mam tu nejakou havet co mi vyzira spojeni do netu

[tetrev]

prosim muzete se mi nekdo kouknout na to nevim uz jak dal
tady je log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Admin at 2010-03-25 15:20:18
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 4 GB (10%) free of 40 GB
Total RAM: 511 MB (30% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:20:52, on 25.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Admin\Plocha\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Admin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [syncman] c:\windows\system32\config\systemprofile\wuaucldt.exe
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4147046546
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 7792 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\User_Feed_Synchronization-{830F4232-EC74-4330-B034-1E340AEEE8C0}.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{DA676247-A7C0-4F60-9B81-240F7127D012}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-07 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
PC Tools Browser Guard BHO - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-01-22 567248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 853672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]
{472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-01-22 567248]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Profiler"=C:\Program Files\Saitek\Software\Profiler.exe [2003-04-10 151552]
"SaiSmart"=C:\Program Files\Saitek\Software\SaiSmart.exe [2003-04-10 86016]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2010-03-18 2166784]
"Regedit32"=C:\WINDOWS\system32\regedit.exe []
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2010-03-09 1286608]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-10-11 1961984]
"Creative WebCam Tray"=C:\Program Files\Creative\Shared Files\CamTray.exe [2005-10-27 299008]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"syncman"=c:\windows\system32\config\system [2010-03-25 7077888]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2010-03-18 3037696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-12-15 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\WINDOWS\system32\rmctrl.exe [2004-02-24 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2005-11-10 15473664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-24 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2005-12-15 282624]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-06-07 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\TrackMania Nations ESWC Special Edition\TmNationsESWC.exe"="C:\Program Files\TrackMania Nations ESWC Special Edition\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Castle Strike\Castlestrike.exe"="C:\Program Files\Castle Strike\Castlestrike.exe:*:Enabled:Castle Strike Engine"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-03-25 15:20:22 ----D---- C:\Program Files\trend micro
2010-03-25 15:20:18 ----D---- C:\rsit
2010-03-25 14:04:35 ----A---- C:\WINDOWS\ntbtlog.txt
2010-03-25 13:10:15 ----A---- C:\WINDOWS\BDTSupport.dll
2010-03-25 13:10:14 ----A---- C:\WINDOWS\SGDetectionTool.dll
2010-03-25 13:10:13 ----A---- C:\WINDOWS\PCTBDRes.dll
2010-03-25 13:10:13 ----A---- C:\WINDOWS\PCTBDCore.dll
2010-03-25 12:58:32 ----D---- C:\Program Files\Spyware Doctor
2010-03-25 12:58:32 ----D---- C:\Program Files\Common Files\PC Tools
2010-03-25 12:58:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\PC Tools
2010-03-25 12:58:32 ----D---- C:\Documents and Settings\Admin\Data aplikací\PC Tools
2010-03-25 12:58:10 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-03-18 16:28:06 ----D---- C:\Program Files\Crawler
2010-03-18 16:28:01 ----D---- C:\Documents and Settings\Admin\Data aplikací\Spyware Terminator
2010-03-18 16:27:52 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2010-03-18 16:27:48 ----D---- C:\Program Files\Spyware Terminator
2010-03-12 22:13:21 ----N---- C:\WINDOWS\system32\browserchoice.exe
2010-03-11 18:25:13 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-03-08 21:21:29 ----HDC---- C:\WINDOWS\$NtUninstallKB977165-v2$
2010-03-07 18:32:49 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google

======List of files/folders modified in the last 1 months======

2010-03-25 15:20:52 ----D---- C:\WINDOWS\Prefetch
2010-03-25 15:20:45 ----D---- C:\WINDOWS\Temp
2010-03-25 15:20:22 ----RD---- C:\Program Files
2010-03-25 14:21:43 ----D---- C:\WINDOWS\system32
2010-03-25 14:20:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-25 14:11:27 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-25 14:04:48 ----D---- C:\Documents and Settings
2010-03-25 14:04:35 ----D---- C:\WINDOWS
2010-03-25 12:59:20 ----D---- C:\WINDOWS\system32\drivers
2010-03-25 12:59:11 ----SHD---- C:\WINDOWS\Installer
2010-03-25 12:59:11 ----HD---- C:\Config.Msi
2010-03-25 12:59:06 ----D---- C:\WINDOWS\WinSxS
2010-03-25 12:59:01 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-03-25 12:58:32 ----D---- C:\Program Files\Common Files
2010-03-25 12:37:54 ----HD---- C:\WINDOWS\inf
2010-03-19 23:01:07 ----A---- C:\WINDOWS\NeroDigital.ini
2010-03-18 22:42:33 ----D---- C:\Documents and Settings\Admin\Data aplikací\ICQ
2010-03-17 15:03:19 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-15 21:47:07 ----D---- C:\Documents and Settings\Admin\Data aplikací\Skype
2010-03-11 18:25:15 ----D---- C:\Program Files\Movie Maker
2010-03-11 18:24:58 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-08 21:23:28 ----A---- C:\WINDOWS\imsins.BAK
2010-03-08 21:23:27 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-03-08 21:23:22 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-03-08 21:21:46 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-03-08 21:21:41 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-03-08 21:21:23 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-03-08 21:21:18 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-03-08 21:21:11 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-03-08 21:21:02 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-03-08 21:20:40 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-03-07 22:22:05 ----D---- C:\WINDOWS\system32\CatRoot
2010-03-07 18:32:49 ----D---- C:\Program Files\Google
2010-03-07 18:32:48 ----SD---- C:\WINDOWS\Tasks
2010-03-07 18:23:18 ----D---- C:\WINDOWS\system32\config
2010-03-07 18:23:07 ----D---- C:\WINDOWS\system32\wbem
2010-03-07 18:23:06 ----D---- C:\WINDOWS\Registration
2010-03-07 18:22:32 ----DC---- C:\WINDOWS\$NtUninstallKB977165$
2010-03-02 06:30:12 ----A---- C:\WINDOWS\system32\MRT.exe
2010-02-26 23:05:42 ----A---- C:\UsageTrack.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 42496]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-05-13 79488]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R2 ACEDRV07;ACEDRV07; \??\C:\WINDOWS\system32\drivers\ACEDRV07.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-06-07 1580544]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-11-10 4064256]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 SaiClass;SaiClass; C:\WINDOWS\system32\drivers\SaiNtBus.sys [2003-04-10 26368]
R3 SaiMini;SaiMini; C:\WINDOWS\system32\DRIVERS\SaiMini.sys [2003-04-10 14720]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-28 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-28 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-28 21568]
S3 imhidusb;Immersion's HID USB Driver; C:\WINDOWS\system32\DRIVERS\imhidusb.sys [2002-12-04 30984]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-07-29 34048]
S3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-07-29 12928]
S3 SaiNtHid;%SAINTHID_NAME%; C:\WINDOWS\system32\DRIVERS\SaiNtHid.sys [2003-04-10 48384]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 V0260VID;Live! Cam Vista IM; C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-11-03 178913]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-06-07 409600]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2010-03-15 1142224]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-03-18 488960]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-06-07 520192]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]

-----------------EOF-----------------

[Caroprd111]

Zdravím

Na logu se pracuje, prosím o strpení.

