prosim o kontrolu logu

[Damned]

Odinstaluj ComboFix ( nutné ) .
ComboFix se odinstaluje takto:
Start-Spustit a zadej Combofix[mezera]/uninstall

Stáhni si T-Cleaner ( nutné - smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš)

(pozn.Pokud máš AVG nebo Aviru, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG i Aviru (i rezidenty), následně T-Cleaner smaž a zapni si AVG, Aviru.)
*****************************************************************************************************************************************
Stáhni si OTL na Plochu.
Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Output klikni na minimal Output.Pod Standard Registry změň na All. Zatrhni LOP Check a Purity Check. Klikni na Run Scan. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj

[Reklama]

[scratch]

OTL.Txt
--------------------------
OTL logfile created on: 25.1.2010 8:01:38 - Run 1
OTL by OldTimer - Version 3.1.26.0 Folder = C:\Documents and Settings\scratch\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 84,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 300,39 Gb Total Space | 24,23 Gb Free Space | 8,06% Space Free | Partition Type: NTFS
Drive D: | 295,78 Gb Total Space | 97,95 Gb Free Space | 33,12% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 58,59 Gb Total Space | 34,49 Gb Free Space | 58,86% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 298,08 Gb Total Space | 9,76 Gb Free Space | 3,27% Space Free | Partition Type: NTFS
Drive I: | 239,49 Gb Total Space | 14,77 Gb Free Space | 6,17% Space Free | Partition Type: NTFS
Drive J: | 189,91 Gb Total Space | 24,86 Gb Free Space | 13,09% Space Free | Partition Type: NTFS
Drive L: | 7,52 Gb Total Space | 1,55 Gb Free Space | 20,56% Space Free | Partition Type: FAT32

Computer Name: SCRATCH-D0A974A
Current User Name: scratch
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\scratch\Plocha\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\javaw.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\QIP\qip.exe (The Author of QIP)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe (Nuance Communications, Inc.)
PRC - C:\WINDOWS\system32\acs.exe ()
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files\totalcmd\TOTALCMD.EXE (C. Ghisler & Co.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\scratch\Plocha\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\ScanSoft\OmniPageSE4\OpHookSE4.dll (Nuance Communications, Inc.)


========== Win32 Services (SafeList) ==========

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (SureThing Labelflash service) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (ACS) -- C:\WINDOWS\system32\acs.exe ()
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (NOD32FiXTemDono) -- C:\WINDOWS\System32\regedt32.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys.12565980 (Duplex Secure Ltd.)
DRV - (AegisP) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\AegisP.sys (Meetinghouse Data Communications)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (epfwtdi) -- C:\WINDOWS\system32\drivers\epfwtdi.sys (ESET)
DRV - (Epfwndis) -- C:\WINDOWS\system32\drivers\epfwndis.sys (ESET)
DRV - (epfw) -- C:\WINDOWS\system32\drivers\epfw.sys (ESET)
DRV - (easdrv) -- C:\WINDOWS\system32\drivers\easdrv.sys (ESET)
DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Windows (R) 2000 DDK provider)
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = http://google.icq.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll (DeviceVM Inc.)
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.centrum.cz"
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.09
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: stahuj@centrum.cz:1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11
FF - prefs.js..network.proxy.type: 2

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.09.02 18:48:33 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009.06.18 19:51:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.09.10 14:45:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.10.27 11:36:23 | 00,000,000 | ---D | M]

