VIRY.CZ

Po zapnuti pc se porad zapisuje na HDD. Sviti cervena dioda. Dyskem to neni. Kontroloval jsem diagnostikou. Takze asi nejaky vir. Prosim o zkontrolovani.Dekuji

Logfile of random's system information tool 1.08 (written by random/random)
Run by wotan at 2011-04-03 11:16:20
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 29 GB (58%) free of 50 GB
Total RAM: 3326 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:16:25, on 3.4.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17095)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Microsoft Office 2007\Office12\GrooveMonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Saitek\Software\ProfilerU.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hard Disk Sentinel\HDSentinel.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\MSTMON_Q.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
I:\STEAM\steam.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\ICQ7.4\ICQ.exe
C:\Documents and Settings\wotan\Plocha\1\Tor Browser\App\vidalia.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\TechSmith\Snagit 10\Snagit32.exe
C:\Program Files\TechSmith\Snagit 10\TSCHelp.exe
C:\Program Files\TechSmith\Snagit 10\SnagPriv.exe
C:\Program Files\TechSmith\Snagit 10\snagiteditor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\wotan\Local Settings\Data aplikací\Opera\Opera\temporary_downloads\RSIT.exe
C:\Program Files\trend micro\wotan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: - - - (no file)
R3 - URLSearchHook: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.3\iobitToolbarIE.dll
R3 - URLSearchHook: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: Free Lunch Design Toolbar - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFree.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.3\iobitToolbarIE.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Free Lunch Design Toolbar - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFree.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office 2007\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CHelper Class - {99A7C4DD-B2E6-4CA0-BB6E-737A61364155} - C:\PROGRA~1\EUROTR~1\e2003i.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: kikin Plugin - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll
O3 - Toolbar: Free Lunch Design Toolbar - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFree.dll
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll
O3 - Toolbar: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.3\iobitToolbarIE.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office 2007\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\ProfilerU.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Hard Disk Sentinel] "C:\Program Files\Hard Disk Sentinel\HDSentinel.exe" /AUTORUN
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [KONICA MINOLTA PagePro 1350WStatusDisplay] C:\WINDOWS\system32\MSTMON_Q.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Services] C:\WINDOWS\msde.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [Steam] "I:\STEAM\steam.exe" -silent
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [Vidalia] "C:\Documents and Settings\wotan\Plocha\1\Tor Browser\App\vidalia.exe"
O4 - HKCU\..\Run: [ICQ] ~"C:\Program Files\ICQ7.4\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: RocketDock.lnk = C:\Program Files\RocketDock\RocketDock.exe
O4 - Global Startup: Snagit 10.lnk = C:\Program Files\TechSmith\Snagit 10\Snagit32.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll
O9 - Extra 'Tools' menuitem: My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Eurotran - {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - C:\PROGRA~1\EUROTR~1\e2003i.dll
O9 - Extra 'Tools' menuitem: Eurotran - {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - C:\PROGRA~1\EUROTR~1\e2003i.dll
O9 - Extra button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office 2007\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 15501 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AWC AutoSweep.job
C:\WINDOWS\tasks\AWC Update.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
SnagIt Toolbar Loader - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll [2010-04-13 63304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}]
Dealio Toolbar - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll [2011-01-28 726016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}]
IObit Toolbar - C:\Program Files\IObit Toolbar\IE\4.3\iobitToolbarIE.dll [2011-01-28 726016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-05-06 1262888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]
Free Lunch Design Toolbar - C:\Program Files\Free_Lunch_Design\tbFree.dll [2008-11-24 1784856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office 2007\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99A7C4DD-B2E6-4CA0-BB6E-737A61364155}]
CHelper Class - C:\PROGRA~1\EUROTR~1\e2003i.dll [2009-12-27 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22 1242504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-17 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
kikin Plugin - C:\Program Files\kikin\ie_kikin.dll [2010-11-23 919408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-11-17 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2011-02-01 1499440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-09-06 1048888]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-05-06 1262888]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - Snagit - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll [2010-04-13 206152]
{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - Free Lunch Design Toolbar - C:\Program Files\Free_Lunch_Design\tbFree.dll [2008-11-24 1784856]
{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - Dealio Toolbar - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll [2011-01-28 726016]
{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - IObit Toolbar - C:\Program Files\IObit Toolbar\IE\4.3\iobitToolbarIE.dll [2011-01-28 726016]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2011-02-01 1499440]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=C:\Program Files\Microsoft Office 2007\Office12\GrooveMonitor.exe [2008-10-25 31072]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-08-20 16384512]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"Profiler"=C:\Program Files\Saitek\Software\ProfilerU.exe [2005-08-30 163840]
"SaiMfd"=C:\Program Files\Saitek\Software\SaiMfd.exe [2005-09-02 126976]
"wcmdmgr"=C:\WINDOWS\wt\updater\wcmdmgrl.exe [2001-01-25 20480]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-09-13 49152]
"Hard Disk Sentinel"=C:\Program Files\Hard Disk Sentinel\HDSentinel.exe [2009-02-24 3291648]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-03-14 71216]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-03-14 54832]
"KONICA MINOLTA PagePro 1350WStatusDisplay"=C:\WINDOWS\system32\MSTMON_Q.EXE [2004-11-26 167936]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"SearchSettings"=C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe [2011-01-28 526336]
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2011-03-13 114992]
"Services"=C:\WINDOWS\msde.exe [2011-04-02 3648000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2010-10-08 328056]
"DU Meter"=C:\Program Files\DU Meter\DUMeter.exe [2007-11-11 2585360]
"Steam"=I:\STEAM\steam.exe [2011-02-27 1242448]
"Advanced SystemCare 3"=C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe [2010-12-16 2403536]
"Vidalia"=C:\Documents and Settings\wotan\Plocha\1\Tor Browser\App\vidalia.exe [2011-03-24 5636136]
"ICQ"=~C:\Program Files\ICQ7.4\ICQ.exe silent loginmode=4 []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
RocketDock.lnk - C:\Program Files\RocketDock\RocketDock.exe
Snagit 10.lnk - C:\Program Files\TechSmith\Snagit 10\Snagit32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-02-26 126976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2007-12-27 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office 2007\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoResolveSearch"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office 2007\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office 2007\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office 2007\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office 2007\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office 2007\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office 2007\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\TC UP\TOTALCMD.EXE"="C:\Program Files\TC UP\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"
"J:\english\IPCamTool.exe"="J:\english\IPCamTool.exe:*:Enabled:IPCamTool Microsoft ???????"
"I:\games\gtaa4\Grand Theft Auto IV\LaunchGTAIV.exe"="I:\games\gtaa4\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"
"I:\games\Mass Effect 2\Binaries\MassEffect2.exe"="I:\games\Mass Effect 2\Binaries\MassEffect2.exe:*:Enabled:Mass Effect 2 Game"
"I:\games\Mass Effect 2\MassEffect2Launcher.exe"="I:\games\Mass Effect 2\MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 Launcher"
"D:\GAMES\civilizace4\Civilization4.exe"="D:\GAMES\civilizace4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"D:\GAMES\civilizace4\Warlords\Civ4Warlords.exe"="D:\GAMES\civilizace4\Warlords\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4 Warlords"
"D:\GAMES\civilizace4\Warlords\Civ4Warlords_PitBoss.exe"="D:\GAMES\civilizace4\Warlords\Civ4Warlords_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Pitboss"
"D:\GAMES\civilizace4\Beyond the Sword\Civ4BeyondSword.exe"="D:\GAMES\civilizace4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword"
"D:\GAMES\civilizace4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe"="D:\GAMES\civilizace4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss"
"I:\games\dead space2\deadspace2.exe"="I:\games\dead space2\deadspace2.exe:*:Enabled:Dead Space™ 2"
"I:\games\Fulspectrum\Launcher.exe"="I:\games\Fulspectrum\Launcher.exe:*:Enabled:Launcher"
"I:\games\f\fsw2.exe"="I:\games\f\fsw2.exe:*:Enabled:"Full Spectrum Warrrior 2: Ten Hammers" Game"
"I:\STEAM\Steam.exe"="I:\STEAM\Steam.exe:*:Enabled:Steam"
"C:\UDK\40 Stories\Binaries\Win32\UDK.exe"="C:\UDK\40 Stories\Binaries\Win32\UDK.exe:*:Enabled:UDK"
"I:\games\DoWar2R\DOW2.exe"="I:\games\DoWar2R\DOW2.exe:*:Enabled:Dawn of War II"
"I:\games\World_of_Tanks_closed_Beta\WorldOfTanks.exe"="I:\games\World_of_Tanks_closed_Beta\WorldOfTanks.exe:*:Enabled:World of Tanks"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"I:\STEAM\steamapps\common\killingfloor\System\KillingFloor.exe"="I:\STEAM\steamapps\common\killingfloor\System\KillingFloor.exe:*:Enabled:Killing Floor"
"C:\WINDOWS\msde.exe"="C:\WINDOWS\msde.exe:*:Enabled:Services controller"
"I:\games\World_of_Tanks_closed_Beta\WOTLauncher.exe"="I:\games\World_of_Tanks_closed_Beta\WOTLauncher.exe:*:Enabled:World of Tanks Launcher"
"C:\Program Files\ICQ7.4\ICQ.exe"="C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.4\ICQ.exe"="C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"