[Caroprd111]

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe

• Spusťte program, poté klikněte na Run Scan
• Po dokončení, sem vložte logy OTL.Txt a Extras.txt

[tetrev]

tak tady je log OLT.exe:

OTL logfile created on: 26.3.2010 7:34:06 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Admin\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

511,00 Mb Total Physical Memory | 142,00 Mb Available Physical Memory | 28,00% Memory free
1,00 Gb Paging File | 0,00 Gb Available in Paging File | 35,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 3,85 Gb Free Space | 9,85% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 109,98 Gb Total Space | 109,88 Gb Free Space | 99,91% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADMIN-01B7E21B8
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.03.26 07:33:43 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Plocha\OTL.exe
PRC - [2010.03.18 16:28:02 | 000,488,960 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2010.03.15 12:50:36 | 001,142,224 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2010.03.11 12:09:22 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2010.03.09 09:40:26 | 001,286,608 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2010.01.22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009.11.25 00:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009.11.25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009.11.25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009.11.25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009.11.25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009.06.01 21:20:12 | 000,222,968 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2008.04.14 04:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.08.09 08:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2003.04.10 12:23:18 | 000,086,016 | ---- | M] (Saitek) -- C:\Program Files\Saitek\Software\SaiSmart.exe
PRC - [2003.04.10 12:16:56 | 000,151,552 | ---- | M] (Saitek) -- C:\Program Files\Saitek\Software\Profiler.exe


========== Modules (SafeList) ==========

MOD - [2010.03.26 07:33:43 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Plocha\OTL.exe
MOD - [2010.02.26 08:16:18 | 000,154,160 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\smum32.dll
MOD - [2009.10.30 11:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll


========== Win32 Services (SafeList) ==========

SRV - [2010.03.18 16:28:02 | 000,488,960 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2010.03.15 12:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010.03.11 12:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010.01.22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009.11.25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009.11.25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009.11.25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009.11.25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009.06.01 21:20:12 | 000,222,968 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2007.08.09 08:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Unknown | Running] -- -- (Cdrom)
DRV - [2010.03.18 16:28:02 | 000,142,592 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2010.03.10 11:36:36 | 000,217,032 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009.11.25 00:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009.11.25 00:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009.11.25 00:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009.11.25 00:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009.11.25 00:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009.11.25 00:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008.04.13 19:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008.04.13 19:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008.04.13 19:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008.04.13 17:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007.01.19 17:43:36 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ACEDRV07.sys -- (ACEDRV07)
DRV - [2006.11.03 23:45:48 | 000,178,913 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0260Vid.sys -- (V0260VID)
DRV - [2006.06.07 10:08:58 | 001,580,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005.11.10 16:44:12 | 004,064,256 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005.11.03 15:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005.08.12 07:31:12 | 000,098,432 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005.08.10 13:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005.07.29 10:11:04 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005.07.29 10:11:02 | 000,034,048 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005.05.16 14:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005.03.09 15:53:00 | 000,042,496 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005.01.07 17:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004.08.03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004.05.13 14:00:04 | 000,111,808 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004.05.13 12:19:36 | 000,079,488 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2003.12.01 16:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003.09.06 13:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1)
DRV - [2003.04.10 11:42:56 | 000,048,384 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiNtHid.sys -- (SaiNtHid)
DRV - [2003.04.10 11:41:52 | 000,026,368 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SaiNtBus.sys -- (SaiClass)
DRV - [2003.04.10 11:41:46 | 000,014,720 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SaiMini.sys -- (SaiMini)
DRV - [2002.12.04 15:59:40 | 000,030,984 | ---- | M] (Immersion Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\imhidusb.sys -- (imhidusb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2006.03.02 13:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll (IE Toolbar)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe (Saitek)
O4 - HKLM..\Run: [Regedit32] C:\WINDOWS\System32\regedit.exe File not found
O4 - HKLM..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe (Saitek)
O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKCU..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - HKCU..\Run: [SpywareTerminatorUpdate] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKCU..\Run: [syncman] C:\WINDOWS\System32\config\systemprofile\wuaucldt.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 4147046546 (WUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/fl ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 88.146.248.2 88.146.248.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Admin\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - Unable to open key or key not present!
O32 - AutoRun File - [2006.11.10 16:23:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010.03.26 07:33:42 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Plocha\OTL.exe
[2010.03.25 15:20:22 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.03.25 15:20:18 | 000,000,000 | ---D | C] -- C:\rsit
[2010.03.25 13:41:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Data aplikací\Threat Expert
[2010.03.25 13:10:14 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010.03.25 13:10:13 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010.03.25 13:10:13 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010.03.25 12:59:20 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010.03.25 12:59:13 | 000,217,032 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010.03.25 12:59:13 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010.03.25 12:58:56 | 000,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010.03.25 12:58:32 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010.03.25 12:58:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010.03.25 12:58:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\PC Tools
[2010.03.25 12:58:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Data aplikací\PC Tools
[2010.03.25 12:58:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2010.03.18 16:28:06 | 000,000,000 | ---D | C] -- C:\Program Files\Crawler
[2010.03.18 16:28:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Data aplikací\Spyware Terminator
[2010.03.18 16:27:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
[2010.03.18 16:27:48 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2010.03.18 16:11:19 | 000,646,760 | ---- | C] (Crawler Inc. ) -- C:\Documents and Settings\Admin\Plocha\SpywareTerminator.exe
[2010.03.17 17:35:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[2010.03.17 17:07:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Data aplikací\avG
[2010.03.12 22:13:21 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010.03.11 18:21:09 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010.03.07 18:32:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Google
[2010.03.07 18:30:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Data aplikací\Temp
[2010.03.07 18:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Google
[2007.08.12 14:03:16 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Data aplikací\Microsoft
[2006.11.10 16:26:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[2006.11.10 16:23:11 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.03.26 07:36:19 | 000,000,466 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{830F4232-EC74-4330-B034-1E340AEEE8C0}.job
[2010.03.26 07:35:00 | 000,000,466 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{DA676247-A7C0-4F60-9B81-240F7127D012}.job
[2010.03.26 07:33:43 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Plocha\OTL.exe
[2010.03.26 07:18:37 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.03.26 07:16:07 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.03.26 07:16:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.03.25 14:03:55 | 005,505,024 | ---- | M] () -- C:\Documents and Settings\Admin\ntuser.dat
[2010.03.25 14:03:32 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Admin\ntuser.ini
[2010.03.25 13:41:40 | 000,012,308 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\Mh3jm32txN
[2010.03.25 12:59:04 | 000,001,657 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Spyware Doctor.lnk
[2010.03.25 12:51:51 | 000,000,329 | ---- | M] () -- C:\Documents and Settings\Admin\Plocha\exefix.reg
[2010.03.25 12:42:54 | 000,781,909 | ---- | M] () -- C:\Documents and Settings\Admin\Plocha\RSIT.exe
[2010.03.22 20:51:13 | 000,012,170 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\VH56DJI7u87yo
[2010.03.21 20:15:31 | 000,012,904 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\wo588q8Gd1tnB
[2010.03.20 16:27:26 | 000,014,676 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\48531I0
[2010.03.19 23:01:07 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.03.18 21:15:03 | 000,002,275 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[2010.03.18 20:45:03 | 000,002,517 | ---- | M] () -- C:\Documents and Settings\Admin\Plocha\Microsoft Office Excel 2003.lnk
[2010.03.18 20:19:13 | 000,000,399 | ---- | M] () -- C:\Documents and Settings\Admin\Plocha\Download Adobe Reader - Stahuj.cz.url
[2010.03.18 16:29:29 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Spyware Terminator.lnk
[2010.03.18 16:28:02 | 000,142,592 | ---- | M] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2010.03.18 16:11:20 | 000,646,760 | ---- | M] (Crawler Inc. ) -- C:\Documents and Settings\Admin\Plocha\SpywareTerminator.exe
[2010.03.17 22:31:47 | 000,012,448 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\6JQ57
[2010.03.17 19:23:48 | 000,002,553 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010.03.17 17:46:09 | 000,057,856 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.17 17:07:03 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Admin\Local Settings\Data aplikací\6JQ57
[2010.03.17 15:02:18 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Admin\Data aplikací\avdrn.dat
[2010.03.13 09:01:50 | 000,001,503 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Výběr prohlížeče.lnk
[2010.03.10 11:36:36 | 000,217,032 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010.03.08 21:23:28 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.03.07 20:12:42 | 000,069,120 | ---- | M] () -- C:\Documents and Settings\Admin\Dokumenty\doc2.doc
[2010.03.07 20:11:27 | 000,056,832 | ---- | M] () -- C:\Documents and Settings\Admin\Dokumenty\doc1.doc
[2010.03.07 18:13:52 | 002,112,524 | -H-- | M] () -- C:\Documents and Settings\Admin\Local Settings\Data aplikací\IconCache.db
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.03.25 14:53:32 | 000,204,288 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\MSASCui.exe
[2010.03.25 13:10:15 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010.03.25 13:10:14 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010.03.25 13:10:14 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010.03.25 13:10:14 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010.03.25 13:10:14 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010.03.25 12:59:20 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010.03.25 12:59:13 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010.03.25 12:59:13 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010.03.25 12:59:04 | 000,001,657 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Spyware Doctor.lnk
[2010.03.25 12:58:56 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010.03.25 12:51:51 | 000,000,329 | ---- | C] () -- C:\Documents and Settings\Admin\Plocha\exefix.reg
[2010.03.25 12:42:45 | 000,781,909 | ---- | C] () -- C:\Documents and Settings\Admin\Plocha\RSIT.exe
[2010.03.23 15:14:21 | 000,012,308 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Mh3jm32txN
[2010.03.23 15:14:21 | 000,012,308 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\Mh3jm32txN
[2010.03.22 20:48:23 | 000,012,170 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\VH56DJI7u87yo
[2010.03.22 20:48:23 | 000,012,170 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\VH56DJI7u87yo
[2010.03.21 19:43:12 | 000,012,904 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\wo588q8Gd1tnB
[2010.03.21 19:43:12 | 000,012,904 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\wo588q8Gd1tnB
[2010.03.19 21:49:13 | 000,014,676 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\48531I0
[2010.03.19 21:49:13 | 000,014,676 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\48531I0
[2010.03.18 16:29:29 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Spyware Terminator.lnk
[2010.03.18 16:28:02 | 000,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2010.03.17 17:31:16 | 000,012,448 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\6JQ57
[2010.03.17 17:07:03 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Admin\Local Settings\Data aplikací\6JQ57
[2010.03.17 15:03:22 | 000,012,448 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\6JQ57
[2010.03.17 15:02:18 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Admin\Data aplikací\avdrn.dat
[2010.03.13 09:01:49 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Výběr prohlížeče.lnk
[2010.03.07 20:12:42 | 000,069,120 | ---- | C] () -- C:\Documents and Settings\Admin\Dokumenty\doc2.doc
[2010.03.07 20:11:27 | 000,056,832 | ---- | C] () -- C:\Documents and Settings\Admin\Dokumenty\doc1.doc
[2007.12.05 22:10:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2007.01.04 20:13:09 | 000,000,035 | ---- | C] () -- C:\WINDOWS\cdstart.ini
[2006.12.25 17:09:56 | 000,000,093 | ---- | C] () -- C:\WINDOWS\DIDAKTA.INI
[2006.12.25 10:20:28 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\SaiCfg.dll
[2006.12.01 13:23:20 | 000,057,856 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.11.17 19:30:45 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006.11.12 11:15:56 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006.11.12 11:13:36 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\hpzinstall.log
[2006.11.10 16:48:14 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\ctrldll.dll
[2006.11.10 16:42:52 | 000,001,168 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2006.11.10 16:41:03 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.11.10 16:36:18 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005.06.29 09:58:02 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.02.17 12:31:58 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.02.17 12:31:58 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.02.17 12:31:58 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.02.17 12:31:58 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.02.17 12:31:58 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.02.17 12:31:58 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.02.17 12:31:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002.03.21 15:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2001.07.06 16:30:00 | 000,003,165 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 217 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:A8ADE5D8
< End of report >


