VIRY.CZ

Logfile of random's system information tool 1.09 (written by random/random)
Run by lukas at 2011-09-09 12:15:31
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 110 GB (72%) free of 153 GB
Total RAM: 511 MB (18% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:15:39, on 9.9.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\lukas\Plocha\RSIT.exe
C:\Program Files\trend micro\lukas.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.6\iobitToolbarIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (file missing)
O3 - Toolbar: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.6\iobitToolbarIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10p_Plugin.exe -update plugin (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10p_Plugin.exe -update plugin (User 'Default user')
O9 - Extra button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

--
End of file - 6307 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\tasks\SmartDefrag_Startup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}]
IObit Toolbar - C:\Program Files\IObit Toolbar\IE\4.6\iobitToolbarIE.dll [2011-08-17 734048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]
Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Nero Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-05-21 1233288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-09-06 1048888]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Nero Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-05-21 1233288]
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} - Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll []
{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - IObit Toolbar - C:\Program Files\IObit Toolbar\IE\4.6\iobitToolbarIE.dll [2011-08-17 734048]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-11-07 17421824]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-03-09 98304]
"tray_ico"= []
"tray_ico1"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-08-02 281768]
""= []
"SearchSettings"=C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe [2011-08-17 534880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\55471368-loader2.exe]
C:\WINDOWS\TEMP\55471368-loader2.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\6626039.exe]
C:\WINDOWS\TEMP\6626039.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\7380766.exe]
C:\WINDOWS\TEMP\7380766.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\9557631.exe]
C:\WINDOWS\TEMP\9557631.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2010-11-15 35736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2011-07-06 1047656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2011-03-09 188416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2001-10-26 3584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2009-01-30 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.4\ICQ.exe"="C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"
"C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe"="C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Disabled:Nero ShowTime"
"C:\Documents and Settings\lukas\Plocha\Flash-Player.exe"="C:\Documents and Settings\lukas\Plocha\Flash-Player.exe:*:Enabled:C:\Documents and Settings\lukas\Plocha\Flash-Player.exe"
"C:\WINDOWS\update.1\svchost.exe"="C:\WINDOWS\update.1\svchost.exe:*:Enabled:C:\WINDOWS\update.1\svchost.exe"
"C:\WINDOWS\services32.exe"="C:\WINDOWS\services32.exe:*:Enabled:C:\WINDOWS\services32.exe"
"C:\WINDOWS\update.tray-8-0\svchost.exe"="C:\WINDOWS\update.tray-8-0\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-8-0\svchost.exe"
"C:\WINDOWS\update.2\svchost.exe"="C:\WINDOWS\update.2\svchost.exe:*:Enabled:C:\WINDOWS\update.2\svchost.exe"
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe"="C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Disabled:EEventManager Application"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.4\ICQ.exe"="C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-09-09 11:48:27 ----D---- C:\Program Files\trend micro
2011-09-09 11:48:25 ----D---- C:\rsit
2011-09-08 09:44:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2607712$
2011-09-05 10:37:51 ----D---- C:\Documents and Settings\lukas\Data aplikací\WinRAR
2011-08-26 16:21:11 ----D---- C:\Program Files\Ventrilo
2011-08-26 16:18:45 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2011-08-26 15:53:13 ----D---- C:\Program Files\VentriloMIX
2011-08-26 14:59:35 ----D---- C:\Documents and Settings\lukas\Data aplikací\Ventrilo
2011-08-26 10:38:11 ----D---- C:\Documents and Settings\lukas\Data aplikací\IObit
2011-08-26 10:26:11 ----D---- C:\Documents and Settings\lukas\Data aplikací\ICQ
2011-08-25 09:33:34 ----A---- C:\WINDOWS\imsins.BAK
2011-08-25 09:33:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2570791$
2011-08-24 10:10:38 ----D---- C:\Program Files\Application Updater
2011-08-24 10:10:37 ----D---- C:\Program Files\IObit Toolbar
2011-08-24 10:10:37 ----D---- C:\Program Files\Common Files\Spigot
2011-08-23 21:16:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-08-22 18:06:49 ----A---- C:\WINDOWS\system32\drivers\ssmdrv.sys
2011-08-22 18:06:47 ----A---- C:\WINDOWS\system32\drivers\avipbb.sys
2011-08-22 18:06:46 ----D---- C:\Program Files\Avira
2011-08-22 18:06:46 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Avira
2011-08-22 18:06:46 ----A---- C:\WINDOWS\system32\drivers\avgntmgr.sys
2011-08-22 18:06:46 ----A---- C:\WINDOWS\system32\drivers\avgntflt.sys
2011-08-22 18:06:46 ----A---- C:\WINDOWS\system32\drivers\avgntdd.sys
2011-08-22 12:50:01 ----A---- C:\WINDOWS\EEventManager.INI
2011-08-22 12:35:09 ----A---- C:\WINDOWS\system32\E_DCINST.DLL
2011-08-22 12:35:06 ----A---- C:\WINDOWS\system32\E_FLBGGE.DLL
2011-08-22 12:35:06 ----A---- C:\WINDOWS\system32\E_FD4BGGE.DLL
2011-08-22 12:34:59 ----A---- C:\WINDOWS\system32\drivers\usbprint.sys
2011-08-22 12:34:52 ----A---- C:\WINDOWS\system32\drivers\usbscan.sys
2011-08-22 12:32:29 ----D---- C:\Documents and Settings\lukas\Data aplikací\InstallShield
2011-08-22 12:07:32 ----D---- C:\Program Files\CCleaner
2011-08-22 11:57:57 ----D---- C:\Documents and Settings\lukas\Data aplikací\Microsoft
2011-08-22 10:50:49 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Malwarebytes
2011-08-22 10:50:49 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-08-22 10:50:46 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-08-22 10:50:46 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-08-22 10:13:23 ----A---- C:\avira_antivir_personal_en.exe
2011-08-22 10:12:56 ----D---- C:\Documents and Settings\lukas\Data aplikací\Adobe
2011-08-22 10:08:21 ----D---- C:\Documents and Settings\lukas\Data aplikací\GHISLER
2011-08-21 15:07:18 ----D---- C:\Documents and Settings\lukas\Data aplikací\Macromedia
2011-08-21 15:05:23 ----D---- C:\Documents and Settings\lukas\Data aplikací\Opera
2011-08-21 10:55:32 ----D---- C:\WINDOWS\Profiles
2011-08-20 23:55:29 ----D---- C:\WINDOWS\ufa
2011-08-20 23:55:29 ----D---- C:\WINDOWS\rpcminer
2011-08-20 23:55:29 ----D---- C:\WINDOWS\phoenix
2011-08-20 23:53:24 ----A---- C:\WINDOWS\btc_client_iplist.txt
2011-08-20 23:52:27 ----HD---- C:\WINDOWS\update.5.0
2011-08-20 23:51:50 ----A---- C:\WINDOWS\iecheck_iplist.txt
2011-08-20 23:51:48 ----A---- C:\WINDOWS\unrar.exe
2011-08-20 23:51:18 ----HD---- C:\WINDOWS\update.2
2011-08-20 23:50:42 ----HD---- C:\WINDOWS\update.7.1
2011-08-20 23:50:06 ----A---- C:\WINDOWS\iplist.txt
2011-08-20 23:49:02 ----A---- C:\WINDOWS\front_ip_list.txt
2011-08-20 23:48:59 ----D---- C:\WINDOWS\av_ico
2011-08-20 23:47:16 ----HD---- C:\WINDOWS\update.1
2011-08-20 23:47:05 ----HD---- C:\WINDOWS\update.tray-8-0-lnk
2011-08-20 23:47:05 ----HD---- C:\WINDOWS\update.tray-8-0
2011-08-20 23:36:05 ----A---- C:\WINDOWS\winlog-ids.txt
2011-08-20 23:36:05 ----A---- C:\WINDOWS\winlog-dirs.txt
2011-08-19 15:18:55 ----A---- C:\WINDOWS\PhotoSnapViewer.INI
2011-08-14 11:53:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2567680$
2011-08-12 06:55:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2536276-v2$
2011-08-12 06:55:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2570222$
2011-08-12 06:51:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2559049$
2011-08-12 06:51:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2566454$
2011-08-12 06:50:43 ----HDC---- C:\WINDOWS\$NtUninstallKB2562937$
2011-08-10 12:00:08 ----D---- C:\WINDOWS\system32\NtmsData