======List of files/folders created in the last 1 months======

2011-04-03 11:03:54 ----D---- C:\Program Files\trend micro
2011-04-03 11:03:50 ----D---- C:\rsit
2011-04-02 21:56:27 ----D---- C:\Program Files\ICQ7.4
2011-04-02 10:31:50 ----A---- C:\WINDOWS\system32\WmJoyFrc.dll
2011-04-02 10:31:50 ----A---- C:\WINDOWS\system32\drivers\WmXlCore.sys
2011-04-02 10:31:50 ----A---- C:\WINDOWS\system32\drivers\WmVirHid.sys
2011-04-02 10:31:50 ----A---- C:\WINDOWS\system32\drivers\WmFilter.sys
2011-04-02 10:31:50 ----A---- C:\WINDOWS\system32\drivers\WmBEnum.sys
2011-04-02 10:31:49 ----D---- C:\Program Files\Logitech
2011-04-02 10:31:38 ----D---- C:\Program Files\Common Files\Logitech
2011-04-02 09:17:25 ----D---- C:\WINDOWS\dmf
2011-04-02 09:17:23 ----A---- C:\WINDOWS\msde.exe
2011-04-01 16:33:31 ----D---- C:\Program Files\Warblade
2011-04-01 16:26:44 ----D---- C:\DeluxeGalaga
2011-03-31 11:10:49 ----D---- C:\Program Files\Worms Armageddon - New Edition
2011-03-31 10:24:48 ----A---- C:\WINDOWS\wa.INI
2011-03-31 09:17:14 ----D---- C:\Documents and Settings\wotan\Data aplikací\Vidalia
2011-03-24 20:08:19 ----D---- C:\Program Files\SweetIM
2011-03-24 20:08:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\SweetIM
2011-03-24 11:16:59 ----HDC---- C:\WINDOWS\$NtUninstallKB2524375$
2011-03-16 14:40:23 ----HDC---- C:\WINDOWS\$NtUninstallKB971029$
2011-03-16 11:12:36 ----D---- C:\Documents and Settings\wotan\Data aplikací\skypePM
2011-03-16 11:07:34 ----D---- C:\Program Files\Common Files\Skype
2011-03-16 11:07:33 ----RD---- C:\Program Files\Skype
2011-03-16 11:07:32 ----D---- C:\Documents and Settings\wotan\Data aplikací\Skype
2011-03-16 11:07:25 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2011-03-12 22:41:46 ----D---- C:\Documents and Settings\wotan\Data aplikací\wargaming.net
2011-03-11 11:20:59 ----D---- C:\Program Files\IObit Toolbar
2011-03-09 21:46:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2479943$
2011-03-09 21:44:43 ----A---- C:\WINDOWS\imsins.BAK
2011-03-09 21:44:39 ----HDC---- C:\WINDOWS\$NtUninstallKB2481109$
2011-03-06 01:34:07 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-03-06 01:09:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\IObit
2011-03-06 00:57:36 ----D---- C:\Documents and Settings\wotan\Data aplikací\Clonk
2011-03-06 00:57:33 ----D---- C:\Program Files\Clonk Endeavour
2011-03-06 00:50:59 ----D---- C:\UDK
2011-03-06 00:09:21 ----D---- C:\Documents and Settings\wotan\Data aplikací\Dealio
2011-03-06 00:07:48 ----D---- C:\Documents and Settings\wotan\Data aplikací\IObit
2011-03-06 00:07:47 ----D---- C:\Program Files\IObit