[2009.06.15 15:02:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\scratch\Data aplikací\Mozilla\Extensions
[2009.06.15 15:02:18 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\scratch\Data aplikací\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010.01.12 21:15:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\scratch\Data aplikací\Mozilla\Firefox\Profiles\zp8ichb8.default\extensions
[2010.01.12 21:15:22 | 00,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\scratch\Data aplikací\Mozilla\Firefox\Profiles\zp8ichb8.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009.09.03 05:15:03 | 00,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\scratch\Data aplikací\Mozilla\Firefox\Profiles\zp8ichb8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.01.12 21:15:27 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.09.10 14:45:27 | 00,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009.06.18 19:51:12 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009.08.15 16:04:40 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009.11.04 10:46:01 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2009.06.15 15:02:07 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\stahuj@centrum.cz
[2009.09.10 14:45:16 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009.09.10 14:45:16 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009.10.11 04:17:27 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2006.02.22 22:48:23 | 00,528,896 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2006.01.12 23:28:26 | 00,086,016 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2009.09.10 14:45:19 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2003.07.15 05:56:52 | 00,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2009.02.27 13:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2008.09.10 20:56:44 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2008.09.10 20:37:54 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2009.09.10 14:45:23 | 00,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009.09.10 14:45:23 | 00,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2009.09.10 14:45:23 | 00,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2009.09.10 14:45:23 | 00,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2009.09.10 14:45:23 | 00,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2009.09.10 14:45:23 | 00,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2001.10.25 15:00:00 | 00,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKCU\..\Toolbar\WebBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKCU\..\Toolbar\WebBrowser: (&Odkazy) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [FineReader7NewsReaderPro] C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe (ABBYY (BIT Software))
O4 - HKLM..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe (ICQ Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [TWCU] C:\Program Files\TP-LINK\TWCU\TWCU.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [QIP2005] C:\Program Files\QIP\qip.exe (The Author of QIP)
O4 - HKCU..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe (ICQ Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (ICQ Ltd.)
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (ICQ Ltd.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 5072505651 (WUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.240.190.34 62.240.190.4 62.240.190.5
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Proces mezipaměti kategorií součástí - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\scratch\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\scratch\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.07.05 13:45:06 | 00,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.05.28 18:27:28 | 00,000,028 | ---- | M] () - L:\AUTORUN.INF -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.01.25 08:00:37 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\scratch\Plocha\OTL.exe
[2010.01.25 06:55:40 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2010.01.24 18:59:33 | 05,115,832 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\scratch\Plocha\mbam-setup.exe
[2010.01.23 19:59:31 | 00,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010.01.23 19:58:27 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\scratch\Plocha\HijackThisInstaller.exe
[2010.01.23 19:44:22 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\scratch\Recent
[2010.01.21 13:14:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\scratch\DoctorWeb
[2010.01.17 18:10:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\scratch\Plocha\fotky vánoce
[2010.01.17 17:07:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\scratch\Plocha\fotečky
[2010.01.13 12:28:44 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.01.13 09:30:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\scratch\Data aplikací\Malwarebytes
[2010.01.13 09:30:02 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.01.13 09:30:00 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.01.13 09:30:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2010.01.13 09:29:59 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.01.13 06:31:19 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010.01.05 06:52:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\ESET
[2009.07.22 07:42:33 | 04,796,416 | ---- | C] (Gabest) -- C:\Program Files\mplayerc.exe
[2009.06.15 15:30:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[2009.06.15 12:45:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[2009.06.15 12:43:38 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[2009.06.15 12:43:38 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Data aplikací\Microsoft

