Prosím o kontrolu logu. Vyřešeno

[Pawkin]

MOVE IT TO JE TEN VYPIS

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service\Driver comsa32 not found.
Service\Driver comsa32 not found.
Service\Driver sopidkc not found.
Service\Driver sopidkc not found.
Service\Driver dpcxool64 not found.
Service\Driver dpcxool64 not found.
Service\Driver dpcxool64 not found.
Service\Driver protect deleted successfully.
Service\Driver dpcxool64 not found.
Service\Driver restore deleted successfully.
========== REGISTRY ==========
========== FILES ==========
File/Folder C:\WINDOWS\system32\sopidkc.exe not found.
File/Folder c:\documents and settings\tomáš pawera\reader_s.exe not found.
File/Folder c:\program files\thunmail\testabd.exe not found.
c:\windows\system32\TPSAXYD.EXE moved successfully.
c:\windows\system32\dpcxool64.sys moved successfully.
c:\windows\system32\comsa32.sys moved successfully.
c:\windows\system32\99.tmp moved successfully.
c:\windows\system32\4.tmp moved successfully.
c:\windows\system32\5C.tmp moved successfully.
c:\windows\system32\7D.tmp moved successfully.
c:\windows\system32\39.tmp moved successfully.
c:\windows\system32\51.tmp moved successfully.
c:\windows\system32\4C.tmp moved successfully.
c:\windows\system32\reader_s.exe moved successfully.
c:\windows\system32\28.tmp moved successfully.
c:\windows\system32\87.tmp moved successfully.
c:\windows\system32\A2CF.tmp moved successfully.
c:\windows\system32\609.tmp moved successfully.
c:\windows\system32\2F.tmp moved successfully.
c:\windows\system32\5A.tmp moved successfully.
c:\windows\system32\45.tmp moved successfully.
c:\windows\system32\52.tmp moved successfully.
c:\windows\system32\50.tmp moved successfully.
c:\windows\system32\C7.tmp moved successfully.
c:\windows\system32\AC.tmp moved successfully.
c:\windows\system32\38.tmp moved successfully.
c:\windows\system32\41.tmp moved successfully.
c:\windows\system32\D7C.tmp moved successfully.
c:\windows\system32\D7A.tmp moved successfully.
c:\windows\system32\2D2.tmp moved successfully.
c:\windows\system32\2D0.tmp moved successfully.
c:\windows\system32\9A.tmp moved successfully.
c:\windows\system32\3E5.tmp moved successfully.
c:\windows\system32\3D9.tmp moved successfully.
C:\found.000\dir0000.chk\lang moved successfully.
C:\found.000\dir0000.chk\ic moved successfully.
C:\found.000\dir0000.chk\asms\70\msft\windows\mswincrt moved successfully.
C:\found.000\dir0000.chk\asms\70\msft\windows moved successfully.
C:\found.000\dir0000.chk\asms\70\msft moved successfully.
C:\found.000\dir0000.chk\asms\70 moved successfully.
C:\found.000\dir0000.chk\asms\60\msft\windows\common\controls moved successfully.
C:\found.000\dir0000.chk\asms\60\msft\windows\common moved successfully.
C:\found.000\dir0000.chk\asms\60\msft\windows moved successfully.
C:\found.000\dir0000.chk\asms\60\msft\vcrtl moved successfully.
C:\found.000\dir0000.chk\asms\60\msft moved successfully.
C:\found.000\dir0000.chk\asms\60 moved successfully.
C:\found.000\dir0000.chk\asms\52\msft\windows\net\rtcres moved successfully.
C:\found.000\dir0000.chk\asms\52\msft\windows\net\rtcdll moved successfully.
C:\found.000\dir0000.chk\asms\52\msft\windows\net\dxmrtp moved successfully.
C:\found.000\dir0000.chk\asms\52\msft\windows\net moved successfully.
C:\found.000\dir0000.chk\asms\52\msft\windows moved successfully.
C:\found.000\dir0000.chk\asms\52\msft moved successfully.
C:\found.000\dir0000.chk\asms\52 moved successfully.
C:\found.000\dir0000.chk\asms\10\msft\windows\gdiplus moved successfully.
C:\found.000\dir0000.chk\asms\10\msft\windows moved successfully.
C:\found.000\dir0000.chk\asms\10\msft moved successfully.
C:\found.000\dir0000.chk\asms\10 moved successfully.
C:\found.000\dir0000.chk\asms moved successfully.
Folder move failed. C:\found.000\dir0000.chk scheduled to be moved on reboot.
Folder move failed. C:\found.000 scheduled to be moved on reboot.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\TOMPAW~1\LOCALS~1\Temp\~DFEAFD.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Tomáš Pawera\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\mta30861.dll scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05292009_164147