======List of files/folders modified in the last 1 months======

2011-04-03 11:15:54 ----D---- C:\Documents and Settings\wotan\Data aplikací\uTorrent
2011-04-03 11:03:54 ----RD---- C:\Program Files
2011-04-03 10:48:38 ----D---- C:\WINDOWS\system32\inetsrv
2011-04-03 10:47:29 ----D---- C:\WINDOWS\Temp
2011-04-03 10:47:04 ----D---- C:\WINDOWS\system32\CatRoot2
2011-04-03 10:45:09 ----D---- C:\WINDOWS
2011-04-03 10:44:13 ----D---- C:\Program Files\ICQ6Toolbar
2011-04-02 23:23:15 ----D---- C:\Documents and Settings\wotan\Data aplikací\ICQ
2011-04-02 21:57:05 ----D---- C:\WINDOWS\Prefetch
2011-04-02 21:57:02 ----HD---- C:\Program Files\InstallShield Installation Information
2011-04-02 21:56:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\ICQ
2011-04-02 10:32:23 ----D---- C:\WINDOWS\system32\drivers
2011-04-02 10:32:20 ----D---- C:\WINDOWS\system32\ReinstallBackups
2011-04-02 10:32:18 ----HD---- C:\WINDOWS\inf
2011-04-02 10:32:14 ----D---- C:\WINDOWS\system32\dllcache
2011-04-02 10:32:09 ----D---- C:\WINDOWS\system32
2011-04-02 10:31:38 ----D---- C:\Program Files\Common Files
2011-04-02 09:10:31 ----D---- C:\WINDOWS\system32\oodag
2011-04-01 19:00:00 ----D---- C:\WINDOWS\system32\config
2011-03-31 12:35:48 ----A---- C:\WINDOWS\win.ini
2011-03-30 20:46:14 ----D---- C:\Program Files\Mozilla Firefox
2011-03-24 23:40:03 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-03-24 20:08:32 ----SHD---- C:\WINDOWS\Installer
2011-03-24 11:16:31 ----HD---- C:\WINDOWS\$hf_mig$
2011-03-13 01:53:00 ----A---- C:\WINDOWS\NeroDigital.ini
2011-03-12 22:37:30 ----D---- C:\WINDOWS\WinSxS
2011-03-12 22:36:39 ----RSD---- C:\WINDOWS\assembly
2011-03-12 22:36:19 ----D---- C:\WINDOWS\system32\DirectX
2011-03-10 13:10:47 ----D---- C:\Documents and Settings\wotan\Data aplikací\vlc
2011-03-09 21:45:11 ----D---- C:\WINDOWS\Debug
2011-03-09 21:45:07 ----A---- C:\WINDOWS\system32\MRT.exe
2011-03-09 21:45:03 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2011-03-06 13:33:08 ----D---- C:\Documents and Settings\wotan\Data aplikací\FSW2
2011-03-06 12:24:06 ----D---- C:\Program Files\Nokia
2011-03-06 12:23:39 ----D---- C:\Program Files\Common Files\Nokia
2011-03-06 00:51:10 ----RSH---- C:\boot.ini
2011-03-06 00:51:00 ----D---- C:\WINDOWS\Logs
2011-03-06 00:31:48 ----D---- C:\WINDOWS\security
2011-03-06 00:31:32 ----D---- C:\WINDOWS\repair
2011-03-06 00:31:32 ----D---- C:\Program Files\Zrychleni Pocitace
2011-03-06 00:31:32 ----D---- C:\Program Files\Winamp Toolbar
2011-03-06 00:31:32 ----D---- C:\Program Files\PokerStars.NET
2011-03-06 00:31:32 ----D---- C:\Program Files\Motocross The Force 9XX
2011-03-06 00:31:32 ----D---- C:\Program Files\Mark Word
2011-03-06 00:31:32 ----D---- C:\Program Files\JDownloader
2011-03-06 00:31:32 ----D---- C:\Program Files\Hard Disk Sentinel
2011-03-06 00:31:32 ----D---- C:\Program Files\Free_Lunch_Design
2011-03-06 00:31:32 ----D---- C:\Program Files\diskSpace Explorer
2011-03-06 00:31:31 ----D---- C:\WinSetupFromUSB
2011-03-06 00:30:12 ----D---- C:\WINDOWS\twain_32
2011-03-06 00:30:12 ----D---- C:\Program Files\Winrar
2011-03-06 00:11:22 ----SD---- C:\WINDOWS\Tasks
2011-03-06 00:08:15 ----SHD---- C:\System Volume Information
2011-03-06 00:08:15 ----D---- C:\WINDOWS\system32\Restore

