. Stažení a instalaci aktualizací podle tohoto plánu nelze spustit.
Pokus o navázání spojení bude opakován.

< End of report >

#5 Příspěvek od **Caroprd111** » 01 črc 2010 16:26

Spusťte OTL a do spodního okna vložte následující skript.

Kód: Vybrat vše

:OTL
PRC - [2010.05.30 09:31:50 | 000,892,928 | RHS- | M] (PSY7cWk) -- D:\Documents and Settings\ondra\Local Settings\Temp\T8SoB.exe
PRC - [2010.05.09 14:30:16 | 000,483,395 | RHS- | M] (QoSxssp) -- D:\Documents and Settings\ondra\Local Settings\Temp\5a9v7.exe
IE - HKU\S-1-5-21-1060284298-287218729-1606980848-1003\..\URLSearchHook: - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-1060284298-287218729-1606980848-1003\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [3i0xcLrEpJlGBlzL4rqM3AO] D:\Documents and Settings\ondra\Local Settings\Temp\5a9v7.exe (QoSxssp)
O4 - HKLM..\Run: [CmPCIaudio] File not found
O4 - HKLM..\Run: [HKLM] D:\Documents and Settings\ondra\Local Settings\Temp\T8SoB.exe (PSY7cWk)
O4 - HKLM..\Run: [L07WGZr36fRQtwyzUcj] D:\Documents and Settings\ondra\Local Settings\Temp\T8SoB.exe (PSY7cWk)
O4 - HKU\S-1-5-21-1060284298-287218729-1606980848-1003..\Run: [7EfxRIQSMJOUgwF3QES4ujzx1] D:\Documents and Settings\ondra\Local Settings\Temp\T8SoB.exe (PSY7cWk)
O4 - HKU\S-1-5-21-1060284298-287218729-1606980848-1003..\Run: [HKCU] D:\Documents and Settings\ondra\Local Settings\Temp\T8SoB.exe (PSY7cWk)
O4 - HKU\S-1-5-21-1060284298-287218729-1606980848-1003..\Run: [rVSL8Klen6Kveo4] D:\Documents and Settings\ondra\Local Settings\Temp\5a9v7.exe (QoSx
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = D:\DOCUME~1\ondra\LOCALS~1\Temp\T8SoB.exe (PSY7cWk)
O7 - HKU\S-1-5-21-1060284298-287218729-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = D:\DOCUME~1\ondra\LOCALS~1\Temp\5a9v7.exe (QoSxssp)
O33 - MountPoints2\{61e6dbd8-80b0-11de-ba81-00690009b26d}\Shell - "" = AutoRun
O33 - MountPoints2\{7dda6af3-4cff-11de-b11b-00690009b26d}\Shell\AutoRun\command - "" = cv8j.exe
O33 - MountPoints2\{7dda6af3-4cff-11de-b11b-00690009b26d}\Shell\open\Command - "" = cv8j.exe
O33 - MountPoints2\{c9c842de-0a33-11dd-b276-806d6172696f}\Shell\AutoRun\command - "" = lcw.exe
O33 - MountPoints2\{c9c842de-0a33-11dd-b276-806d6172696f}\Shell\open\Command - "" = lcw.exe
O33 - MountPoints2\{c9c842df-0a33-11dd-b276-806d6172696f}\Shell\AutoRun\command - "" = lcw.exe
O33 - MountPoints2\{c9c842df-0a33-11dd-b276-806d6172696f}\Shell\open\Command - "" = lcw.exe
O33 - MountPoints2\C\Shell\AutoRun\command - "" = lcw.exe
O33 - MountPoints2\C\Shell\open\Command - "" = lcw.exe
O33 - MountPoints2\D\Shell\AutoRun\command - "" = lcw.exe
O33 - MountPoints2\D\Shell\open\Command - "" = lcw.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
[4 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]
[3 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
[2010.07.01 16:08:40 | 001,179,612 | -H-- | M] () -- D:\Documents and Settings\ondra\Data aplikací\cglogs.dat
[2010.06.24 12:56:46 | 011,759,475 | ---- | M] () -- D:\Documents and Settings\ondra\Plocha\Diablo 2 Crack.rar

:Commands
[EMPTYTEMP] 
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]

Klikněte na Opravit, PC se restartuje, log vložte sem.