======List of files/folders modified in the last 1 month======

2011-09-09 12:15:39 ----D---- C:\WINDOWS\Temp
2011-09-09 12:15:32 ----D---- C:\WINDOWS\Prefetch
2011-09-09 11:48:27 ----RD---- C:\Program Files
2011-09-09 11:14:27 ----D---- C:\WINDOWS\system32\CatRoot2
2011-09-08 10:18:27 ----D---- C:\WINDOWS
2011-09-08 09:59:13 ----D---- C:\WINDOWS\system32
2011-09-08 09:44:46 ----HD---- C:\WINDOWS\inf
2011-09-08 09:44:40 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-09-07 10:13:47 ----HD---- C:\WINDOWS\$hf_mig$
2011-09-05 15:31:02 ----SHD---- C:\System Volume Information
2011-09-05 15:01:12 ----A---- C:\WINDOWS\NeroDigital.ini
2011-09-05 14:39:21 ----D---- C:\WINDOWS\Registration
2011-09-03 12:17:22 ----A---- C:\WINDOWS\system32\crypt32.dll
2011-08-29 12:16:17 ----SHD---- C:\WINDOWS\Installer
2011-08-29 12:16:16 ----HD---- C:\Config.Msi
2011-08-26 16:18:45 ----D---- C:\Program Files\Common Files
2011-08-26 14:29:27 ----D---- C:\Documents and Settings
2011-08-26 10:38:07 ----D---- C:\Program Files\IObit
2011-08-26 10:28:24 ----D---- C:\Program Files\epson
2011-08-26 10:24:49 ----D---- C:\WINDOWS\twain_32
2011-08-24 10:10:38 ----D---- C:\WINDOWS\WinSxS
2011-08-23 21:17:26 ----D---- C:\WINDOWS\SoftwareDistribution
2011-08-22 18:06:49 ----D---- C:\WINDOWS\system32\drivers
2011-08-22 12:41:18 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\EPSON
2011-08-22 12:33:50 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\UDL
2011-08-22 12:31:08 ----HD---- C:\Program Files\InstallShield Installation Information
2011-08-22 12:30:11 ----D---- C:\Program Files\ABBYY FineReader 9.0 Sprint
2011-08-22 12:26:49 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\ABBYY
2011-08-22 12:24:05 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-08-22 12:07:59 ----D---- C:\WINDOWS\Logs
2011-08-22 12:07:59 ----D---- C:\WINDOWS\Debug
2011-08-22 10:34:33 ----A---- C:\boot.ini
2011-08-22 10:05:30 ----D---- C:\WINDOWS\system32\config
2011-08-22 10:05:18 ----D---- C:\WINDOWS\system32\wbem
2011-08-21 15:01:59 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Adobe
2011-08-21 00:03:45 ----D---- C:\WINDOWS\system32\Restore
2011-08-12 16:34:00 ----D---- C:\WINDOWS\system32\CatRoot
2011-08-12 06:51:48 ----A---- C:\WINDOWS\system32\MRT.exe
2011-08-10 12:00:08 ----D---- C:\WINDOWS\repair

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 SmartDefragDriver;SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [2011-02-23 13496]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2011-08-23 138192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2011-08-23 66616]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2011-03-09 6553088]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-11-11 4946944]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [1980-01-01 12160]
R3 RTHDMIAzAudService;Service for HDMI; C:\WINDOWS\system32\drivers\RtKHDMI.sys [2010-05-24 4003008]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 RegFilter;RegFilter; \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys []
S3 UrlFilter;UrlFilter; \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 FileMonitor;FileMonitor; \??\C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
R2 AdvancedSystemCareService;Advanced SystemCare Service; C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe [2011-05-28 353168]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2011-08-23 269480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2011-08-23 136360]
R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2011-08-17 402328]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2011-03-09 643072]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
R2 IMFservice;IMF Service; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [2011-07-20 820568]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2011-03-28 4323256]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2009-02-04 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

Vítám tě u nás Obrázek

Vidím tam jen nějaké pozůstatky po FB viru

Navrhoval bych odinstalaci produktů IObit:
C:\Program Files\IObit\IObit Malware Fighter
C:\Program Files\IObit\Advanced SystemCare 4
není to důvěryhodný zdroj a časem ti může i shodit systém

Dále bych doporučil odinstalaci:
C:\Program Files\Ask.com
C:\Program Files\Common Files\Spigot

Po provedení mi udělej nový RSIT

U C:\Program Files\Ask.com a C:\Program Files\Common Files\Spigot jsem nenasel odinstalacni ikonku, tak jsem slozku celou smazal.

