PC-HELP.CZ

Prosím o kontrolu:
(nenačitajú sa mi niektoré www stránky... - iba mne)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:48:46, on 18. 7. 2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Documents and Settings\Vlastnik\Desktop\lle-1\LLE.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F3 - REG:win.ini: load=
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LPT LED Effect] C:\Documents and Settings\Vlastnik\Desktop\lle-1\LLE.exe hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O8 - Extra context menu item: &Stáhnout &vše FlashGetem - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Stáhnout FlashGetem - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Vlastnik/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg

--
End of file - 9360 bytes

Odinstaluj si:
Crawler Toolbar
Winamp Toolbar
DAEMON Tools Toolbar
*****************************************************************************************************************************************
Spusť HJT, vypni prohlížeče, odpoj se od internetu a fixni (zatrhnout políčko před hodnotou, zmáčknout
"Fix checked"):

F3 - REG:win.ini: load=
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Vlastnik/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg
*****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Malwarebytes' Anti-Malware 1.39
Verzia databázy: 2421
Windows 5.1.2600 Service Pack 2

18. 7. 2009 10:52:50
mbam-log-2009-07-18 (10-52-47).txt

Typ kontroly: Rýchla
Objektov kontrolovaných: 99780
Uplynutý cas: 4 minute(s), 3 second(s)

Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 0
Infikovaných registracných hodnôt: 0
Infikovaných registracných údajov položiek: 3
Infikovaných priecinkov: 0
Infikovaných súborov: 0

Infikovaných procesov pamäte:
(Žiadne škodlivé položky)

Infikovaných modulov pamäte:
(Žiadne škodlivé položky)

Infikovaných registracných klúcov:
(Žiadne škodlivé položky)

Infikovaných registracných hodnôt:
(Žiadne škodlivé položky)

Infikovaných registracných údajov položiek:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikovaných priecinkov:
(Žiadne škodlivé položky)

Infikovaných súborov:
(Žiadne škodlivé položky)

Ešte dodám, že včera mi prestal fungovať Antivirus a Antispyware v Eset Smart Security.

Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

ComboFix 09-07-14.08 - Vlastnik . 07. 2009 11:15.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.289 [GMT 2:00]
Running from: c:\documents and settings\Vlastnik\Desktop\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3911652072-1607656721-4022599954-1001
c:\windows\winhelp.ini

.
((((((((((((((((((((((((( Files Created from 2009-06-18 to 2009-07-18 )))))))))))))))))))))))))))))))
.