========== Files - Modified Within 30 Days ==========

[2010.01.25 08:00:37 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\scratch\Plocha\OTL.exe
[2010.01.25 06:29:52 | 00,001,402 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010.01.25 06:26:14 | 00,210,919 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.01.25 06:25:56 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.01.25 06:25:50 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.01.24 22:02:39 | 05,505,024 | ---- | M] () -- C:\Documents and Settings\scratch\NTUSER.DAT
[2010.01.24 19:55:36 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.01.24 19:29:49 | 00,100,864 | ---- | M] () -- C:\Documents and Settings\scratch\Plocha\T-Cleaner.exe
[2010.01.24 19:02:57 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.01.24 19:02:33 | 05,115,832 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\scratch\Plocha\mbam-setup.exe
[2010.01.24 18:57:35 | 00,002,439 | ---- | M] () -- C:\Documents and Settings\scratch\Plocha\HiJackThis.lnk
[2010.01.24 11:57:27 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.01.24 09:24:36 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.01.23 19:58:54 | 01,401,344 | ---- | M] () -- C:\Documents and Settings\scratch\Plocha\HijackThis.msi
[2010.01.23 19:58:30 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\scratch\Plocha\HijackThisInstaller.exe
[2010.01.22 16:02:33 | 00,050,803 | ---- | M] () -- C:\Documents and Settings\scratch\Plocha\chriss angel season 5.jpg
[2010.01.20 14:09:47 | 00,047,616 | ---- | M] () -- C:\Documents and Settings\scratch\Plocha\Významné dny.doc
[2010.01.20 06:28:43 | 00,068,096 | ---- | M] () -- C:\Documents and Settings\scratch\Plocha\hledám práci.doc
[2010.01.19 13:16:41 | 00,040,448 | ---- | M] () -- C:\Documents and Settings\scratch\Plocha\Životopis Jirka.doc
[2010.01.18 19:17:26 | 08,712,662 | ---- | M] () -- C:\Documents and Settings\scratch\Plocha\Informace_pro_uchazeče.pdf
[2010.01.18 15:32:21 | 00,032,256 | ---- | M] () -- C:\Documents and Settings\scratch\Plocha\Okruhy SZZ Verunka.doc
[2010.01.18 09:01:20 | 02,043,737 | ---- | M] () -- C:\Documents and Settings\scratch\Plocha\Sociální_práce_a_psychologické___poradenství.docx.zip
[2010.01.18 09:00:54 | 00,541,610 | ---- | M] () -- C:\Documents and Settings\scratch\Plocha\DSC00174.JPG
[2010.01.18 09:00:54 | 00,517,635 | ---- | M] () -- C:\Documents and Settings\scratch\Plocha\DSC00173.JPG
[2010.01.18 09:00:54 | 00,510,880 | ---- | M] () -- C:\Documents and Settings\scratch\Plocha\DSC00177.JPG
[2010.01.18 09:00:54 | 00,460,883 | ---- | M] () -- C:\Documents and Settings\scratch\Plocha\DSC00176.JPG
[2010.01.18 09:00:54 | 00,011,953 | ---- | M] () -- C:\Documents and Settings\scratch\Plocha\Soci+íln+ş pr+íce a psychologick+ę poradenstv+ş.docx
[2010.01.15 15:42:52 | 00,016,896 | ---- | M] () -- C:\Documents and Settings\scratch\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.13 12:28:44 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\scratch\Plocha\CCleaner.lnk
[2010.01.08 11:08:43 | 00,023,040 | ---- | M] () -- C:\Documents and Settings\scratch\Plocha\obsah.doc
[2010.01.08 10:40:46 | 01,579,520 | ---- | M] () -- C:\Documents and Settings\scratch\Plocha\Verča.doc
[2010.01.08 10:39:46 | 00,036,352 | ---- | M] () -- C:\Documents and Settings\scratch\Dokumenty\1.část.doc
[2010.01.07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.01.07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.01.01 21:20:15 | 00,054,450 | ---- | M] () -- C:\Documents and Settings\scratch\Dokumenty\gVwZEzTL.jpeg