Logfile of random's system information tool 1.09 (written by random/random)
Run by lukas at 2011-09-09 17:38:20
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 110 GB (72%) free of 153 GB
Total RAM: 511 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:38:30, on 9.9.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Documents and Settings\lukas\Plocha\RSIT.exe
C:\Program Files\trend micro\lukas.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.6\iobitToolbarIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (file missing)
O3 - Toolbar: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.6\iobitToolbarIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10p_Plugin.exe -update plugin (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10p_Plugin.exe -update plugin (User 'Default user')
O9 - Extra button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

--
End of file - 6076 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\tasks\SmartDefrag_Startup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}]
IObit Toolbar - C:\Program Files\IObit Toolbar\IE\4.6\iobitToolbarIE.dll [2011-08-17 734048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]
Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Nero Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-09-06 1048888]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Nero Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll []
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} - Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll []
{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - IObit Toolbar - C:\Program Files\IObit Toolbar\IE\4.6\iobitToolbarIE.dll [2011-08-17 734048]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-11-07 17421824]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-03-09 98304]
"tray_ico"= []
"tray_ico1"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-08-02 281768]
""= []
"SearchSettings"=C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\55471368-loader2.exe]
C:\WINDOWS\TEMP\55471368-loader2.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\6626039.exe]
C:\WINDOWS\TEMP\6626039.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\7380766.exe]
C:\WINDOWS\TEMP\7380766.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\9557631.exe]
C:\WINDOWS\TEMP\9557631.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2010-11-15 35736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2011-07-06 1047656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2011-03-09 188416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2001-10-26 3584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2009-01-30 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.4\ICQ.exe"="C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"
"C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe"="C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Disabled:Nero ShowTime"
"C:\Documents and Settings\lukas\Plocha\Flash-Player.exe"="C:\Documents and Settings\lukas\Plocha\Flash-Player.exe:*:Enabled:C:\Documents and Settings\lukas\Plocha\Flash-Player.exe"
"C:\WINDOWS\update.1\svchost.exe"="C:\WINDOWS\update.1\svchost.exe:*:Enabled:C:\WINDOWS\update.1\svchost.exe"
"C:\WINDOWS\services32.exe"="C:\WINDOWS\services32.exe:*:Enabled:C:\WINDOWS\services32.exe"
"C:\WINDOWS\update.tray-8-0\svchost.exe"="C:\WINDOWS\update.tray-8-0\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-8-0\svchost.exe"
"C:\WINDOWS\update.2\svchost.exe"="C:\WINDOWS\update.2\svchost.exe:*:Enabled:C:\WINDOWS\update.2\svchost.exe"
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe"="C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Disabled:EEventManager Application"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.4\ICQ.exe"="C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-09-09 17:33:53 ----D---- C:\Documents and Settings\lukas\Data aplikací\Search Settings
2011-09-09 11:48:27 ----D---- C:\Program Files\trend micro
2011-09-09 11:48:25 ----D---- C:\rsit
2011-09-08 09:44:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2607712$
2011-09-05 10:37:51 ----D---- C:\Documents and Settings\lukas\Data aplikací\WinRAR
2011-08-26 16:21:11 ----D---- C:\Program Files\Ventrilo
2011-08-26 16:18:45 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2011-08-26 15:53:13 ----D---- C:\Program Files\VentriloMIX
2011-08-26 14:59:35 ----D---- C:\Documents and Settings\lukas\Data aplikací\Ventrilo
2011-08-26 10:38:11 ----D---- C:\Documents and Settings\lukas\Data aplikací\IObit
2011-08-26 10:26:11 ----D---- C:\Documents and Settings\lukas\Data aplikací\ICQ
2011-08-25 09:33:34 ----A---- C:\WINDOWS\imsins.BAK
2011-08-25 09:33:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2570791$
2011-08-24 10:10:38 ----D---- C:\Program Files\Application Updater
2011-08-24 10:10:37 ----D---- C:\Program Files\IObit Toolbar
2011-08-24 10:10:37 ----D---- C:\Program Files\Common Files\Spigot
2011-08-23 21:16:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-08-22 18:06:49 ----A---- C:\WINDOWS\system32\drivers\ssmdrv.sys
2011-08-22 18:06:47 ----A---- C:\WINDOWS\system32\drivers\avipbb.sys
2011-08-22 18:06:46 ----D---- C:\Program Files\Avira
2011-08-22 18:06:46 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Avira
2011-08-22 18:06:46 ----A---- C:\WINDOWS\system32\drivers\avgntmgr.sys
2011-08-22 18:06:46 ----A---- C:\WINDOWS\system32\drivers\avgntflt.sys
2011-08-22 18:06:46 ----A---- C:\WINDOWS\system32\drivers\avgntdd.sys
2011-08-22 12:50:01 ----A---- C:\WINDOWS\EEventManager.INI
2011-08-22 12:35:09 ----A---- C:\WINDOWS\system32\E_DCINST.DLL
2011-08-22 12:35:06 ----A---- C:\WINDOWS\system32\E_FLBGGE.DLL
2011-08-22 12:35:06 ----A---- C:\WINDOWS\system32\E_FD4BGGE.DLL
2011-08-22 12:34:59 ----A---- C:\WINDOWS\system32\drivers\usbprint.sys
2011-08-22 12:34:52 ----A---- C:\WINDOWS\system32\drivers\usbscan.sys
2011-08-22 12:32:29 ----D---- C:\Documents and Settings\lukas\Data aplikací\InstallShield
2011-08-22 12:07:32 ----D---- C:\Program Files\CCleaner
2011-08-22 11:57:57 ----D---- C:\Documents and Settings\lukas\Data aplikací\Microsoft
2011-08-22 10:50:49 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Malwarebytes
2011-08-22 10:50:49 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-08-22 10:50:46 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-08-22 10:50:46 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-08-22 10:13:23 ----A---- C:\avira_antivir_personal_en.exe
2011-08-22 10:12:56 ----D---- C:\Documents and Settings\lukas\Data aplikací\Adobe
2011-08-22 10:08:21 ----D---- C:\Documents and Settings\lukas\Data aplikací\GHISLER
2011-08-21 15:07:18 ----D---- C:\Documents and Settings\lukas\Data aplikací\Macromedia
2011-08-21 15:05:23 ----D---- C:\Documents and Settings\lukas\Data aplikací\Opera
2011-08-21 10:55:32 ----D---- C:\WINDOWS\Profiles
2011-08-20 23:55:29 ----D---- C:\WINDOWS\ufa
2011-08-20 23:55:29 ----D---- C:\WINDOWS\rpcminer
2011-08-20 23:55:29 ----D---- C:\WINDOWS\phoenix
2011-08-20 23:53:24 ----A---- C:\WINDOWS\btc_client_iplist.txt
2011-08-20 23:52:27 ----HD---- C:\WINDOWS\update.5.0
2011-08-20 23:51:50 ----A---- C:\WINDOWS\iecheck_iplist.txt
2011-08-20 23:51:48 ----A---- C:\WINDOWS\unrar.exe
2011-08-20 23:51:18 ----HD---- C:\WINDOWS\update.2
2011-08-20 23:50:42 ----HD---- C:\WINDOWS\update.7.1
2011-08-20 23:50:06 ----A---- C:\WINDOWS\iplist.txt
2011-08-20 23:49:02 ----A---- C:\WINDOWS\front_ip_list.txt
2011-08-20 23:48:59 ----D---- C:\WINDOWS\av_ico
2011-08-20 23:47:16 ----HD---- C:\WINDOWS\update.1
2011-08-20 23:47:05 ----HD---- C:\WINDOWS\update.tray-8-0-lnk
2011-08-20 23:47:05 ----HD---- C:\WINDOWS\update.tray-8-0
2011-08-20 23:36:05 ----A---- C:\WINDOWS\winlog-ids.txt
2011-08-20 23:36:05 ----A---- C:\WINDOWS\winlog-dirs.txt
2011-08-19 15:18:55 ----A---- C:\WINDOWS\PhotoSnapViewer.INI
2011-08-14 11:53:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2567680$
2011-08-12 06:55:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2536276-v2$
2011-08-12 06:55:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2570222$
2011-08-12 06:51:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2559049$
2011-08-12 06:51:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2566454$
2011-08-12 06:50:43 ----HDC---- C:\WINDOWS\$NtUninstallKB2562937$
2011-08-10 12:00:08 ----D---- C:\WINDOWS\system32\NtmsData