2009-07-18 08:46 . 2009-07-18 08:46 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\Malwarebytes
2009-07-18 08:46 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-18 08:46 . 2009-07-18 08:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-18 08:46 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-18 08:46 . 2009-07-18 08:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-17 22:48 . 2009-07-17 22:48 -------- d-----w- c:\program files\Trend Micro
2009-07-17 22:41 . 2009-07-17 22:41 -------- d-----w- c:\program files\XP TCPIP Repair
2009-07-17 21:38 . 2009-07-16 15:44 98304 ----a-w- c:\documents and settings\Vlastnik\Application Data\Mozilla\Firefox\Profiles\pd6hutzw.default\extensions\jetpack@labs.mozilla.com\platform\WINNT_x86-msvc\components\libjetpackaudio.dll
2009-07-17 21:38 . 2009-07-16 15:44 1743872 ----a-w- c:\documents and settings\Vlastnik\Application Data\Mozilla\Firefox\Profiles\pd6hutzw.default\extensions\jetpack@labs.mozilla.com\platform\WINNT_x86-msvc\components\libsndfile-1.dll
2009-07-17 21:38 . 2009-07-16 15:44 73728 ----a-w- c:\documents and settings\Vlastnik\Application Data\Mozilla\Firefox\Profiles\pd6hutzw.default\extensions\jetpack@labs.mozilla.com\platform\WINNT_x86-msvc\components\portaudio_x86.dll
2009-07-16 23:20 . 2009-07-16 23:20 -------- d-----w- c:\program files\ReadManiac
2009-07-16 23:10 . 2009-07-16 23:10 -------- d-----w- c:\program files\BR4
2009-07-16 18:47 . 2009-07-16 18:47 -------- d-----w- c:\documents and settings\Vlastnik\Local Settings\Application Data\Temp
2009-07-13 23:29 . 2008-07-10 15:28 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll
2009-07-13 23:29 . 2008-07-10 15:28 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll
2009-07-13 23:28 . 2009-07-13 23:28 -------- d-----w- c:\windows\system32\RsFx
2009-07-13 23:27 . 2009-07-13 23:27 -------- d-----w- c:\program files\MSXML 6.0
2009-07-13 23:23 . 2009-07-13 23:23 488576 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VWDExpress\9.0\1033\ResourceCache.dll
2009-07-13 23:19 . 2009-07-13 23:20 -------- d-----w- c:\program files\Microsoft Web Designer Tools
2009-07-13 23:16 . 2009-07-13 23:28 -------- d-----w- c:\program files\Microsoft SQL Server
2009-07-13 23:16 . 2009-07-13 23:16 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-13 23:16 . 2009-07-13 23:16 112640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VCExpress\9.0\1033\ResourceCache.dll
2009-07-13 23:15 . 2009-07-13 23:22 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2009-07-13 23:13 . 2009-07-13 23:26 -------- d-----w- c:\program files\Microsoft.NET
2009-07-13 23:12 . 2009-07-13 23:21 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2009-07-13 23:12 . 2009-07-13 23:13 -------- d-----w- c:\program files\Common Files\Merge Modules
2009-07-13 23:11 . 2009-07-13 23:11 -------- d-----w- c:\program files\Microsoft SDKs
2009-07-09 16:43 . 2009-07-09 16:43 -------- d-----w- c:\program files\WorldUnlock Codes Calculator
2009-07-09 15:43 . 2009-07-09 15:43 -------- d-----w- c:\program files\stroboMania
2009-07-08 18:41 . 2009-07-08 18:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2009-07-08 16:43 . 2009-07-08 16:45 -------- d-----w- c:\program files\auto_test
2009-07-08 07:03 . 2009-03-24 12:43 43008 ----a-w- c:\documents and settings\Vlastnik\Application Data\Mozilla\Firefox\Profiles\pd6hutzw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll
2009-07-08 07:03 . 2009-03-24 12:43 43008 ----a-w- c:\documents and settings\Vlastnik\Application Data\Mozilla\Firefox\Profiles\pd6hutzw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-07-08 07:03 . 2009-03-24 12:43 235520 ----a-w- c:\documents and settings\Vlastnik\Application Data\Mozilla\Firefox\Profiles\pd6hutzw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff2.dll
2009-07-08 07:03 . 2009-03-24 12:43 338432 ----a-w- c:\documents and settings\Vlastnik\Application Data\Mozilla\Firefox\Profiles\pd6hutzw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-07-08 07:03 . 2009-03-24 12:42 235008 ----a-w- c:\documents and settings\Vlastnik\Application Data\Mozilla\Firefox\Profiles\pd6hutzw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff3.dll
2009-07-08 07:03 . 2009-03-24 12:42 345088 ----a-w- c:\documents and settings\Vlastnik\Application Data\Mozilla\Firefox\Profiles\pd6hutzw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-07-07 20:53 . 2009-07-07 20:53 -------- d-----w- c:\program files\Google Hacks
2009-07-04 15:13 . 2009-07-04 15:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Ahead
2009-07-03 13:03 . 2009-07-03 13:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\DAEMON Tools Lite
2009-07-03 11:54 . 2009-07-06 08:49 -------- d-----w- c:\program files\Bus Driver
2009-06-29 21:14 . 2009-06-29 21:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\TuneUp Software
2009-06-29 18:09 . 2009-06-29 18:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\ICQ
2009-06-29 16:35 . 2009-06-29 16:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Suite
2009-06-29 16:35 . 2009-07-04 15:12 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Ahead
2009-06-29 15:00 . 2009-06-29 15:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2009-06-29 14:57 . 2009-06-29 14:57 143600 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-29 13:26 . 2009-06-29 13:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\PSpad
2009-06-29 09:25 . 2009-06-29 15:07 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2009-06-28 08:16 . 2009-06-29 09:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\dvdcss
2009-06-27 23:09 . 2009-06-29 16:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\Winamp