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 d347bus;d347bus; C:\WINDOWS\system32\DRIVERS\d347bus.sys [2004-08-22 155136]
R0 d347prt;d347prt; C:\WINDOWS\System32\Drivers\d347prt.sys [2004-08-22 5248]
R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\system32\DRIVERS\PxHelp20.sys [2009-04-28 44944]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a); C:\WINDOWS\System32\drivers\sfdrv01a.sys [2006-07-05 63352]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2006-06-14 13680]
R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2006-09-24 5248]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-15 76544]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 VD_FileDisk;VD_FileDisk; C:\WINDOWS\system32\drivers\VD_FileDisk.sys [2006-01-13 15872]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl []
R2 acedrv11;acedrv11; \??\C:\WINDOWS\system32\drivers\acedrv11.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-02-26 2863616]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-08-28 4609024]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-05-31 96896]
R3 SaiMini;SaiMini; C:\WINDOWS\system32\DRIVERS\SaiMini.sys [2005-09-02 13824]
R3 SaiNtBus;SaiNtBus; C:\WINDOWS\system32\drivers\SaiBus.sys [2005-09-02 35200]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys [2003-09-19 45056]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2005-04-12 10144]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2005-04-12 45504]
S2 MLPTDR_Q;MLPTDR_Q; \??\C:\WINDOWS\system32\MLPTDR_Q.SYS []
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-12-15 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-12-15 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-15 21744]
S3 pbfilter;pbfilter; \??\C:\Program Files\PeerBlock\pbfilter.sys []
S3 SaiH80C0;SaiH80C0; C:\WINDOWS\system32\DRIVERS\SaiH80C0.sys [2005-08-31 173824]
S3 tapavpn;Steganos Anonym VPN Adapter; C:\WINDOWS\system32\DRIVERS\tapavpn.sys [2007-10-19 24320]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2005-04-12 22240]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2005-04-12 5600]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2011-01-28 387072]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-02-26 520192]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 DUMeterSvc;DU Meter Service; C:\Program Files\DU Meter\DUMeterSvc.exe [2007-10-15 1382672]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
R2 IISADMIN;Správa služby IIS; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-11-17 153376]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2007-01-12 707344]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2007-05-14 272024]
R2 SMTPSVC;Simple Mail Transport Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]
R2 W3SVC;Publikování na webu; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-02-25 593920]
S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2010-05-20 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office 2007\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-02-08 212480]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

provedeno.