======List of files/folders modified in the last 1 month======

2011-09-09 17:38:30 ----D---- C:\WINDOWS\Temp
2011-09-09 17:36:50 ----D---- C:\WINDOWS\Prefetch
2011-09-09 17:36:49 ----D---- C:\WINDOWS
2011-09-09 17:33:26 ----RD---- C:\Program Files
2011-09-09 17:07:56 ----D---- C:\WINDOWS\system32\CatRoot2
2011-09-08 09:59:13 ----D---- C:\WINDOWS\system32
2011-09-08 09:44:46 ----HD---- C:\WINDOWS\inf
2011-09-08 09:44:40 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-09-07 10:13:47 ----HD---- C:\WINDOWS\$hf_mig$
2011-09-05 15:31:02 ----SHD---- C:\System Volume Information
2011-09-05 15:01:12 ----A---- C:\WINDOWS\NeroDigital.ini
2011-09-05 14:39:21 ----D---- C:\WINDOWS\Registration
2011-09-03 12:17:22 ----A---- C:\WINDOWS\system32\crypt32.dll
2011-08-29 12:16:17 ----SHD---- C:\WINDOWS\Installer
2011-08-29 12:16:16 ----HD---- C:\Config.Msi
2011-08-26 16:18:45 ----D---- C:\Program Files\Common Files
2011-08-26 14:29:27 ----D---- C:\Documents and Settings
2011-08-26 10:38:07 ----D---- C:\Program Files\IObit
2011-08-26 10:28:24 ----D---- C:\Program Files\epson
2011-08-26 10:24:49 ----D---- C:\WINDOWS\twain_32
2011-08-24 10:10:38 ----D---- C:\WINDOWS\WinSxS
2011-08-23 21:17:26 ----D---- C:\WINDOWS\SoftwareDistribution
2011-08-22 18:06:49 ----D---- C:\WINDOWS\system32\drivers
2011-08-22 12:41:18 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\EPSON
2011-08-22 12:33:50 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\UDL
2011-08-22 12:31:08 ----HD---- C:\Program Files\InstallShield Installation Information
2011-08-22 12:30:11 ----D---- C:\Program Files\ABBYY FineReader 9.0 Sprint
2011-08-22 12:26:49 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\ABBYY
2011-08-22 12:24:05 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-08-22 12:07:59 ----D---- C:\WINDOWS\Logs
2011-08-22 12:07:59 ----D---- C:\WINDOWS\Debug
2011-08-22 10:34:33 ----A---- C:\boot.ini
2011-08-22 10:05:30 ----D---- C:\WINDOWS\system32\config
2011-08-22 10:05:18 ----D---- C:\WINDOWS\system32\wbem
2011-08-21 15:01:59 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Adobe
2011-08-21 00:03:45 ----D---- C:\WINDOWS\system32\Restore
2011-08-12 16:34:00 ----D---- C:\WINDOWS\system32\CatRoot
2011-08-12 06:51:48 ----A---- C:\WINDOWS\system32\MRT.exe
2011-08-10 12:00:08 ----D---- C:\WINDOWS\repair