VYPIS Z MALWARE BYTES

Malwarebytes' Anti-Malware 1.37
Verze databáze: 2188
Windows 5.1.2600 Service Pack 3

29.5.2009 16:55:52
mbam-log-2009-05-29 (16-55-48).txt

Typ skenu: Rychlý sken
Objektu skenováno: 77489
Uplynulý cas: 7 minute(s), 8 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 1
Infikované klíce registru: 6
Infikované hodnoty registru: 1
Infikované položky dat registru: 2
Infikované složky: 1
Infikované soubory: 8

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
c:\WINDOWS\system32\msncache.dll (Trojan.Dropper) -> No action taken.

Infikované klíce registru:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msncache (Trojan.Dropper) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\msncache (Trojan.Dropper) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msncache (Trojan.Dropper) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\services\del (Malware.Trace) -> No action taken.

Infikované položky dat registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
C:\Program Files\ThunMail (Spyware.OnlineGamer) -> No action taken.

Infikované soubory:
c:\WINDOWS\system32\msncache.dll (Trojan.Dropper) -> No action taken.
c:\WINDOWS\system32\dncyool64.sys (Trojan.Clicker) -> No action taken.
c:\program files\ThunMail\testabd.dll (Spyware.OnlineGamer) -> No action taken.
c:\program files\ThunMail\testabd.ex_ (Spyware.OnlineGamer) -> No action taken.
C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\tpszxyd.sys (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\WTUKD32.EXE (Backdoor.Bot) -> No action taken.
C:\Program Files\ICQToolbar\toolbaru.dll (Adware.BHO) -> No action taken.

[Reklama]

[jaro3]

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log z MbAM.

Vypni rez. ochranu u antiviru.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Pawkin]

Malwarebytes' Anti-Malware 1.37
Verze databáze: 2188
Windows 5.1.2600 Service Pack 3

29.5.2009 17:07:51
mbam-log-2009-05-29 (17-07-51).txt

Typ skenu: Rychlý sken
Objektu skenováno: 77489
Uplynulý cas: 7 minute(s), 8 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 1
Infikované klíce registru: 6
Infikované hodnoty registru: 1
Infikované položky dat registru: 2
Infikované složky: 1
Infikované soubory: 8

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
c:\WINDOWS\system32\msncache.dll (Trojan.Dropper) -> Delete on reboot.

Infikované klíce registru:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msncache (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\msncache (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msncache (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\services\del (Malware.Trace) -> Quarantined and deleted successfully.

Infikované položky dat registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infikované složky:
C:\Program Files\ThunMail (Spyware.OnlineGamer) -> Quarantined and deleted successfully.

Infikované soubory:
c:\WINDOWS\system32\msncache.dll (Trojan.Dropper) -> Delete on reboot.
c:\WINDOWS\system32\dncyool64.sys (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\program files\ThunMail\testabd.dll (Spyware.OnlineGamer) -> Quarantined and deleted successfully.
c:\program files\ThunMail\testabd.ex_ (Spyware.OnlineGamer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tpszxyd.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WTUKD32.EXE (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\ICQToolbar\toolbaru.dll (Adware.BHO) -> Quarantined and deleted successfully



combo fix nejde spustit pokazde to hodi okinko z ok porad to hazzi error

[jaro3]

Zkus si zde
http://www.edisk.cz/stahni/81760/tools.rar_3.7MB.html
stáhnout některé prográmky co by se nám mohly hodit.
Rozbal si archiv do svého adresáře. Soubory jsou záměrně pojmenované jinak než původní v návodech, tak se nediv.
Zkus pak spustit.
itr - RSIT
buss - DDS
VerTerm= Combofix - návod stejný
pokud ti pojede VerTerm, tak sem vlož z něho log.Podívám se později.

