prosím o kontrolu logu, opět ten samý problém s připojením

Zpráva

radimk5 · #1 Příspěvek od **radimk5** » 23 bře 2010 20:26

Dobrý den, nedávno jsem tady řešil problém a dost jste mi pomohli. Teď je ten samý problém zpět, bohůžel s tím rozdílem. Že mi nejde spustit ComboFix, nenajíždějí mi videa na internetu, celé stránky, nejdou mi stahovat soubory, avast hlásí jednoho trojského koně za druhým, hrůza... Pokud se combofix spustí, tak jen na chvíli, pak se vypne obrazovka a je to třeba 20min. vypnuté dokud to natvrdu nevypnu (restart nepomůže)

Přidávám log z hijackthis, předem děkuji

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:25:39, on 23.3.2010
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\System32\Ati2evxx.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
I:\Program Files\Alwil Software\Avast5\AvastSvc.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\ICQ6Toolbar\ICQ Service.exe
I:\Program Files\Google\Update\GoogleUpdate.exe
I:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\ZoneLabs\vsmon.exe
I:\WINDOWS\Explorer.EXE
I:\Program Files\D-Tools\daemon.exe
I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
I:\WINDOWS\RTHDCPL.EXE
I:\Program Files\Winamp\winampa.exe
I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
I:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
I:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
I:\Program Files\CursorXP\CursorXP.exe
I:\Program Files\Messenger\msmsgs.exe
I:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
I:\Program Files\ICQ7.0\ICQ.exe
I:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
I:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
I:\Program Files\Mozilla Firefox\firefox.exe
I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
I:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
I:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
I:\Program Files\trend micro\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - I:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - I:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - I:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - I:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [StartCCC] I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "I:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] I:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "I:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "I:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast5] I:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "I:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [CursorXP] I:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [FramyWhite] I:\Program Files\FramyWhite\FramyWhite.exe
O4 - HKCU\..\Run: [ICQ] "I:\Program Files\ICQ7.0\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = I:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = I:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ZoneAlarm.lnk = I:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: Download Video by Free YouTuBe Utility - I:\Program Files\Free YouTuBe Utility\IEydown.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://I:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - I:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - I:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - I:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - I:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - I:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - I:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - I:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - I:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - I:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - I:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - I:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - I:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - I:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - I:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - I:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8273 bytes

#2 Příspěvek od **Caroprd111** » 23 bře 2010 20:29

Zdravím

Přečtěte si pravidla fóra a dejte log z RSIT.

Nedoporučuji používat ComboFix z vlastní iniciativy, může dojít k poškození systému!

radimk5 · #3 Příspěvek od **radimk5** » 23 bře 2010 20:43

Omlouvám se, musel jsem to stáhnout na notebooku

není šance to z pc poslat, tak to posílám z notebooku

Logfile of random's system information tool 1.06 (written by random/random)
Run by Radim at 2010-03-23 20:36:19
Systém Microsoft Windows XP Professional Service Pack 1
System drive I: has 28 GB (12%) free of 229 GB
Total RAM: 1023 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:36:20, on 23.3.2010
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\System32\Ati2evxx.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
I:\Program Files\Alwil Software\Avast5\AvastSvc.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\ICQ6Toolbar\ICQ Service.exe
I:\Program Files\Google\Update\GoogleUpdate.exe
I:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\ZoneLabs\vsmon.exe
I:\WINDOWS\Explorer.EXE
I:\Program Files\D-Tools\daemon.exe
I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
I:\WINDOWS\RTHDCPL.EXE
I:\Program Files\Winamp\winampa.exe
I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
I:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
I:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
I:\Program Files\CursorXP\CursorXP.exe
I:\Program Files\Messenger\msmsgs.exe
I:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
I:\Program Files\ICQ7.0\ICQ.exe
I:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
I:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
I:\Program Files\Mozilla Firefox\firefox.exe
I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
I:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
I:\Documents and Settings\Radim\Plocha\flashka\RSIT.exe
I:\Program Files\trend micro\Radim.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - I:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - I:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - I:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - I:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [StartCCC] I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "I:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] I:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "I:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "I:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast5] I:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "I:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [CursorXP] I:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [FramyWhite] I:\Program Files\FramyWhite\FramyWhite.exe
O4 - HKCU\..\Run: [ICQ] "I:\Program Files\ICQ7.0\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = I:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = I:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ZoneAlarm.lnk = I:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: Download Video by Free YouTuBe Utility - I:\Program Files\Free YouTuBe Utility\IEydown.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://I:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - I:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - I:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - I:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - I:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - I:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - I:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - I:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - I:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - I:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - I:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - I:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - I:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - I:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - I:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - I:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8269 bytes

======Scheduled tasks folder======

I:\WINDOWS\tasks\AppleSoftwareUpdate.job
I:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
I:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
Yahoo! Companion BHO - I:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll [2005-04-13 327748]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - I:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Rádio - I:\WINDOWS\System32\msdxm.ocx [2002-09-20 844828]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - &Yahoo! Companion - I:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll [2005-04-13 327748]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - I:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-01-03 1019128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"DAEMON Tools-1033"=I:\Program Files\D-Tools\daemon.exe [2004-08-22 81920]
"NeroFilterCheck"=I:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"RTHDCPL"=I:\WINDOWS\RTHDCPL.EXE [2006-11-14 16270848]
"SkyTel"=I:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"QuickTime Task"=I:\Program Files\QuickTime\qttask.exe [2007-10-19 286720]
"WinampAgent"=I:\Program Files\Winamp\winampa.exe [2008-01-15 37376]
"SunJavaUpdateSched"=I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"Adobe Reader Speed Launcher"=I:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=I:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"avast5"=I:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-03-09 2769336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=I:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-11-16 139264]
"CursorXP"=I:\Program Files\CursorXP\CursorXP.exe [2005-01-19 128000]
"MSMSGS"=I:\Program Files\Messenger\msmsgs.exe [2002-08-20 1511453]
"FramyWhite"=I:\Program Files\FramyWhite\FramyWhite.exe [2006-02-24 2211840]
"ICQ"=I:\Program Files\ICQ7.0\ICQ.exe [2010-02-11 133368]

I:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Gamma Loader.lnk - I:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
ZoneAlarm.lnk - I:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe

I:\Documents and Settings\Radim\Nabídka Start\Programy\Po spuštění
RocketDock.lnk - I:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
I:\WINDOWS\system32\Ati2evxx.dll [2008-06-03 139264]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2010-03-23 20:03:27 ----SD---- I:\ComboFix
2010-03-23 19:31:15 ----A---- I:\WINDOWS\zip.exe
2010-03-23 19:31:15 ----A---- I:\WINDOWS\SWXCACLS.exe
2010-03-23 19:31:15 ----A---- I:\WINDOWS\SWSC.exe
2010-03-23 19:31:15 ----A---- I:\WINDOWS\SWREG.exe
2010-03-23 19:31:15 ----A---- I:\WINDOWS\sed.exe
2010-03-23 19:31:15 ----A---- I:\WINDOWS\PEV.exe
2010-03-23 19:31:15 ----A---- I:\WINDOWS\NIRCMD.exe
2010-03-23 19:31:15 ----A---- I:\WINDOWS\MBR.exe
2010-03-23 19:31:15 ----A---- I:\WINDOWS\grep.exe
2010-03-10 06:48:23 ----D---- I:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-02-27 18:36:10 ----A---- I:\WINDOWS\System32\xmlprov.dll
2010-02-24 15:45:34 ----A---- I:\WINDOWS\MSUMLT0G.INI
2010-02-24 15:45:33 ----A---- I:\WINDOWS\System32\MSMCML0G.DLL
2010-02-24 15:45:33 ----A---- I:\WINDOWS\System32\MICM__0G.DLL
2010-02-24 15:45:31 ----A---- I:\WINDOWS\System32\MGDI320G.DLL
2010-02-24 15:45:30 ----A---- I:\WINDOWS\System32\MCMM__0G.DLL
2010-02-24 15:45:29 ----D---- I:\Program Files\KONICA MINOLTA

======List of files/folders modified in the last 1 months======

2010-03-23 20:36:20 ----D---- I:\Program Files\trend micro
2010-03-23 20:30:28 ----D---- I:\WINDOWS\Prefetch
2010-03-23 20:27:45 ----D---- I:\WINDOWS\Temp
2010-03-23 20:27:40 ----D---- I:\WINDOWS\System32\CatRoot2
2010-03-23 20:15:28 ----D---- I:\Program Files\Mozilla Firefox
2010-03-23 20:12:56 ----D---- I:\WINDOWS\Debug
2010-03-23 20:06:47 ----RSHDC---- I:\WINDOWS\System32\dllcache
2010-03-23 20:06:34 ----D---- I:\WINDOWS\System32\drivers
2010-03-23 20:05:13 ----D---- I:\WINDOWS\system32
2010-03-23 20:04:04 ----A---- I:\WINDOWS\SchedLgU.Txt
2010-03-23 19:57:29 ----D---- I:\WINDOWS\Internet Logs
2010-03-23 19:31:23 ----D---- I:\Qoobox
2010-03-23 19:31:15 ----D---- I:\WINDOWS
2010-03-23 19:14:30 ----D---- I:\Documents and Settings\Radim\Data aplikací\ICQ
2010-03-22 19:47:43 ----D---- I:\Program Files\ParadisePoker
2010-03-22 17:19:04 ----A---- I:\WINDOWS\NeroDigital.ini
2010-03-18 06:35:36 ----SHD---- I:\WINDOWS\Installer
2010-03-17 13:59:10 ----D---- I:\Documents and Settings\All Users\Data aplikací\Adobe
2010-03-17 13:45:39 ----D---- I:\Documents and Settings\Radim\Data aplikací\Adobe
2010-03-17 13:40:53 ----D---- I:\Documents and Settings\Radim\Data aplikací\Facebook
2010-03-10 20:13:41 ----D---- I:\Program Files\ICQ7.0
2010-03-10 14:19:47 ----D---- I:\Program Files\Alwil Software
2010-03-10 06:48:46 ----D---- I:\WINDOWS\WinSxS
2010-03-09 12:24:05 ----A---- I:\WINDOWS\System32\aswBoot.exe
2010-02-27 18:43:45 ----D---- I:\WINDOWS\ERDNT
2010-02-27 18:43:40 ----RD---- I:\Program Files
2010-02-27 18:39:59 ----D---- I:\WINDOWS\AppPatch
2010-02-27 18:39:59 ----D---- I:\Program Files\Common Files
2010-02-24 15:45:56 ----D---- I:\WINDOWS\LastGood
2010-02-24 15:45:52 ----HD---- I:\WINDOWS\inf
2010-02-24 15:45:52 ----D---- I:\WINDOWS\System32\CatRoot