ComboFix 11-04-02.03 - wotan 03.04.2011 11:38:48.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3326.2512 [GMT 2:00]
Spuštěný z: c:\documents and settings\wotan\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 110403-0] *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\deluxegalaga\DeluxeGalaga.exe
c:\documents and settings\wotan\Data aplikací\Dealio
c:\documents and settings\wotan\Data aplikací\Dealio\res\widgets.xml
c:\documents and settings\wotan\Data aplikací\Dealio\temp\http___www_dealio_com_rss_coupons-deals_top_7days__cnid=[CHANNEL_ID]&ccv=[CODE_VER]&ISN=[ISN].xml
c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\IE\4.3\config.ini
c:\program files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\program files\Dealio Toolbar\WidgiHelper.exe
c:\program files\IObit Toolbar\IE\4.3\ioBIttoolbarie.dll
c:\windows\daemon.dll
c:\windows\system32\Cache
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-03-03 do 2011-04-03 )))))))))))))))))))))))))))))))
.
.
2011-04-03 09:03 . 2011-04-03 09:16 -------- d-----w- c:\program files\trend micro
2011-04-03 09:03 . 2011-04-03 09:04 -------- d-----w- C:\rsit
2011-04-02 19:56 . 2011-04-02 19:57 -------- d-----w- c:\program files\ICQ7.4
2011-04-02 08:31 . 2005-04-12 17:21 22240 ----a-w- c:\windows\system32\drivers\WmFilter.sys
2011-04-02 08:31 . 2005-04-12 17:21 5600 ----a-w- c:\windows\system32\drivers\WmVirHid.sys
2011-04-02 08:31 . 2005-04-12 17:21 10144 ----a-w- c:\windows\system32\drivers\WmBEnum.sys
2011-04-02 08:31 . 2005-04-12 17:21 45504 ----a-w- c:\windows\system32\drivers\WmXlCore.sys
2011-04-02 08:31 . 2005-04-12 17:09 159744 ----a-w- c:\windows\system32\WmJoyFrc.dll
2011-04-02 08:31 . 2011-04-02 08:31 -------- d-----w- c:\program files\Logitech
2011-04-02 08:31 . 2011-04-02 08:31 -------- d-----w- c:\program files\Common Files\Logitech
2011-04-01 14:33 . 2011-04-01 14:33 -------- d-----w- c:\program files\Warblade
2011-04-01 14:26 . 2011-04-03 09:40 -------- d-----w- C:\DeluxeGalaga
2011-03-31 09:10 . 2011-04-01 19:50 -------- d-----w- c:\program files\Worms Armageddon - New Edition
2011-03-31 07:17 . 2011-04-03 09:31 -------- d-----w- c:\documents and settings\wotan\Data aplikací\Vidalia
2011-03-24 18:08 . 2011-04-02 19:57 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SweetIM
2011-03-24 18:08 . 2011-03-24 18:08 -------- d-----w- c:\program files\SweetIM
2011-03-16 09:12 . 2011-03-30 14:00 -------- d-----w- c:\documents and settings\wotan\Data aplikací\skypePM
2011-03-16 09:07 . 2011-03-16 09:07 -------- d-----w- c:\program files\Common Files\Skype
2011-03-16 09:07 . 2011-03-16 09:07 -------- d-----r- c:\program files\Skype
2011-03-16 09:07 . 2011-03-30 21:01 -------- d-----w- c:\documents and settings\wotan\Data aplikací\Skype
2011-03-16 09:07 . 2011-03-16 09:07 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Skype
2011-03-12 20:41 . 2011-03-12 20:46 -------- d-----w- c:\documents and settings\wotan\Data aplikací\wargaming.net
2011-03-11 17:32 . 2011-03-11 17:32 -------- d-----w- c:\documents and settings\wotan\Local Settings\Data aplikací\ALI213
2011-03-11 09:20 . 2011-03-11 09:20 -------- d-----w- c:\program files\IObit Toolbar
2011-03-05 23:09 . 2011-03-05 23:09 -------- d-----w- c:\documents and settings\All Users\Data aplikací\IObit
2011-03-05 22:57 . 2011-03-05 22:57 -------- d-----w- c:\documents and settings\wotan\Data aplikací\Clonk
2011-03-05 22:57 . 2011-03-05 23:03 -------- d-----w- c:\program files\Clonk Endeavour
2011-03-05 22:50 . 2011-03-05 22:50 -------- d-----w- C:\UDK
2011-03-05 22:07 . 2011-03-05 22:25 -------- d-----w- c:\documents and settings\wotan\Data aplikací\IObit
2011-03-05 22:07 . 2011-03-05 22:07 -------- d-----w- c:\program files\IObit
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-27 10:12 . 2010-10-16 12:43 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-02-27 10:12 . 2010-10-16 12:43 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-02-09 13:53 . 2004-08-17 12:49 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-17 12:49 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2009-12-27 11:16 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2009-12-27 11:16 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-17 12:49 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-17 12:48 290048 ----a-w- c:\windows\system32\atmfd.dll
2011-02-16 11:15 . 2009-12-27 11:21 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2011-02-16 11:15 . 2009-12-27 11:21 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2011-02-16 11:15 . 2009-12-27 11:21 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2011-02-16 11:15 . 2009-12-27 11:21 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2011-02-16 11:15 . 2009-12-27 11:21 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]
"{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}"= "c:\program files\Free_Lunch_Design\tbFree.dll" [2008-11-23 1784856]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2011-02-01 141616]
.
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
.
[HKEY_CLASSES_ROOT\clsid\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]
2008-11-23 22:03 1784856 ----a-w- c:\program files\Free_Lunch_Design\tbFree.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2010-11-23 19:51 919408 ----a-w- c:\program files\kikin\ie_kikin.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2011-02-01 14:58 1499440 ----a-r- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}"= "c:\program files\Free_Lunch_Design\tbFree.dll" [2008-11-23 1784856]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-02-01 1499440]
.
[HKEY_CLASSES_ROOT\clsid\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC}"= "c:\program files\Free_Lunch_Design\tbFree.dll" [2008-11-23 1784856]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-02-01 1499440]
.
[HKEY_CLASSES_ROOT\clsid\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-10-08 328056]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2007-11-11 2585360]
"Steam"="i:\steam\steam.exe" [2011-02-27 1242448]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-12-16 2403536]
"Vidalia"="c:\documents and settings\wotan\Plocha\1\Tor Browser\App\vidalia.exe" [2011-03-23 5636136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office 2007\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 16384512]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Profiler"="c:\program files\Saitek\Software\ProfilerU.exe" [2005-08-30 163840]
"SaiMfd"="c:\program files\Saitek\Software\SaiMfd.exe" [2005-09-02 126976]
"wcmdmgr"="c:\windows\wt\updater\wcmdmgrl.exe" [2001-01-25 20480]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"Hard Disk Sentinel"="c:\program files\Hard Disk Sentinel\HDSentinel.exe" [2009-02-24 3291648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-03-14 54832]