========== Files Created - No Company Name ==========

[2010.01.24 19:29:49 | 00,100,864 | ---- | C] () -- C:\Documents and Settings\scratch\Plocha\T-Cleaner.exe
[2010.01.23 19:59:32 | 00,002,439 | ---- | C] () -- C:\Documents and Settings\scratch\Plocha\HiJackThis.lnk
[2010.01.23 19:58:44 | 01,401,344 | ---- | C] () -- C:\Documents and Settings\scratch\Plocha\HijackThis.msi
[2010.01.22 16:00:55 | 00,050,803 | ---- | C] () -- C:\Documents and Settings\scratch\Plocha\chriss angel season 5.jpg
[2010.01.20 14:09:46 | 00,047,616 | ---- | C] () -- C:\Documents and Settings\scratch\Plocha\Významné dny.doc
[2010.01.18 19:17:26 | 08,712,662 | ---- | C] () -- C:\Documents and Settings\scratch\Plocha\Informace_pro_uchazeče.pdf
[2010.01.18 16:45:07 | 00,040,448 | ---- | C] () -- C:\Documents and Settings\scratch\Plocha\Životopis Jirka.doc
[2010.01.18 16:13:01 | 00,068,096 | ---- | C] () -- C:\Documents and Settings\scratch\Plocha\hledám práci.doc
[2010.01.18 15:32:21 | 00,032,256 | ---- | C] () -- C:\Documents and Settings\scratch\Plocha\Okruhy SZZ Verunka.doc
[2010.01.18 09:53:28 | 00,541,610 | ---- | C] () -- C:\Documents and Settings\scratch\Plocha\DSC00174.JPG
[2010.01.18 09:53:28 | 00,517,635 | ---- | C] () -- C:\Documents and Settings\scratch\Plocha\DSC00173.JPG
[2010.01.18 09:53:28 | 00,510,880 | ---- | C] () -- C:\Documents and Settings\scratch\Plocha\DSC00177.JPG
[2010.01.18 09:53:28 | 00,460,883 | ---- | C] () -- C:\Documents and Settings\scratch\Plocha\DSC00176.JPG
[2010.01.18 09:53:28 | 00,011,953 | ---- | C] () -- C:\Documents and Settings\scratch\Plocha\Soci+íln+ş pr+íce a psychologick+ę poradenstv+ş.docx
[2010.01.18 09:00:57 | 02,043,737 | ---- | C] () -- C:\Documents and Settings\scratch\Plocha\Sociální_práce_a_psychologické___poradenství.docx.zip
[2010.01.13 12:50:18 | 00,000,522 | ---- | C] () -- C:\WINDOWS\System32\Microsoft.VC80.CRT.manifest
[2010.01.13 12:28:44 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\scratch\Plocha\CCleaner.lnk
[2010.01.13 09:30:04 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.01.08 11:02:45 | 00,023,040 | ---- | C] () -- C:\Documents and Settings\scratch\Plocha\obsah.doc
[2010.01.08 10:40:43 | 01,579,520 | ---- | C] () -- C:\Documents and Settings\scratch\Plocha\Verča.doc
[2010.01.08 10:37:10 | 00,036,352 | ---- | C] () -- C:\Documents and Settings\scratch\Dokumenty\1.část.doc
[2010.01.01 21:20:15 | 00,054,450 | ---- | C] () -- C:\Documents and Settings\scratch\Dokumenty\gVwZEzTL.jpeg
[2009.07.26 14:03:15 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009.07.26 14:03:15 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009.07.26 14:03:11 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.07.26 14:03:05 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.07.26 14:03:05 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009.07.17 16:57:40 | 00,138,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009.06.18 13:33:02 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.06.18 12:34:09 | 00,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009.06.15 18:44:28 | 00,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.06.15 16:44:54 | 00,022,328 | ---- | C] () -- C:\Documents and Settings\scratch\Data aplikací\PnkBstrK.sys
[2009.06.15 15:03:15 | 00,001,402 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2009.06.15 14:24:35 | 00,016,896 | ---- | C] () -- C:\Documents and Settings\scratch\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.15 14:24:25 | 00,249,856 | ---- | C] () -- C:\WINDOWS\System32\wgapi.dll