a tady extras.txt:


OTL Extras logfile created on: 26.3.2010 7:34:06 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Admin\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

511,00 Mb Total Physical Memory | 142,00 Mb Available Physical Memory | 28,00% Memory free
1,00 Gb Paging File | 0,00 Gb Available in Paging File | 35,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 3,85 Gb Free Space | 9,85% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 109,98 Gb Total Space | 109,88 Gb Free Space | 99,91% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADMIN-01B7E21B8
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\7.0\ACDSee7.exe" "%1" (ACD Systems Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\TrackMania Nations ESWC Special Edition\TmNationsESWC.exe" = C:\Program Files\TrackMania Nations ESWC Special Edition\TmNationsESWC.exe:*:Enabled:TmNationsESWC -- ()
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\ICQ6\ICQ.exe" = C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Program Files\Castle Strike\Castlestrike.exe" = C:\Program Files\Castle Strike\Castlestrike.exe:*:Enabled:Castle Strike Engine -- (Related Designs Software GmbH)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
"{21BBAD12-C75F-4F06-A9B0-6F8BEEAF3846}" = Moorhuhn X - XS
"{22CA391A-0589-403F-98AF-8030513E7C3A}" = Castle Strike
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{31263605-FC84-4787-B847-BA445B147E24}" = ScannerCopy
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A9E0E2F-B0D1-452B-B833-7A7300EA1231}" = Saitek NT Controller Drivers
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6DD86DE9-1AE7-41B0-9326-1A90E32BAE88}" = Star Stable 2
"{72CE541B-52BD-4FA1-8CD6-19341939AB21}" = Richard Burns Rally
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90126B79-C0D2-41A5-86B2-2F6666C446B9}" = Saitek Configuration Software
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A8522694-A08C-4844-872B-F69A175EF59C}" = Star Stable 4
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1029-7B44-A70500000002}" = Adobe Reader 7.0.5 - Czech
"{B0625F16-B742-4F75-9FD8-20B47ACC7DE2}" = ACDSee 7.0 PowerPack
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}" = DocProc
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}" = Toolbox
"{D4006E71-FF32-44FF-AD5A-B5EE4389B825}_is1" = FlatOut2
"{D7CAE58E-26DE-49B7-A75D-EAEDF76726BE}" = HP Photosmart Essential
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}" = HP PSC & OfficeJet 6.1.A
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F65BF289-6174-4081-A9AC-5C60CEACD457}_is1" = Rally Championship
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"All ATI Software" = Softarová utilita ATI - Odinstalovat
"Any Video Converter_is1" = Any Video Converter 2.6.0
"ATI Display Driver" = ATI Display Driver
"avast!" = avast! Antivirus
"B&L Angličtina pro děti - školní verze" = B&L Angličtina pro děti - školní verze
"Browser Defender_is1" = Browser Defender 2.0.6.15
"CCleaner" = CCleaner (remove only)
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.2.7
"Creative Live! Cam Vista IM User's Guide English" = Creative Live! Cam Vista IM User's Guide (English)
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative VF0260" = Creative Live! Cam Vista IM Driver (1.01.03.1104)
"Creative WebCam Center" = Creative WebCam Center
"Divoký míč 3" = Divoký míč 3
"DUA1" = Domácí učitel angličtiny 1 (odstranění)
"DUA2" = Domácí učitel angličtiny 2 (odstranění)
"DVD Shrink_is1" = DVD Shrink 3.2
"Geografia" = Geografia
"HijackThis" = HijackThis 2.0.2
"Historia" = Velká historická soutěž
"HP Imaging Device Functions" = HP Imaging Device Functions 6.1
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.1
"ICQToolbar" = ICQ Toolbar
"ie8" = Windows Internet Explorer 8
"InstallShield_{72CE541B-52BD-4FA1-8CD6-19341939AB21}" = Richard Burns Rally
"Knight Rider 2" = Knight Rider 2
"Lexicon 3.0" = Lingea Lexicon 2000
"LIŠKA RYŠKA - ZÁHADA BERMUDSKÉHO TROJÚHELNÍKU" = LIŠKA RYŠKA - ZÁHADA BERMUDSKÉHO TROJÚHELNÍKU
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NVIDIA Drivers" = NVIDIA Drivers
"Plane Arcade" = Plane Arcade
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"Spyware Doctor" = Spyware Doctor 7.0
"Spyware Terminator_is1" = Spyware Terminator
"ST6UNST #1" = Didakta - Přírodopis 1 (rostliny a živočichové)
"SysInfo" = Creative System Information
"Škola kouzel" = Škola kouzel
"TmNations_is1" = TrackMania Nations ESWC Special Edition 0.1.7.6
"Totalcmd" = Total Commander (Remove or Repair)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 31.1.2009 19:53:13 | Computer Name = ADMIN-01B7E21B8 | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of http://cz.static.etargetnet.com/generic ... nt:verdana
failed, 0000A413.