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; I:\WINDOWS\System32\drivers\Aavmker4.sys [2010-03-09 28880]
R1 aswSP;aswSP; I:\WINDOWS\System32\drivers\aswSP.sys [2010-03-09 162640]
R1 aswTdi;avast! Network Shield Support; I:\WINDOWS\System32\drivers\aswTdi.sys [2010-03-09 46672]
R1 SSHDRV52;SSHDRV52; \??\I:\WINDOWS\System32\drivers\SSHDRV52.sys []
R2 aswMon2;avast! Standard Shield Support; I:\WINDOWS\System32\drivers\aswMon2.sys [2010-03-09 100432]
R2 atksgt;atksgt; I:\WINDOWS\System32\DRIVERS\atksgt.sys [2008-03-20 278728]
R2 Ethpdrv;Ethernet Packet Driver; I:\WINDOWS\System32\DRIVERS\ethpdrv.sys [2005-09-08 9728]
R2 lirsgt;lirsgt; I:\WINDOWS\System32\DRIVERS\lirsgt.sys [2008-03-20 25416]
R2 Nadim;NAD Proto Driver; I:\WINDOWS\System32\DRIVERS\nadim.sys [2008-11-08 18688]
R2 vsdatant;vsdatant; \??\I:\WINDOWS\System32\vsdatant.sys []
R3 aswRdr;aswRdr; I:\WINDOWS\System32\drivers\aswRdr.sys [2010-03-09 23376]
R3 ati2mtag;ati2mtag; I:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2008-06-03 3100160]
R3 hamachi;Hamachi Network Interface; I:\WINDOWS\System32\DRIVERS\hamachi.sys [2007-11-21 25544]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; I:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); I:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-15 4225920]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; I:\WINDOWS\System32\DRIVERS\Rtnicxp.sys [2009-03-25 130432]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; I:\WINDOWS\System32\DRIVERS\usbehci.sys [2002-08-29 19328]
R3 usbhub;Ovladač standardního rozbočovače USB; I:\WINDOWS\System32\DRIVERS\usbhub.sys [2002-08-29 51968]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; I:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; I:\WINDOWS\System32\DRIVERS\usbuhci.sys [2002-08-29 19328]
S3 catchme;catchme; \??\I:\DOCUME~1\Radim\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; I:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 ENTECH;ENTECH; \??\I:\WINDOWS\System32\DRIVERS\ENTECH.SYS []
S3 gdrv;gdrv; \??\I:\WINDOWS\gdrv.sys []
S3 GNDHV71;Genius VideoCAM Live V2; I:\WINDOWS\System32\DRIVERS\gndhv71.sys [2003-08-06 310084]
S3 HidUsb;Ovladač třídy standardu HID; I:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 ipw_bus;IPWireless; I:\WINDOWS\System32\DRIVERS\ipw_bus.sys [2005-09-27 58320]
S3 ipw_mdfl;Wireless Broadband Modem Filter; I:\WINDOWS\System32\DRIVERS\ipw_mdfl.sys [2005-09-27 8272]
S3 ipw_mdm;Wireless Broadband Modem (WDM); I:\WINDOWS\System32\DRIVERS\ipw_mdm.sys [2005-09-27 95440]
S3 mouhid;Ovladač myši standardu HID; I:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; I:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; I:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 NdisIP;Microsoft TV/Video Connection; I:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-07-09 10112]
S3 Pcouffin;Low level access layer for CD devices; I:\WINDOWS\System32\Drivers\Pcouffin.sys []
S3 RTL8169;Realtek 8169 NT Driver; I:\WINDOWS\System32\DRIVERS\Rtlh86.sys [2006-12-08 67072]
S3 SLIP;BDA Slip De-Framer; I:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 streamip;BDA IPSink; I:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 tap0901_2gm;VPN Anonymizer Adapter; I:\WINDOWS\System32\DRIVERS\tap0901_2gm.sys [2007-06-21 30720]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; I:\WINDOWS\System32\DRIVERS\usbccgp.sys [2002-08-29 28160]
S3 usbprint;Třída USB Printer; I:\WINDOWS\System32\DRIVERS\usbprint.sys [2002-08-29 24960]
S3 usbscan;Ovladač skeneru USB; I:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 14208]
S3 WSTCODEC;World Standard Teletext Codec; I:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S4 IntelIde;IntelIde; I:\WINDOWS\System32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; I:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-07 611664]
R2 Ati HotKey Poller;Ati HotKey Poller; I:\WINDOWS\System32\Ati2evxx.exe [2008-06-03 552960]
R2 avast! Antivirus;avast! Antivirus; I:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
R2 ICQ Service;ICQ Service; I:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
R2 MDM;Machine Debug Manager; I:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 UMWdf;Windows User Mode Driver Framework; I:\WINDOWS\System32\wdfmgr.exe [2004-08-11 38912]
R2 vsmon;TrueVector Internet Monitor; I:\WINDOWS\system32\ZoneLabs\vsmon.exe [2003-02-14 914744]
R3 avast! Mail Scanner;avast! Mail Scanner; I:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
R3 avast! Web Scanner;avast! Web Scanner; I:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
S2 ATI Smart;ATI Smart; I:\WINDOWS\system32\ati2sgag.exe [2008-06-02 593920]
S2 gupdate;Google Update Service (gupdate); I:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-15 135664]
S3 aspnet_state;ASP.NET State Service; I:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; I:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; I:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NBService;NBService; I:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S3 ose;Office Source Engine; I:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usprserv;User Privilege Service; I:\WINDOWS\System32\svchost.exe [2001-10-25 12800]

#4 Příspěvek od **Caroprd111** » 23 bře 2010 20:50

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe

Spusťte program, poté klikněte na Run Scan
Po dokončení, sem vložte logy OTL.Txt a Extras.txt

radimk5 · #5 Příspěvek od **radimk5** » 23 bře 2010 20:58

OTL

OTL logfile created on: 23.3.2010 20:52:42 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = K:\
Windows XP Professional Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1 023,00 Mb Total Physical Memory | 420,00 Mb Available Physical Memory | 41,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): I:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = I: | %SystemRoot% = I:\WINDOWS | %ProgramFiles% = I:\Program Files
C: Drive not present or media not loaded
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 223,56 Gb Total Space | 27,23 Gb Free Space | 12,18% Space Free | Partition Type: NTFS
Drive K: | 7,47 Gb Total Space | 2,31 Gb Free Space | 30,92% Space Free | Partition Type: FAT32

Computer Name: DOMA-FHMPQEZU7M
Current User Name: Radim
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.03.23 20:52:14 | 000,555,520 | ---- | M] (OldTimer Tools) -- K:\OTL.exe
PRC - [2010.03.09 12:24:10 | 002,769,336 | ---- | M] (ALWIL Software) -- I:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010.03.09 12:24:08 | 000,040,384 | ---- | M] (ALWIL Software) -- I:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010.02.24 04:16:47 | 000,908,248 | ---- | M] (Mozilla Corporation) -- I:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.02.11 10:56:26 | 000,133,368 | ---- | M] (ICQ, Inc.) -- I:\Program Files\ICQ7.0\ICQ.exe
PRC - [2010.01.03 17:07:48 | 000,246,520 | ---- | M] () -- I:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2008.07.07 08:15:18 | 000,611,664 | ---- | M] (Lavasoft) -- I:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008.06.10 03:27:04 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2008.06.10 03:27:03 | 000,329,104 | ---- | M] (Sun Microsystems, Inc.) -- I:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
PRC - [2008.01.15 23:54:54 | 000,037,376 | ---- | M] () -- I:\Program Files\Winamp\winampa.exe
PRC - [2007.03.18 23:05:02 | 000,630,784 | ---- | M] () -- I:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
PRC - [2006.11.16 19:04:20 | 000,139,264 | ---- | M] (Nero AG) -- I:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006.11.16 18:58:32 | 000,884,736 | ---- | M] (Nero AG) -- I:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2005.01.19 16:34:16 | 000,128,000 | ---- | M] ( ) -- I:\Program Files\CursorXP\CursorXP.exe
PRC - [2004.08.22 17:05:02 | 000,081,920 | ---- | M] (DAEMON'S HOME) -- I:\Program Files\D-Tools\daemon.exe
PRC - [2003.02.14 13:54:40 | 000,623,936 | ---- | M] (Zone Labs Inc.) -- I:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
PRC - [2003.02.14 13:53:30 | 000,914,744 | ---- | M] (Zone Labs Inc.) -- I:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2002.09.20 17:05:24 | 000,946,688 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010.03.23 20:52:14 | 000,555,520 | ---- | M] (OldTimer Tools) -- K:\OTL.exe
MOD - [2007.03.18 23:04:22 | 000,069,632 | ---- | M] () -- I:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
MOD - [2005.01.19 16:34:24 | 000,014,848 | ---- | M] ( ) -- I:\Program Files\CursorXP\CurXP0.dll
MOD - [2002.09.20 17:03:32 | 000,921,600 | R--- | M] (Microsoft Corporation) -- I:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010.03.09 12:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- I:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010.03.09 12:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- I:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010.03.09 12:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- I:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010.01.03 17:07:48 | 000,246,520 | ---- | M] () [Auto | Running] -- I:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2008.07.07 08:15:18 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- I:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2003.02.14 13:53:30 | 000,914,744 | ---- | M] (Zone Labs Inc.) [Auto | Running] -- I:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)

========== Driver Services (SafeList) ==========

DRV - [2010.03.09 12:12:54 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- I:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010.03.09 12:12:33 | 000,162,640 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- I:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010.03.09 12:09:08 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010.03.09 12:08:41 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- I:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010.03.09 12:08:15 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- I:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009.03.25 14:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008.11.08 14:19:00 | 000,018,688 | ---- | M] (MetaProducts corp.) [Kernel | Auto | Running] -- I:\WINDOWS\system32\drivers\nadim.sys -- (Nadim)
DRV - [2008.06.03 07:20:54 | 003,100,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.03.20 23:32:17 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- I:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2008.03.20 23:32:16 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- I:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008.02.18 19:43:01 | 000,004,716 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2007.12.02 23:45:39 | 000,029,184 | ---- | M] () [Kernel | System | Running] -- I:\WINDOWS\system32\drivers\SSHDRV52.sys -- (SSHDRV52)
DRV - [2007.11.21 18:01:29 | 000,025,544 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2007.06.21 15:21:58 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\tap0901_2gm.sys -- (tap0901_2gm)
DRV - [2006.12.08 08:02:02 | 000,067,072 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006.11.15 07:34:00 | 004,225,920 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005.11.03 15:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- I:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005.09.27 09:21:54 | 000,095,440 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\ipw_mdm.sys -- (ipw_mdm) Wireless Broadband Modem (WDM)
DRV - [2005.09.27 09:21:50 | 000,008,272 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\ipw_mdfl.sys -- (ipw_mdfl)
DRV - [2005.09.27 09:21:28 | 000,058,320 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\ipw_bus.sys -- (ipw_bus)
DRV - [2005.09.08 00:18:54 | 000,009,728 | R--- | M] (Gemfor s.r.o.) [Kernel | Auto | Running] -- I:\WINDOWS\system32\drivers\ethpdrv.sys -- (Ethpdrv)
DRV - [2005.08.10 13:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- I:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005.05.16 14:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- I:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005.01.07 17:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004.08.22 16:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- I:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt)
DRV - [2004.08.22 16:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Running] -- I:\WINDOWS\System32\DRIVERS\d347bus.sys -- (d347bus)
DRV - [2003.08.06 18:12:34 | 000,310,084 | ---- | M] () [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\gndhv71.sys -- (GNDHV71)
DRV - [2003.02.14 13:53:20 | 000,177,048 | ---- | M] (Zone Labs Inc.) [Kernel | Auto | Running] -- I:\WINDOWS\system32\vsdatant.sys -- (vsdatant)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - I:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - I:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.9
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.1
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.8
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_result ... 2.0.0.1&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.icq.com/search/afe_result ... id=afex&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: I:\Program Files\Mozilla Firefox\components [2010.02.24 04:17:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: I:\Program Files\Mozilla Firefox\plugins [2010.02.24 04:17:08 | 000,000,000 | ---D | M]