[2009.02.09 06:18:00 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009.02.09 06:18:00 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009.02.09 06:18:00 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009.02.09 06:18:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008.10.07 08:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008.10.07 08:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007.11.26 20:56:28 | 00,151,415 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2005.08.12 22:57:09 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2004.06.27 20:49:42 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2004.06.27 18:15:12 | 00,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2002.03.21 14:39:02 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[1996.04.03 20:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[1913.08.01 15:18:54 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2009.07.22 15:39:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ACD Systems
[2009.06.18 12:31:15 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonBJ
[2010.01.18 09:23:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonIJPLM
[2009.06.15 15:35:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
[2009.06.21 10:58:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Pro
[2009.06.15 18:32:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2009.06.18 12:34:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ScanSoft
[2009.07.20 14:36:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\SpinTop Games
[2010.01.21 20:57:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2009.12.02 09:09:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Ubisoft
[2009.12.22 14:45:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\scratch\Data aplikací\abgx360
[2009.07.22 15:39:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\scratch\Data aplikací\ACD Systems
[2009.07.26 14:00:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\scratch\Data aplikací\BSplayer PRO
[2009.07.23 13:30:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\scratch\Data aplikací\Canon
[2009.06.21 11:11:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\scratch\Data aplikací\DAEMON Tools
[2009.06.15 15:36:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\scratch\Data aplikací\DAEMON Tools Lite
[2009.06.21 10:58:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\scratch\Data aplikací\DAEMON Tools Pro
[2009.06.15 18:33:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\scratch\Data aplikací\ESET
[2009.06.16 06:43:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\scratch\Data aplikací\Friday's games
[2009.06.15 17:01:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\scratch\Data aplikací\ICQLite
[2009.12.22 17:53:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\scratch\Data aplikací\ImgBurn
[2009.07.20 14:13:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\scratch\Data aplikací\iWin
[2009.06.18 11:58:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\scratch\Data aplikací\Leadertech
[2009.06.15 14:48:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\scratch\Data aplikací\Opera
[2009.06.18 12:34:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\scratch\Data aplikací\ScanSoft
[2009.06.18 09:25:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\scratch\Data aplikací\temp
[2009.12.02 10:13:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\scratch\Data aplikací\Ubisoft
[2009.06.15 18:21:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\scratch\Data aplikací\URSoft