Error - 31.1.2009 19:53:13 | Computer Name = ADMIN-01B7E21B8 | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\KH97R6JE\advert[1].htm
failed, 0000A413.

Error - 31.1.2009 19:53:13 | Computer Name = ADMIN-01B7E21B8 | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of http://cz.static.etargetnet.com/generic ... nt:verdana
failed, 0000A413.

Error - 31.1.2009 19:53:13 | Computer Name = ADMIN-01B7E21B8 | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\W92ZOXYR\advert[2].htm
failed, 0000A413.

Error - 31.1.2009 19:53:35 | Computer Name = ADMIN-01B7E21B8 | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of http://cz.static.etargetnet.com/generic ... nt:verdana
failed, 0000A413.

Error - 31.1.2009 19:53:35 | Computer Name = ADMIN-01B7E21B8 | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of http://cz.static.etargetnet.com/generic ... nt:verdana
failed, 0000A413.

Error - 31.1.2009 19:53:36 | Computer Name = ADMIN-01B7E21B8 | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of http://cz.static.etargetnet.com/generic ... nt:verdana
failed, 0000A413.

Error - 21.11.2009 13:46:30 | Computer Name = ADMIN-01B7E21B8 | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of http://www.youtube.com/get_video_info?& ... %3D1&hl=en
failed, 0000A413.

Error - 21.11.2009 13:46:30 | Computer Name = ADMIN-01B7E21B8 | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\9OK9GA12\get_video_info[1]
failed, 0000A413.

Error - 17.3.2010 12:01:45 | Computer Name = ADMIN-01B7E21B8 | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: DriverScanListenThread: DeviceIoControl
[IOCTL_AAVM_START_REQUEST_AND_SET_RESULTS/2] failed, 000005AA.

[ Application Events ]
Error - 25.3.2010 8:10:32 | Computer Name = ADMIN-01B7E21B8 | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Neplatné údaje.

Error - 25.3.2010 8:10:32 | Computer Name = ADMIN-01B7E21B8 | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Neplatné údaje.

Error - 25.3.2010 8:10:33 | Computer Name = ADMIN-01B7E21B8 | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Neplatné údaje.

Error - 25.3.2010 8:10:34 | Computer Name = ADMIN-01B7E21B8 | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Neplatné údaje.

Error - 25.3.2010 8:11:34 | Computer Name = ADMIN-01B7E21B8 | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Neplatné údaje.

Error - 25.3.2010 8:11:38 | Computer Name = ADMIN-01B7E21B8 | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Neplatné údaje.

Error - 25.3.2010 8:19:30 | Computer Name = ADMIN-01B7E21B8 | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Neplatné údaje.

Error - 25.3.2010 8:19:42 | Computer Name = ADMIN-01B7E21B8 | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Neplatné údaje.

Error - 25.3.2010 8:54:32 | Computer Name = ADMIN-01B7E21B8 | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Neplatné údaje.

Error - 26.3.2010 2:23:02 | Computer Name = ADMIN-01B7E21B8 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace iexplore.exe, verze 8.0.6001.18702, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

[ System Events ]
Error - 25.3.2010 8:58:38 | Computer Name = ADMIN-01B7E21B8 | Source = Service Control Manager | ID = 7009
Description = Vypršel časový limit (30000 milisekund) čekání na připojení služby
avast! Web Scanner.

Error - 25.3.2010 8:58:39 | Computer Name = ADMIN-01B7E21B8 | Source = Service Control Manager | ID = 7000
Description = Služba avast! Web Scanner neuspěla při spuštění v důsledku následující
chyby: %%1053

Error - 25.3.2010 9:00:34 | Computer Name = ADMIN-01B7E21B8 | Source = Service Control Manager | ID = 7034
Description = Služba avast! Web Scanner byla neočekávaně ukončena. Tento stav nastal
již 1krát.

Error - 25.3.2010 9:03:26 | Computer Name = ADMIN-01B7E21B8 | Source = Service Control Manager | ID = 7034
Description = Služba PC Tools Security Service byla neočekávaně ukončena. Tento
stav nastal již 1krát.

Error - 25.3.2010 9:05:14 | Computer Name = ADMIN-01B7E21B8 | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby EventSystem
s argumenty za účelem spuštění serveru: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 25.3.2010 9:06:28 | Computer Name = ADMIN-01B7E21B8 | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: Aavmker4 AmdK8 aswSP Fips prodrv06 sp_rsdrv2

Error - 25.3.2010 9:06:34 | Computer Name = ADMIN-01B7E21B8 | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby EventSystem
s argumenty za účelem spuštění serveru: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 25.3.2010 9:07:05 | Computer Name = ADMIN-01B7E21B8 | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby StiSvc
s argumenty za účelem spuštění serveru: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 25.3.2010 9:07:07 | Computer Name = ADMIN-01B7E21B8 | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby EventSystem
s argumenty za účelem spuštění serveru: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 25.3.2010 9:07:37 | Computer Name = ADMIN-01B7E21B8 | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby EventSystem
s argumenty za účelem spuštění serveru: {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >

[Caroprd111]

Spusťte OTL a do spodního okna vložte následující skript.

Kód: Vybrat vše

:OTL
O4 - HKLM..\Run: [Regedit32] C:\WINDOWS\System32\regedit.exe File not found
O4 - HKCU..\Run: [syncman] C:\WINDOWS\System32\config\systemprofile\wuaucldt.exe File not found
[2010.03.25 14:53:32 | 000,204,288 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\MSASCui.exe
[2010.03.23 15:14:21 | 000,012,308 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Mh3jm32txN
[2010.03.23 15:14:21 | 000,012,308 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\Mh3jm32txN
[2010.03.22 20:48:23 | 000,012,170 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\VH56DJI7u87yo
[2010.03.22 20:48:23 | 000,012,170 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\VH56DJI7u87yo
[2010.03.21 19:43:12 | 000,012,904 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\wo588q8Gd1tnB
[2010.03.21 19:43:12 | 000,012,904 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\wo588q8Gd1tnB
[2010.03.19 21:49:13 | 000,014,676 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\48531I0
[2010.03.19 21:49:13 | 000,014,676 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\48531I0
[2010.03.17 15:02:18 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Admin\Data aplikací\avdrn.dat
[2010.03.17 17:31:16 | 000,012,448 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\6JQ57
[2010.03.17 17:07:03 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Admin\Local Settings\Data aplikací\6JQ57
@Alternate Data Stream - 217 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:A8ADE5D8

:Files
C:\WINDOWS\*.tmp
C:\WINDOWS\System32\*.tmp

:Commands
[EMPTYTEMP] 
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[CREATERESTOREPOINT]
[REBOOT] 

Poté klikněte na Run fix, PC se restartuje, log vložte sem.


Odinstalujte Spybot - Search & Destroy.


Tohle otestujte na http://www.virustotal.com/cs/
C:\WINDOWS\System32\SaiCfg.dll

(Soubor nehledejte, jenom vložíte tučně označenou cestu, v případě hlášky "Soubor již byl testován" dejte otestovat znovu. Výsledek analýzy sem v podobě odkazu vložte.)