[2008.08.31 16:37:05 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Radim\Data aplikací\Mozilla\Extensions
[2010.03.22 21:59:16 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\qj6i4j9l.default\extensions
[2009.04.29 21:00:39 | 000,000,000 | ---D | M] (Forecastfox) -- I:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\qj6i4j9l.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010.02.15 18:30:05 | 000,000,000 | ---D | M] (No name found) -- I:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\qj6i4j9l.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.04.13 17:39:23 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- I:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\qj6i4j9l.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2010.03.22 15:59:11 | 000,000,961 | ---- | M] () -- I:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\qj6i4j9l.default\searchplugins\icqplugin-1.xml
[2009.09.12 09:45:03 | 000,000,950 | ---- | M] () -- I:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\qj6i4j9l.default\searchplugins\icqplugin-10.xml
[2009.10.30 15:07:44 | 000,000,950 | ---- | M] () -- I:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\qj6i4j9l.default\searchplugins\icqplugin-11.xml
[2009.12.19 15:53:43 | 000,000,950 | ---- | M] () -- I:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\qj6i4j9l.default\searchplugins\icqplugin-12.xml
[2010.01.06 19:13:39 | 000,000,950 | ---- | M] () -- I:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\qj6i4j9l.default\searchplugins\icqplugin-13.xml
[2010.02.15 18:30:44 | 000,000,961 | ---- | M] () -- I:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\qj6i4j9l.default\searchplugins\icqplugin-14.xml
[2009.03.29 21:53:03 | 000,000,950 | ---- | M] () -- I:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\qj6i4j9l.default\searchplugins\icqplugin-2.xml
[2009.04.24 07:16:25 | 000,000,950 | ---- | M] () -- I:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\qj6i4j9l.default\searchplugins\icqplugin-3.xml
[2009.04.28 21:28:52 | 000,000,950 | ---- | M] () -- I:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\qj6i4j9l.default\searchplugins\icqplugin-4.xml
[2009.06.16 16:20:26 | 000,000,950 | ---- | M] () -- I:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\qj6i4j9l.default\searchplugins\icqplugin-5.xml
[2009.07.26 20:13:15 | 000,000,950 | ---- | M] () -- I:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\qj6i4j9l.default\searchplugins\icqplugin-6.xml
[2009.07.26 21:45:03 | 000,000,950 | ---- | M] () -- I:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\qj6i4j9l.default\searchplugins\icqplugin-7.xml
[2009.08.08 12:03:26 | 000,000,950 | ---- | M] () -- I:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\qj6i4j9l.default\searchplugins\icqplugin-8.xml
[2009.08.08 14:21:20 | 000,000,950 | ---- | M] () -- I:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\qj6i4j9l.default\searchplugins\icqplugin-9.xml
[2010.02.15 18:30:05 | 000,000,168 | ---- | M] () -- I:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\qj6i4j9l.default\searchplugins\icqplugin.gif
[2010.02.15 18:30:05 | 000,000,618 | ---- | M] () -- I:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\qj6i4j9l.default\searchplugins\icqplugin.src
[2008.07.10 13:07:28 | 000,000,944 | ---- | M] () -- I:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\qj6i4j9l.default\searchplugins\icqplugin.xml
[2009.04.13 17:39:22 | 000,003,915 | ---- | M] () -- I:\Documents and Settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\qj6i4j9l.default\searchplugins\sweetim.xml
[2010.03.22 21:59:16 | 000,000,000 | ---D | M] -- I:\Program Files\Mozilla Firefox\extensions
[2009.03.11 21:25:48 | 000,000,000 | ---D | M] (No name found) -- I:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2007.09.27 19:49:34 | 000,061,440 | ---- | M] (Joost Technologies B.V. ) -- I:\Program Files\Mozilla Firefox\plugins\npJoostPlugin.dll
[2005.12.05 21:31:00 | 000,114,688 | ---- | M] () -- I:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2010.01.20 18:45:40 | 000,000,638 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.01.20 18:45:40 | 000,001,687 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.01.20 18:45:40 | 000,001,367 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.01.20 18:45:40 | 000,000,654 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.01.20 18:45:40 | 000,001,179 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.02.23 22:45:59 | 000,000,027 | ---- | M]) - I:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - I:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - I:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - I:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (&Rádio) - {8E718888-423F-11D2-876E-00A0C9082467} - I:\WINDOWS\system32\msdxm.ocx (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast5] I:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [DAEMON Tools-1033] I:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME)
O4 - HKLM..\Run: [NeroFilterCheck] I:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SkyTel] I:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinampAgent] I:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] I:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [CursorXP] I:\Program Files\CursorXP\CursorXP.exe ( )
O4 - HKCU..\Run: [FramyWhite] I:\Program Files\FramyWhite\FramyWhite.exe ()
O4 - HKCU..\Run: [ICQ] I:\Program Files\ICQ7.0\ICQ.exe (ICQ, Inc.)
O4 - Startup: I:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.lnk = I:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: I:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\ZoneAlarm.lnk = I:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe (Zone Labs Inc.)
O4 - Startup: I:\Documents and Settings\Radim\Nabídka Start\Programy\Po spuštění\RocketDock.lnk = I:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download Video by Free YouTuBe Utility - I:\Program Files\Free YouTuBe Utility\IEydown.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - I:\Program Files\ICQ7.0\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - I:\Program Files\ICQ7.0\ICQ.exe (ICQ, Inc.)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - I:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - I:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - I:\WINDOWS\Web\related.htm ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - I:\WINDOWS\Web\related.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - I:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} http://www.acclaim.com/cabs/acclaim_v4.cab (GameLauncher Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/fl ... wflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://I:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://I:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - I:\WINDOWS\system32\msdxm.ocx (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - I:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (I:\WINDOWS\System32\logonuiX.exe) - I:\WINDOWS\system32\logonuiX.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - I:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: I:\Documents and Settings\Radim\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: I:\Documents and Settings\Radim\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - I:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.03.23 20:03:27 | 000,000,000 | --SD | C] -- I:\ComboFix
[2010.03.23 19:31:15 | 000,212,480 | ---- | C] (SteelWerX) -- I:\WINDOWS\SWXCACLS.exe
[2010.03.23 19:31:15 | 000,161,792 | ---- | C] (SteelWerX) -- I:\WINDOWS\SWREG.exe
[2010.03.23 19:31:15 | 000,136,704 | ---- | C] (SteelWerX) -- I:\WINDOWS\SWSC.exe
[2010.03.23 19:31:15 | 000,031,232 | ---- | C] (NirSoft) -- I:\WINDOWS\NIRCMD.exe
[2010.03.23 13:15:15 | 000,000,000 | -HSD | C] -- I:\Documents and Settings\Radim\Recent
[2010.03.18 06:33:45 | 000,000,000 | ---D | M] -- I:\Documents and Settings\LocalService\Local Settings\Data aplikací\Temp
[2010.03.17 13:50:52 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Radim\Plocha\dopp
[2010.03.16 14:15:15 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Radim\Plocha\sř
[2010.03.16 12:44:35 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Radim\Plocha\vs praktická maturita
[2010.03.15 19:27:55 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Radim\Plocha\3
[2010.03.10 06:48:23 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2010.02.27 18:30:01 | 000,129,536 | ---- | C] (Microsoft Corporation) -- I:\Documents and Settings\Radim\Plocha\xmlprov.dll
[2010.02.27 18:12:19 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- I:\Documents and Settings\Radim\Plocha\HJTInstall.exe
[2010.02.27 16:33:06 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Radim\Plocha\the sims 3 na flashku
[2010.02.27 16:20:39 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Radim\Plocha\flashka
[2010.02.24 15:45:33 | 000,376,832 | ---- | C] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) -- I:\WINDOWS\System32\MSMCML0G.DLL
[2010.02.24 15:45:33 | 000,009,728 | ---- | C] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) -- I:\WINDOWS\System32\MICM__0G.DLL
[2010.02.24 15:45:31 | 000,023,552 | ---- | C] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) -- I:\WINDOWS\System32\MGDI320G.DLL
[2010.02.24 15:45:30 | 000,036,864 | ---- | C] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) -- I:\WINDOWS\System32\MCMM__0G.DLL
[2010.02.24 15:45:29 | 000,000,000 | ---D | C] -- I:\Program Files\KONICA MINOLTA
[2010.02.23 22:47:10 | 000,000,000 | -HSD | C] -- I:\RECYCLER
[2010.02.23 22:34:25 | 000,000,000 | RHSD | C] -- I:\cmdcons
[2010.02.23 22:33:07 | 000,000,000 | ---D | C] -- I:\WINDOWS\ERDNT
[2010.02.23 22:32:45 | 000,000,000 | ---D | C] -- I:\Qoobox
[2010.02.23 19:00:40 | 000,000,000 | ---D | C] -- I:\Program Files\trend micro
[2010.02.23 19:00:39 | 000,000,000 | ---D | C] -- I:\rsit
[2010.01.15 15:53:48 | 000,000,000 | ---D | M] -- I:\Documents and Settings\LocalService\Local Settings\Data aplikací\Google
[2008.05.15 17:36:48 | 000,000,000 | --SD | M] -- I:\Documents and Settings\LocalService\Data aplikací\Microsoft
[2007.11.02 13:11:10 | 000,155,136 | ---- | C] ( ) -- I:\WINDOWS\System32\drivers\d347bus.sys
[2007.11.02 13:11:10 | 000,005,248 | ---- | C] ( ) -- I:\WINDOWS\System32\drivers\d347prt.sys
[2007.11.02 12:23:36 | 000,000,000 | --SD | M] -- I:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[2007.11.02 12:23:36 | 000,000,000 | ---D | M] -- I:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[2007.11.02 12:23:36 | 000,000,000 | ---D | M] -- I:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[6 I:\WINDOWS\*.tmp files -> I:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.03.23 20:40:00 | 000,000,938 | ---- | M] () -- I:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.03.23 20:13:27 | 000,000,237 | -H-- | M] () -- I:\WINDOWS\System32\vsconfig.xml