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 166 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:B3D74A13
< End of report >

[scratch]

Extras.Txt
---------------------------------

OTL Extras logfile created on: 25.1.2010 8:01:38 - Run 1
OTL by OldTimer - Version 3.1.26.0 Folder = C:\Documents and Settings\scratch\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 84,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 300,39 Gb Total Space | 24,23 Gb Free Space | 8,06% Space Free | Partition Type: NTFS
Drive D: | 295,78 Gb Total Space | 97,95 Gb Free Space | 33,12% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 58,59 Gb Total Space | 34,49 Gb Free Space | 58,86% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 298,08 Gb Total Space | 9,76 Gb Free Space | 3,27% Space Free | Partition Type: NTFS
Drive I: | 239,49 Gb Total Space | 14,77 Gb Free Space | 6,17% Space Free | Partition Type: NTFS
Drive J: | 189,91 Gb Total Space | 24,86 Gb Free Space | 13,09% Space Free | Partition Type: NTFS
Drive L: | 7,52 Gb Total Space | 1,55 Gb Free Space | 20,56% Space Free | Partition Type: FAT32

Computer Name: SCRATCH-D0A974A
Current User Name: scratch
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe" = C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM) -- (Activision Blizzard, Inc.)
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe" = C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM) -- (Activision Blizzard, Inc.)
"C:\Program Files\ICQLite\ICQLite.exe" = C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite -- (ICQ Ltd.)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe" = C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9 -- (Ubisoft)
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe" = C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10 -- (Ubisoft)
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe" = C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update -- (Ubisoft)
"C:\Program Files\QIP\qip.exe" = C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager -- (The Author of QIP)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 17
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = TP-LINK Client Installation Program
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{49B6C667-BADF-4CBB-81A5-62053B02240A}" = ESET Smart Security
"{4ED7D297-58F7-45C3-A9BA-A7CD6FA0D373}_is1" = SureThing CD Labeler Deluxe 5
"{53AFF171-481D-64FA-0DA4-1CA0ABF01029}" = Nero 7 Demo
"{690BE098-6D0D-493D-B079-BD7E8F81A141}" = Opera 10.10
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0405-0000-0000000FF1CE}" = Sada Compatibility Pack pro systém Office 2007
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{9CE80D58-2E74-4FF4-A2D2-5E714E470F36}" = ASUS nVidia Driver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AAF70000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 7.0 Professional Edition
"{AC76BA86-7AD7-1029-7B44-A92000000001}" = Adobe Reader 9.2 - Czech
"{AFE83615-88BE-47F6-B3E4-A3FEF8B7B57F}_is1" = xrecode II 1.0.0.47
"{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}" = ACDSee 9 Photo Manager
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS Ver.2.05
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1C98FC2-1B68-4D96-91D6-F5E0EF08283C}" = Jewel Quest 2 Tournament Edition
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E26DEDC7-1A99-4F8C-9615-6DB112E6495B}_is1" = Texas Hold'em Poker 3D - Deluxe Edition 1.0
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"7-Zip" = 7-Zip 4.65
"abgx360" = abgx360 v1.0.2
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity_is1" = Audacity 1.2.6
"Bejeweled Twist 1.0.3.7482" = Bejeweled Twist 1.0.3.7482
"BSPlayer1" = BS.player
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner (remove only)
"DVD Decrypter" = DVD Decrypter (Remove Only)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Emilka Holubová - Montezumův poklad" = Emilka Holubová - Montezumův poklad
"Eset NOD32 v3.0.642 FiX1.2 by TemDono_is1" = NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.01
"ICQLite" = ICQ 5.1
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"Jewel Quest Solitaire II_is1" = Jewel Quest Solitaire II
"Jewel Quest Solitaire III_is1" = Jewel Quest Solitaire III
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.9.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Montezumova pomsta" = Montezumova pomsta
"Mozilla Firefox (3.0.11)" = Mozilla Firefox (3.0.11)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MVApplication1" = SureThing CD Labeler Deluxe 4 Trial
"Mystery Solitaire - Secret Island" = Mystery Solitaire - Secret Island (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"Registrace uživatele zařízení Canon MP210 series" = Registrace uživatele zařízení Canon MP210 series
"SubtitleWorkshop" = Subtitle Workshop 2.51
"Texas Hold 'Em Championship_is1" = Texas Hold 'Em Championship
"Totalcmd" = Total Commander (Remove or Repair)
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"Xvid CZ 1.01_is1" = Xvid CZ 1.01
"Your Uninstaller! 2008_is1" = Your Uninstaller! 2008 Version 6.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"360WAVESPATCHERCLT" = 360WavesPatcher (Client setup)
"5f48e2ab41c5d005" = RapidShare Manager
"QIP 2005" = QIP 2005 8095

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6.12.2009 16:16:17 | Computer Name = SCRATCH-D0A974A | Source = Application Error | ID = 1000
Description = Chybující aplikace iexplore.exe, verze 8.0.6001.18702, chybující modul
unknown, verze 0.0.0.0, adresa chyby 0x00000000.

Error - 7.12.2009 4:20:29 | Computer Name = SCRATCH-D0A974A | Source = Application Error | ID = 1000
Description = Chybující aplikace assassinscreed_dx9.exe, verze 1.0.2.1, chybující
modul unknown, verze 0.0.0.0, adresa chyby 0x79547463.

Error - 17.12.2009 14:50:19 | Computer Name = SCRATCH-D0A974A | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace nero.exe, verze 7.0.1.2, zablokovaný modul hungapp,
verze 0.0.0.0, adresa bloku 0x00000000.

Error - 17.12.2009 15:14:32 | Computer Name = SCRATCH-D0A974A | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace nero.exe, verze 7.0.1.2, zablokovaný modul hungapp,
verze 0.0.0.0, adresa bloku 0x00000000.

Error - 17.12.2009 15:40:31 | Computer Name = SCRATCH-D0A974A | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace nero.exe, verze 7.0.1.2, zablokovaný modul hungapp,
verze 0.0.0.0, adresa bloku 0x00000000.