[tetrev]

tady je vysledek testu toho dll

AnalýzaHledání součtůStatistikyEmail/UploaderO VT

Soubor 2B619F5A0083410EA01C01E6A9B669002EA647B4.dll přijatý 2010.03.23 23:36:32 (UTC)
Současný stav: Dokončeno

Výsledek: 1/42 (2.38%)
Formátované Vytisknout výsledky Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.03.24 -
AhnLab-V3 5.0.0.2 2010.03.23 -
AntiVir 8.2.1.196 2010.03.23 -
Antiy-AVL 2.0.3.7 2010.03.23 -
Authentium 5.2.0.5 2010.03.23 -
Avast 4.8.1351.0 2010.03.23 -
Avast5 5.0.332.0 2010.03.23 -
AVG 9.0.0.787 2010.03.23 -
BitDefender 7.2 2010.03.24 -
CAT-QuickHeal 10.00 2010.03.23 -
ClamAV 0.96.0.0-git 2010.03.23 -
Comodo 4361 2010.03.23 NetWorm.Win32.Kido.ih28
DrWeb 5.0.1.12222 2010.03.24 -
eSafe 7.0.17.0 2010.03.23 -
eTrust-Vet 35.2.7385 2010.03.23 -
F-Prot 4.5.1.85 2010.03.23 -
F-Secure 9.0.15370.0 2010.03.23 -
Fortinet 4.0.14.0 2010.03.22 -
GData 19 2010.03.24 -
Ikarus T3.1.1.80.0 2010.03.23 -
Jiangmin 13.0.900 2010.03.23 -
K7AntiVirus 7.10.1004 2010.03.22 -
Kaspersky 7.0.0.125 2010.03.24 -
McAfee 5929 2010.03.23 -
McAfee+Artemis 5929 2010.03.23 -
McAfee-GW-Edition 6.8.5 2010.03.23 -
Microsoft 1.5605 2010.03.23 -
NOD32 4969 2010.03.23 -
Norman 6.04.10 2010.03.23 -
nProtect 2009.1.8.0 2010.03.23 -
Panda 10.0.2.2 2010.03.23 -
PCTools 7.0.3.5 2010.03.23 -
Prevx 3.0 2010.03.24 -
Rising 22.40.01.04 2010.03.23 -
Sophos 4.51.0 2010.03.23 -
Sunbelt 6031 2010.03.22 -
Symantec 20091.2.0.41 2010.03.24 -
TheHacker 6.5.2.0.242 2010.03.23 -
TrendMicro 9.120.0.1004 2010.03.23 -
VBA32 3.12.12.2 2010.03.23 -
ViRobot 2010.3.23.2240 2010.03.23 -
VirusBuster 5.0.27.0 2010.03.23 -
Rozšiřující informace
File size: 106496 bytes
MD5 : 3c51c883d6c5762e31b312fe95f46ef8
SHA1 : 7e7e13b5c472e5c127b97e94d185c601de7102f8
SHA256: 187e7e24524c6197d45217654f116cd0aafd4c9c3ae172abf3d8b30b12ea67ce
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xFF68
timedatestamp.....: 0x3E954B5F (Thu Apr 10 12:45:51 2003)
machinetype.......: 0x14C (Intel I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xFC8F 0x10000 6.40 aaaa7ebf6963b9bd16f350e2dee366b9
.rdata 0x11000 0x4E2D 0x5000 5.36 3c2241ea9a0904543c13156c7b0def25
.data 0x16000 0x1F8 0x1000 0.43 a837c375794f14f7de172c726d196aa4
.rsrc 0x17000 0x370 0x1000 0.92 3bacbd11662fb0d216a7fdd4cdc0e439
.reloc 0x18000 0x122A 0x2000 3.15 d4fe206491a10443d014497e4bbab524

( 7 imports )

> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCreateKeyExA, RegEnumKeyExA, RegFlushKey, RegCloseKey, RegDeleteKeyA, RegSetValueExA
> kernel32.dll: LoadResource, FindResourceA, FindResourceExA, lstrlenA, lstrlenW, OutputDebugStringA, LockResource, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, ExitProcess, GetProcessHeap, SizeofResource, WideCharToMultiByte, MultiByteToWideChar, GetVersionExA, GetThreadLocale, GetLocaleInfoA, GetACP, InterlockedExchange, HeapSize, HeapReAlloc, HeapFree, HeapAlloc, HeapDestroy, DeleteCriticalSection, InitializeCriticalSection, LeaveCriticalSection, EnterCriticalSection, GetSystemTimeAsFileTime
> msvcp70.dll: __Nomemory@std@@YAXXZ, __1_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@ABV01@@Z, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@PBD@Z
> msvcr70.dll: __0exception@@QAE@XZ, __CxxFrameHandler, __3@YAXPAX@Z, _CxxThrowException, isupper, isdigit, isxdigit, isspace, _purecall, ___V@YAXPAX@Z, fsetpos, strchr, fgets, fgetpos, printf, _mbsinc, _vscprintf, _mbsnbcmp, __0exception@@QAE@ABV0@@Z, memmove, _itoa, atoi, malloc, free, memset, _callnewh, __security_error_handler, __1type_info@@UAE@XZ, _terminate@@YAXXZ, _initterm, _adjust_fdiv, _except_handler3, __dllonexit, _onexit, _mbschr, vsprintf, __1exception@@UAE@XZ
> ole32.dll: CoCreateInstance, CLSIDFromString, StringFromGUID2
> oleaut32.dll: -, -
> user32.dll: wsprintfA

( 1 exports )