Obrázek

Stáhněte na plochu UsbFix http://pagesperso-orange.fr/NosTools/Ch ... UsbFix.exe

Spusťte, poté klikněte na Deletion.
Po dokončení na Vás vyskočí log, vložte mi ho sem, případně ho najdete v C:\UsbFix.txt

Doporučuji odinstalovat Ad-Aware a Garenu

Obrázek

Doporučuji odinstalovat P2P klienty.

P2P sítě a jejich klienti jsou potenciálním bezpečnostním rizikem, prakticky neustále jsou zdrojem virů, zbytečně se vystavujete riziku.

Obrázek

Stáhněte na plochu CKScanner http://downloads.malwareremoval.com/CKScanner.exe

Spusťte a klikněte na "Search For Files", po dokončení skenu klikněte na "Save List to File" -> "OK"
Log s názvem ckfiles.txt bude uložený na ploše, obsah tohoto souboru sem vložte.

Přečtěte si SZ.

JelenJelcin · #6 Příspěvek od **JelenJelcin** » 01 črc 2010 17:17

All processes killed
========== OTL ==========
Process T8SoB.exe killed successfully!
Process 5a9v7.exe killed successfully!
Registry value HKEY_USERS\S-1-5-21-1060284298-287218729-1606980848-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1060284298-287218729-1606980848-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\3i0xcLrEpJlGBlzL4rqM3AO deleted successfully.
D:\Documents and Settings\ondra\Local Settings\Temp\5a9v7.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CmPCIaudio deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HKLM deleted successfully.
D:\Documents and Settings\ondra\Local Settings\Temp\T8SoB.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\L07WGZr36fRQtwyzUcj deleted successfully.
File D:\Documents and Settings\ondra\Local Settings\Temp\T8SoB.exe not found.
Registry value HKEY_USERS\S-1-5-21-1060284298-287218729-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Run\\7EfxRIQSMJOUgwF3QES4ujzx1 deleted successfully.
File D:\Documents and Settings\ondra\Local Settings\Temp\T8SoB.exe not found.
Registry value HKEY_USERS\S-1-5-21-1060284298-287218729-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Run\\HKCU deleted successfully.
File D:\Documents and Settings\ondra\Local Settings\Temp\T8SoB.exe not found.
Registry value HKEY_USERS\S-1-5-21-1060284298-287218729-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Run\\rVSL8Klen6Kveo4 deleted successfully.
File D:\Documents and Settings\ondra\Local Settings\Temp\5a9v7.exe (QoSx not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Policies deleted successfully.
File D:\DOCUME~1\ondra\LOCALS~1\Temp\T8SoB.exe not found.
Registry value HKEY_USERS\S-1-5-21-1060284298-287218729-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Policies deleted successfully.
File D:\DOCUME~1\ondra\LOCALS~1\Temp\5a9v7.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61e6dbd8-80b0-11de-ba81-00690009b26d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61e6dbd8-80b0-11de-ba81-00690009b26d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7dda6af3-4cff-11de-b11b-00690009b26d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7dda6af3-4cff-11de-b11b-00690009b26d}\ not found.
File cv8j.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7dda6af3-4cff-11de-b11b-00690009b26d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7dda6af3-4cff-11de-b11b-00690009b26d}\ not found.
File cv8j.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9c842de-0a33-11dd-b276-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c9c842de-0a33-11dd-b276-806d6172696f}\ not found.
File lcw.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9c842de-0a33-11dd-b276-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c9c842de-0a33-11dd-b276-806d6172696f}\ not found.
File lcw.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9c842df-0a33-11dd-b276-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c9c842df-0a33-11dd-b276-806d6172696f}\ not found.
File lcw.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9c842df-0a33-11dd-b276-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c9c842df-0a33-11dd-b276-806d6172696f}\ not found.
File lcw.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\ deleted successfully.
File lcw.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\ not found.
File lcw.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully.
File lcw.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
File lcw.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
D:\WINDOWS\System32\CONFIG.TMP deleted successfully.
D:\WINDOWS\System32\SET73.tmp deleted successfully.
D:\WINDOWS\System32\SET77.tmp deleted successfully.
D:\WINDOWS\System32\SET7F.tmp deleted successfully.
D:\WINDOWS\SET3.tmp deleted successfully.
D:\WINDOWS\SET4.tmp deleted successfully.
D:\WINDOWS\SET8.tmp deleted successfully.
D:\Documents and Settings\ondra\Data aplikací\cglogs.dat moved successfully.
D:\Documents and Settings\ondra\Plocha\Diablo 2 Crack.rar moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: ondra
->Temp folder emptied: 6159879 bytes
->Temporary Internet Files folder emptied: 3485288173 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 81097071 bytes
->Flash cache emptied: 1990553 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 180707 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 33193780 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 3 441,00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: ondra
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.7.0 log created on 07012010_180309