[2010.03.23 20:13:04 | 000,000,934 | ---- | M] () -- I:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.03.23 20:12:52 | 000,000,006 | -H-- | M] () -- I:\WINDOWS\tasks\SA.DAT
[2010.03.23 20:12:42 | 006,291,456 | -H-- | M] () -- I:\Documents and Settings\Radim\NTUSER.DAT
[2010.03.23 20:12:39 | 000,002,048 | --S- | M] () -- I:\WINDOWS\bootstat.dat
[2010.03.23 19:25:16 | 003,898,536 | R--- | M] () -- I:\Documents and Settings\Radim\Plocha\ComboFix.exe
[2010.03.23 15:20:07 | 000,000,274 | -HS- | M] () -- I:\Documents and Settings\Radim\ntuser.ini
[2010.03.22 22:48:40 | 000,054,156 | -H-- | M] () -- I:\WINDOWS\QTFont.qfn
[2010.03.22 19:40:31 | 000,030,208 | ---- | M] () -- I:\Documents and Settings\Radim\Plocha\Nejznamejsi spisovatele a dila z.doc
[2010.03.22 17:19:04 | 000,000,116 | ---- | M] () -- I:\WINDOWS\NeroDigital.ini
[2010.03.21 23:55:25 | 001,388,468 | -H-- | M] () -- I:\Documents and Settings\Radim\Local Settings\Data aplikací\IconCache.db
[2010.03.21 18:44:53 | 000,002,206 | ---- | M] () -- I:\WINDOWS\System32\wpa.dbl
[2010.03.17 13:48:53 | 000,068,735 | ---- | M] () -- I:\Documents and Settings\Radim\Plocha\23663_1267577488004_1186807708_30656314_5552772_n.jpg
[2010.03.16 13:17:30 | 000,037,563 | ---- | M] () -- I:\Documents and Settings\Radim\Plocha\oznameni__praha.pdf
[2010.03.15 20:10:01 | 000,140,288 | ---- | M] () -- I:\Documents and Settings\Radim\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.15 20:05:49 | 000,042,928 | ---- | M] () -- I:\Documents and Settings\Radim\Plocha\tablo 4 135_view.JPG
[2010.03.14 15:33:23 | 000,000,144 | ---- | M] () -- I:\Documents and Settings\Radim\default.pls
[2010.03.12 18:02:38 | 000,261,632 | ---- | M] () -- I:\WINDOWS\PEV.exe
[2010.03.10 06:48:50 | 000,002,553 | ---- | M] () -- I:\WINDOWS\System32\CONFIG.NT
[2010.03.10 06:48:50 | 000,001,700 | ---- | M] () -- I:\Documents and Settings\All Users\Plocha\avast! Free Antivirus.lnk
[2010.03.09 12:24:23 | 000,038,848 | ---- | M] (ALWIL Software) -- I:\WINDOWS\System32\avastSS.scr
[2010.03.09 12:24:05 | 000,153,184 | ---- | M] (ALWIL Software) -- I:\WINDOWS\System32\aswBoot.exe
[2010.03.09 12:12:54 | 000,046,672 | ---- | M] (ALWIL Software) -- I:\WINDOWS\System32\drivers\aswTdi.sys
[2010.03.09 12:12:33 | 000,162,640 | ---- | M] (ALWIL Software) -- I:\WINDOWS\System32\drivers\aswSP.sys
[2010.03.09 12:09:08 | 000,023,376 | ---- | M] (ALWIL Software) -- I:\WINDOWS\System32\drivers\aswRdr.sys
[2010.03.09 12:08:41 | 000,100,432 | ---- | M] (ALWIL Software) -- I:\WINDOWS\System32\drivers\aswmon2.sys
[2010.03.09 12:08:38 | 000,094,800 | ---- | M] (ALWIL Software) -- I:\WINDOWS\System32\drivers\aswmon.sys
[2010.03.09 12:08:15 | 000,028,880 | ---- | M] (ALWIL Software) -- I:\WINDOWS\System32\drivers\aavmker4.sys
[2010.03.07 18:51:57 | 000,492,918 | ---- | M] () -- I:\Documents and Settings\Radim\Plocha\školka.bmp
[2010.03.05 19:02:10 | 000,417,860 | ---- | M] () -- I:\Documents and Settings\Radim\Plocha\05032010699.jpg
[2010.03.01 18:49:56 | 000,039,936 | ---- | M] () -- I:\Documents and Settings\Radim\Plocha\Lucie Machová VSČ 3A.doc
[2010.02.28 23:53:52 | 000,024,811 | ---- | M] () -- I:\Documents and Settings\Radim\Plocha\img.asp.jpeg
[2010.02.28 23:13:00 | 000,146,944 | ---- | M] () -- I:\Documents and Settings\Radim\Plocha\PRAXE.doc
[2010.02.27 17:41:32 | 000,129,536 | ---- | M] (Microsoft Corporation) -- I:\Documents and Settings\Radim\Plocha\xmlprov.dll
[2010.02.27 16:54:18 | 000,020,648 | ---- | M] () -- I:\Documents and Settings\Radim\Plocha\9lr9_4qRkl.jpg
[2010.02.23 22:46:49 | 000,000,227 | ---- | M] () -- I:\WINDOWS\system.ini
[2010.02.23 22:45:59 | 000,000,027 | ---- | M] () -- I:\WINDOWS\System32\drivers\etc\hosts
[2010.02.23 22:34:33 | 000,000,264 | RHS- | M] () -- I:\boot.ini
[2010.02.23 22:31:24 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- I:\Documents and Settings\Radim\Plocha\HJTInstall.exe
[6 I:\WINDOWS\*.tmp files -> I:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.03.23 19:31:15 | 000,261,632 | ---- | C] () -- I:\WINDOWS\PEV.exe
[2010.03.23 19:31:15 | 000,098,816 | ---- | C] () -- I:\WINDOWS\sed.exe
[2010.03.23 19:31:15 | 000,080,412 | ---- | C] () -- I:\WINDOWS\grep.exe
[2010.03.23 19:31:15 | 000,077,312 | ---- | C] () -- I:\WINDOWS\MBR.exe
[2010.03.23 19:31:15 | 000,068,096 | ---- | C] () -- I:\WINDOWS\zip.exe
[2010.03.22 19:40:30 | 000,030,208 | ---- | C] () -- I:\Documents and Settings\Radim\Plocha\Nejznamejsi spisovatele a dila z.doc
[2010.03.17 13:44:54 | 000,068,735 | ---- | C] () -- I:\Documents and Settings\Radim\Plocha\23663_1267577488004_1186807708_30656314_5552772_n.jpg
[2010.03.16 13:17:30 | 000,037,563 | ---- | C] () -- I:\Documents and Settings\Radim\Plocha\oznameni__praha.pdf
[2010.03.15 19:59:27 | 000,042,928 | ---- | C] () -- I:\Documents and Settings\Radim\Plocha\tablo 4 135_view.JPG
[2010.03.10 06:48:50 | 000,001,700 | ---- | C] () -- I:\Documents and Settings\All Users\Plocha\avast! Free Antivirus.lnk
[2010.03.07 19:23:17 | 000,417,860 | ---- | C] () -- I:\Documents and Settings\Radim\Plocha\05032010699.jpg
[2010.03.07 18:49:57 | 000,492,918 | ---- | C] () -- I:\Documents and Settings\Radim\Plocha\školka.bmp
[2010.03.02 18:47:54 | 838,774,784 | ---- | C] () -- I:\Documents and Settings\Radim\Plocha\Prokletí domu slunečnic 2.avi
[2010.03.01 18:49:56 | 000,039,936 | ---- | C] () -- I:\Documents and Settings\Radim\Plocha\Lucie Machová VSČ 3A.doc
[2010.02.28 23:53:52 | 000,024,811 | ---- | C] () -- I:\Documents and Settings\Radim\Plocha\img.asp.jpeg
[2010.02.28 23:13:00 | 000,146,944 | ---- | C] () -- I:\Documents and Settings\Radim\Plocha\PRAXE.doc
[2010.02.27 18:12:18 | 003,898,536 | R--- | C] () -- I:\Documents and Settings\Radim\Plocha\ComboFix.exe
[2010.02.27 16:54:18 | 000,020,648 | ---- | C] () -- I:\Documents and Settings\Radim\Plocha\9lr9_4qRkl.jpg
[2010.02.24 15:45:34 | 000,031,910 | ---- | C] () -- I:\WINDOWS\MSUMLT0G.INI
[2010.02.24 15:45:33 | 000,000,061 | ---- | C] () -- I:\WINDOWS\System32\MSEP010G.SEP
[2010.02.23 22:34:33 | 000,000,193 | ---- | C] () -- I:\Boot.bak
[2010.02.23 22:34:30 | 000,246,960 | ---- | C] () -- I:\cmldr
[2010.02.19 08:53:24 | 000,073,728 | ---- | C] () -- I:\WINDOWS\System32\RtNicProp32.dll
[2010.02.18 21:02:42 | 000,000,131 | ---- | C] () -- I:\WINDOWS\wininit.ini
[2009.03.02 16:30:18 | 001,970,176 | ---- | C] () -- I:\WINDOWS\System32\d3dx9.dll
[2008.11.10 20:46:14 | 000,000,024 | ---- | C] () -- I:\WINDOWS\LogonStudio.ini
[2008.11.10 20:45:49 | 000,187,392 | ---- | C] () -- I:\WINDOWS\System32\JPGUtils.dll
[2008.08.10 09:36:25 | 000,000,038 | ---- | C] () -- I:\WINDOWS\AviSplitter.INI
[2008.07.30 00:00:38 | 000,000,023 | ---- | C] () -- I:\WINDOWS\BlendSettings.ini
[2008.06.06 21:21:03 | 000,007,168 | -HS- | C] () -- I:\Program Files\Thumbs.db
[2008.04.05 21:07:17 | 000,208,896 | ---- | C] () -- I:\Program Files\aaa.avi
[2008.03.21 01:18:32 | 000,001,399 | ---- | C] () -- I:\WINDOWS\disney.ini
[2008.03.21 01:18:22 | 000,000,211 | ---- | C] () -- I:\WINDOWS\disneysy.ini
[2008.03.20 23:32:17 | 000,278,728 | ---- | C] () -- I:\WINDOWS\System32\drivers\atksgt.sys
[2008.03.20 23:32:16 | 000,025,416 | ---- | C] () -- I:\WINDOWS\System32\drivers\lirsgt.sys
[2008.02.20 20:26:59 | 000,001,759 | ---- | C] () -- I:\Documents and Settings\All Users\Data aplikací\QTSBandwidthCache
[2008.01.27 12:57:03 | 000,310,084 | ---- | C] () -- I:\WINDOWS\System32\drivers\gndhv71.sys
[2008.01.27 12:57:03 | 000,286,720 | ---- | C] () -- I:\WINDOWS\System32\gndhv71.dll
[2008.01.27 12:57:03 | 000,045,056 | ---- | C] () -- I:\WINDOWS\System32\dgndhv71.dll
[2008.01.27 12:57:03 | 000,036,864 | ---- | C] () -- I:\WINDOWS\System32\vgndhv71.dll
[2008.01.27 12:57:03 | 000,015,475 | ---- | C] () -- I:\WINDOWS\gndhv71.ini
[2007.12.24 18:03:23 | 000,000,034 | ---- | C] () -- I:\WINDOWS\cdplayer.ini
[2007.12.20 20:21:08 | 000,000,405 | ---- | C] () -- I:\WINDOWS\Ausba4.ini
[2007.12.17 20:37:25 | 000,000,319 | ---- | C] () -- I:\WINDOWS\game.ini
[2007.12.12 00:07:01 | 000,000,021 | ---- | C] () -- I:\WINDOWS\FH_setup.ini
[2007.12.02 23:45:39 | 000,029,184 | ---- | C] () -- I:\WINDOWS\System32\drivers\SSHDRV52.sys
[2007.11.26 22:36:22 | 000,000,390 | ---- | C] () -- I:\WINDOWS\ODBC.INI
[2007.11.26 21:50:14 | 000,005,632 | ---- | C] () -- I:\WINDOWS\System32\CNMVS50.DLL
[2007.11.25 20:42:11 | 000,000,151 | ---- | C] () -- I:\WINDOWS\PhotoSnapViewer.INI
[2007.11.08 14:45:07 | 000,000,027 | ---- | C] () -- I:\WINDOWS\9DSetup.ini
[2007.11.07 16:33:05 | 000,140,288 | ---- | C] () -- I:\Documents and Settings\Radim\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.11.05 09:29:32 | 000,003,972 | ---- | C] () -- I:\WINDOWS\System32\drivers\PciBus.sys
[2007.11.04 02:59:37 | 000,000,349 | ---- | C] () -- I:\WINDOWS\level.ini
[2007.11.02 15:14:12 | 000,000,116 | ---- | C] () -- I:\WINDOWS\NeroDigital.ini
[2007.11.02 13:52:14 | 000,354,816 | ---- | C] () -- I:\WINDOWS\System32\psisdecd.dll
[2007.11.02 13:14:20 | 000,000,754 | ---- | C] () -- I:\WINDOWS\WORDPAD.INI
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- I:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- I:\WINDOWS\System32\AgCPanelSwedish.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- I:\WINDOWS\System32\AgCPanelSpanish.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- I:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- I:\WINDOWS\System32\AgCPanelPortugese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- I:\WINDOWS\System32\AgCPanelKorean.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- I:\WINDOWS\System32\AgCPanelJapanese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- I:\WINDOWS\System32\AgCPanelGerman.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- I:\WINDOWS\System32\AgCPanelFrench.dll
[2005.10.14 11:56:50 | 000,921,600 | ---- | C] () -- I:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 11:56:50 | 000,344,064 | ---- | C] () -- I:\WINDOWS\System32\xvid.dll
[2005.10.14 11:56:50 | 000,237,568 | ---- | C] () -- I:\WINDOWS\System32\OggDS.dll
[2005.10.14 11:56:50 | 000,188,416 | ---- | C] () -- I:\WINDOWS\System32\vorbis.dll
[2005.10.14 11:56:50 | 000,155,136 | ---- | C] () -- I:\WINDOWS\System32\unrar.dll
[2005.10.14 11:56:50 | 000,045,056 | ---- | C] () -- I:\WINDOWS\System32\ogg.dll
[2004.08.22 17:04:56 | 000,069,120 | ---- | C] () -- I:\WINDOWS\daemon.dll
[2003.04.22 08:00:06 | 000,138,752 | ---- | C] () -- I:\WINDOWS\System32\zipdll.dll
[2003.04.09 15:38:04 | 000,005,664 | ---- | C] () -- I:\WINDOWS\System32\OUTLPERF.INI
[2003.01.07 08:54:32 | 000,122,368 | ---- | C] () -- I:\WINDOWS\System32\unzdll.dll
[2002.04.26 15:07:18 | 000,167,936 | ---- | C] () -- I:\WINDOWS\A4.dll
[2002.03.25 19:02:14 | 000,027,440 | ---- | C] () -- I:\WINDOWS\System32\drivers\secdrv.sys
[2001.10.18 18:01:16 | 000,045,056 | ---- | C] () -- I:\WINDOWS\GetKey.dll
[2001.07.20 06:09:58 | 000,196,608 | ---- | C] () -- I:\WINDOWS\System32\swfobjs.dll
[1997.06.14 02:56:08 | 000,056,832 | ---- | C] () -- I:\WINDOWS\System32\iyvu9_32.dll
< End of report >