"KONICA MINOLTA PagePro 1350WStatusDisplay"="c:\windows\system32\MSTMON_Q.EXE" [2004-11-26 167936]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-01-28 526336]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2011-03-13 114992]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
RocketDock.lnk - c:\program files\RocketDock\RocketDock.exe [2009-12-27 495616]
Snagit 10.lnk - c:\program files\TechSmith\Snagit 10\Snagit32.exe [2010-4-13 7046984]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office 2007\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office 2007\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office 2007\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\TC UP\\TOTALCMD.EXE"=
"i:\\games\\gtaa4\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"i:\\games\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
"i:\\games\\Mass Effect 2\\MassEffect2Launcher.exe"=
"d:\\GAMES\\civilizace4\\Civilization4.exe"=
"d:\\GAMES\\civilizace4\\Warlords\\Civ4Warlords.exe"=
"d:\\GAMES\\civilizace4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"d:\\GAMES\\civilizace4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"d:\\GAMES\\civilizace4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"i:\\games\\dead space2\\deadspace2.exe"=
"i:\\games\\Fulspectrum\\Launcher.exe"=
"i:\\games\\f\\fsw2.exe"=
"i:\\STEAM\\Steam.exe"=
"c:\\UDK\\40 Stories\\Binaries\\Win32\\UDK.exe"=
"i:\\games\\DoWar2R\\DOW2.exe"=
"i:\\games\\World_of_Tanks_closed_Beta\\WorldOfTanks.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"i:\\STEAM\\steamapps\\common\\killingfloor\\System\\KillingFloor.exe"=
"i:\\games\\World_of_Tanks_closed_Beta\\WOTLauncher.exe"=
"c:\\Program Files\\ICQ7.4\\ICQ.exe"=
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [30.1.2010 2:14 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [30.1.2010 2:14 5248]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9.2.2011 18:59 114768]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [13.1.2006 15:00 15872]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [30.7.2008 7:51 277736]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [28.1.2011 18:10 387072]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9.2.2011 18:59 20560]
R2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe [3.9.2010 22:16 1382672]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [10.1.2010 21:14 247096]
S2 MLPTDR_Q;MLPTDR_Q;c:\windows\system32\MLPTDR_Q.SYS [22.7.2003 9:44 18848]
S3 pbfilter;pbfilter;\??\c:\program files\PeerBlock\pbfilter.sys --> c:\program files\PeerBlock\pbfilter.sys [?]
S3 SaiH80C0;SaiH80C0;c:\windows\system32\drivers\SaiH80C0.sys [31.12.2009 22:58 173824]
S3 tapavpn;Steganos Anonym VPN Adapter;c:\windows\system32\drivers\tapavpn.sys [19.10.2007 10:50 24320]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-04-03 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2011-03-05 13:11]
.
2011-04-02 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2011-03-05 14:24]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://home.sweetim.com
IE: &Winamp Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
IE: {{572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - {DB7FBFE3-82CB-49E0-9C41-39C2A80B4966} - c:\progra~1\EUROTR~1\e2003i.dll
FF - ProfilePath - c:\documents and settings\wotan\Data aplikací\Mozilla\Firefox\Profiles\r3igcxow.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8118
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 8118
FF - prefs.js: network.proxy.type - 1
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKCU-Run-ICQ - ~c:\program files\ICQ7.4\ICQ.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-03 11:41
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\DUMeterSvc]
"ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1715567821-2000478354-725345543-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e5,72,85,0e,09,cf,bf,1b,bf,8e,93,f4,14,99,ef,88,0a,da,92,d2,b7,fd,79,
14,4d,2c,97,d1,4e,4a,fd,23,42,6e,20,42,d9,22,08,e1,46,f1,28,c5,cf,0a,9d,4f,\
"??"=hex:74,44,5b,af,5a,16,98,1c,e5,3f,03,6f,78,22,bf,47
.
[HKEY_USERS\S-1-5-21-1715567821-2000478354-725345543-1005\Software\SecuROM\License information*]
"datasecu"=hex:08,64,06,5e,04,ab,b7,3d,7b,5b,44,8c,aa,36,df,1f,f7,f9,23,c3,97,
05,6b,e6,52,04,89,bd,6d,8b,aa,db,36,e0,2e,fa,64,be,7f,19,47,d3,43,f3,37,87,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="C54BCB1048C85C5A2580D77076C2172961EDE79DC49799DFAF119208BD14412955538B5D06437C8661C554EEA39AC7E07F3A00EC57F937E8D328826BFDF39345E8DC993E876D8118B106B89F8307BB4B95808EA9B15BE1318D02169D298DCE78D507BEFB922283672C1E14F0692C25F31A798C8856CD031B57D3CFB695FD3318B8A125356BAB3EE02C1CDC262CA457FCC88F5710CF56A79CEC8515A41DD8A98FEC335DDADE4A910550C16955A6FC4C9B2363B09CA87082BE51B4B1281C26BBDD96F4D9FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CC038D530D6EB3452A6A0AC4980AC793362B0B66786D6594E225049257D9F26C88D8B7BC07B8DB9E01A02F9144F0B24EE285969DEA64D297C90A8B3E5B3C0F72AF86AA29A3188AA1FFC04CED4348B1D112A5EDAA1C99312504489FD15E97EA6EC5EF663C038F717694739D6A2914B537F3C63BDB8EE42656D75696916979021DC7E17AA0E1BD52C52DA98C970292854B485913954AF372ED8B140A56FC6F68FA8E7365783F9E1CFD46E9ED3D751405E940295E3453312A8FED70D5D4C1873C9E482C2BD450A9D944A0ECA1717717AE463019F4F81B93AC3AC9F502A7BBF8CDD0808AF259A13D3C774179F280C08FB10CAA6E47B2393D7A5148F909AF0810A0EEE04734B6FF08B6677BDA510BD25B2BA576B9DDF672A5726CD05D732C1BCFDCED6DB885FD31517A35D8668CC5470CEF3FB1A86E4B074EA52D131B2E6295E374A6442ED85FB82086610CDF7CD9D2143800DD361690503076A0097B2A508E94E5E9FC2A5553F5235C862C3E6F80906C9D7440AF03F0EF665621A136E4C5E761B9BF13A375B99B0BA190667CDA72D7EDDA4BE87FDAC1A8702E2C6CE7FAD55B0BDC72DDAAC962CDCF75A1613C8A641803F477E65D7EB1B7D9FC9904C0312B656965D832A94FC382D0FC28C70F5362496F152E8944B2A26394226E5DF1B33F13BCD098B8202F42808683C4CFC798C545DBF0FC658B08AF52B33BD98B2ED401A464B2CC1118C5A076A2DE6188CFCD17805B17645C95DA2675A0187DEC0A35D64F43FDC06D74CFE84E4CE1498462823D9541C3A76D2B0FBFD60FA31D4DCE91F2ED39B649AACE1A5F41C7E4A5AA42F92E3A38EBC50B50A95DD6D379B7629F314F40615402738EF065046B444CD75C12428606595AA044D60D2418E59A820F6385C452621377A9B4D31B2ACF0475C9AD0DB8BBA91C425E44349B41EB42F8DAB802ADA0F6EBAC3911A59BEE472FED17305573BEDAEBE57BC18D3AF47AA3793D0D24AA7CE4004B90081AB60A020919D0CA39799A4A09D28C4AC28322F69CD25A60BCA1D2E654B57188A301FE682FE5F2A80BD60C64FCB7DF2421FCC3FD7E38D747660C3"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1032)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2011-04-03 11:42:26
ComboFix-quarantined-files.txt 2011-04-03 09:42
.
Před spuštěním: Volných bajtů: 30 152 777 728
Po spuštění: Volných bajtů: 30 223 552 512
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 29F836E2AEFC1C947F882EA5D4034223