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 SmartDefragDriver;SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [2011-02-23 13496]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2011-08-23 138192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2011-08-23 66616]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2011-03-09 6553088]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-11-11 4946944]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [1980-01-01 12160]
R3 RTHDMIAzAudService;Service for HDMI; C:\WINDOWS\system32\drivers\RtKHDMI.sys [2010-05-24 4003008]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2011-08-23 269480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2011-08-23 136360]
R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2011-08-17 402328]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2011-03-09 643072]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2011-03-28 4323256]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2009-02-04 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

Tak to zkusíme trochu odpálit

Stáhni OTM z jednoho odkazu a ulož nejlépe na plochu.
http://oldtimer.geekstogo.com/OTM.exe
http://www.itxassociates.com/OT-Tools/OTM.exe

Spusť program „OTM.exe“
Do okna pod žlutou čáru vlož celý text zeleným písmem ze „Scriptu“

Klikni na červené „Moveit!“

Při nabídce restartu „YES“
a log potom najdeš v C:\_OTM\MovedFiles\

Script OTM

Kód: Vybrat vše

:Commands
[emptytemp]
[CLEARALLRESTOREPOINTS]

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s
%windir%\temp\*.exe
C:\Program Files\Application Updater
C:\Program Files\Common Files\Spigot
C:\Documents and Settings\lukas\Data aplikací\IObit
C:\Program Files\IObit Toolbar
C:\WINDOWS\ufa
C:\WINDOWS\rpcminer
C:\WINDOWS\phoenix
C:\WINDOWS\btc_client_iplist.txt
C:\WINDOWS\update.5.0
C:\WINDOWS\iecheck_iplist.txt
C:\WINDOWS\unrar.exe
C:\WINDOWS\update.2
C:\WINDOWS\update.7.1
C:\WINDOWS\iplist.txt
C:\WINDOWS\front_ip_list.txt
C:\WINDOWS\av_ico
C:\WINDOWS\update.1
C:\WINDOWS\update.tray-8-0-lnk
C:\WINDOWS\update.tray-8-0
C:\WINDOWS\winlog-ids.txt
C:\WINDOWS\winlog-dirs.tx

:Services
ICQ Service
NBService
MBAMSwissArmy
Application Updater

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{855F3B16-6D32-4fe6-8A56-BBB695989046}"=-
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
"{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"tray_ico"=-
"tray_ico1"=-
"tray_ico2"=-
"tray_ico3"=-
"tray_ico4"=-
""=-
"SearchSettings"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\55471368-loader2.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\6626039.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\7380766.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\9557631.exe]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\update.1\svchost.exe"=-
"C:\WINDOWS\services32.exe"=-
"C:\WINDOWS\update.tray-8-0\svchost.exe"=-
"C:\WINDOWS\update.2\svchost.exe"=-

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!
->Opera cache emptied: 6309375 bytes

User: All Users
-> No Temporary Internet Files cache folder defined!

User: All Users.WINDOWS
-> No Temporary Internet Files cache folder defined!

User: Daninka
->Temp folder emptied: 36938349 bytes
-> No Temporary Internet Files cache folder defined!
->Opera cache emptied: 10776556 bytes

User: Default User
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!

User: FrEe
->Temp folder emptied: 1430 bytes
-> No Temporary Internet Files cache folder defined!

User: Guest
->Temp folder emptied: 890629 bytes
-> No Temporary Internet Files cache folder defined!
->Opera cache emptied: 1862500 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
-> No Temporary Internet Files cache folder defined!

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!

User: LocalService.NT AUTHORITY.000
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!

User: LocalService.NT AUTHORITY.001
->Temp folder emptied: 65984 bytes
-> No Temporary Internet Files cache folder defined!

User: lukas
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!
->Opera cache emptied: 1556753 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!

User: NetworkService.NT AUTHORITY.000
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!

User: NetworkService.NT AUTHORITY.001
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!

User: Zdeňka
->Temp folder emptied: 459215091 bytes
-> No Temporary Internet Files cache folder defined!
->FireFox cache emptied: 31800452 bytes
->Google Chrome cache emptied: 856432 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3353919 bytes
%systemroot%\System32 .tmp files removed: 102344 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 718322812 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34578 bytes
RecycleBin emptied: shell32.dll unable to determine bytes removed.

Total Files Cleaned = 1 213,00 mb

Restore points cleared and new OTM Restore Point set!
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA6.tmp folder moved successfully.
C:\WINDOWS\system32\Com\COM355.tmp moved successfully.
File/Folder C:\WINDOWS\temp\*.exe not found.
C:\Program Files\Application Updater folder moved successfully.
C:\Program Files\Common Files\Spigot\Search Settings folder moved successfully.
C:\Program Files\Common Files\Spigot folder moved successfully.
C:\Documents and Settings\lukas\Data aplikací\IObit\IObit Uninstaller\Log folder moved successfully.
C:\Documents and Settings\lukas\Data aplikací\IObit\IObit Uninstaller folder moved successfully.
C:\Documents and Settings\lukas\Data aplikací\IObit\IObit Malware Fighter folder moved successfully.
C:\Documents and Settings\lukas\Data aplikací\IObit folder moved successfully.
C:\Program Files\IObit Toolbar\Res folder moved successfully.
C:\Program Files\IObit Toolbar\IE\4.6 folder moved successfully.
C:\Program Files\IObit Toolbar\IE folder moved successfully.
C:\Program Files\IObit Toolbar folder moved successfully.
C:\WINDOWS\ufa folder moved successfully.
C:\WINDOWS\rpcminer folder moved successfully.
C:\WINDOWS\phoenix\kernels\poclbm folder moved successfully.
C:\WINDOWS\phoenix\kernels\phatk folder moved successfully.
C:\WINDOWS\phoenix\kernels folder moved successfully.
C:\WINDOWS\phoenix folder moved successfully.
C:\WINDOWS\btc_client_iplist.txt moved successfully.
C:\WINDOWS\update.5.0 folder moved successfully.
C:\WINDOWS\iecheck_iplist.txt moved successfully.
C:\WINDOWS\unrar.exe moved successfully.
C:\WINDOWS\update.2 folder moved successfully.
C:\WINDOWS\update.7.1 folder moved successfully.
C:\WINDOWS\iplist.txt moved successfully.
C:\WINDOWS\front_ip_list.txt moved successfully.
C:\WINDOWS\av_ico folder moved successfully.
C:\WINDOWS\update.1 folder moved successfully.
C:\WINDOWS\update.tray-8-0-lnk folder moved successfully.
C:\WINDOWS\update.tray-8-0 folder moved successfully.
C:\WINDOWS\winlog-ids.txt moved successfully.
File/Folder C:\WINDOWS\winlog-dirs.tx not found.
========== SERVICES/DRIVERS ==========
Service ICQ Service stopped successfully!
Service ICQ Service deleted successfully!
Service NBService stopped successfully!
Service NBService deleted successfully!
Service MBAMSwissArmy stopped successfully!
Service MBAMSwissArmy deleted successfully!
Service Application Updater stopped successfully!
Service Application Updater deleted successfully!
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico1 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico2 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico3 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico4 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\55471368-loader2.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\6626039.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\7380766.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\9557631.exe\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\update.1\svchost.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\services32.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\update.tray-8-0\svchost.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\update.2\svchost.exe deleted successfully.