2009-06-27 22:56 . 2009-06-27 23:34 -------- d-----w- C:\ FL Studio 8
2009-06-27 22:49 . 2009-06-27 22:49 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ESET
2009-06-27 22:43 . 2009-06-27 22:55 -------- d-----w- c:\program files\FL Studio 8
2009-06-27 11:45 . 2009-06-27 11:45 390664 ----a-w- c:\documents and settings\Vlastnik\Application Data\Real\RealPlayer\Update\realplayer11gold.exe
2009-06-26 11:44 . 2009-06-28 08:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2009-06-26 07:29 . 2009-06-29 16:41 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\GHISLER
2009-06-26 07:23 . 2009-06-26 07:23 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-06-25 17:54 . 2009-06-25 17:54 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2009-06-25 17:39 . 2009-06-25 17:39 -------- d-----w- c:\program files\Rockstar Games
2009-06-22 17:21 . 2009-06-22 17:21 -------- d-----w- c:\program files\IrfanView
2009-06-20 21:47 . 2009-06-20 21:47 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\Publish Providers
2009-06-20 21:46 . 2009-06-20 21:46 -------- d-----w- c:\documents and settings\Vlastnik\Local Settings\Application Data\Sony
2009-06-20 21:46 . 2009-06-20 21:46 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\Sony
2009-06-20 21:42 . 2009-06-20 21:42 -------- d-----w- c:\program files\Vstplugins
2009-06-20 21:39 . 2009-06-20 21:45 -------- d-----w- c:\program files\Sony
2009-06-20 21:38 . 2009-06-20 21:38 -------- d-----w- c:\program files\Sony Setup
2009-06-19 19:19 . 2009-06-19 19:19 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\Panasonic
2009-06-19 19:16 . 2009-06-19 19:16 -------- d-----w- c:\program files\Panasonic
2009-06-19 19:15 . 2009-06-19 19:15 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-18 08:39 . 2009-04-27 16:08 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-07-17 20:36 . 2009-05-22 11:45 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\dvdcss
2009-07-16 21:02 . 2009-05-16 16:14 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\uTorrent
2009-07-16 16:00 . 2009-04-27 18:56 -------- d-----w- c:\program files\FlashGet
2009-07-13 23:45 . 2009-04-19 18:19 143600 ----a-w- c:\documents and settings\Vlastnik\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-13 23:23 . 2009-04-27 16:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-13 23:10 . 2009-06-14 17:50 297504 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-07-08 18:42 . 2009-05-16 16:13 -------- d-----w- c:\program files\uTorrent
2009-07-05 16:47 . 2009-06-04 12:53 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\Spyware Terminator
2009-07-05 15:34 . 2009-06-07 12:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\Spyware Terminator
2009-07-03 21:29 . 2009-05-10 18:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Bluetooth
2009-06-30 13:34 . 2009-06-03 14:57 -------- d-----w- c:\program files\VertrigoServ
2009-06-30 12:42 . 2009-06-04 12:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-06-29 21:17 . 2009-04-24 15:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-27 13:53 . 2009-06-06 14:05 -------- d-----w- c:\program files\WinClamAVShield
2009-06-25 21:59 . 2009-05-17 18:12 2627 ----a-w- c:\windows\system32\smport.sys
2009-06-25 19:17 . 2009-05-16 16:04 -------- d-----w- c:\program files\QIP Infium
2009-06-25 17:39 . 2009-04-19 10:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-23 21:45 . 2009-06-17 19:25 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\AIMP
2009-06-21 15:35 . 2009-05-31 18:38 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\Skype
2009-06-21 14:52 . 2009-05-31 18:39 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\skypePM
2009-06-17 19:25 . 2009-06-17 19:24 -------- d-----w- c:\program files\AIMP2
2009-06-17 16:04 . 2009-05-25 19:04 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\TeamViewer
2009-06-17 14:41 . 2009-04-26 13:21 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\HP
2009-06-15 18:09 . 2009-06-14 21:51 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\codeblocks
2009-06-15 13:51 . 2009-06-15 13:47 -------- d-----w- c:\program files\Game_Maker7
2009-06-15 13:48 . 2009-06-04 12:53 -------- d-----w- c:\program files\Spyware Terminator
2009-06-15 13:02 . 2009-06-15 13:02 -------- d-----w- c:\program files\BORLAND
2009-06-14 19:27 . 2009-06-14 17:33 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\Autodesk
2009-06-14 19:15 . 2009-06-14 17:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2009-06-14 18:12 . 2009-06-14 17:33 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-06-14 18:11 . 2009-06-14 17:56 -------- d-----w- c:\program files\AutoCAD 2009
2009-06-14 17:50 . 2009-04-27 16:16 -------- d-----w- c:\program files\MSBuild
2009-06-14 17:42 . 2009-06-14 17:42 -------- d-----w- c:\program files\Reference Assemblies
2009-06-14 17:33 . 2009-06-14 17:33 -------- d-----w- c:\program files\Autodesk
2009-06-09 19:04 . 2009-04-27 17:59 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\vlc
2009-06-07 18:51 . 2009-05-24 16:08 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-07 12:46 . 2009-05-29 21:01 -------- d-----w- c:\program files\GIGABYTE
2009-06-06 20:35 . 2009-06-06 20:35 -------- d-----w- c:\program files\Lavalys
2009-06-06 19:17 . 2009-06-06 19:17 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\Apple Computer
2009-06-05 21:48 . 2009-05-31 15:05 -------- d-----w- c:\program files\Form Pilot Home Demo
2009-06-05 21:46 . 2009-06-04 12:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-05 21:46 . 2009-06-04 12:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-05 21:46 . 2009-05-28 21:42 -------- d-----w- c:\program files\Request Slip Generator