Files\Folders moved on Reboot...
File\Folder D:\Documents and Settings\ondra\Local Settings\Temp\~DF58E4.tmp not found!
File\Folder D:\Documents and Settings\ondra\Local Settings\Temp\~DF594E.tmp not found!
File\Folder D:\Documents and Settings\ondra\Local Settings\Temp\~DF5ACD.tmp not found!
File\Folder D:\Documents and Settings\ondra\Local Settings\Temp\~DF5AE8.tmp not found!
File\Folder D:\Documents and Settings\ondra\Local Settings\Temp\~DF5C71.tmp not found!
File\Folder D:\Documents and Settings\ondra\Local Settings\Temp\~DF5C96.tmp not found!
D:\Documents and Settings\ondra\Local Settings\Temporary Internet Files\Content.IE5\994THBLR\afr[1].htm moved successfully.
D:\Documents and Settings\ondra\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File move failed. D:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
D:\WINDOWS\temp\Perflib_Perfdata_30c.dat moved successfully.

Registry entries deleted on Reboot...

#7 Příspěvek od **Caroprd111** » 01 črc 2010 17:18

OK, ještě další kroky.

JelenJelcin · #8 Příspěvek od **JelenJelcin** » 01 črc 2010 17:26

############################## | UsbFix 7.015 | [Deletion]

User: ondra (Administrator) # JELEN [ ]
Updated 01/07/10 by El Desaparecido / C_XX
Started at 18:17:58 | 01/07/2010
Website: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com

CPU: AMD Sempron(tm) 2200+
Systém Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 8.0.6001.18702

Windows Firewall: Disabled /!\
Antivirus: avast! antivirus 4.8.1335 [VPS 100406-1] 4.8.1335 [Enabled | (!) Outdated]
RAM -> 1023 Mb
C:\ -> Fixed drive # 39 Gb (713 Mb free - 2%) [O-Programy] # NTFS
D:\ (%systemdrive%) -> Fixed drive # 110 Gb (4 Mb free - 4%) [] # NTFS
E:\ -> CD-ROM
G:\ -> CD-ROM

################## | Files # Infected Folders |

Deleted ! D:\Documents and Settings\ondra\Data aplikací\logs.dat
Deleted ! D:\Documents and Settings\ondra\Data aplikací\SQLite3.dll
Deleted ! C:\Autorun.inf
Deleted ! D:\Autorun.inf
Deleted ! C:\resycled

################## | Registry |

Deleted ! HKLM\Software\Classes\CLSID\MADOWN
Deleted ! HKLM\SYSTEM\ControlSet001\Services\AVPsys
Deleted ! HKLM\SYSTEM\ControlSet002\Services\AVPsys