OTM by OldTimer - Version 3.1.18.0 log created on 09092011_202308

Zatím prima

Zahlédl jsem tam
2011-08-22 10:50:46 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
pokud ti funguje, tak na 3.záložce Aktualizovat - následně kompletní kontrola
zatím bez mazání - zkontroluji log

Logfile of random's system information tool 1.09 (written by random/random)
Run by lukas at 2011-09-09 22:42:09
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 112 GB (74%) free of 153 GB
Total RAM: 511 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:42:19, on 9.9.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\lukas\Plocha\RSIT.exe
C:\Program Files\trend micro\lukas.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (file missing)
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10p_Plugin.exe -update plugin (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10p_Plugin.exe -update plugin (User 'Default user')
O9 - Extra button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

--
End of file - 4822 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\tasks\SmartDefrag_Startup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]
Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} - Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-11-07 17421824]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-03-09 98304]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-08-02 281768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2010-11-15 35736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2011-07-06 1047656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2011-03-09 188416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2001-10-26 3584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2009-01-30 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.4\ICQ.exe"="C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"
"C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe"="C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Disabled:Nero ShowTime"
"C:\Documents and Settings\lukas\Plocha\Flash-Player.exe"="C:\Documents and Settings\lukas\Plocha\Flash-Player.exe:*:Enabled:C:\Documents and Settings\lukas\Plocha\Flash-Player.exe"
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe"="C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Disabled:EEventManager Application"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.4\ICQ.exe"="C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-09-09 21:54:30 ----D---- C:\Documents and Settings\lukas\Data aplikací\Malwarebytes
2011-09-09 20:23:08 ----D---- C:\_OTM
2011-09-09 17:33:53 ----D---- C:\Documents and Settings\lukas\Data aplikací\Search Settings
2011-09-09 11:48:27 ----D---- C:\Program Files\trend micro
2011-09-09 11:48:25 ----D---- C:\rsit
2011-09-08 09:44:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2607712$
2011-09-05 10:37:51 ----D---- C:\Documents and Settings\lukas\Data aplikací\WinRAR
2011-08-26 16:21:11 ----D---- C:\Program Files\Ventrilo
2011-08-26 16:18:45 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2011-08-26 15:53:13 ----D---- C:\Program Files\VentriloMIX
2011-08-26 14:59:35 ----D---- C:\Documents and Settings\lukas\Data aplikací\Ventrilo
2011-08-26 10:26:11 ----D---- C:\Documents and Settings\lukas\Data aplikací\ICQ
2011-08-25 09:33:34 ----A---- C:\WINDOWS\imsins.BAK
2011-08-25 09:33:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2570791$
2011-08-23 21:16:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-08-22 18:06:49 ----A---- C:\WINDOWS\system32\drivers\ssmdrv.sys
2011-08-22 18:06:47 ----A---- C:\WINDOWS\system32\drivers\avipbb.sys
2011-08-22 18:06:46 ----D---- C:\Program Files\Avira
2011-08-22 18:06:46 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Avira
2011-08-22 18:06:46 ----A---- C:\WINDOWS\system32\drivers\avgntmgr.sys
2011-08-22 18:06:46 ----A---- C:\WINDOWS\system32\drivers\avgntflt.sys
2011-08-22 18:06:46 ----A---- C:\WINDOWS\system32\drivers\avgntdd.sys
2011-08-22 12:50:01 ----A---- C:\WINDOWS\EEventManager.INI
2011-08-22 12:35:09 ----A---- C:\WINDOWS\system32\E_DCINST.DLL
2011-08-22 12:35:06 ----A---- C:\WINDOWS\system32\E_FLBGGE.DLL
2011-08-22 12:35:06 ----A---- C:\WINDOWS\system32\E_FD4BGGE.DLL
2011-08-22 12:34:59 ----A---- C:\WINDOWS\system32\drivers\usbprint.sys
2011-08-22 12:34:52 ----A---- C:\WINDOWS\system32\drivers\usbscan.sys
2011-08-22 12:32:29 ----D---- C:\Documents and Settings\lukas\Data aplikací\InstallShield
2011-08-22 12:07:32 ----D---- C:\Program Files\CCleaner
2011-08-22 11:57:57 ----D---- C:\Documents and Settings\lukas\Data aplikací\Microsoft
2011-08-22 10:50:49 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Malwarebytes
2011-08-22 10:50:49 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-08-22 10:50:46 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-08-22 10:50:46 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-08-22 10:13:23 ----A---- C:\avira_antivir_personal_en.exe
2011-08-22 10:12:56 ----D---- C:\Documents and Settings\lukas\Data aplikací\Adobe
2011-08-22 10:08:21 ----D---- C:\Documents and Settings\lukas\Data aplikací\GHISLER
2011-08-21 15:07:18 ----D---- C:\Documents and Settings\lukas\Data aplikací\Macromedia
2011-08-21 15:05:23 ----D---- C:\Documents and Settings\lukas\Data aplikací\Opera
2011-08-21 10:55:32 ----D---- C:\WINDOWS\Profiles
2011-08-20 23:36:05 ----A---- C:\WINDOWS\winlog-dirs.txt
2011-08-19 15:18:55 ----A---- C:\WINDOWS\PhotoSnapViewer.INI
2011-08-14 11:53:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2567680$
2011-08-12 06:55:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2536276-v2$
2011-08-12 06:55:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2570222$
2011-08-12 06:51:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2559049$
2011-08-12 06:51:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2566454$
2011-08-12 06:50:43 ----HDC---- C:\WINDOWS\$NtUninstallKB2562937$
2011-08-10 12:00:08 ----D---- C:\WINDOWS\system32\NtmsData