Pokud přesto nepojede:
Stáhni si RSIT (by random/random)
- spusť ho, objeví se ti okno, tak pro pokračování klikni na Continue
- počkej až program proběhne a zobrazí se ti log jinak ho najdeš zde: C:\rsit\log.txt zkopíruj sem prosím celý jeho obsah

[Pawkin]

vypis z rist

Logfile of random's system information tool 1.06 (written by random/random)
Run by Tomáš Pawera at 2009-05-29 18:00:36
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 47 GB (61%) free of 76 GB
Total RAM: 511 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:01:03, on 29.5.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Tomáš Pawera\Plocha\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Tomáš Pawera.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Mario Forever Toolbar - {707db484-2428-402d-afb5-d85b387544c7} - C:\Program Files\Mario_Forever\tbMar1.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: qlvddc - qlvddc.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (file missing)
O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

--
End of file - 6165 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\User_Feed_Synchronization-{DB97E567-291E-4B34-8D35-AE6DDBCE7786}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 853672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{707db484-2428-402d-afb5-d85b387544c7}]
Mario Forever Toolbar - C:\Program Files\Mario_Forever\tbMar1.dll [2009-05-20 2094616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-06-12 958712]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-09-16 69632]
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe []
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"LGODDFU"=C:\Program Files\lg_fwupdate\fwupdate.exe blrun []
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe []
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP []
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-02-06 2021400]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe []
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2006-08-14 20066856]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe -autorun []
"ICQ"=C:\Program Files\ICQ6\ICQ.exe [2008-05-18 172280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
C:\Program Files\ICQLite\ICQLite.exe -minimize []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-24 29696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-08-25 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qlvddc]
qlvddc.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Thalie\NWN\nwmain.exe"="C:\Thalie\NWN\nwmain.exe:*:Enabled:Neverwinter Nights"
"C:\NeverwinterNights\NWN\nwmain.exe"="C:\NeverwinterNights\NWN\nwmain.exe:*:Enabled:Neverwinter Nights"
"C:\Program Files\Metin2_CZ\metin2.bin"="C:\Program Files\Metin2_CZ\metin2.bin:*:Enabled:metin2"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\BitLord2\BitLord.exe"="C:\Program Files\BitLord2\BitLord.exe:*:Enabled:Bitlord2"
"C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe"="C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-05-29 18:00:36 ----D---- C:\rsit
2009-05-29 17:15:40 ----A---- C:\Bug.txt
2009-05-29 16:41:47 ----D---- C:\_OTMoveIt
2009-05-29 15:47:28 ----A---- C:\egd.txt
2009-05-29 15:47:25 ----D---- C:\WINDOWS\system32\bfubackups
2009-05-29 15:38:16 ----D---- C:\bfu
2009-05-29 15:08:07 ----D---- C:\Qoobox
2009-05-29 13:38:42 ----D---- C:\NeverwinterNights
2009-05-29 12:23:15 ----D---- C:\Program Files\Mozilla Firefox
2009-05-28 19:00:50 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-28 17:36:55 ----D---- C:\Documents and Settings\Tomáš Pawera\Data aplikací\AVG7
2009-05-28 17:36:55 ----D---- C:\Documents and Settings\All Users\Data aplikací\Grisoft
2009-05-28 17:36:55 ----D---- C:\Documents and Settings\All Users\Data aplikací\avg7
2009-05-28 17:34:43 ----D---- C:\Documents and Settings\Tomáš Pawera\Data aplikací\Help
2009-05-28 17:34:43 ----D---- C:\Documents and Settings\Tomáš Pawera\Data aplikací\Google
2009-05-28 17:34:43 ----D---- C:\Documents and Settings\Tomáš Pawera\Data aplikací\DAEMON Tools Pro
2009-05-28 17:34:43 ----D---- C:\Documents and Settings\Tomáš Pawera\Data aplikací\DAEMON Tools Lite
2009-05-28 17:34:43 ----D---- C:\Documents and Settings\Tomáš Pawera\Data aplikací\CyberLink
2009-05-28 17:34:43 ----D---- C:\Documents and Settings\Tomáš Pawera\Data aplikací\AdobeUM
2009-05-28 17:34:43 ----D---- C:\Documents and Settings\Tomáš Pawera\Data aplikací\Adobe
2009-05-28 17:34:42 ----D---- C:\Documents and Settings\Tomáš Pawera\Data aplikací\Leadertech
2009-05-28 17:34:42 ----D---- C:\Documents and Settings\Tomáš Pawera\Data aplikací\Lavasoft