Error - 18.12.2009 1:30:18 | Computer Name = SCRATCH-D0A974A | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace nero.exe, verze 7.0.1.2, zablokovaný modul hungapp,
verze 0.0.0.0, adresa bloku 0x00000000.

Error - 18.12.2009 1:45:51 | Computer Name = SCRATCH-D0A974A | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace nero.exe, verze 7.0.1.2, zablokovaný modul hungapp,
verze 0.0.0.0, adresa bloku 0x00000000.

Error - 19.12.2009 12:27:04 | Computer Name = SCRATCH-D0A974A | Source = Application Error | ID = 1000
Description = Chybující aplikace acdseeqv.exe, verze 1.0.68.1, chybující modul acdseeqv.exe,
verze 1.0.68.1, adresa chyby 0x00037062.

Error - 26.12.2009 11:42:56 | Computer Name = SCRATCH-D0A974A | Source = Microsoft Office 11 | ID = 1000
Description =

Error - 21.1.2010 8:41:43 | Computer Name = SCRATCH-D0A974A | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace notepad.exe, verze 5.1.2600.5512, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

[ System Events ]
Error - 23.1.2010 3:10:24 | Computer Name = SCRATCH-D0A974A | Source = Service Control Manager | ID = 7000
Description = Služba Eset Nod32 Boot neuspěla při spuštění v důsledku následující
chyby: %%1053

Error - 23.1.2010 3:10:26 | Computer Name = SCRATCH-D0A974A | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: sptd

Error - 24.1.2010 4:24:38 | Computer Name = SCRATCH-D0A974A | Source = Service Control Manager | ID = 7009
Description = Vypršel časový limit (30000 milisekund) čekání na připojení služby
Eset Nod32 Boot.

Error - 24.1.2010 4:24:38 | Computer Name = SCRATCH-D0A974A | Source = Service Control Manager | ID = 7000
Description = Služba Eset Nod32 Boot neuspěla při spuštění v důsledku následující
chyby: %%1053

Error - 24.1.2010 4:24:40 | Computer Name = SCRATCH-D0A974A | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: sptd

Error - 24.1.2010 14:36:55 | Computer Name = SCRATCH-D0A974A | Source = Service Control Manager | ID = 7034
Description = Služba PIXMA Extended Survey Program byla neočekávaně ukončena. Tento
stav nastal již 1krát.

Error - 24.1.2010 14:36:55 | Computer Name = SCRATCH-D0A974A | Source = Service Control Manager | ID = 7034
Description = Služba TP-LINK Configuration Service byla neočekávaně ukončena. Tento
stav nastal již 1krát.

Error - 25.1.2010 1:26:29 | Computer Name = SCRATCH-D0A974A | Source = Service Control Manager | ID = 7009
Description = Vypršel časový limit (30000 milisekund) čekání na připojení služby
Eset Nod32 Boot.

Error - 25.1.2010 1:26:29 | Computer Name = SCRATCH-D0A974A | Source = Service Control Manager | ID = 7000
Description = Služba Eset Nod32 Boot neuspěla při spuštění v důsledku následující
chyby: %%1053

Error - 25.1.2010 1:26:29 | Computer Name = SCRATCH-D0A974A | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: sptd


< End of report >

[Damned]

Červený soubor zkontroluj na Virustotalu a vlož sem odkaz na výsledek.
Pokud ho nenajdeš, dej si zobrazit skryté a systémové soubory. Pokud ti nabídne, že soubor už kontroloval,
nech ho zkontrolovat znovu, a počkej až se objeví "Dokončeno" a výsledek.Potom sem zkopíruj adresní řádek.