2009-06-05 21:32 . 2009-04-19 10:51 -------- d-----w- c:\program files\Mozilla Firefox 3.1 Beta 3
2009-06-04 12:53 . 2009-06-04 12:53 6144 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe
2009-06-04 12:53 . 2009-06-04 12:53 5632 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys
2009-06-04 12:53 . 2009-06-04 12:53 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-06-03 15:49 . 2009-06-03 15:49 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\Mikrotik
2009-05-31 21:16 . 2009-05-31 21:08 -------- d-----w- c:\program files\CpuIdle
2009-05-31 21:08 . 2009-05-31 21:08 4484 ----a-w- c:\windows\system32\drivers\cpuidlep.sys
2009-05-31 18:39 . 2009-05-31 18:39 48 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-05-31 18:37 . 2009-05-31 18:37 -------- d-----w- c:\program files\Common Files\Skype
2009-05-31 18:37 . 2009-05-31 18:37 -------- d-----r- c:\program files\Skype
2009-05-31 18:37 . 2009-05-31 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-05-31 15:55 . 2009-05-24 18:56 -------- d-----w- c:\program files\ICQ6.5
2009-05-31 13:15 . 2009-05-31 13:15 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-05-31 12:05 . 2009-05-21 20:05 -------- d-----w- c:\program files\jalcds
2009-05-31 12:00 . 2009-05-16 16:07 -------- d-----w- c:\program files\Winamp
2009-05-30 20:04 . 2009-05-30 20:04 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\TuneUp Software
2009-05-30 20:03 . 2009-05-30 20:03 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-05-30 20:02 . 2009-05-30 20:02 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-05-29 21:01 . 2009-05-29 21:01 -------- d-----w- c:\program files\I-Cool
2009-05-29 14:01 . 2009-05-29 14:01 -------- d-----w- c:\program files\Microsoft Games
2009-05-29 11:10 . 2009-05-30 15:09 39916 ----a-w- c:\windows\Fonts\handsean.ttf
2009-05-28 21:57 . 2009-05-28 21:57 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-05-28 21:57 . 2009-05-28 21:57 -------- d-----w- c:\program files\DVDVideoSoft
2009-05-27 20:18 . 2009-05-25 14:06 -------- d-----w- c:\program files\WebSite X5 v8 - Smart
2009-05-25 19:36 . 2009-05-25 19:35 -------- d-----w- c:\program files\GoldWave
2009-05-25 19:03 . 2009-05-25 19:03 -------- d-----w- c:\program files\TeamViewer
2009-05-25 15:26 . 2009-05-25 15:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\ESET
2009-05-25 15:26 . 2009-05-25 15:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\ProcessLasso
2009-05-25 15:11 . 2009-05-25 15:10 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\Zoner
2009-05-25 15:10 . 2009-05-25 15:10 -------- d-----w- c:\program files\Zoner
2009-05-25 14:57 . 2009-05-25 14:57 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\Ashampoo
2009-05-25 14:54 . 2009-05-25 14:54 103424 ----a-w- c:\windows\system32\PowerUp3_nat.dll
2009-05-25 14:54 . 2009-05-25 14:54 -------- d-----w- c:\program files\Ashampoo
2009-05-24 18:57 . 2009-04-19 11:00 -------- d-----w- c:\program files\ICQ6
2009-05-24 17:45 . 2009-05-24 17:45 -------- d-----w- c:\program files\SpacialAudio
2009-05-24 17:45 . 2009-05-24 17:45 -------- d-----w- c:\program files\Firebird
2009-05-24 14:32 . 2009-05-20 19:54 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\FileZilla
2009-05-23 19:41 . 2009-05-23 19:41 235513 ----a-w- c:\documents and settings\Vlastnik\Application Data\QIP\Profiles\351255296\RcvdFiles\Moloch_cz_235612104\strobo.exe
2009-05-23 18:35 . 2009-05-23 18:35 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2009-05-23 18:27 . 2009-05-23 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-05-23 17:26 . 2009-05-23 17:26 -------- d-----w- c:\program files\Barvy
2009-05-21 20:06 . 2009-05-21 20:05 -------- d-----w- c:\program files\DLPortIO
2009-05-21 19:56 . 2009-05-21 19:56 249856 ------w- c:\windows\Setup1.exe
2009-05-21 19:56 . 2009-05-21 19:56 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-05-20 19:53 . 2009-05-20 19:53 -------- d-----w- c:\program files\FileZilla FTP Client
2009-05-19 16:43 . 2009-05-19 13:26 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\PSpad
2009-05-19 14:16 . 2009-05-19 14:16 2996 ----a-w- c:\windows\system32\drivers\hwinterface.sys
2009-05-19 13:26 . 2009-05-19 13:26 -------- d-----w- c:\program files\PSPad editor
2009-05-17 19:24 . 2009-05-17 19:24 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-17 19:24 . 2009-05-17 19:24 152576 ----a-w- c:\documents and settings\Vlastnik\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-15 09:13 . 2009-05-30 15:09 42188 ----a-w- c:\windows\Fonts\Les_oeufs_de_Cassowary.ttf
2009-05-14 18:12 . 2009-04-19 10:41 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-14 18:12 . 2009-04-19 10:40 2722 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-05-14 18:11 . 2009-04-19 10:41 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-05-10 18:42 . 2009-05-10 18:42 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstCCD.exe
2009-05-10 18:42 . 2009-05-10 18:42 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-07-17 09:16 . 2009-06-04 22:48 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-03-01 1443072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"LPT LED Effect"="c:\documents and settings\Vlastnik\Desktop\lle-1\LLE.exe" [2007-11-24 42496]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-27 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-08-11 1519616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2007-04-15 53760]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk
backup=c:\windows\pss\LUMIX Simple Viewer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"FirebirdServerDefaultInstance"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe"=