2009-05-28 17:34:42 ----D---- C:\Documents and Settings\Tomáš Pawera\Data aplikací\Identities
2009-05-28 17:34:42 ----D---- C:\Documents and Settings\Tomáš Pawera\Data aplikací\ICQLite
2009-05-28 17:34:42 ----D---- C:\Documents and Settings\Tomáš Pawera\Data aplikací\ICQ Toolbar
2009-05-28 17:34:42 ----D---- C:\Documents and Settings\Tomáš Pawera\Data aplikací\ICQ
2009-05-28 17:34:40 ----D---- C:\Documents and Settings\Tomáš Pawera\Data aplikací\Macromedia
2009-05-28 17:34:38 ----D---- C:\Documents and Settings\Tomáš Pawera\Data aplikací\WhenU
2009-05-28 17:34:38 ----D---- C:\Documents and Settings\Tomáš Pawera\Data aplikací\Skype
2009-05-28 17:34:38 ----D---- C:\Documents and Settings\Tomáš Pawera\Data aplikací\Mozilla
2009-05-28 17:34:36 ----D---- C:\MyWorks
2009-05-28 17:34:36 ----D---- C:\Documents and Settings\All Users\Data aplikací\Windows Genuine Advantage
2009-05-28 17:34:36 ----D---- C:\Documents and Settings\All Users\Data aplikací\ICQ
2009-05-28 17:34:36 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2009-05-28 17:34:35 ----HD---- C:\WINDOWS\$NtUninstallKB896358$
2009-05-28 17:34:35 ----D---- C:\WINDOWS\Sun
2009-05-28 17:34:35 ----D---- C:\Program Files\TorrentMan
2009-05-28 17:34:35 ----D---- C:\Program Files\Port Royale
2009-05-28 17:34:35 ----D---- C:\Program Files\ICQToolbar
2009-05-28 17:34:35 ----D---- C:\Program Files\directx
2009-05-28 17:34:35 ----D---- C:\Program Files\ComPlus Applications
2009-05-28 17:34:35 ----D---- C:\Program Files\BitLord2
2009-05-28 17:13:33 ----D---- C:\Documents and Settings\Tomáš Pawera\Data aplikací\Zoner
2009-05-28 13:14:17 ----D---- C:\Documents and Settings\Tomáš Pawera\Data aplikací\Sun
2009-05-28 13:09:35 ----D---- C:\Program Files\Trend Micro
2009-05-28 12:59:32 ----D---- C:\Documents and Settings\Tomáš Pawera\Data aplikací\Malwarebytes
2009-05-28 12:59:13 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2009-05-27 20:45:51 ----D---- C:\WINDOWS\system32\NtmsData
2009-05-27 20:37:35 ----SHD---- C:\Config.Msi
2009-05-27 18:57:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2009-05-27 16:27:48 ----A---- C:\WINDOWS\ntbtlog.txt
2009-05-27 16:14:49 ----D---- C:\Documents and Settings\All Users\Data aplikací\Windows Genuine Advantage(2)
2009-05-27 16:14:14 ----D---- C:\Documents and Settings\Tomáš Pawera\Data aplikací\Macromedia(2)
2009-05-27 16:14:12 ----D---- C:\Documents and Settings\Tomáš Pawera\Data aplikací\Skype(2)
2009-05-27 16:14:00 ----D---- C:\Documents and Settings\Tomáš Pawera\Data aplikací\ICQ(2)
2009-05-27 15:46:38 ----D---- C:\Program Files\Common Files\HP
2009-05-27 14:58:33 ----D---- C:\WINDOWS\Minidump
2009-05-26 13:17:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-05-26 13:15:44 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-05-25 17:27:20 ----D---- C:\Program Files\Common Files\WhenU
2009-05-25 17:26:16 ----D---- C:\Program Files\Grisoft
2009-05-24 18:12:30 ----A---- C:\WINDOWS\system32\LMRTREND.dll
2009-05-24 18:12:28 ----A---- C:\WINDOWS\system32\dxtmsft3.dll
2009-05-24 18:12:24 ----A---- C:\WINDOWS\system32\unam4ie.exe
2009-05-24 18:12:18 ----A---- C:\WINDOWS\system32\vidx16.dll
2009-05-24 18:12:18 ----A---- C:\WINDOWS\system32\qcut.dll
2009-05-24 18:12:17 ----A---- C:\WINDOWS\system32\w95inf32.dll
2009-05-24 18:12:17 ----A---- C:\WINDOWS\system32\w95inf16.dll
2009-05-24 18:12:04 ----A---- C:\WINDOWS\IsUninst.exe
2009-05-24 17:59:34 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2009-05-24 13:42:21 ----D---- C:\WINDOWS\Prefetch
2009-05-24 13:39:20 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-05-24 13:39:02 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-05-24 13:38:48 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-05-24 13:38:32 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-05-24 13:38:16 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-05-24 13:38:03 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-05-24 13:37:48 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-05-24 13:37:35 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-05-24 13:37:21 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-05-24 13:37:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-05-24 13:36:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-05-24 13:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-05-24 13:36:17 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-05-24 13:36:05 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-05-24 13:35:52 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-05-24 