radimk5 · #6 Příspěvek od **radimk5** » 23 bře 2010 21:00

EXTRAS

OTL Extras logfile created on: 23.3.2010 20:52:42 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = K:\
Windows XP Professional Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1 023,00 Mb Total Physical Memory | 420,00 Mb Available Physical Memory | 41,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): I:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = I: | %SystemRoot% = I:\WINDOWS | %ProgramFiles% = I:\Program Files
C: Drive not present or media not loaded
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 223,56 Gb Total Space | 27,23 Gb Free Space | 12,18% Space Free | Partition Type: NTFS
Drive K: | 7,47 Gb Total Space | 2,31 Gb Free Space | 30,92% Space Free | Partition Type: FAT32

Computer Name: DOMA-FHMPQEZU7M
Current User Name: Radim
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- I:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- I:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "I:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [JpegResamplerDir] -- "I:\Program Files\JPEG Resampler\JpegResampler.exe" "%1" (David Macek)
Directory [Winamp.Bookmark] -- "I:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "I:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "I:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0079B957-5E36-A04C-F116-128790F4C333}" = Catalyst Control Center Localization Italian
"{01B2DDD6-8631-47A9-A011-06BC5877F8C3}" = Anacondas 3D Adventure Game
"{023EC958-023C-42D1-B2A4-E9E4BEF599FC}" = SweetIM for Messenger 2.6
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{059FCFFE-8619-F804-25E1-B2D5B59E1A5D}" = Catalyst Control Center Localization Chinese Traditional
"{098152F4-1792-D618-D4B2-71CA86C9FADB}" = CCC Help Danish
"{0A44540C-1AB5-3940-7E85-B777A2997202}" = CCC Help Turkish
"{0D0250AF-4FA7-480c-A568-9FE885DD8B73}" = Need for Speed™ Carbon Demo
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0D524441-C462-4CBC-AFCF-09916483EE7A}" = Skins
"{0E8FCFEE-26D8-3B9F-F42E-45DE4F433EC6}" = CCC Help Finnish
"{112F2474-EE2F-D21A-7297-B5019FB9CD8F}" = Catalyst Control Center Localization Danish
"{1139709B-A964-46B9-8D87-1864EC6FEF25}" = Picture Collage Maker
"{122C4D87-B0E5-55DE-5276-655947FB2928}" = Catalyst Control Center Localization Dutch
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{167BD6B7-0507-32BB-93B0-2FD282D3D62D}" = CCC Help Portuguese
"{16C27441-5189-4F06-855D-FDF2D8224E57}" = WR2 Demo Skoda
"{17528AC4-E6C2-43CD-8D8D-A62BA476ADC7}" = Zoner Photo Studio 7 - zkušební verze
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1AED6AF7-2DCC-0210-B145-0A62B3943A5A}" = Catalyst Control Center Localization Greek
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200F584F-848D-4B6B-B1A1-C74D735F18A4}" = InstallRTC
"{21A7C708-D575-491C-94AE-86FFCF2BF19F}" = ArcSoft Funhouse
"{306DCF1D-C3EB-742E-2857-0099E690B400}" = CCC Help Polish
"{30CB5415-494F-EB96-4221-DC7857D6FD3A}" = Catalyst Control Center Graphics Full New
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3266FEA9-98E9-448B-B235-DAC63D4CE781}" = Unreal Tournament 3 Demo
"{33B39070-E54C-3D4D-AD41-0E0025DEF8D9}" = Catalyst Control Center Graphics Previews Common
"{33DE82AC-A35F-4f41-AC10-7932D5F12528}" = Harry Potter and the Order of the Phoenix™ Demo
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3957A1AD-85B0-49D2-BEE6-E66DC56CC62E}" = Qedoc Quiz Maker
"{3ABF08C9-AD7B-C759-7CBD-17D6C26E99EF}" = ccc-core-preinstall
"{3B41412A-B46F-FAF1-EAC4-F922486E3A92}" = CCC Help Norwegian
"{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{427ED69B-96CE-E2A1-A611-82447CD60F2C}" = CCC Help Czech
"{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13
"{47D28B65-DA36-6520-DC49-3DAF81AEDA72}" = CCC Help Japanese
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims™ 2 Mazlíčci
"{496EDDC1-B95D-7163-B545-CEA974E73756}" = Catalyst Control Center Core Implementation
"{4D63402C-A7D5-6C69-977E-CCBA3C56EA92}" = CCC Help English
"{553B20C6-59CD-4C2F-BE37-16ABF32064BF}" = aTube Catcher 1.0
"{55A8AB10-C274-9495-4DB1-C8EDF5463B0D}" = Catalyst Control Center Localization German
"{5648AC64-925E-48FB-BD1B-9511323E7D8A}" = HT Web Cam 3.0
"{5A7E2599-07F2-3387-0D6D-5B8C3FC31A3F}" = CCC Help French
"{5B09BD67-4C99-46A1-8161-B7208CE18121}" = QuickTime
"{5E49AD8A-3064-FD56-E09E-9907DCBD1E83}" = Catalyst Control Center Localization Norwegian
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{64EEA791-0271-4B53-00AC-2BF05F5FBEF6}" = The Sims™ Příběhy trosečníků
"{656D5B05-0409-41EE-BBEE-D9C4D6388972}" = America's Army
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{6A3AEA6E-BF88-44FA-637C-2B5A9E1F0BA2}" = CCC Help Spanish
"{6B7F486B-5F97-403B-949C-3C8A6D33BA37}" = WolfQuest
"{6BE3E6D2-C439-458E-84A6-54ED80CC9C3E}" = iSpy Console
"{6C03A586-5677-AFFC-1580-EC952B1BB388}" = CCC Help Swedish
"{6D6A6D9A-31DB-BEA6-949E-C23A157FA459}" = CCC Help Greek
"{6E17F9751-F056-4335-B718-8AF1B1092AFB}" = The Sims™ 2 IKEA® Domov Kolekce
"{6E384346-CD1C-4A00-9885-BC8E6A50ECB5}" = Need for Speed™ ProStreet Demo
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7145E3F3-EB45-4811-AFFF-0C1C23C33651}" = Pirates of the Caribbean - At Worlds End Demo
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{77140E09-2ADA-1C99-9839-E180AC5EA909}" = CCC Help Korean
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7FE027FD-741A-AD35-1448-5254CF4438F4}" = Catalyst Control Center Localization Korean
"{810226BF-399C-7F0B-E60A-4882C74DD296}" = Catalyst Control Center Localization Finnish
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BECF123-B0EF-4E51-B7F3-923EFE15CC4A}" = Battlefield 2(TM) Demo
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
"{8CCB57A6-CF57-F5C7-2BB1-384D7CCE1626}" = CCC Help Italian
"{8E9E8B11-BA96-D289-BAF6-F6A84C573D4A}" = Catalyst Control Center Graphics Light
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9566D7AE-627D-46D3-B1B0-530E3222969B}" = Greg-TV
"{9833D9E3-2DD7-AFE8-55EB-E1B6E20B343F}" = Catalyst Control Center Localization Chinese Standard
"{9853EBA1-9FB9-02A4-EE1D-E242D197BC65}" = Catalyst Control Center Localization Hungarian
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = The Sims™ 2 Pro luxusní život - Kolekce
"{A22BDEF3-FBBD-9CAE-0C45-620263D0C840}" = CCC Help Russian
"{A40C0B0F-CDB6-FFA7-57CE-CF6153B9444B}" = Catalyst Control Center Localization Turkish
"{A49D3DF9-B762-C2D8-341A-4AB680817E00}" = Catalyst Control Center Localization Japanese
"{A4DDA54F-72A1-490E-92D5-A040A314CCC9}" = LastChaos
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF675248-596D-E501-77AA-D67308D449F2}" = CCC Help Dutch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B456596E-3470-4CC1-ADEA-5F618F7D1BF2}" = Great Secrets - Da Vinci
"{B4C5C98E-EAF2-A7D8-5C5A-20DA2FEEC6B6}" = CCC Help Chinese Traditional
"{B4F7DE7A-581D-4D65-BF2A-F70D416825B9}" = FramyWhite
"{B69F28DF-CBB1-41B7-008A-210E4D0518FC}" = Harry Potter a Fénixův řád™
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B756A8C0-53D5-3A20-6CF3-4F6781C0B6EB}" = CCC Help Thai
"{B7B0C24A-9930-A669-6525-540CF544BD70}" = ccc-core-static
"{BD485D8E-7FFA-7E01-4C1F-29337929BB41}" = ccc-utility
"{BD5F4C25-5412-80AB-64A4-22B345940F0A}" = CCC Help Chinese Standard
"{BE152E59-2718-41B9-940E-4B0105B92541}" = Genius VideoCAM Live V2
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C193C8C8-E555-9284-F80D-8F01EE96D6E4}" = Catalyst Control Center Localization French
"{C4CD208D-E3A2-488B-A4F4-FD8DE3DADD25}_is1" = BMW M3 Challenge
"{C5A9382C-C87E-4A98-80FB-988F3D71FCEB}_is1" = 3GP Converter version 1.2.2.2
"{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}" = AVIVO Codecs