R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [19. 5. 2009 16:16 2996]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [4. 6. 2009 14:53 142592]
R2 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\drivers\DLPORTIO.sys [21. 5. 2009 22:05 3584]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21. 12. 2007 8:21 468224]
R2 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVicHW32.sys [24. 4. 2009 17:52 25040]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [19. 4. 2009 22:05 33176]
S3 Smport;Smport;c:\windows\system32\smport.sys [17. 5. 2009 20:12 2627]
S4 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance --> c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [10. 7. 2008 17:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10. 7. 2008 2:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [10. 7. 2008 17:28 369688]
.
Contents of the 'Scheduled Tasks' folder

2009-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-436374069-839522115-1003Core.job
- c:\documents and settings\Vlastnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-29 21:03]

2009-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-436374069-839522115-1003UA.job
- c:\documents and settings\Vlastnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-29 21:03]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Stáhnout &vše FlashGetem - c:\program files\FlashGet\jc_all.htm
IE: &Stáhnout FlashGetem - c:\program files\FlashGet\jc_link.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Vlastnik\Application Data\Mozilla\Firefox\Profiles\pd6hutzw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/ig?hl=sk&source=iglk
FF - component: c:\documents and settings\Vlastnik\Application Data\Mozilla\Firefox\Profiles\pd6hutzw.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\Vlastnik\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-18 11:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-07-18 11:21
ComboFix-quarantined-files.txt 2009-07-18 09:21