======List of files/folders modified in the last 1 month======

2011-09-09 22:42:17 ----D---- C:\WINDOWS\Temp
2011-09-09 22:33:30 ----D---- C:\WINDOWS\Prefetch
2011-09-09 20:40:16 ----D---- C:\WINDOWS\system32\CatRoot2
2011-09-09 20:37:09 ----D---- C:\WINDOWS
2011-09-09 20:37:08 ----RD---- C:\Program Files
2011-09-09 20:37:07 ----D---- C:\Program Files\Common Files
2011-09-09 20:37:06 ----D---- C:\WINDOWS\system32\Com
2011-09-09 20:37:02 ----SHD---- C:\System Volume Information
2011-09-09 20:37:02 ----D---- C:\WINDOWS\system32\Restore
2011-09-09 20:36:13 ----D---- C:\WINDOWS\system32
2011-09-08 09:44:46 ----HD---- C:\WINDOWS\inf
2011-09-08 09:44:40 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-09-07 10:13:47 ----HD---- C:\WINDOWS\$hf_mig$
2011-09-05 15:01:12 ----A---- C:\WINDOWS\NeroDigital.ini
2011-09-05 14:39:21 ----D---- C:\WINDOWS\Registration
2011-09-03 12:17:22 ----A---- C:\WINDOWS\system32\crypt32.dll
2011-08-29 12:16:17 ----SHD---- C:\WINDOWS\Installer
2011-08-29 12:16:16 ----HD---- C:\Config.Msi
2011-08-26 14:29:27 ----D---- C:\Documents and Settings
2011-08-26 10:38:07 ----D---- C:\Program Files\IObit
2011-08-26 10:28:24 ----D---- C:\Program Files\epson
2011-08-26 10:24:49 ----D---- C:\WINDOWS\twain_32
2011-08-24 10:10:38 ----D---- C:\WINDOWS\WinSxS
2011-08-23 21:17:26 ----D---- C:\WINDOWS\SoftwareDistribution
2011-08-22 18:06:49 ----D---- C:\WINDOWS\system32\drivers
2011-08-22 12:41:18 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\EPSON
2011-08-22 12:33:50 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\UDL
2011-08-22 12:31:08 ----HD---- C:\Program Files\InstallShield Installation Information
2011-08-22 12:30:11 ----D---- C:\Program Files\ABBYY FineReader 9.0 Sprint
2011-08-22 12:26:49 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\ABBYY
2011-08-22 12:24:05 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-08-22 12:07:59 ----D---- C:\WINDOWS\Logs
2011-08-22 12:07:59 ----D---- C:\WINDOWS\Debug
2011-08-22 10:34:33 ----A---- C:\boot.ini
2011-08-22 10:05:30 ----D---- C:\WINDOWS\system32\config
2011-08-22 10:05:18 ----D---- C:\WINDOWS\system32\wbem
2011-08-21 15:01:59 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Adobe
2011-08-12 16:34:00 ----D---- C:\WINDOWS\system32\CatRoot
2011-08-12 06:51:48 ----A---- C:\WINDOWS\system32\MRT.exe
2011-08-10 12:00:08 ----D---- C:\WINDOWS\repair

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 SmartDefragDriver;SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [2011-02-23 13496]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2011-08-23 138192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2011-08-23 66616]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2011-03-09 6553088]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-11-11 4946944]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [1980-01-01 12160]
R3 RTHDMIAzAudService;Service for HDMI; C:\WINDOWS\system32\drivers\RtKHDMI.sys [2010-05-24 4003008]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2011-08-23 269480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2011-08-23 136360]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2011-03-09 643072]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2011-03-28 4323256]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2009-02-04 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

Mohl bys udělat kontrolu podle předchozího návodu tímto:
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe ?

Kontrola dokoncena, nalezeno 10 infikaci a co ted s tim?
Mam to jen zavrit exitem anebo na neco jeste kliknout?

Zkopíruj sem nález (najdeš i na 5.záložce programu "Protokoly" - dnešní datum)

Malwarebytes' Anti-Malware
www.malwarebytes.org

Database version:

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

10.9.2011 13:26:14
mbam-log-2011-09-10 (13-26-04).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|)
Objects scanned: 361489
Time elapsed: 40 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\program files\webhancer\Programs (PUP.WebHancer) -> No action taken.

Files Infected:
c:\documents and settings\lukas\Plocha\OP\ventrilo-2.1.4.exe (Trojan.Dropper) -> No action taken.
c:\program files\webhancer\Programs\wbhshare.dll (PUP.WebHancer) -> No action taken.
c:\program files\interlude\system\l2 interlude gg patch2.exe (PUP.Hacktool.Patcher) -> No action taken.
c:\WINDOWS\whAgent.inf (PUP.WebHancer) -> No action taken.
c:\WINDOWS\whinstaller.ini (PUP.WebHancer) -> No action taken.
c:\program files\webhancer\Programs\license.txt (PUP.WebHancer) -> No action taken.
c:\program files\webhancer\Programs\readme.txt (PUP.WebHancer) -> No action taken.
c:\program files\webhancer\Programs\sporder.dll (PUP.WebHancer) -> No action taken.
c:\program files\webhancer\Programs\whAgent.ini (PUP.WebHancer) -> No action taken.

nech v MBAM "Odstranit vybrané"
pak smaž celou složku c:\program files\webhancer

napiš jak se chová PC - ještě problémy?