"{C95434BE-425E-17E3-B8F1-A84C71B54B28}" = Catalyst Control Center Localization Swedish
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D5DBFD15-6214-80E6-3F20-1979D6F7FB38}" = Catalyst Control Center Localization Portuguese
"{D7D6164B-C6A7-0AE0-4F47-C26253396DC7}" = Catalyst Control Center Localization Polish
"{DA80700F-068D-11DF-9686-005056806466}" = Google Earth Plug-in
"{DB09B1C2-5FD2-C732-0484-703143E0AF79}" = CCC Help Hungarian
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3D722F2-0839-92D5-ECEA-8B65085B20D6}" = Catalyst Control Center Localization Thai
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E603DF00-D577-409A-1118-82C6E18F28B0}" = Catalyst Control Center Localization Spanish
"{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1" = ZipGenius 5.2.5
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F11B077E-7848-E3E5-95F1-AE694EA28D5D}" = Catalyst Control Center Localization Russian
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F87DA817-8D53-42CC-AA45-93A100341029}" = Nero 7 Essentials
"{F8CBC8AC-FAC0-FD10-D12E-E3D368D09E2B}" = Catalyst Control Center Graphics Full Existing
"{FB8148DD-C575-4B0A-9F6C-0CFC46937930}" = Opera 10.10
"{FC03B954-D556-1C01-1A88-182A39B42C39}" = CCC Help German
"{FCA586EB-8FB0-41A4-B724-13AED3A31A47}" = MTX MotoTrax Demo
"{FCABC23E-2B6B-D69D-C6C2-0F52D9422F0F}" = Catalyst Control Center Localization Czech
"18 Wheels of Steel Pedal to the Metal" = 18 Wheels of Steel Pedal to the Metal
"3D Driving-School" = 3D Driving-School
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2005
"abramania - poker duell - freeware" = abramania - poker duell - freeware 1.0
"Acala 3GP Movies Free_is1" = Acala 3GP Movies Free 2.4.4
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Age of Empires 2.0" = Microsoft Age of Empires II
"All ATI Software" = Softarová utilita ATI - Odinstalovat
"AmazeCopy" = AmazeCopy 1.3.0.15
"AquaMark3" = AquaMark3
"Ask Toolbar_is1" = Ask Toolbar
"Asterisk Key" = Asterisk Key 7.5
"ATI Display Driver" = ATI Display Driver
"Autoškola professional --> DEMO verze 40.7_is1" = Autoškola professional
"avast5" = avast! Free Antivirus
"Avi2Dvd" = Avi2Dvd 0.4.3 beta
"AviSynth" = AviSynth 2.5
"AVTJet Impression Workshop" = AVTJet Impression Workshop V1.4.6
"Axife Mouse Recorder DEMO_is1" = Axife Mouse Recorder DEMO 5.01
"BlueVoda_Website_Builder_1.0" = BlueVoda Website Builder 9.1G
"BSPlayer1" = BSPlayer
"Bus Driver" = Bus Driver 1.0
"Call for Heroes Pompolic Wars Demo 2_is1" = Call for Heroes Pompolic Wars Demo 2
"CamStudio" = CamStudio
"CANONBJ_Deinstall_CNMCP50.DLL" = Canon i250
"CCleaner" = CCleaner (remove only)
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"Counter-strike 1.6 CZ" = Counter-strike 1.6 CZ
"CS: Condition Zero" = CS: Condition Zero
"CursorXP" = CursorXP
"Czech Soccer Manager 2002 Final Editionverze 4.0 (31.3.2006)" = Czech Soccer Manager 2002 Final Edition
"Debut" = Debut
"DesetiPrsty5" = DesetiPrsty5 5.3
"D-Fend v2" = D-Fend v2
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Flick_is1" = DVD Flick
"DVD Shrink_is1" = DVD Shrink 3.2
"Fiat Panda 4x4 Fun Rallye" = Fiat Panda 4x4 Fun Rallye
"FlightGear_is1" = FlightGear v0.9.10
"Football Manager 5.02" = Football Manager 5.02
"FormatFactory" = FormatFactory 2.15
"Free DVD Video Burner_is1" = Free DVD Video Burner version 1.1
"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 1.1
"Free YouTube Downloader Converter" = Free YouTube Downloader Converter
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 2.1
"Free YouTuBe Utility_is1" = Free YouTuBe Utility 2.02
"FsR DEMO" = FsR DEMO 1.0
"Fun Morph_is1" = Fun Morph 2.0
"GameParkClient_is1" = GamePark
"Genius VideoCAM Live V2" = Genius VideoCAM Live V2
"GNDHVF" = Genius VideoCAM Live V2
"Hamachi" = Hamachi 1.0.2.2
"Heroes of Might and Magic® III" = Heroes of Might and Magic® III
"HijackThis" = HijackThis 2.0.2
"Cheat Engine 5.4_is1" = Cheat Engine 5.4
"ICQToolbar" = ICQ Toolbar
"InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
"InstallShield_{16C27441-5189-4F06-855D-FDF2D8224E57}" = WR2 Demo Skoda
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InternetTV_is1" = InternetTV 7.13
"Joost" = Joost (tm) Beta 1.0
"JPEG Resampler_is1" = JPEG Resampler Vs 4.7
"KONICA MINOLTA magicolor 1600W" = KONICA MINOLTA magicolor 1600W
"Messenger Key" = Messenger Key 7.7
"MetaProducts Net Activity Diagram" = MetaProducts Net Activity Diagram
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"MotoGP2 Demo_is1" = MotoGP2 Demo
"Mount&Blade" = Mount&Blade
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"Need For Speed III" = Need For Speed III
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"Nvu" = Nvu 1.0
"OpenAL" = OpenAL
"Pack Vista Inspirat 2" = Pack Vista Inspirat 2 1.0
"ParadisePoker" = ParadisePoker
"Photo Frame Studio_is1" = Photo Frame Studio 2.1
"PhotoFiltre" = PhotoFiltre
"PhotoMix_is1" = PhotoMix 5.3
"PokerStars.net" = PokerStars.net
"Polda II_is1" = Polda II
"Port Royale_is1" = Port Royale
"Postal 2 Demo" = Postal 2 Demo
"QIP 2005_is1" = QIP 2005 8080
"Romeo Lite_is1" = Romeo Lite 2.0a
"S7Z" = #7Z 0.7.1 - Basic Archiver
"SBaGen_is1" = SBaGen 1.4.4
"Scooter War3z Demo" = Scooter War3z Demo 1.0
"Shareaza_is1" = Shareaza verze 2.2.5.6
"Shockwave" = Shockwave
"ShrinkTo5 GUI" = ShrinkTo5 GUI
"Silkroad" = Silkroad
"Slovíčka 2.0" = Slovíčka 2.0
"SpellForce" = SpellForce
"SuperBot 3.1A" = SuperBot 3.1A
"SWAT 4" = SWAT 4
"Terrorist Takedown" = Terrorist Takedown (remove only)
"TmNations_is1" = TrackMania Nations ESWC 1.7.9
"T-Mobile Communication Centre" = T-Mobile Communication Centre
"TubeTilla Free" = TubeTilla Free
"Tuning Car Studio SK" = Tuning Car Studio SK
"TV" = TV
"TVUPlayer" = TVUPlayer 1.5.12
"UT2004-Demo" = Unreal Tournament 2004 Demo
"WarRock" = WarRock
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinRAR archiver" = WinRAR
"Yahoo! Companion" = Yahoo! Companion
"ZedBitmapBrothers10" = DJ OldGames Package: Z
"ZoneAlarm" = ZoneAlarm
"Zoo Tycoon 1.0" = Microsoft Zoo Tycoon

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"InstallShield_{3266FEA9-98E9-448B-B235-DAC63D4CE781}" = Unreal Tournament 3 Demo

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 14.5.2009 11:47:07 | Computer Name = DOMA-FHMPQEZU7M | Source = avast! | ID = 33554522
Description =

Error - 14.5.2009 11:47:07 | Computer Name = DOMA-FHMPQEZU7M | Source = avast! | ID = 33554522
Description =

Error - 11.9.2009 13:39:50 | Computer Name = DOMA-FHMPQEZU7M | Source = avast! | ID = 33554522
Description =

Error - 11.9.2009 17:57:45 | Computer Name = DOMA-FHMPQEZU7M | Source = avast! | ID = 33554522
Description =

Error - 11.9.2009 17:59:16 | Computer Name = DOMA-FHMPQEZU7M | Source = avast! | ID = 33554522
Description =

Error - 9.11.2009 13:57:43 | Computer Name = DOMA-FHMPQEZU7M | Source = avast! | ID = 33554522
Description =

Error - 16.2.2010 2:02:02 | Computer Name = DOMA-FHMPQEZU7M | Source = avast! | ID = 33554522
Description =

Error - 16.2.2010 2:02:02 | Computer Name = DOMA-FHMPQEZU7M | Source = avast! | ID = 33554522
Description =

Error - 17.2.2010 18:06:42 | Computer Name = DOMA-FHMPQEZU7M | Source = avast! | ID = 33554522
Description =

Error - 23.2.2010 17:45:40 | Computer Name = DOMA-FHMPQEZU7M | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 23.3.2010 8:09:16 | Computer Name = DOMA-FHMPQEZU7M | Source = True Vector Engine | ID = 1
Description =

Error - 23.3.2010 8:09:16 | Computer Name = DOMA-FHMPQEZU7M | Source = True Vector Engine | ID = 1
Description =

Error - 23.3.2010 8:09:17 | Computer Name = DOMA-FHMPQEZU7M | Source = True Vector Engine | ID = 1
Description =

Error - 23.3.2010 8:09:18 | Computer Name = DOMA-FHMPQEZU7M | Source = True Vector Engine | ID = 1
Description =