> __0CActionCmd@cfg@@QAE@AAV01@@Z, __0CActionCmd@cfg@@QAE@AAVCRegKey@ATL@@@Z, __0CActionCmd@cfg@@QAE@PAUISaiCommand@@@Z, __0CActionCmd@cfg@@QAE@PAU_iobuf@@@Z, __0CActionCmd@cfg@@QAE@XZ, __0CCfgAxis@cfg@@QAE@AAV_$vector@VCCfgCommand@cfg@@V_$allocator@VCCfgCommand@cfg@@@std@@@std@@PAV_$map@KKU_$less@K@std@@V_$allocator@U_$pair@$$CBKK@std@@@2@@3@K@Z, __0CCfgAxis@cfg@@QAE@ABV01@@Z, __0CCfgAxis@cfg@@QAE@PAUISaiControl@@AAV_$vector@VCCfgCommand@cfg@@V_$allocator@VCCfgCommand@cfg@@@std@@@std@@PAV_$map@KKU_$less@K@std@@V_$allocator@U_$pair@$$CBKK@std@@@2@@4@K@Z, __0CCfgBand@cfg@@QAE@ABV01@@Z, __0CCfgBand@cfg@@QAE@KAAV_$vector@VCCfgCommand@cfg@@V_$allocator@VCCfgCommand@cfg@@@std@@@std@@@Z, __0CCfgBand@cfg@@QAE@KPAUISaiBand@@AAV_$vector@VCCfgCommand@cfg@@V_$allocator@VCCfgCommand@cfg@@@std@@@std@@@Z, __0CCfgBase@cfg@@QAE@ABV01@@Z, __0CCfgBase@cfg@@QAE@XZ, __0CCfgButton@cfg@@QAE@AAV_$vector@VCCfgCommand@cfg@@V_$allocator@VCCfgCommand@cfg@@@std@@@std@@PAV_$map@KKU_$less@K@std@@V_$allocator@U_$pair@$$CBKK@std@@@2@@3@K@Z, __0CCfgButton@cfg@@QAE@ABV01@@Z, __0CCfgButton@cfg@@QAE@PAUIEnumSaiLogicalButton@@AAV_$vector@VCCfgCommand@cfg@@V_$allocator@VCCfgCommand@cfg@@@std@@@std@@PAV_$map@KKU_$less@K@std@@V_$allocator@U_$pair@$$CBKK@std@@@2@@4@PAK@Z, __0CCfgButton@cfg@@QAE@PAUISaiControl@@AAV_$vector@VCCfgCommand@cfg@@V_$allocator@VCCfgCommand@cfg@@@std@@@std@@PAV_$map@KKU_$less@K@std@@V_$allocator@U_$pair@$$CBKK@std@@@2@@4@PAK@Z, __0CCfgCommand@cfg@@QAE@ABV01@@Z, __0CCfgCommand@cfg@@QAE@K@Z, __0CCfgCommand@cfg@@QAE@PAUISaiCommand@@@Z, __0CCfgConfig@cfg@@QAE@PAUISaiGame@@PBD1@Z, __0CCfgHat@cfg@@QAE@AAV_$vector@VCCfgCommand@cfg@@V_$allocator@VCCfgCommand@cfg@@@std@@@std@@PAV_$map@KKU_$less@K@std@@V_$allocator@U_$pair@$$CBKK@std@@@2@@3@K@Z, __0CCfgHat@cfg@@QAE@ABV01@@Z, __0CCfgHat@cfg@@QAE@PAUISaiControl@@AAV_$vector@VCCfgCommand@cfg@@V_$allocator@VCCfgCommand@cfg@@@std@@@std@@PAV_$map@KKU_$less@K@std@@V_$allocator@U_$pair@$$CBKK@std@@@2@@4@K@Z, __0CCfgLogicalAxis@cfg@@QAE@ABV01@@Z, __0CCfgLogicalAxis@cfg@@QAE@KAAV_$vector@VCCfgCommand@cfg@@V_$allocator@VCCfgCommand@cfg@@@std@@@std@@@Z, __0CCfgLogicalAxis@cfg@@QAE@PAUISaiLogicalAxis@@AAV_$vector@VCCfgCommand@cfg@@V_$allocator@VCCfgCommand@cfg@@@std@@@std@@@Z, __0CCfgLogicalButton@cfg@@QAE@ABV01@@Z, __0CCfgLogicalButton@cfg@@QAE@KK@Z, __0CCfgLogicalHat@cfg@@QAE@AAV_$vector@VCCfgCommand@cfg@@V_$allocator@VCCfgCommand@cfg@@@std@@@std@@PAV_$map@KKU_$less@K@std@@V_$allocator@U_$pair@$$CBKK@std@@@2@@3@K@Z, __0CCfgLogicalHat@cfg@@QAE@ABV01@@Z, __0CCfgLogicalHat@cfg@@QAE@PAUISaiLogicalHat@@AAV_$vector@VCCfgCommand@cfg@@V_$allocator@VCCfgCommand@cfg@@@std@@@std@@PAV_$map@KKU_$less@K@std@@V_$allocator@U_$pair@$$CBKK@std@@@2@@4@@Z, __0CCfgProfile@cfg@@QAE@AAVCRegKey@ATL@@PBD1@Z, __0CCfgProfile@cfg@@QAE@ABV01@@Z, __0CCfgProfile@cfg@@QAE@PAUISaiGame@@PBD1@Z, __0CCfgShiftButton@cfg@@QAE@ABV01@@Z, __0CCfgShiftButton@cfg@@QAE@PAUISaiControl@@PAV_$map@KKU_$less@K@std@@V_$allocator@U_$pair@$$CBKK@std@@@2@@std@@K@Z, __0CCfgShiftButton@cfg@@QAE@PAV_$map@KKU_$less@K@std@@V_$allocator@U_$pair@$$CBKK@std@@@2@@std@@K@Z, __0CSaiNtHidActionBlock@cfg@@QAE@XZ, __1CActionCmd@cfg@@QAE@XZ, __1CCfgAxis@cfg@@QAE@XZ, __1CCfgButton@cfg@@QAE@XZ, __1CCfgCommand@cfg@@QAE@XZ, __1CCfgConfig@cfg@@QAE@XZ, __1CCfgHat@cfg@@QAE@XZ, __1CCfgLogicalAxis@cfg@@QAE@XZ, __1CCfgLogicalHat@cfg@@QAE@XZ, __1CCfgProfile@cfg@@UAE@XZ, __1CSaiNtHidActionBlock@cfg@@QAE@XZ, __4CActionCmd@cfg@@QAEAAV01@ABV01@@Z, __4CCfgAxis@cfg@@QAEABV01@ABV01@@Z, __4CCfgBand@cfg@@QAEABV01@ABV01@@Z, __4CCfgBase@cfg@@QAEAAV01@ABV01@@Z, __4CCfgButton@cfg@@QAEABV01@ABV01@@Z, __4CCfgCommand@cfg@@QAEAAV01@ABV01@@Z, __4CCfgConfig@cfg@@QAEAAV01@ABV01@@Z, __4CCfgHat@cfg@@QAEABV01@ABV01@@Z, __4CCfgLogicalAxis@cfg@@QAEABV01@ABV01@@Z, __4CCfgLogicalButton@cfg@@QAEAAV01@ABV01@@Z, __4CCfgLogicalHat@cfg@@QAEABV01@ABV01@@Z, __4CCfgProfile@cfg@@QAEAAV01@ABV01@@Z, __4CCfgShiftButton@cfg@@QAEAAV01@ABV01@@Z, __4CSaiNtHidActionBlock@cfg@@QAEAAV01@ABV01@@Z, ___7CCfgAxis@cfg@@6B@, ___7CCfgBand@cfg@@6B@, ___7CCfgBase@cfg@@6B@, ___7CCfgButton@cfg@@6B@, ___7CCfgCommand@cfg@@6B@, ___7CCfgHat@cfg@@6B@, ___7CCfgLogicalAxis@cfg@@6B@, ___7CCfgLogicalButton@cfg@@6B@, ___7CCfgLogicalHat@cfg@@6B@, ___7CCfgProfile@cfg@@6B@, ___7CCfgShiftButton@cfg@@6B@, ___FCCfgCommand@cfg@@QAEXXZ, _CCfgBase_ReadFromRegistry@CCfgAxis@cfg@@UAE_NAAVCRegKey@ATL@@@Z, _CCfgBase_ReadFromRegistry@CCfgBand@cfg@@UAE_NAAVCRegKey@ATL@@@Z, _CCfgBase_ReadFromRegistry@CCfgButton@cfg@@UAE_NAAVCRegKey@ATL@@@Z, _CCfgBase_ReadFromRegistry@CCfgCommand@cfg@@UAE_NAAVCRegKey@ATL@@@Z, _CCfgBase_ReadFromRegistry@CCfgHat@cfg@@UAE_NAAVCRegKey@ATL@@@Z, _CCfgBase_ReadFromRegistry@CCfgLogicalAxis@cfg@@UAE_NAAVCRegKey@ATL@@@Z, _CCfgBase_ReadFromRegistry@CCfgLogicalButton@cfg@@UAE_NAAVCRegKey@ATL@@@Z, _CCfgBase_ReadFromRegistry@CCfgLogicalHat@cfg@@UAE_NAAVCRegKey@ATL@@@Z, _CCfgBase_ReadFromRegistry@CCfgProfile@cfg@@UAE_NAAVCRegKey@ATL@@@Z, _CCfgBase_ReadFromRegistry@CCfgShiftButton@cfg@@UAE_NAAVCRegKey@ATL@@@Z, _CCfgBase_WriteToFile@CActionCmd@cfg@@QAE_NPAUISaiCommand@@@Z, _CCfgBase_WriteToFile@CCfgAxis@cfg@@QAE_NPAUISaiController@@@Z, _CCfgBase_WriteToFile@CCfgButton@cfg@@QAE_NPAUISaiController@@@Z, _CCfgBase_WriteToFile@CCfgCommand@cfg@@QAE_NPAUISaiCommandList@@@Z, _CCfgBase_WriteToFile@CCfgHat@cfg@@QAE_NPAUISaiController@@@Z, _CCfgBase_WriteToFile@CCfgLogicalAxis@cfg@@QAE_NPAUISaiControl@@@Z, _CCfgBase_WriteToFile@CCfgLogicalButton@cfg@@QAE_NPAUISaiControl@@@Z, _CCfgBase_WriteToFile@CCfgLogicalHat@cfg@@QAE_NPAUISaiControl@@@Z, _CCfgBase_WriteToFile@CCfgProfile@cfg@@QAE_NPAPAUISaiGame@@@Z, _CCfgBase_WriteToFile@CCfgShiftButton@cfg@@QAE_NPAUISaiController@@@Z, _CCfgBase_WriteToFile@CSaiNtHidActionBlock@cfg@@QAE_NPAUISaiCommandAction@@W4ECommandActionType@@@Z, _CCfgBase_WriteToRegistry@CCfgAxis@cfg@@UAE_NAAVCRegKey@ATL@@@Z, _CCfgBase_WriteToRegistry@CCfgBand@cfg@@UAE_NAAVCRegKey@ATL@@@Z, _CCfgBase_WriteToRegistry@CCfgButton@cfg@@UAE_NAAVCRegKey@ATL@@@Z, _CCfgBase_WriteToRegistry@CCfgCommand@cfg@@UAE_NAAVCRegKey@ATL@@@Z, _CCfgBase_WriteToRegistry@CCfgHat@cfg@@UAE_NAAVCRegKey@ATL@@@Z, _CCfgBase_WriteToRegistry@CCfgLogicalAxis@cfg@@UAE_NAAVCRegKey@ATL@@@Z, _CCfgBase_WriteToRegistry@CCfgLogicalButton@cfg@@UAE_NAAVCRegKey@ATL@@@Z, _CCfgBase_WriteToRegistry@CCfgLogicalHat@cfg@@UAE_NAAVCRegKey@ATL@@@Z, _CCfgBase_WriteToRegistry@CCfgProfile@cfg@@UAE_NAAVCRegKey@ATL@@@Z, _CCfgBase_WriteToRegistry@CCfgShiftButton@cfg@@UAE_NAAVCRegKey@ATL@@@Z, _ConstructAxisMappings@CCfgProfile@cfg@@AAEXPAUISaiController2@@@Z, _ConstructController@CCfgProfile@cfg@@AAEXPAUISaiController2@@@Z, _ConstructControls@CCfgProfile@cfg@@AAEXPAUIEnumSaiControl@@@Z, _ConstructHat@CCfgProfile@cfg@@AAE_NPAUISaiControl@@@Z, _ConstructLBE@CCfgButton@cfg@@AAE_NPAV_$map@KKU_$less@K@std@@V_$allocator@U_$pair@$$CBKK@std@@@2@@std@@PAUIEnumSaiLogicalButton@@@Z, _ConstructMatrix@CCfgProfile@cfg@@AAE_NPAUISaiControl@@@Z, _ConstructSlider@CCfgProfile@cfg@@AAE_NPAUISaiControl@@@Z, _Dump@CSaiNtHidActionBlock@cfg@@QAEXXZ, _Emit@CActionCmd@cfg@@QAE_NPAUHKEY__@@@Z, _EncodeAxis@CCfgProfile@cfg@@AAEGG@Z, _GetButtonId@CCfgShiftButton@cfg@@QAEKXZ, _GetData@CSaiNtHidActionBlock@cfg@@QAEABUSaiNtHidActionBlock@@XZ, _GetId@CCfgCommand@cfg@@QAEABU_GUID@@XZ, _GetLbVct@CCfgButton@cfg@@QAEAAV_$vector@KV_$allocator@K@std@@@std@@XZ, _GetLen@CSaiNtHidActionBlock@cfg@@QAEHXZ, _Init@CSaiNtHidActionBlock@cfg@@QAE_NW4ECommandActionType@@PAUISaiCommandAction@@@Z, _Init@CSaiNtHidActionBlock@cfg@@QAE_NW4ECommandActionType@@PAU_iobuf@@@Z, _InsertShft@CCfgProfile@cfg@@AAEXPAV_$map@KKU_$less@K@std@@V_$allocator@U_$pair@$$CBKK@std@@@2@@std@@PAUIEnumSaiControl@@_N@Z, _IsValid@CCfgConfig@cfg@@QAE_NXZ, _IsValid@CCfgProfile@cfg@@QAE_NXZ, _IsValid@CSaiNtHidActionBlock@cfg@@QAE_NXZ, _OldType2NewType@CCfgCommand@cfg@@SA_NW4ERCommand@@AAW4ESaiNtHidCmd@@@Z, _Show@CSaiNtHidActionBlock@cfg@@QAEXXZ, _WriteToRegistry@CCfgAxis@cfg@@QAE_NAAVCRegKey@ATL@@@Z, _WriteToRegistry@CCfgButton@cfg@@QAE_NAAVCRegKey@ATL@@@Z, _WriteToRegistry@CCfgCommand@cfg@@QAE_NAAVCRegKey@ATL@@@Z, _WriteToRegistry@CCfgConfig@cfg@@QAE_NXZ, _WriteToRegistry@CCfgHat@cfg@@QAE_NAAVCRegKey@ATL@@@Z, _WriteToRegistry@CCfgLogicalAxis@cfg@@QAE_NAAVCRegKey@ATL@@@Z, _WriteToRegistry@CCfgLogicalHat@cfg@@QAE_NAAVCRegKey@ATL@@@Z, _WriteToRegistry@CCfgProfile@cfg@@QAE_NXZ, _WriteToRegistry@CCfgShiftButton@cfg@@QAE_NAAVCRegKey@ATL@@@Z, _getAsg@CCfgCommand@cfg@@QAEAAKXZ, _program@CActionCmd@cfg@@QAE_NXZ, _putAsg@CCfgCommand@cfg@@QAEXK@Z, _s_dwNxtCmd@CCfgButton@cfg@@2KA
TrID : File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ssdeep: 3072:Jr4A21uQfRsfPUVyIUBPy1dgvCRP316jboVqnqsHYewFXvB4:tC1P5sXUVyIUBPy1dgvCRP316jboVqng
sigcheck: publisher....: n/a
copyright....: Copyright (C) 2002
product......: SaiCfg Dynamic Link Library
description..: SaiCfg Dynamic Link Library
original name: SaiCfg.dll
internal name: SaiCfg
file version.: 3.2.0.18
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