13:35:39 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-05-24 13:35:22 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-05-24 13:35:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-05-24 13:34:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-05-24 13:34:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-05-24 13:33:58 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-05-24 13:33:38 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-05-24 13:33:13 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-05-24 13:33:00 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-05-24 13:32:40 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-05-24 13:26:35 ----D---- C:\WINDOWS\l2schemas
2009-05-24 13:26:34 ----D---- C:\WINDOWS\system32\cs
2009-05-24 13:26:34 ----D---- C:\WINDOWS\system32\bits
2009-05-24 13:21:59 ----D---- C:\WINDOWS\ServicePackFiles
2009-05-24 13:12:00 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-05-24 13:11:57 ----D---- C:\WINDOWS\EHome
2009-05-24 12:59:24 ----D---- C:\WINDOWS\ie8updates
2009-05-24 12:56:18 ----HDC---- C:\WINDOWS\ie8
2009-05-21 20:34:42 ----SHD---- C:\found.000
2009-05-21 18:15:31 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2009-05-21 18:15:21 ----RA---- C:\WINDOWS\system32\atiiiexx.dll
2009-05-21 18:15:20 ----RA---- C:\WINDOWS\system32\ATIDEMGR.dll
2009-05-21 18:14:50 ----D---- C:\Program Files\ATI Technologies
2009-05-20 19:30:58 ----A---- C:\WINDOWS\mafosav.INI
2009-05-20 19:25:01 ----D---- C:\Program Files\Conduit
2009-05-20 19:24:58 ----D---- C:\Program Files\Mario_Forever
2009-05-20 12:50:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2009-05-20 12:49:53 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2009-05-20 12:49:37 ----HDC---- C:\WINDOWS\$NtUninstallKB959426_0$
2009-05-20 12:49:26 ----HDC---- C:\WINDOWS\$NtUninstallKB943460$
2009-05-20 12:49:15 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2009-05-20 12:49:04 ----HDC---- C:\WINDOWS\$NtUninstallKB961373_0$
2009-05-20 12:48:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2009-05-20 12:48:36 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-05-20 12:46:33 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2009-05-20 12:44:24 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$
2009-05-20 12:44:12 ----HDC---- C:\WINDOWS\$NtUninstallKB960225_0$
2009-05-20 12:43:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956572_0$
2009-05-20 12:42:59 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2_0$
2009-05-20 12:42:45 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-05-20 12:42:27 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_0$
2009-05-20 12:42:15 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-05-20 12:41:16 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2009-05-20 12:34:54 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2009-05-20 12:27:20 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-05-20 12:25:03 ----HDC---- C:\WINDOWS\$NtUninstallKB958687_0$
2009-05-20 12:23:18 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2009-05-20 12:19:56 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$
2009-05-20 12:17:47 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2009-05-20 12:16:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2009-05-20 12:13:47 ----HDC---- C:\WINDOWS\$NtUninstallKB958690_0$
2009-05-20 12:11:01 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-05-20 12:10:26 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$
2009-05-20 12:10:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2009-05-20 12:09:33 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2009-05-20 12:08:41 ----HDC---- C:\WINDOWS\$NtUninstallKB960803_0$
2009-05-20 12:07:33 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2009-05-20 12:00:00 ----HDC---- C:\WINDOWS\$NtUninstallKB954600_0$
2009-05-20 11:59:33 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2009-05-20 11:59:07 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2009-05-20 11:58:31 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2009-05-20 11:58:07 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$
2009-05-20 11:57:29 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-05-20 11:56:29 ----HDC---- C:\WINDOWS\$NtUninstallKB923561_0$
2009-05-20 11:55:53 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$
2009-05-19 18:49:51 ----D---- C:\Program Files\ICQ6Toolbar
2009-05-19 18:46:37 ----D---- C:\Program Files\ICQ6
2009-05-19 18:36:15 ----D---- C:\Program Files\GameSpy Arcade
2009-05-19 17:33:39 ----D---- C:\Thalie