Error - 23.3.2010 8:09:18 | Computer Name = DOMA-FHMPQEZU7M | Source = True Vector Engine | ID = 1
Description =

Error - 23.3.2010 14:57:06 | Computer Name = DOMA-FHMPQEZU7M | Source = True Vector Engine | ID = 1
Description =

Error - 23.3.2010 14:57:07 | Computer Name = DOMA-FHMPQEZU7M | Source = True Vector Engine | ID = 1
Description =

Error - 23.3.2010 14:57:12 | Computer Name = DOMA-FHMPQEZU7M | Source = True Vector Engine | ID = 1
Description =

Error - 23.3.2010 14:57:13 | Computer Name = DOMA-FHMPQEZU7M | Source = True Vector Engine | ID = 1
Description =

Error - 23.3.2010 14:57:13 | Computer Name = DOMA-FHMPQEZU7M | Source = True Vector Engine | ID = 1
Description =

[ System Events ]
Error - 23.3.2010 14:57:59 | Computer Name = DOMA-FHMPQEZU7M | Source = Service Control Manager | ID = 7003
Description = Služba Služba inteligentního přenosu na pozadí závisí na následující
neexistující službě: LanmanWorkstation

Error - 23.3.2010 15:02:22 | Computer Name = DOMA-FHMPQEZU7M | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1075 při pokusu o spuštění služby BITS
s argumenty za účelem spuštění serveru: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 23.3.2010 15:02:22 | Computer Name = DOMA-FHMPQEZU7M | Source = Service Control Manager | ID = 7003
Description = Služba Služba inteligentního přenosu na pozadí závisí na následující
neexistující službě: LanmanWorkstation

Error - 23.3.2010 15:13:22 | Computer Name = DOMA-FHMPQEZU7M | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1075 při pokusu o spuštění služby BITS
s argumenty za účelem spuštění serveru: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 23.3.2010 15:14:21 | Computer Name = DOMA-FHMPQEZU7M | Source = Service Control Manager | ID = 7023
Description = Služba Služby IPSEC byla ukončena s následující chybou: %%1747

Error - 23.3.2010 15:14:21 | Computer Name = DOMA-FHMPQEZU7M | Source = Service Control Manager | ID = 7023
Description = Služba Automatické aktualizace byla ukončena s následující chybou:
%%126

Error - 23.3.2010 15:14:21 | Computer Name = DOMA-FHMPQEZU7M | Source = Service Control Manager | ID = 7000
Description = Služba wscsvc neuspěla při spuštění v důsledku následující chyby:
%%1083

Error - 23.3.2010 15:14:21 | Computer Name = DOMA-FHMPQEZU7M | Source = Service Control Manager | ID = 7003
Description = Služba Služba inteligentního přenosu na pozadí závisí na následující
neexistující službě: LanmanWorkstation

Error - 23.3.2010 15:18:43 | Computer Name = DOMA-FHMPQEZU7M | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1075 při pokusu o spuštění služby BITS
s argumenty za účelem spuštění serveru: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 23.3.2010 15:18:43 | Computer Name = DOMA-FHMPQEZU7M | Source = Service Control Manager | ID = 7003
Description = Služba Služba inteligentního přenosu na pozadí závisí na následující
neexistující službě: LanmanWorkstation

< End of report >

#7 Příspěvek od **Caroprd111** » 23 bře 2010 21:07

Stáhněte MBAM http://www.viry.cz/forum/viewtopic.php?f=29&t=67229

Podle návodu v odkazu nainstalujte, poté dejte úplný sken.
Nic nemažte MBAM má občas falešné detekce a mohl by smazat např. systémové soubory.
Log vložte sem.

Otevřete si Poznámkový blok a zkopírujte do něj text (z bílého políčka):

Kód: Vybrat vše

REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

Nyní uložte jako (typ: všechny soubory) kde za název souboru zadáte "smazani.reg" bez uvozovek, klik na uložit, pak na soubor standardně 2X kliknete a potvrďte dialogové okno.

radimk5 · #8 Příspěvek od **radimk5** » 23 bře 2010 22:37

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3510
Windows 5.1.2600 Service Pack 1
Internet Explorer 6.0.2800.1106

23.3.2010 22:36:47
mbam-log-2010-03-23 (22-36-43).txt

Typ kontroly: Kompletní kontrola (I:\|)
Zkontrolované objekty: 368712
Uplynulý čas: 1 hour(s), 11 minute(s), 18 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 9

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Trojan.Agent) -> No action taken.

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
I:\ComboFix\Combo-Fix.sys (Malware.Trace) -> No action taken.
I:\Qoobox\Quarantine\I\WINDOWS\system32\drivers\oreans32.sys.vir (Rootkit.Agent) -> No action taken.
I:\System Volume Information\_restore{7593DA50-3258-4497-833A-11BAB1F8F013}\RP451\A0213782.sys (Rootkit.Agent) -> No action taken.
I:\System Volume Information\_restore{7593DA50-3258-4497-833A-11BAB1F8F013}\RP451\A0213825.sys (Malware.Trace) -> No action taken.
I:\System Volume Information\_restore{7593DA50-3258-4497-833A-11BAB1F8F013}\RP457\A0217150.sys (Malware.Trace) -> No action taken.
I:\System Volume Information\_restore{7593DA50-3258-4497-833A-11BAB1F8F013}\RP458\A0219365.sys (Malware.Trace) -> No action taken.
I:\System Volume Information\_restore{7593DA50-3258-4497-833A-11BAB1F8F013}\RP458\A0219445.sys (Malware.Trace) -> No action taken.
I:\System Volume Information\_restore{7593DA50-3258-4497-833A-11BAB1F8F013}\RP458\A0220545.sys (Malware.Trace) -> No action taken.
I:\Documents and Settings\Radim\setup.exe (Trojan.Agent) -> No action taken.

Díky

radimk5 · #9 Příspěvek od **radimk5** » 23 bře 2010 22:58

smazal bych to všechno, ale raději to riskovat nebudu

#10 Příspěvek od **Caroprd111** » 24 bře 2010 06:04

Vše, co našel MBAM smažte a restartujte PC.

Obrázek

Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

Spusťte, pro potvrzení volby mačkejte klávesu A, Enter
Po použití program vymažte. Pozor,antiviry ho mohou falešně označit za vir.

Stáhněte OTC http://oldtimer.geekstogo.com/OTC.exe

Spusťte.
Klikněte na "CleanUp!". Potvrďte hlášky stiskem "Yes" (Bude následovat restart)

Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478

Nainstalujte a v průběhu instalace odškrtněte, že chcete instalovat yahoo toolbar.

Záložka Čistič
Dejte analyzovat, po dokončení dejte Spustit Ccleaner.

Záložka Registry
Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, potom dejte Opravit všechny problémy.
OK Zavřít

radimk5 · #11 Příspěvek od **radimk5** » 24 bře 2010 22:03

tak jsem to udělal přesně podle návodu a zatím nic se moc očividně nezlepšilo

ale díky .)

#12 Příspěvek od **Caroprd111** » 24 bře 2010 22:04

Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary
Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrazí stránka s licenčními podmínkami, pokračujte stisknutím tlačítka "Ano"
Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna
Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.
Během skenování může být počítač restartován.

radimk5 · #13 Příspěvek od **radimk5** » 24 bře 2010 22:24

to je celkem problém, pokud combofix zapnu, tak program počítač restartuje, ale to tak, že pak už nenajede. Je tam už 10min. černá obrazovka...

#14 Příspěvek od **motji** » 24 bře 2010 22:41

Dobrý večer, záskok za kolegu

Zkoušel jste poslední známou funkční konfiguraci nebo nouzový režim?

radimk5 · #15 Příspěvek od **radimk5** » 24 bře 2010 23:01

dobrý večer, nezkoušel

ale už jsem na to vyzrál - combofix jsem smazal a stáhnul nový, sice tu samou verzi, ale ta fungovala...

ComboFix 10-03-24.01 - Radim 24.03.2010 22:40:09.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.1.1250.420.1029.18.1023.665 [GMT 1:00]
Spuštěný z: i:\documents and settings\Radim\Plocha\ComboFix.exe
.
/wow section - STAGE 4

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

i:\windows\system32\Drivers\atapi.svs . . . je infikován!!

i:\windows\system32\qmgr.dll . . . je infikován!!

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-24 do 2010-03-24 )))))))))))))))))))))))))))))))
.

2010-02-27 17:36 . 2010-02-27 16:41 129536 ----a-w- i:\windows\system32\xmlprov.dll
2010-02-24 14:45 . 2009-03-17 07:43 376832 ----a-w- i:\windows\system32\MSMCML0G.DLL
2010-02-24 14:45 . 2008-09-10 10:20 9728 ----a-w- i:\windows\system32\MICM__0G.DLL
2010-02-24 14:45 . 2008-09-10 10:20 23552 ----a-w- i:\windows\system32\MGDI320G.DLL
2010-02-24 14:45 . 2009-03-17 07:43 36864 ----a-w- i:\windows\system32\MCMM__0G.DLL
2010-02-24 14:45 . 2010-02-24 14:45 -------- d-----w- i:\program files\KONICA MINOLTA

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-24 21:23 . 2010-03-24 21:33 4345344 ----a-w- i:\windows\Internet Logs\xDB2.tmp
2010-03-24 21:21 . 2010-03-24 21:33 40448 ----a-w- i:\windows\Internet Logs\xDB3.tmp
2010-03-23 20:15 . 2010-03-23 20:15 -------- d-----w- i:\program files\Malwarebytes' Anti-Malware
2010-03-22 18:47 . 2010-01-13 16:39 -------- d-----w- i:\program files\ParadisePoker
2010-03-10 19:13 . 2010-02-15 17:28 -------- d-----w- i:\program files\ICQ7.0
2010-03-10 13:19 . 2007-11-07 20:04 -------- d-----w- i:\program files\Alwil Software
2010-03-09 11:24 . 2007-11-07 20:04 38848 ----a-w- i:\windows\system32\avastSS.scr
2010-03-09 11:24 . 2007-11-07 20:04 153184 ----a-w- i:\windows\system32\aswBoot.exe
2010-03-09 11:12 . 2007-11-07 20:04 46672 ----a-w- i:\windows\system32\drivers\aswTdi.sys
2010-03-09 11:12 . 2009-09-18 18:21 162640 ----a-w- i:\windows\system32\drivers\aswSP.sys
2010-03-09 11:09 . 2007-11-07 20:04 23376 ----a-w- i:\windows\system32\drivers\aswRdr.sys
2010-03-09 11:08 . 2007-11-07 20:04 100432 ----a-w- i:\windows\system32\drivers\aswmon2.sys
2010-03-09 11:08 . 2007-11-07 20:04 94800 ----a-w- i:\windows\system32\drivers\aswmon.sys
2010-03-09 11:08 . 2007-11-07 20:04 28880 ----a-w- i:\windows\system32\drivers\aavmker4.sys
2010-02-23 21:43 . 2009-03-02 15:30 -------- d-----w- i:\program files\Cheat Engine
2010-02-18 21:34 . 2010-02-18 21:34 -------- d-----w- i:\program files\Opera
2010-02-18 21:20 . 2007-11-21 20:55 -------- d-----w- i:\program files\Spybot - Search & Destroy
2010-02-18 20:06 . 2007-11-02 11:31 -------- d--h--w- i:\program files\InstallShield Installation Information
2010-02-18 16:43 . 2007-11-05 08:27 -------- d-----w- i:\program files\Common Files\Adobe
2010-02-16 05:34 . 2008-08-23 12:12 -------- d-----w- i:\program files\ICQ6Toolbar
2010-01-07 15:07 . 2010-03-23 20:15 38224 ----a-w- i:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2010-03-23 20:15 18520 ----a-w- i:\windows\system32\drivers\mbam.sys
2009-01-24 15:03 . 2008-06-06 20:21 7168 --sha-w- i:\program files\Thumbs.db
2008-04-05 20:07 . 2008-04-05 20:07 208896 ----a-w- i:\program files\aaa.avi
.