PEiD : -
RDS : NSRL Reference Data Set
-
a tady log z OTL
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Regedit32 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\syncman deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Data aplikací\MSASCui.exe moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Mh3jm32txN moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Mh3jm32txN moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Data aplikací\VH56DJI7u87yo moved successfully.
C:\Documents and Settings\All Users\Data aplikací\VH56DJI7u87yo moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Data aplikací\wo588q8Gd1tnB moved successfully.
C:\Documents and Settings\All Users\Data aplikací\wo588q8Gd1tnB moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Data aplikací\48531I0 moved successfully.
C:\Documents and Settings\All Users\Data aplikací\48531I0 moved successfully.
C:\Documents and Settings\Admin\Data aplikací\avdrn.dat moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Data aplikací\6JQ57 moved successfully.
C:\Documents and Settings\Admin\Local Settings\Data aplikací\6JQ57 moved successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:A8ADE5D8 deleted successfully.
========== FILES ==========
C:\WINDOWS\002796_.tmp moved successfully.
C:\WINDOWS\NV17441736.TMP folder moved successfully.
C:\WINDOWS\SET21.tmp moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\WINDOWS\System32\CONFIG.TMP moved successfully.
C:\WINDOWS\System32\SET40.tmp moved successfully.
C:\WINDOWS\System32\SET44.tmp moved successfully.
C:\WINDOWS\System32\SET4C.tmp moved successfully.
C:\WINDOWS\System32\SET93.tmp moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 886680267 bytes
->Temporary Internet Files folder emptied: 708135938 bytes
->Flash cache emptied: 1732346 bytes

User: Administrator
->Temporary Internet Files folder emptied: 32768 bytes

User: Administrator.ADMIN-01B7E21B8
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 71583 bytes
->Temporary Internet Files folder emptied: 3408748 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3281730 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 13207 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 502861 bytes
RecycleBin emptied: 1699560 bytes