################## | Mountpoints2 |

################## | Listing |

[31/03/2010 - 07:27:48 | D ] C:\.jagex_cache_32
[01/07/2010 - 18:10:19 | A | 72796] C:\aaw7boot.log
[03/03/2010 - 14:42:10 | D ] C:\Adobe Photoshop CS3 CZ
[18/09/2007 - 21:54:59 | A | 0] C:\AUTOEXEC.BAT
[19/09/2007 - 14:21:20 | D ] C:\bb2
[18/09/2007 - 21:48:33 | ASH | 211] C:\BOOT.BKK
[16/06/2010 - 11:06:40 | RSH | 345] C:\boot.ini
[25/10/2001 - 16:00:00 | RASH | 4952] C:\Bootfont.bin
[02/06/2010 - 21:48:12 | D ] C:\CoH
[31/07/2009 - 09:23:51 | SHD ] C:\Config.Msi
[18/09/2007 - 21:54:59 | A | 0] C:\CONFIG.SYS
[03/03/2010 - 15:41:25 | D ] C:\CS3
[08/05/2010 - 09:08:06 | D ] C:\directory
[10/05/2010 - 23:10:02 | D ] C:\do mobilu
[08/08/2009 - 13:23:16 | D ] C:\Documents and Settings
[29/04/2010 - 20:56:43 | RD ] C:\Downloads
[10/05/2010 - 23:26:39 | A | 4009270] C:\Edward Maya feat. Vika Jigulina - Stereo Love.mp3
[29/06/2010 - 21:39:09 | A | 183513479] C:\HIMYM-S04E15-The_Stinsons.rar
[10/05/2010 - 23:25:23 | A | 6233651] C:\HP6 28 The Weasley Stomp.mp3
[23/06/2010 - 10:45:14 | D ] C:\hry
[18/09/2007 - 21:54:59 | RASH | 0] C:\IO.SYS
[18/09/2007 - 21:54:59 | RASH | 0] C:\MSDOS.SYS
[20/01/2010 - 23:55:42 | RHD ] C:\MSOCache
[13/04/2008 - 22:13:04 | RASH | 47564] C:\NTDETECT.COM
[14/04/2008 - 00:01:48 | RASH | 250576] C:\ntldr
[04/09/2009 - 14:33:12 | D ] C:\QIP Infium JadrisPack
[01/07/2010 - 18:23:12 | SHD ] C:\RECYCLER
[19/11/2009 - 19:27:17 | D ] C:\RP6
[02/06/2010 - 10:12:25 | A | 4971939840] C:\Sim3amb.iso
[01/07/2010 - 18:18:57 | SHD ] C:\System Volume Information
[08/08/2009 - 00:34:45 | D ] D:\!KillBox
[08/08/2009 - 13:05:41 | HD ] D:\a
[31/07/2009 - 19:54:50 | D ] D:\ATI
[22/06/2010 - 16:46:12 | SHD ] D:\Config.Msi
[12/08/2009 - 21:42:04 | D ] D:\CSS
[18/01/2010 - 19:02:30 | D ] D:\de935c7da5c6d503ec95e05f65a534
[04/08/2009 - 23:41:17 | D ] D:\Documents and Settings
[18/06/2010 - 12:50:00 | D ] D:\Downloads
[16/10/2009 - 20:03:52 | D ] D:\Fraps
[01/07/2010 - 18:10:21 | ASH | 1072549888] D:\hiberfil.sys
[24/06/2010 - 17:24:51 | D ] D:\hry
[26/12/2009 - 21:19:15 | RD ] D:\Mobil
[13/05/2010 - 17:16:55 | RD ] D:\MP3
[21/05/2010 - 22:34:05 | D ] D:\NHL 09
[01/07/2010 - 18:10:19 | ASH | 1610612736] D:\pagefile.sys
[29/06/2010 - 10:28:26 | RD ] D:\Program Files
[10/11/2008 - 01:01:32 | A | 649] D:\Q9HMF-F4PRH-9V66F-GC473-27DM3.txt
[01/07/2010 - 18:23:12 | SHD ] D:\RECYCLER
[18/05/2010 - 15:20:40 | D ] D:\ReHoc MS10 roster
[21/02/2009 - 16:05:24 | A | 141084] D:\Skola.rar
[01/07/2010 - 18:08:47 | SHD ] D:\System Volume Information
[01/07/2010 - 18:23:12 | D ] D:\UsbFix
[01/07/2010 - 18:23:19 | A | 2745] D:\UsbFix.txt
[01/07/2010 - 18:03:15 | D ] D:\WINDOWS
[01/07/2010 - 18:03:09 | D ] D:\_OTL
[26/08/2009 - 15:53:19 | A | 22016] D:\škola 1.doc
[26/08/2009 - 15:52:29 | A | 24576] D:\Škola.doc

################## | Vaccin |

C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
D:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)

################## | Upload |

Please send the file: D:\UsbFix_Upload_Me_JELEN.zip
http://chiquitine.changelog.fr/Sample/Upload.php
Thank you for your contribution.