tak uz to vypada ze je to v poradku ale jeste mi nejde prepnout klavesnice z anglicke do ceske ani zmenit pozadi plochy

Tak se na to ještě podíváme

Stáhni si zde: ComboFix
a ulož ho na plochu.
návod na použití: http://www.bleepingcomputer.com/combofi ... t-combofix
Ukonči všechna aktivní okna,vypni Antispy a Antivir a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna a nic nespouštěj
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Kdyby ti po použití ComboFixu systém nenaběhl - při restartu F8 a poslední známá funkční konfigurace

ComboFix 11-09-12.02 - lukas 12.09.2011 15:49:37.2.1 - x86
Spuštěný z: c:\documents and settings\lukas\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Předchozí spuštění -------
.
c:\windows\system32\TZLog.log
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DDSERVICE
-------\Legacy_SRVBTCCLIENT
-------\Legacy_SRVIECHECK
-------\Legacy_WXPDRIVERS
-------\Service_wxpDrivers
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-08-12 do 2011-09-12 )))))))))))))))))))))))))))))))
.
.
2011-09-12 12:23 . 2011-09-12 12:23 -------- d--h--w- c:\documents and settings\lukas\Okolní tiskárny
2011-09-09 18:23 . 2011-09-09 18:23 -------- d-----w- C:\_OTM
2011-09-09 09:48 . 2011-09-10 10:21 -------- d-----w- c:\program files\trend micro
2011-09-09 09:48 . 2011-09-09 09:48 -------- d-----w- C:\rsit
2011-09-03 10:17 . 2011-09-03 10:17 602112 -c----w- c:\windows\system32\dllcache\crypt32.dll
2011-08-26 14:21 . 2011-08-26 14:21 -------- d-----w- c:\program files\Ventrilo
2011-08-26 14:18 . 2011-08-26 14:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-08-26 12:29 . 2011-08-26 12:29 -------- d-----w- c:\documents and settings\Guest
2011-08-22 16:06 . 2011-08-23 21:10 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-08-22 16:06 . 2011-08-23 21:10 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-08-22 16:06 . 2011-08-22 16:06 -------- d-----w- c:\program files\Avira
2011-08-22 16:06 . 2011-08-22 16:06 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Avira
2011-08-22 16:06 . 2010-06-17 13:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-08-22 16:06 . 2010-06-17 13:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-08-22 10:35 . 2007-04-10 01:06 8192 ----a-w- c:\windows\system32\E_DCINST.DLL
2011-08-22 10:35 . 2009-10-01 03:01 63488 ----a-w- c:\windows\system32\E_FD4BGGE.DLL
2011-08-22 10:35 . 2008-11-12 03:00 93696 ----a-w- c:\windows\system32\E_FLBGGE.DLL
2011-08-22 10:34 . 2008-04-13 22:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2011-08-22 10:34 . 2008-04-13 22:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-08-22 10:34 . 2008-04-13 22:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2011-08-22 10:34 . 2008-04-13 22:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-08-22 10:07 . 2011-08-22 10:07 -------- d--h--w- c:\documents and settings\lukas\Okolní síť
2011-08-22 10:07 . 2011-08-22 10:07 -------- d-----w- c:\program files\CCleaner
2011-08-22 08:50 . 2011-08-22 08:50 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Malwarebytes
2011-08-22 08:50 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-22 08:50 . 2011-08-22 08:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-22 08:50 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 08:13 . 2011-08-22 08:26 53123856 ----a-w- C:\avira_antivir_personal_en.exe
2011-08-22 08:05 . 2011-08-22 08:05 -------- d-----w- c:\windows\system32\wbem\Repository
2011-08-21 12:16 . 2011-09-12 13:49 -------- d-----w- c:\documents and settings\lukas\Data aplikací
2011-08-21 08:55 . 2011-08-21 08:55 -------- d-----w- c:\windows\Profiles
2011-08-21 08:44 . 2011-08-21 08:44 -------- d-----w- c:\documents and settings\lukas\Nabídka Start
2011-08-21 08:42 . 2011-09-12 12:23 -------- d-----r- c:\documents and settings\lukas\Dokumenty
2011-08-21 08:37 . 2011-08-21 08:37 -------- d-----r- c:\documents and settings\lukas\Oblíbené položky
2011-08-20 21:36 . 2011-08-20 21:36 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY.001\Nabídka Start
2011-08-14 09:59 . 2011-08-14 09:59 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY.001\Nabídka Start
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-03 10:17 . 1980-01-01 00:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-07-15 13:29 . 1980-01-01 00:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 1980-01-01 00:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2011-04-21 21:41 139656 ----a-r- c:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:18 . 1980-01-01 00:00 668160 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 18:18 . 1980-01-01 00:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-06-21 18:18 . 1980-01-01 00:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-06-21 18:16 . 1980-01-01 00:00 370176 ----a-w- c:\windows\system32\html.iec
2011-06-20 22:03 . 2011-06-20 22:03 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-20 17:44 . 1980-01-01 00:00 293376 ----a-w- c:\windows\system32\winsrv.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-11-07 17421824]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-08 98304]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 17:29 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-11-15 19:02 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2011-07-06 17:52 1047656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ7.4\\ICQ.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
.
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2011-03-28 4323256]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 13496]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-08-23 136360]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-09-12 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-06-07 15:31]
.
.
------- Doplňkový sken -------
.
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 192.168.48.1 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil10p_Plugin.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-12 15:57
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(596)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(1996)
c:\windows\system32\msi.dll
.
Celkový čas: 2011-09-12 16:00:26
ComboFix-quarantined-files.txt 2011-09-12 14:00
.
Před spuštěním: Volných bajtů: 120 586 510 336
Po spuštění: Volných bajtů: 120 535 625 728
.
- - End Of File - - D7FB0C673D50D4446022278888B5AEC5

VIRY.CZ

FB vir

FB vir

Re: FB vir

Re: FB vir

Re: FB vir

Re: FB vir

Re: FB vir

Re: FB vir

Re: FB vir

Re: FB vir

Re: FB vir

Re: FB vir

Re: FB vir

Re: FB vir

Re: FB vir

Re: FB vir