Pre-Run: 5 546 999 808 bytes free
Post-Run: 5 968 728 064 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT

349

WinClamAVShield si odinstaloval? Zbyla tam složka,

Červený soubor zkontroluj na Virustotalu a vlož mi sem odkaz na výsledek.

c:\windows\system32\PowerUp3_nat.dll
*****************************************************************************************************************************************
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\windows\system32\ezsidmv.dat
c:\windows\system32\d3d9caps.dat

Folder::
c:\program files\DAEMON Tools Toolbar

DirLook::
c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}

Driver::
FirebirdServerDefaultInstance;Firebird Server - DefaultInstance
FirebirdServerDefaultInstance

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000000




Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače

Log z ComboFix-u:

ComboFix 09-07-14.08 - Vlastnik . 07. 2009 13:09.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.283 [GMT 2:00]
Running from: c:\documents and settings\Vlastnik\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Vlastnik\Desktop\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

FILE ::
"c:\windows\system32\d3d9caps.dat"
"c:\windows\system32\ezsidmv.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\DAEMON Tools Toolbar
c:\program files\DAEMON Tools Toolbar\_DTLite.xml
c:\windows\system32\d3d9caps.dat
c:\windows\system32\ezsidmv.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FIREBIRDSERVERDEFAULTINSTANCE
-------\Service_FirebirdServerDefaultInstance


((((((((((((((((((((((((( Files Created from 2009-06-18 to 2009-07-18 )))))))))))))))))))))))))))))))
.