################## | E.O.F |

JelenJelcin · #9 Příspěvek od **JelenJelcin** » 01 črc 2010 17:27

CKScanner - Additional Security Risks - These are not necessarily bad
c:\adobe photoshop cs3 cz\!crack\cti.txt
c:\adobe photoshop cs3 cz\!crack\photoshop.exe
c:\hry\microsoft games\aoeii\cracked\empires2.exe
scanner sequence 3.CP.11
----- EOF -----

JelenJelcin · #10 Příspěvek od **JelenJelcin** » 01 črc 2010 17:29

a P2P je treba hamachi a n2n a tak ? a precist si SP to nevim co je

#11 Příspěvek od **Caroprd111** » 01 črc 2010 17:41

P2P klient je třeba BitComet. SZ je Soukromá zpráva (vlevo nahoře).

Obrázek

Odinstalujte všechny emulátory virtuálních mechanik.

Obrázek

Stáhněte SPTD http://www.duplexsecure.com/en/downloads

Vyberte verzi podle svého operačního systému (64 & 32b). Uložte na plochu a spusťte.
zvolte možnost Uninstall a restartujte PC.

Stáhněte a spusťte http://www.jpshortstuff.247fixes.com/Defogger.exe

Klikněte na "Disable" a restartujte PC.

Stáhněte MBR na plochu http://www2.gmer.net/mbr/mbr.exe

Obrázek

Start > Spustit (Win + R)

Vyskočí okénko, zkopírujte do něj:

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

Klikněte na OK

Vytvoří se log s názvem mbr.log, vložte ho sem.

Dejte log z Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878

JelenJelcin · #12 Příspěvek od **JelenJelcin** » 01 črc 2010 18:07

Start > Spustit (Win + R) toto mi nejde

JelenJelcin · #13 Příspěvek od **JelenJelcin** » 01 črc 2010 18:09

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-07-01 19:08:54
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: D:\DOCUME~1\ondra\LOCALS~1\Temp\axtdypow.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

#14 Příspěvek od **Caroprd111** » 01 črc 2010 18:13

JelenJelcin píše:Start > Spustit (Win + R) toto mi nejde

Popište mi to přesněji.

JelenJelcin · #15 Příspěvek od **JelenJelcin** » 01 črc 2010 18:44

udělal sem todle - Stáhněte MBR na plochu http://www2.gmer.net/mbr/mbr.exe
a ten dalsi krok - Start > Spustit (Win + R)
udelam ale nic se nespusti takze nemuzu udelat - Vyskočí okénko, zkopírujte do něj:
Kód:
"%userprofile%\plocha\mbr" -t

Klikněte na OK
Vytvoří se log s názvem mbr.log, vložte ho sem.

VIRY.CZ

T8SoB.exe a 5a9v7.exe

T8SoB.exe a 5a9v7.exe

Re: T8SoB.exe a 5a9v7.exe

Re: T8SoB.exe a 5a9v7.exe

Re: T8SoB.exe a 5a9v7.exe

Re: T8SoB.exe a 5a9v7.exe

Re: T8SoB.exe a 5a9v7.exe

Re: T8SoB.exe a 5a9v7.exe

Re: T8SoB.exe a 5a9v7.exe

Re: T8SoB.exe a 5a9v7.exe

Re: T8SoB.exe a 5a9v7.exe

Re: T8SoB.exe a 5a9v7.exe

Re: T8SoB.exe a 5a9v7.exe

Re: T8SoB.exe a 5a9v7.exe

Re: T8SoB.exe a 5a9v7.exe

Re: T8SoB.exe a 5a9v7.exe