======List of files/folders modified in the last 1 months======

2009-05-29 17:59:08 ----D---- C:\WINDOWS\system32
2009-05-29 17:57:11 ----D---- C:\WINDOWS
2009-05-29 17:46:23 ----D---- C:\WINDOWS\Temp
2009-05-29 17:11:10 ----D---- C:\WINDOWS\system32\drivers
2009-05-29 17:09:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-29 17:07:51 ----RD---- C:\Program Files
2009-05-29 16:52:20 ----D---- C:\Program Files\Outlook Express
2009-05-29 16:52:10 ----D---- C:\Program Files\NetMeeting
2009-05-29 15:49:31 ----D---- C:\Program Files\lg_fwupdate
2009-05-29 15:49:11 ----A---- C:\WINDOWS\lgfwup.ini
2009-05-29 14:58:05 ----D---- C:\Program Files\Messenger
2009-05-29 14:48:13 ----D---- C:\WINDOWS\system32\wbem
2009-05-29 13:14:18 ----D---- C:\Program Files\Windows NT
2009-05-29 13:14:13 ----D---- C:\Program Files\Windows Media Player
2009-05-29 13:13:48 ----D---- C:\Program Files\Servant Salamander 2.0
2009-05-29 13:13:15 ----D---- C:\Program Files\PDFCreator
2009-05-29 13:12:30 ----D---- C:\Program Files\Movie Maker
2009-05-29 13:11:20 ----D---- C:\Program Files\WinRAR
2009-05-29 12:59:40 ----D---- C:\Program Files\Internet Explorer
2009-05-29 12:53:36 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-29 12:43:22 ----D---- C:\Program Files\Codec Pack - All In 1
2009-05-29 12:23:31 ----D---- C:\WINDOWS\system32\oobe
2009-05-29 12:23:30 ----D---- C:\WINDOWS\system32\usmt
2009-05-29 12:23:30 ----D---- C:\WINDOWS\system32\Restore
2009-05-29 12:21:10 ----D---- C:\Program Files\Winamp
2009-05-29 12:19:47 ----HD---- C:\WINDOWS\inf
2009-05-29 12:17:38 ----D---- C:\Program Files\ESET
2009-05-28 20:07:28 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-05-28 20:07:07 ----A---- C:\WINDOWS\imsins.BAK
2009-05-28 18:23:15 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-28 18:23:15 ----D---- C:\Program Files\CyberLink DVD Solution
2009-05-28 18:20:40 ----SHD---- C:\WINDOWS\Installer
2009-05-28 17:44:50 ----D---- C:\WINDOWS\system32\CatRoot
2009-05-28 17:39:13 ----D---- C:\WINDOWS\system32\config
2009-05-28 17:38:55 ----D---- C:\WINDOWS\Registration
2009-05-28 17:36:24 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-05-28 17:34:35 ----SD---- C:\Documents and Settings\Tomáš Pawera\Data aplikací\Microsoft
2009-05-28 17:30:10 ----D---- C:\WINDOWS\network diagnostic
2009-05-28 17:22:43 ----D---- C:\WINDOWS\Help
2009-05-28 17:11:34 ----A---- C:\WINDOWS\system.ini
2009-05-28 13:17:48 ----D---- C:\WINDOWS\system32\Com
2009-05-27 20:40:13 ----A---- C:\WINDOWS\win.ini
2009-05-27 20:38:55 ----RSD---- C:\WINDOWS\assembly
2009-05-27 16:28:19 ----D---- C:\Documents and Settings
2009-05-27 15:51:24 ----D---- C:\Program Files\Common Files
2009-05-27 15:47:05 ----D---- C:\WINDOWS\WinSxS
2009-05-27 10:20:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-05-27 10:05:15 ----D---- C:\WINDOWS\system
2009-05-25 07:23:54 ----HD---- C:\WINDOWS\$hf_mig$
2009-05-24 13:44:43 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-05-24 13:43:07 ----A---- C:\WINDOWS\OEWABLog.txt
2009-05-24 13:42:25 ----A---- C:\WINDOWS\setuplog.txt
2009-05-24 13:41:52 ----D---- C:\WINDOWS\system32\Setup
2009-05-24 13:41:52 ----D---- C:\WINDOWS\AppPatch
2009-05-24 13:41:50 ----RSD---- C:\WINDOWS\Fonts
2009-05-24 13:41:00 ----D---- C:\WINDOWS\security
2009-05-24 13:27:04 ----D---- C:\WINDOWS\ime
2009-05-24 13:26:40 ----D---- C:\WINDOWS\system32\cs-cz
2009-05-24 13:26:34 ----D---- C:\WINDOWS\PeerNet
2009-05-24 13:21:45 ----D---- C:\WINDOWS\system32\npp
2009-05-24 13:21:44 ----D---- C:\WINDOWS\msagent
2009-05-24 13:21:42 ----D---- C:\WINDOWS\srchasst
2009-05-24 13:21:32 ----D---- C:\Program Files\Common Files\System
2009-05-24 13:16:21 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-05-24 13:06:05 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2009-05-24 13:03:41 ----SD---- C:\WINDOWS\Tasks
2009-05-24 13:01:50 ----D---- C:\WINDOWS\Media
2009-05-24 12:26:40 ----D---- C:\Temp
2009-05-21 19:15:01 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-05-21 18:16:09 ----RD---- C:\WINDOWS\Web
2009-05-21 12:28:05 ----A---- C:\WINDOWS\NeroDigital.ini
2009-05-20 14:36:11 ----D---- C:\WINDOWS\Debug
2009-05-20 12:44:44 ----D---- C:\WINDOWS\ie7updates
2009-05-19 18:50:19 ----D---- C:\Program Files\ICQLite
2009-05-07 00:16:30 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2009-05-25 4224]
R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2009-05-25 3968]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-02-06 93336]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-07-08 29696]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2006-07-12 28672]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 AvgTdi;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdi.sys [2009-05-25 4960]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-02-06 113448]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-09-21 2278784]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-25 787456]
R3 Edspport;EDSP Port Driver; C:\WINDOWS\system32\DRIVERS\es56hpi.sys [2000-02-25 546863]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-04-13 70144]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-07-08 99584]
S1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2009-05-25 816672]
S1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2009-05-25 28416]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 restore;restore; \??\C:\WINDOWS\system32\drivers\restore.sys []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-08-25 389120]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456]
R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-07-08 871424]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2004-08-25 516096]
S2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe []
S2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe []
S2 AVGEMS;AVG E-mail Scanner; C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe []
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-02-06 20680]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