C:\Program Files\QIP\qip.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\System32\regedt32.exe
C:\Program Files\TP-LINK\TWCU\TWCU.exe

[scratch]

Pokud jsem to dobre pochopil co se po mne chce, tak tady posilam:

C:\Program Files\QIP\qip.exe
http://www.virustotal.com/cs/analisis/f ... 1264185621

C:\WINDOWS\system32\acs.exe
http://www.virustotal.com/cs/analisis/c ... 1264274591

C:\WINDOWS\System32\regedt32.exe
http://www.virustotal.com/cs/analisis/3 ... 1243279257

C:\Program Files\TP-LINK\TWCU\TWCU.exe
http://www.virustotal.com/cs/analisis/2 ... 1258283714

[Damned]

Tak tak, to je ono.

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Custom Scans/Fixes do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = http://google.icq.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.09
[2010.01.12 21:15:22 | 00,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\scratch\Data aplikací\Mozilla\Firefox\Profiles\zp8ichb8.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
@Alternate Data Stream - 166 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:B3D74A13

:Files
C:\Windows\*.tmp
C:\Windows\System32\*.tmp
C:\Documents and Settings\scratch\Dokumenty\gVwZEzTL.jpeg

:Reg

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]


Poté klikni nahoře na Run Fix. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

[scratch]

Nevim, ktere konkretne aplikace nesmi bezet. Okna a prohlizece jsou jasne, ale standartne bezi i ESET a ICQ atd. Vsechno zrusit?

[scratch]

Tady je log
--------------------

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Prev Search Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
Prefs.js: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.09 removed from extensions.enabledItems
C:\Documents and Settings\scratch\Data aplikací\Mozilla\Firefox\Profiles\zp8ichb8.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}\META-INF folder moved successfully.
C:\Documents and Settings\scratch\Data aplikací\Mozilla\Firefox\Profiles\zp8ichb8.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}\defaults\preferences folder moved successfully.
C:\Documents and Settings\scratch\Data aplikací\Mozilla\Firefox\Profiles\zp8ichb8.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}\defaults folder moved successfully.
C:\Documents and Settings\scratch\Data aplikací\Mozilla\Firefox\Profiles\zp8ichb8.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}\components folder moved successfully.
C:\Documents and Settings\scratch\Data aplikací\Mozilla\Firefox\Profiles\zp8ichb8.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}\chrome folder moved successfully.
C:\Documents and Settings\scratch\Data aplikací\Mozilla\Firefox\Profiles\zp8ichb8.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} folder moved successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0\ deleted successfully.
File About:Home not found.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:B3D74A13 deleted successfully.
========== FILES ==========
File\Folder C:\Windows\*.tmp not found.
File\Folder C:\Windows\System32\*.tmp not found.
C:\Documents and Settings\scratch\Dokumenty\gVwZEzTL.jpeg moved successfully.
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: scratch
->Temp folder emptied: 1366727 bytes
->Temporary Internet Files folder emptied: 414682 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 39320343 bytes
->Opera cache emptied: 2480222 bytes

User: Verunka

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1869682360 bytes

Total Files Cleaned = 1 825,00 mb


OTL by OldTimer - Version 3.1.26.0 log created on 01252010_142310

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

[Damned]

Vypni si Body obnovení, a po chvíli si je opět zapni.

Stáhni si :Dr. Web CureIt nebo z http://www.majorgeeks.com/Dr.Web_CureIT_d4783.html dej update , po aktualizaci dej start.

Tlačítky dole můzeš soubor léčit, smazat, přesunout nebo přejmenovat.Pak napiš výsledek. Sken může trvat dlouho. Nalezenou infekci nejdříve léčit, potom teprve smazat. Pokud něco najde ve složce System Volume Information, tak smazat.

[scratch]

Tak Curel It nenasel vubec nic.

[Damned]

Spamy ještě posíláš? Protože sme vyčistily co jsme mohli (což už měli udělat jinde), a není tam vidět nějaký šmejd.

[scratch]

Zrovna v prubehu scanu Curel It se objevil na mem QIPu online ucet druheho uzivatele (pritelkyne), ktera prokazatelne online nebyla (stala mi za zady) a jakmile se objevil online status tak to hned poslalo nejaky spam na muj QIP.