Total Files Cleaned = 1 531,00 mb


[EMPTYFLASH]

User: Admin
->Flash cache emptied: 0 bytes

User: Administrator

User: Administrator.ADMIN-01B7E21B8

User: All Users

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

Restore points cleared and new OTL Restore Point set!
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

OTL by OldTimer - Version 3.1.37.3 log created on 03262010_163003

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Admin\Local Settings\Temp\Temporary Internet Files\Content.IE5\I1TUDWF7\ed%26ref_loc%3Dintro&color_bg=550000&color_text=FF6600&color_link=FFDDBB&color_url=CCCC99&color_border=550000&cc=58&u_h=768&u_w=1024&u_ah=734&u_aw=1024&u_cd=32&u_tz=120&u_java=true not found!
File\Folder C:\Documents and Settings\Admin\Local Settings\Temp\~DF2CE0.tmp not found!
File\Folder C:\Documents and Settings\Admin\Local Settings\Temp\~DF2DD2.tmp not found!
File\Folder C:\Documents and Settings\Admin\Local Settings\Temp\~DF2E7F.tmp not found!
File\Folder C:\Documents and Settings\Admin\Local Settings\Temp\~DF2F09.tmp not found!
File\Folder C:\Documents and Settings\Admin\Local Settings\Temp\~DF2F6F.tmp not found!
File\Folder C:\Documents and Settings\Admin\Local Settings\Temp\~DF3124.tmp not found!
C:\Documents and Settings\Admin\Local Settings\Temp\~DF4D04.tmp moved successfully.
File\Folder C:\Documents and Settings\Admin\Local Settings\Temp\~DF57C4.tmp not found!
File\Folder C:\Documents and Settings\Admin\Local Settings\Temp\~DF5812.tmp not found!
File\Folder C:\Documents and Settings\Admin\Local Settings\Temp\~DF5B07.tmp not found!
File\Folder C:\Documents and Settings\Admin\Local Settings\Temp\~DF5BBF.tmp not found!
File\Folder C:\Documents and Settings\Admin\Local Settings\Temp\~DF6175.tmp not found!
File\Folder C:\Documents and Settings\Admin\Local Settings\Temp\~DF61B1.tmp not found!
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\EX5WIKUO\afr[1].htm moved successfully.
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\EX5WIKUO\viewtopic[2].htm moved successfully.
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\E1QKV9VH\afr[3].htm moved successfully.
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\E1QKV9VH\afr[4].htm moved successfully.
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\6RRQM8H3\honeypot_export[1].htm moved successfully.
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\SuggestedSites.dat moved successfully.
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_4b4.dat moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_6bc.dat moved successfully.

Registry entries deleted on Reboot...

[Caroprd111]

Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary
• Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrazí stránka s licenčními podmínkami, pokračujte stisknutím tlačítka "Ano"
• Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna
• Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.
• Během skenování může být počítač restartován.

[tetrev]

tady je ten log:

ComboFix 10-03-25.09 - Admin 29.03.2010 9:24.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.511.197 [GMT 1:00]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100325-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\windows\system32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd

c:\windows\system32\drivers\cdrom.sys chyběl.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\cdrom.sys

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-28 do 2010-03-29 )))))))))))))))))))))))))))))))
.

2010-03-26 15:30 . 2010-03-26 15:30 -------- d-----w- C:\_OTL
2010-03-25 14:20 . 2010-03-25 14:20 -------- d-----w- c:\program files\trend micro
2010-03-25 14:20 . 2010-03-25 14:20 -------- d-----w- C:\rsit
2010-03-25 13:05 . 2010-03-25 13:05 -------- d-sh--w- c:\documents and settings\Administrator.ADMIN-01B7E21B8\IETldCache
2010-03-25 12:10 . 2010-01-22 08:55 767952 ----a-w- c:\windows\BDTSupport.dll
2010-03-25 12:10 . 2010-01-22 08:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-03-25 12:10 . 2009-10-28 00:36 1152444 ----a-w- c:\windows\UDB.zip
2010-03-25 12:10 . 2008-11-26 11:08 131 ----a-w- c:\windows\IDB.zip
2010-03-25 12:10 . 2010-01-22 08:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-03-25 12:10 . 2010-01-22 08:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-03-25 11:59 . 2010-02-05 08:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-03-25 11:59 . 2010-03-10 10:36 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-03-25 11:59 . 2009-11-23 12:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-03-25 11:58 . 2010-02-05 08:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-03-25 11:58 . 2010-03-26 15:59 -------- d-----w- c:\program files\Spyware Doctor
2010-03-25 11:58 . 2010-03-25 12:10 -------- d-----w- c:\program files\Common Files\PC Tools
2010-03-18 15:28 . 2010-03-18 15:28 -------- d-----w- c:\program files\Crawler
2010-03-18 15:28 . 2010-03-18 15:28 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-03-18 15:27 . 2010-03-25 12:43 -------- d-----w- c:\program files\Spyware Terminator
2010-03-17 16:34 . 2010-03-17 16:34 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-03-17 16:34 . 2010-03-17 16:34 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2010-03-17 14:07 . 2010-03-17 14:07 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-03-17 14:07 . 2010-03-17 14:07 -------- d-sh--w- c:\windows\system32\config\systemprofile\IECompatCache
2010-03-17 14:07 . 2010-03-17 14:07 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-03-12 21:13 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-11 17:21 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-07 17:23 . 2010-03-07 17:23 -------- d-----w- c:\windows\system32\wbem\Repository

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-26 15:42 . 2007-03-17 15:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-07 17:32 . 2007-05-08 18:39 -------- d-----w- c:\program files\Google
2010-03-07 17:20 . 2010-01-22 17:44 219896 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1029.dat
2009-12-31 16:50 . 2006-03-02 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-03-18 3037696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Profiler"="c:\program files\Saitek\Software\Profiler.exe" [2003-04-10 151552]
"SaiSmart"="c:\program files\Saitek\Software\SaiSmart.exe" [2003-04-10 86016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-03-18 2166784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 17:43 69632 ----a-w- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:22 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2005-01-07 16:07 61952 ------w- c:\windows\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-12-15 10:18 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-02-24 21:36 32768 ------r- c:\windows\system32\rmctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2005-11-10 10:14 15473664 ----a-w- c:\windows\RTHDCPL.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\TrackMania Nations ESWC Special Edition\\TmNationsESWC.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Castle Strike\\Castlestrike.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [25.3.2010 13:59 217032]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [29.5.2009 15:17 114768]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [18.3.2010 17:28 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29.5.2009 15:17 20560]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [25.3.2010 14:10 112592]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [23.3.2009 20:54 222968]
S3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\drivers\imhidusb.sys [25.12.2006 11:20 30984]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [25.3.2010 13:58 366840]
S3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [12.8.2007 12:28 178913]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - PCTSDInjDriver32
.
Obsah adresáře 'Naplánované úlohy'

2010-03-26 c:\windows\Tasks\User_Feed_Synchronization-{830F4232-EC74-4330-B034-1E340AEEE8C0}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]

2010-03-26 c:\windows\Tasks\User_Feed_Synchronization-{DA676247-A7C0-4F60-9B81-240F7127D012}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9b.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-29 09:29
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,23,46,c2,63,f0,e5,bb,40,a7,0f,b4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,23,46,c2,63,f0,e5,bb,40,a7,0f,b4,\

[HKEY_USERS\S-1-5-21-1085031214-1336601894-682003330-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(536)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-03-29 09:30:57
ComboFix-quarantined-files.txt 2010-03-29 07:30

Před spuštěním: 8 167 501 824
Po spuštění: 8 135 929 856

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 4B66DB8FCD8622488B7B2F2D8A008C01

[Caroprd111]

Jak to vypadá s PC

[tetrev]

vypada to ze je to vporadku
do netu uz nic neodesila

[Caroprd111]

Poprosím o nový log z RSIT.