[jaro3]

to je síla...
Zkoušels odinstalovat AVG??

Zkus toto:
http://www.avg.com/filedir/util/avg_arm ... emover.exe
Nebo to smažeme scriptem.-.

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:návod:
viewtopic.php?f=70&t=5119

Kód: Vybrat vše

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O20 - Winlogon Notify: qlvddc - qlvddc.dll (file missing)

zkus ještě jednou odinstalovat Mario Forever Toolbar , máš to tam pořád...

Takže odstraním AVG...

OTMoveIt3 (by OldTimer) spusť .
- Do levého sloupce (Paste Instructions for Items to be Moved) zkopíruj tyto cesty:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE

Kód: Vybrat vše

:Processes
explorer.exe

:Services
restore
Avg7RsW
AvgClean
AvgTdi
Avg7Core
Avg7RsXP
Avg7Alrt
Avg7UpdSvc
AVGEMS

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{707db484-2428-402d-afb5-d85b387544c7}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qlvddc]

:Files
C:\Program Files\Mario_Forever\tbMar1.dll
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\imsins.BAK
C:\Documents and Settings\Tomáš Pawera\Data aplikací\AVG7
C:\Documents and Settings\All Users\Data aplikací\Grisoft
C:\Documents and Settings\All Users\Data aplikací\avg7
C:\Program Files\Grisoft
C:\Documents and Settings\Tomáš Pawera\Data aplikací\WhenU
C:\Program Files\Common Files\WhenU
C:\PROGRA~1\Grisoft
C:\found.000
C:\Program Files\Mario_Forever

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď.
*****************************************************************************************************************************************
Stáhni si :Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit, smazat, přesunout nebo přejmenovat

Následně vlož nový log z HJT.