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

Folder::
c:\program files\Common Files\Spigot

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchSettings"=-

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Zdravim. Provedeno posilam log. Problem z cinosti HDD trva.

Žádný log nevidím.

Nejak mne to vypadlo:-)

ComboFix 11-04-02.03 - wotan 03.04.2011 12:17:28.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3326.2223 [GMT 2:00]
Spuštěný z: c:\documents and settings\wotan\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\wotan\Plocha\CFScript.txt.txt
AV: avast! antivirus 4.8.1368 [VPS 110403-0] *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\Spigot
c:\program files\Common Files\Spigot\Search Settings\config.ini
c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
c:\program files\Common Files\Spigot\Search Settings\yahoo_ff.xml
c:\program files\Common Files\Spigot\Search Settings\yahoo_ie.xml
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-03-03 do 2011-04-03 )))))))))))))))))))))))))))))))
.
.
2011-04-03 09:03 . 2011-04-03 09:16 -------- d-----w- c:\program files\trend micro
2011-04-03 09:03 . 2011-04-03 09:04 -------- d-----w- C:\rsit
2011-04-02 19:56 . 2011-04-02 19:57 -------- d-----w- c:\program files\ICQ7.4
2011-04-02 08:31 . 2005-04-12 17:21 22240 ----a-w- c:\windows\system32\drivers\WmFilter.sys
2011-04-02 08:31 . 2005-04-12 17:21 5600 ----a-w- c:\windows\system32\drivers\WmVirHid.sys
2011-04-02 08:31 . 2005-04-12 17:21 10144 ----a-w- c:\windows\system32\drivers\WmBEnum.sys
2011-04-02 08:31 . 2005-04-12 17:21 45504 ----a-w- c:\windows\system32\drivers\WmXlCore.sys
2011-04-02 08:31 . 2005-04-12 17:09 159744 ----a-w- c:\windows\system32\WmJoyFrc.dll
2011-04-02 08:31 . 2011-04-02 08:31 -------- d-----w- c:\program files\Logitech
2011-04-02 08:31 . 2011-04-02 08:31 -------- d-----w- c:\program files\Common Files\Logitech
2011-04-01 14:33 . 2011-04-01 14:33 -------- d-----w- c:\program files\Warblade
2011-04-01 14:26 . 2011-04-03 09:40 -------- d-----w- C:\DeluxeGalaga
2011-03-31 09:10 . 2011-04-01 19:50 -------- d-----w- c:\program files\Worms Armageddon - New Edition
2011-03-31 07:17 . 2011-04-03 09:31 -------- d-----w- c:\documents and settings\wotan\Data aplikací\Vidalia
2011-03-24 18:08 . 2011-04-02 19:57 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SweetIM
2011-03-24 18:08 . 2011-03-24 18:08 -------- d-----w- c:\program files\SweetIM
2011-03-16 09:12 . 2011-03-30 14:00 -------- d-----w- c:\documents and settings\wotan\Data aplikací\skypePM
2011-03-16 09:07 . 2011-03-16 09:07 -------- d-----w- c:\program files\Common Files\Skype
2011-03-16 09:07 . 2011-03-16 09:07 -------- d-----r- c:\program files\Skype
2011-03-16 09:07 . 2011-03-30 21:01 -------- d-----w- c:\documents and settings\wotan\Data aplikací\Skype
2011-03-16 09:07 . 2011-03-16 09:07 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Skype
2011-03-12 20:41 . 2011-03-12 20:46 -------- d-----w- c:\documents and settings\wotan\Data aplikací\wargaming.net
2011-03-11 17:32 . 2011-03-11 17:32 -------- d-----w- c:\documents and settings\wotan\Local Settings\Data aplikací\ALI213
2011-03-11 09:20 . 2011-03-11 09:20 -------- d-----w- c:\program files\IObit Toolbar
2011-03-05 23:09 . 2011-03-05 23:09 -------- d-----w- c:\documents and settings\All Users\Data aplikací\IObit
2011-03-05 22:57 . 2011-03-05 22:57 -------- d-----w- c:\documents and settings\wotan\Data aplikací\Clonk
2011-03-05 22:57 . 2011-03-05 23:03 -------- d-----w- c:\program files\Clonk Endeavour
2011-03-05 22:50 . 2011-03-05 22:50 -------- d-----w- C:\UDK
2011-03-05 22:07 . 2011-03-05 22:25 -------- d-----w- c:\documents and settings\wotan\Data aplikací\IObit
2011-03-05 22:07 . 2011-03-05 22:07 -------- d-----w- c:\program files\IObit
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-27 10:12 . 2010-10-16 12:43 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-02-27 10:12 . 2010-10-16 12:43 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-02-09 13:53 . 2004-08-17 12:49 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-17 12:49 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2009-12-27 11:16 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2009-12-27 11:16 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-17 12:49 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-17 12:48 290048 ----a-w- c:\windows\system32\atmfd.dll
2011-02-16 11:15 . 2009-12-27 11:21 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2011-02-16 11:15 . 2009-12-27 11:21 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2011-02-16 11:15 . 2009-12-27 11:21 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2011-02-16 11:15 . 2009-12-27 11:21 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2011-02-16 11:15 . 2009-12-27 11:21 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]
"{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}"= "c:\program files\Free_Lunch_Design\tbFree.dll" [2008-11-23 1784856]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2011-02-01 141616]
.
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
.
[HKEY_CLASSES_ROOT\clsid\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]
2008-11-23 22:03 1784856 ----a-w- c:\program files\Free_Lunch_Design\tbFree.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2010-11-23 19:51 919408 ----a-w- c:\program files\kikin\ie_kikin.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2011-02-01 14:58 1499440 ----a-r- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}"= "c:\program files\Free_Lunch_Design\tbFree.dll" [2008-11-23 1784856]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-02-01 1499440]
.
[HKEY_CLASSES_ROOT\clsid\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC}"= "c:\program files\Free_Lunch_Design\tbFree.dll" [2008-11-23 1784856]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-02-01 1499440]
.
[HKEY_CLASSES_ROOT\clsid\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-10-08 328056]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2007-11-11 2585360]
"Steam"="i:\steam\steam.exe" [2011-02-27 1242448]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-12-16 2403536]
"Vidalia"="c:\documents and settings\wotan\Plocha\1\Tor Browser\App\vidalia.exe" [2011-03-23 5636136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office 2007\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 16384512]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Profiler"="c:\program files\Saitek\Software\ProfilerU.exe" [2005-08-30 163840]
"SaiMfd"="c:\program files\Saitek\Software\SaiMfd.exe" [2005-09-02 126976]