------- Sigcheck -------

[-] 2002-09-20 . 9850DAF9FAF1488492A56ECC07576C12 . 155648 . . [5.4.3630.1106] . . i:\windows\system32\wuauclt.exe
[-] 2002-09-20 . 9850DAF9FAF1488492A56ECC07576C12 . 155648 . . [5.4.3630.1106] . . i:\windows\system32\dllcache\wuauclt.exe

[-] 2002-09-20 . 27A34CD2CCC7D805B168312200529C33 . 3274752 . . [6.00.2800.1106] . . i:\windows\system32\mshtml.dll
[-] 2002-09-20 . 27A34CD2CCC7D805B168312200529C33 . 3274752 . . [6.00.2800.1106] . . i:\windows\system32\dllcache\mshtml.dll

[-] 2002-09-20 . B7A0710155878ACC22502A47F6C7866B . 634368 . . [6.00.2800.1106] . . i:\windows\system32\wininet.dll
[-] 2002-09-20 . B7A0710155878ACC22502A47F6C7866B . 634368 . . [6.00.2800.1106] . . i:\windows\system32\dllcache\wininet.dll

[-] 2002-09-20 . 12CF330CBD51A756D560C7C8289B2553 . 946688 . . [6.00.2800.1106] . . i:\windows\explorer.exe
[-] 2002-09-20 . 12CF330CBD51A756D560C7C8289B2553 . 946688 . . [6.00.2800.1106] . . i:\windows\system32\dllcache\explorer.exe

[-] 2010-02-27 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . i:\windows\system32\xmlprov.dll

i:\windows\System32\wscntfy.exe ... chybí !!
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="i:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"CursorXP"="i:\program files\CursorXP\CursorXP.exe" [2005-01-19 128000]
"FramyWhite"="i:\program files\FramyWhite\FramyWhite.exe" [2006-02-24 2211840]
"ICQ"="i:\program files\ICQ7.0\ICQ.exe" [2010-02-11 133368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="i:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"DAEMON Tools-1033"="i:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"NeroFilterCheck"="i:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"QuickTime Task"="i:\program files\QuickTime\qttask.exe" [2007-10-19 286720]
"WinampAgent"="i:\program files\Winamp\winampa.exe" [2008-01-15 37376]
"SunJavaUpdateSched"="i:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="i:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="i:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"avast5"="i:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="i:\windows\System32\CTFMON.EXE" [2002-09-20 13312]

i:\documents and settings\Radim\Nabˇdka Start\Programy\Po spuçtŘnˇ\
RocketDock.lnk - i:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-18 630784]

i:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - i:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-5 113664]
ZoneAlarm.lnk - i:\program files\Zone Labs\ZoneAlarm\zonealarm.exe [2007-11-5 623936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="i:\windows\System32\logonuiX.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

R0 d347bus;d347bus;i:\windows\system32\drivers\d347bus.sys [2.11.2007 13:11 155136]
R1 aswSP;aswSP;i:\windows\system32\drivers\aswSP.sys [18.9.2009 19:21 162640]
R1 SSHDRV52;SSHDRV52;i:\windows\system32\drivers\SSHDRV52.sys [2.12.2007 23:45 29184]
R2 Ethpdrv;Ethernet Packet Driver;i:\windows\system32\drivers\ethpdrv.sys [12.11.2007 14:57 9728]
R2 ICQ Service;ICQ Service;i:\program files\ICQ6Toolbar\ICQ Service.exe [15.2.2010 18:30 246520]
R2 Nadim;NAD Proto Driver;i:\windows\system32\drivers\nadim.sys [3.5.2009 20:04 18688]
S0 d347prt;d347prt;i:\windows\System32\Drivers\d347prt.svs --> i:\windows\System32\Drivers\d347prt.svs [?]
S2 gupdate;Google Update Service (gupdate);i:\program files\Google\Update\GoogleUpdate.exe [15.1.2010 15:53 135664]
S3 GNDHV71;Genius VideoCAM Live V2;i:\windows\system32\drivers\gndhv71.sys [27.1.2008 12:57 310084]
S3 ipw_bus;IPWireless;i:\windows\system32\drivers\ipw_bus.sys [12.11.2007 14:56 58320]
S3 ipw_mdfl;Wireless Broadband Modem Filter;i:\windows\system32\drivers\ipw_mdfl.sys [12.11.2007 14:57 8272]
S3 ipw_mdm;Wireless Broadband Modem (WDM);i:\windows\system32\drivers\ipw_mdm.sys [12.11.2007 14:57 95440]
S3 tap0901_2gm;VPN Anonymizer Adapter;i:\windows\system32\drivers\tap0901_2gm.sys [21.6.2007 15:21 30720]
.
Obsah adresáře 'Naplánované úlohy'

2010-01-15 i:\windows\Tasks\AppleSoftwareUpdate.job
- i:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

2010-03-24 i:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- i:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 14:53]

2010-03-24 i:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- i:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 14:53]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://www.yahoo.com
IE: Download Video by Free YouTuBe Utility - i:\program files\Free YouTuBe Utility\IEydown.htm
IE: E&xportovat do aplikace Microsoft Office Excel - i:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - i:\program files\ICQ7.0\ICQ.exe
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - i:\program files\PokerStars.NET\PokerStarsUpdate.exe
DPF: DirectAnimation Java Classes - file://i:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://i:\windows\Java\classes\xmldso.cab
FF - ProfilePath - i:\documents and settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\qj6i4j9l.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.1&q=
FF - plugin: i:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: i:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: i:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: i:\program files\Mozilla Firefox\plugins\npJoostPlugin.dll
FF - plugin: i:\program files\Mozilla Firefox\plugins\npmozax.dll

---- NASTAVENÍ FIREFOXU ----
i:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-24 22:50
Windows 5.1.2600 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86D30930]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7682aac
\Driver\ACPI -> ACPI.sys @ 0xf75c1740
\Driver\atapi -> 0x86d30930
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x80567e94
ParseProcedure -> ntoskrnl.exe @ 0x80566f60
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x80567e94
ParseProcedure -> ntoskrnl.exe @ 0x80566f60
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\atapi]
"ImagePath"="System32\Drivers\atapi.svs"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\d347prt]
"ImagePath"="System32\Drivers\d347prt.svs"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1454471165-1085031214-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"???n"=hex:17,51,d5,6b,0f,74,fd,97,ee,27,63,8c,99,7f,53,60,e2,e5,c9,53,f3,7a,
24,ec,af,68,d2,33,c3,ff,2e,a3,3f,54,e2,3f,62,2b,e6,06,f1,0c,a7,79,20,5f,0a,\
"?????"=hex:da,0c,85,5b,cc,8f,33,ef,70,bc,9f,13,0e,0e,67,bc
"???n"=hex:1c,21,78,c2,bf,06,60,c7,4d,46,a3,59,f7,7b,b4,8b,d7,95,46,45,aa,66,
81,50,1f,b1,0a,1e,08,60,7e,96,cb,26,2d,6e,46,c4,fc,ee,10,08,7e,07,5a,4d,fd,\
"??"=hex:ce,81,ff,79,54,6b,8c,6b,5e,47,70,c8,3c,12,64,7d,81,0c,77,fc,46,0a,97,
65,da,3e,9c,64,6b,e2,6a,c9,23,80,93,2d,26,b0,fe,76,23,11,9c,a5,62,65,a9,f7,\
"??"=hex:6d,29,2d,ef,ee,13,6e,6c,f1,d4,05,50,87,90,9d,6c

[HKEY_USERS\S-1-5-21-1454471165-1085031214-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:79,32,aa,7f,83,a8,ee,df,50,99,76,d3,03,d1,b9,15,69,28,59,75,b3,
90,c1,09,12,2a,84,f6,c4,ad,e4,5c,7f,1d,c4,74,9c,06,2d,65,21,1a,d0,4e,9b,89,\
"rkeysecu"=hex:62,39,c2,2d,4c,7c,31,70,09,eb,2f,d6,fa,f7,b8,78
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(796)
i:\windows\System32\MSGINA.dll
i:\windows\System32\ODBC32.dll
i:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(852)
i:\windows\system32\MSVCRT40.dll
i:\windows\system32\MSVCIRT.dll
i:\windows\System32\dssenh.dll

- - - - - - - > 'explorer.exe'(3136)
i:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
i:\windows\System32\ntshrui.dll
i:\windows\System32\ATL.DLL
i:\windows\System32\MLANG.dll
i:\windows\system32\MSASN1.dll
i:\windows\System32\printui.dll
i:\program files\CursorXP\CurXP0.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
i:\windows\System32\Ati2evxx.exe
i:\windows\system32\Ati2evxx.exe
i:\program files\Lavasoft\Ad-Aware\aawservice.exe
i:\program files\Alwil Software\Avast5\AvastSvc.exe
i:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
i:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
i:\windows\RTHDCPL.EXE
i:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
i:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
i:\windows\System32\wdfmgr.exe
i:\windows\system32\ZoneLabs\vsmon.exe
i:\program files\Java\jre1.6.0_07\bin\jucheck.exe
.
**************************************************************************
.
Celkový čas: 2010-03-24 22:59:31 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-24 21:59

Před spuštěním: Volných bajtů: 32 460 288 000
Po spuštění: Volných bajtů: 32 425 852 928

- - End Of File - - ECA8BD6CB12C77DE8069803B377BB493

díky

VIRY.CZ

prosím o kontrolu logu, opět ten samý problém s připojením

prosím o kontrolu logu, opět ten samý problém s připojením

Re: prosím o kontrolu logu, opět ten samý problém s připojením

Re: prosím o kontrolu logu, opět ten samý problém s připojením

Re: prosím o kontrolu logu, opět ten samý problém s připojením

Re: prosím o kontrolu logu, opět ten samý problém s připojením

Re: prosím o kontrolu logu, opět ten samý problém s připojením

Re: prosím o kontrolu logu, opět ten samý problém s připojením

Re: prosím o kontrolu logu, opět ten samý problém s připojením

Re: prosím o kontrolu logu, opět ten samý problém s připojením

Re: prosím o kontrolu logu, opět ten samý problém s připojením

Re: prosím o kontrolu logu, opět ten samý problém s připojením

Re: prosím o kontrolu logu, opět ten samý problém s připojením

Re: prosím o kontrolu logu, opět ten samý problém s připojením

Re: prosím o kontrolu logu, opět ten samý problém s připojením

Re: prosím o kontrolu logu, opět ten samý problém s připojením