[Pawkin]

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========

Service\Driver restore deleted successfully.

Service\Driver Avg7RsW deleted successfully.
Service\Driver AvgClean stopped successfully.
Service\Driver AvgClean deleted successfully.
Service\Driver AvgTdi stopped successfully.
Service\Driver AvgTdi deleted successfully.
Service\Driver AvgTdi stopped successfully.
Service\Driver Avg7Core deleted successfully.
Service\Driver AvgTdi stopped successfully.
Service\Driver Avg7RsXP deleted successfully.
Service\Driver AvgTdi stopped successfully.
Service\Driver Avg7Alrt deleted successfully.
Service\Driver AvgTdi stopped successfully.
Service\Driver Avg7UpdSvc deleted successfully.
Service\Driver AvgTdi stopped successfully.
Service\Driver AVGEMS deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{707db484-2428-402d-afb5-d85b387544c7}\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AVG7_CC not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qlvddc\\ not found.
========== FILES ==========
C:\Program Files\Mario_Forever\tbMar1.dll unregistered successfully.
C:\Program Files\Mario_Forever\tbMar1.dll moved successfully.
File/Folder C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe not found.
C:\WINDOWS\imsins.BAK moved successfully.
C:\Documents and Settings\Tomáš Pawera\Data aplikací\AVG7 moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Grisoft\Avg7Data\avg7upd\install moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Grisoft\Avg7Data\avg7upd\backup moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Grisoft\Avg7Data\avg7upd moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Grisoft\Avg7Data moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Grisoft moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg7\QUEUE\TEMP moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg7\QUEUE\OUT moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg7\QUEUE\ACTIVE moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg7\QUEUE moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg7\Log moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg7 moved successfully.
File/Folder C:\Program Files\Grisoft not found.
C:\Documents and Settings\Tomáš Pawera\Data aplikací\WhenU moved successfully.
C:\Program Files\Common Files\WhenU moved successfully.
File/Folder C:\PROGRA~1\Grisoft not found.
C:\found.000\dir0000.chk moved successfully.
C:\found.000 moved successfully.
C:\Program Files\Mario_Forever moved successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Tomáš Pawera\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\BN1.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\~DF3787.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\~DF39E7.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\~DF3A45.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\~DF3ACA.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Tomáš Pawera\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\28t5x1f4.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tomáš Pawera\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\28t5x1f4.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tomáš Pawera\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\28t5x1f4.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tomáš Pawera\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\28t5x1f4.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tomáš Pawera\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\28t5x1f4.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tomáš Pawera\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\28t5x1f4.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05302009_195619

Files moved on Reboot...
File C:\WINDOWS\temp\BN1.tmp not found!
C:\WINDOWS\temp\~DF3787.tmp moved successfully.
C:\WINDOWS\temp\~DF39E7.tmp moved successfully.
C:\WINDOWS\temp\~DF3A45.tmp moved successfully.
C:\WINDOWS\temp\~DF3ACA.tmp moved successfully.
C:\Documents and Settings\Tomáš Pawera\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\28t5x1f4.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Tomáš Pawera\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\28t5x1f4.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Tomáš Pawera\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\28t5x1f4.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Tomáš Pawera\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\28t5x1f4.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Tomáš Pawera\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\28t5x1f4.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Tomáš Pawera\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\28t5x1f4.default\XUL.mfl moved successfully.

[Pawkin]

nejde mi stahnout dr. web zkoušel jsem to i jinak ale neslo to co s tim pls???

[jaro3]

Neobjeví se Ti stahovací okno?

Stáhni si zde:
http://www.edisk.cz/stahni/52624/Lach.rar_13.54MB.html

[Pawkin]

uz mi to jede ale nebyl nalezen zaden vir dal sem kompletni sken a uz mi to naslo dva trojany

[jaro3]

Tedy potom :

vyčisti systém CCleanerem

Zkus ten Combofix:
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Pokus se Ti minule nainstaloval , ale nešel spustit , tak napřed toto:
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

Pokud přesto nepůjde:
Start-spustit: a napiš do okénka :(zkopíruj myší)
"%userprofile%\desktop\ComboFix.exe" /KillAll
a potvrď, dnes končím , budeme pokračovat zítra.

[Pawkin]

zatim diky moc