"wcmdmgr"="c:\windows\wt\updater\wcmdmgrl.exe" [2001-01-25 20480]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"Hard Disk Sentinel"="c:\program files\Hard Disk Sentinel\HDSentinel.exe" [2009-02-24 3291648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-03-14 54832]
"KONICA MINOLTA PagePro 1350WStatusDisplay"="c:\windows\system32\MSTMON_Q.EXE" [2004-11-26 167936]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2011-03-13 114992]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
RocketDock.lnk - c:\program files\RocketDock\RocketDock.exe [2009-12-27 495616]
Snagit 10.lnk - c:\program files\TechSmith\Snagit 10\Snagit32.exe [2010-4-13 7046984]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office 2007\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office 2007\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office 2007\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\TC UP\\TOTALCMD.EXE"=
"i:\\games\\gtaa4\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"i:\\games\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
"i:\\games\\Mass Effect 2\\MassEffect2Launcher.exe"=
"d:\\GAMES\\civilizace4\\Civilization4.exe"=
"d:\\GAMES\\civilizace4\\Warlords\\Civ4Warlords.exe"=
"d:\\GAMES\\civilizace4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"d:\\GAMES\\civilizace4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"d:\\GAMES\\civilizace4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"i:\\games\\dead space2\\deadspace2.exe"=
"i:\\games\\Fulspectrum\\Launcher.exe"=
"i:\\games\\f\\fsw2.exe"=
"i:\\STEAM\\Steam.exe"=
"c:\\UDK\\40 Stories\\Binaries\\Win32\\UDK.exe"=
"i:\\games\\DoWar2R\\DOW2.exe"=
"i:\\games\\World_of_Tanks_closed_Beta\\WorldOfTanks.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"i:\\STEAM\\steamapps\\common\\killingfloor\\System\\KillingFloor.exe"=
"i:\\games\\World_of_Tanks_closed_Beta\\WOTLauncher.exe"=
"c:\\Program Files\\ICQ7.4\\ICQ.exe"=
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [30.1.2010 2:14 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [30.1.2010 2:14 5248]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9.2.2011 18:59 114768]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [13.1.2006 15:00 15872]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [30.7.2008 7:51 277736]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [28.1.2011 18:10 387072]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9.2.2011 18:59 20560]
R2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe [3.9.2010 22:16 1382672]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [10.1.2010 21:14 247096]
S2 MLPTDR_Q;MLPTDR_Q;c:\windows\system32\MLPTDR_Q.SYS [22.7.2003 9:44 18848]
S3 pbfilter;pbfilter;\??\c:\program files\PeerBlock\pbfilter.sys --> c:\program files\PeerBlock\pbfilter.sys [?]
S3 SaiH80C0;SaiH80C0;c:\windows\system32\drivers\SaiH80C0.sys [31.12.2009 22:58 173824]
S3 tapavpn;Steganos Anonym VPN Adapter;c:\windows\system32\drivers\tapavpn.sys [19.10.2007 10:50 24320]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-04-03 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2011-03-05 13:11]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://home.sweetim.com
IE: &Winamp Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
IE: {{572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - {DB7FBFE3-82CB-49E0-9C41-39C2A80B4966} - c:\progra~1\EUROTR~1\e2003i.dll
FF - ProfilePath - c:\documents and settings\wotan\Data aplikací\Mozilla\Firefox\Profiles\r3igcxow.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8118
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 8118
FF - prefs.js: network.proxy.type - 1
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-03 12:19
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\DUMeterSvc]
"ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1715567821-2000478354-725345543-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e5,72,85,0e,09,cf,bf,1b,bf,8e,93,f4,14,99,ef,88,0a,da,92,d2,b7,fd,79,
14,4d,2c,97,d1,4e,4a,fd,23,42,6e,20,42,d9,22,08,e1,46,f1,28,c5,cf,0a,9d,4f,\
"??"=hex:74,44,5b,af,5a,16,98,1c,e5,3f,03,6f,78,22,bf,47
.
[HKEY_USERS\S-1-5-21-1715567821-2000478354-725345543-1005\Software\SecuROM\License information*]
"datasecu"=hex:08,64,06,5e,04,ab,b7,3d,7b,5b,44,8c,aa,36,df,1f,f7,f9,23,c3,97,
05,6b,e6,52,04,89,bd,6d,8b,aa,db,36,e0,2e,fa,64,be,7f,19,47,d3,43,f3,37,87,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="C54BCB1048C85C5A2580D77076C2172961EDE79DC49799DFAF119208BD14412955538B5D06437C8661C554EEA39AC7E07F3A00EC57F937E8D328826BFDF39345E8DC993E876D8118B106B89F8307BB4B95808EA9B15BE1318D02169D298DCE78D507BEFB922283672C1E14F0692C25F31A798C8856CD031B57D3CFB695FD3318B8A125356BAB3EE02C1CDC262CA457FCC88F5710CF56A79CEC8515A41DD8A98FEC335DDADE4A910550C16955A6FC4C9B2363B09CA87082BE51B4B1281C26BBDD96F4D9FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CC038D530D6EB3452A6A0AC4980AC793362B0B66786D6594E225049257D9F26C88D8B7BC07B8DB9E01A02F9144F0B24EE285969DEA64D297C90A8B3E5B3C0F72AF86AA29A3188AA1FFC04CED4348B1D112A5EDAA1C99312504489FD15E97EA6EC5EF663C038F717694739D6A2914B537F3C63BDB8EE42656D75696916979021DC7E17AA0E1BD52C52DA98C970292854B485913954AF372ED8B140A56FC6F68FA8E7365783F9E1CFD46E9ED3D751405E940295E3453312A8FED70D5D4C1873C9E482C2BD450A9D944A0ECA1717717AE463019F4F81B93AC3AC9F502A7BBF8CDD0808AF259A13D3C774179F280C08FB10CAA6E47B2393D7A5148F909AF0810A0EEE04734B6FF08B6677BDA510BD25B2BA576B9DDF672A5726CD05D732C1BCFDCED6DB885FD31517A35D8668CC5470CEF3FB1A86E4B074EA52D131B2E6295E374A6442ED85FB82086610CDF7CD9D2143800DD361690503076A0097B2A508E94E5E9FC2A5553F5235C862C3E6F80906C9D7440AF03F0EF665621A136E4C5E761B9BF13A375B99B0BA190667CDA72D7EDDA4BE87FDAC1A8702E2C6CE7FAD55B0BDC72DDAAC962CDCF75A1613C8A641803F477E65D7EB1B7D9FC9904C0312B656965D832A94FC382D0FC28C70F5362496F152E8944B2A26394226E5DF1B33F13BCD098B8202F42808683C4CFC798C545DBF0FC658B08AF52B33BD98B2ED401A464B2CC1118C5A076A2DE6188CFCD17805B17645C95DA2675A0187DEC0A35D64F43FDC06D74CFE84E4CE1498462823D9541C3A76D2B0FBFD60FA31D4DCE91F2ED39B649AACE1A5F41C7E4A5AA42F92E3A38EBC50B50A95DD6D379B7629F314F40615402738EF065046B444CD75C12428606595AA044D60D2418E59A820F6385C452621377A9B4D31B2ACF0475C9AD0DB8BBA91C425E44349B41EB42F8DAB802ADA0F6EBAC3911A59BEE472FED17305573BEDAEBE57BC18D3AF47AA3793D0D24AA7CE4004B90081AB60A020919D0CA39799A4A09D28C4AC28322F69CD25A60BCA1D2E654B57188A301FE682FE5F2A80BD60C64FCB7DF2421FCC3FD7E38D747660C3"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1032)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2011-04-03 12:20:31
ComboFix-quarantined-files.txt 2011-04-03 10:20
ComboFix2.txt 2011-04-03 09:42
.
Před spuštěním: Volných bajtů: 30 165 905 408
Po spuštění: Volných bajtů: 30 151 659 520
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - DB2A6E5B61F3C0E1BA55DFFA2973A71F

Log již vypadá čistý. Nastala nějaká změna?