2009-07-18 08:46 . 2009-07-18 08:46 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\Malwarebytes
2009-07-18 08:46 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-18 08:46 . 2009-07-18 08:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-18 08:46 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-18 08:46 . 2009-07-18 08:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-17 22:48 . 2009-07-17 22:48 -------- d-----w- c:\program files\Trend Micro
2009-07-17 22:41 . 2009-07-17 22:41 -------- d-----w- c:\program files\XP TCPIP Repair
2009-07-16 23:20 . 2009-07-16 23:20 -------- d-----w- c:\program files\ReadManiac
2009-07-16 23:10 . 2009-07-16 23:10 -------- d-----w- c:\program files\BR4
2009-07-16 18:47 . 2009-07-16 18:47 -------- d-----w- c:\documents and settings\Vlastnik\Local Settings\Application Data\Temp
2009-07-13 23:29 . 2008-07-10 15:28 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll
2009-07-13 23:29 . 2008-07-10 15:28 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll
2009-07-13 23:28 . 2009-07-13 23:28 -------- d-----w- c:\windows\system32\RsFx
2009-07-13 23:27 . 2009-07-13 23:27 -------- d-----w- c:\program files\MSXML 6.0
2009-07-13 23:23 . 2009-07-13 23:23 488576 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VWDExpress\9.0\1033\ResourceCache.dll
2009-07-13 23:19 . 2009-07-13 23:20 -------- d-----w- c:\program files\Microsoft Web Designer Tools
2009-07-13 23:16 . 2009-07-13 23:28 -------- d-----w- c:\program files\Microsoft SQL Server
2009-07-13 23:16 . 2009-07-13 23:16 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-13 23:16 . 2009-07-13 23:16 112640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VCExpress\9.0\1033\ResourceCache.dll
2009-07-13 23:15 . 2009-07-13 23:22 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2009-07-13 23:13 . 2009-07-13 23:26 -------- d-----w- c:\program files\Microsoft.NET
2009-07-13 23:12 . 2009-07-13 23:21 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2009-07-13 23:12 . 2009-07-13 23:13 -------- d-----w- c:\program files\Common Files\Merge Modules
2009-07-13 23:11 . 2009-07-13 23:11 -------- d-----w- c:\program files\Microsoft SDKs
2009-07-09 16:43 . 2009-07-09 16:43 -------- d-----w- c:\program files\WorldUnlock Codes Calculator
2009-07-09 15:43 . 2009-07-09 15:43 -------- d-----w- c:\program files\stroboMania
2009-07-08 18:41 . 2009-07-08 18:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2009-07-08 16:43 . 2009-07-08 16:45 -------- d-----w- c:\program files\auto_test
2009-07-08 07:03 . 2009-03-24 12:43 43008 ----a-w- c:\documents and settings\Vlastnik\Application Data\Mozilla\Firefox\Profiles\pd6hutzw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll
2009-07-08 07:03 . 2009-03-24 12:43 43008 ----a-w- c:\documents and settings\Vlastnik\Application Data\Mozilla\Firefox\Profiles\pd6hutzw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-07-08 07:03 . 2009-03-24 12:43 235520 ----a-w- c:\documents and settings\Vlastnik\Application Data\Mozilla\Firefox\Profiles\pd6hutzw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff2.dll
2009-07-08 07:03 . 2009-03-24 12:43 338432 ----a-w- c:\documents and settings\Vlastnik\Application Data\Mozilla\Firefox\Profiles\pd6hutzw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-07-08 07:03 . 2009-03-24 12:42 235008 ----a-w- c:\documents and settings\Vlastnik\Application Data\Mozilla\Firefox\Profiles\pd6hutzw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff3.dll
2009-07-08 07:03 . 2009-03-24 12:42 345088 ----a-w- c:\documents and settings\Vlastnik\Application Data\Mozilla\Firefox\Profiles\pd6hutzw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-07-07 20:53 . 2009-07-07 20:53 -------- d-----w- c:\program files\Google Hacks
2009-07-04 15:13 . 2009-07-04 15:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Ahead
2009-07-03 13:03 . 2009-07-03 13:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\DAEMON Tools Lite
2009-07-03 11:54 . 2009-07-06 08:49 -------- d-----w- c:\program files\Bus Driver
2009-06-29 21:14 . 2009-06-29 21:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\TuneUp Software
2009-06-29 18:09 . 2009-06-29 18:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\ICQ
2009-06-29 16:35 . 2009-06-29 16:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Suite
2009-06-29 16:35 . 2009-07-04 15:12 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Ahead
2009-06-29 15:00 . 2009-06-29 15:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2009-06-29 14:57 . 2009-06-29 14:57 143600 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-29 13:26 . 2009-06-29 13:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\PSpad
2009-06-29 09:25 . 2009-06-29 15:07 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2009-06-28 08:16 . 2009-06-29 09:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\dvdcss
2009-06-27 23:09 . 2009-06-29 16:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\Winamp
2009-06-27 22:56 . 2009-06-27 23:34 -------- d-----w- C:\ FL Studio 8
2009-06-27 22:49 . 2009-06-27 22:49 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ESET
2009-06-27 22:43 . 2009-06-27 22:55 -------- d-----w- c:\program files\FL Studio 8
2009-06-27 11:45 . 2009-06-27 11:45 390664 ----a-w- c:\documents and settings\Vlastnik\Application Data\Real\RealPlayer\Update\realplayer11gold.exe
2009-06-26 11:44 . 2009-06-28 08:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2009-06-26 07:29 . 2009-06-29 16:41 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\GHISLER
2009-06-26 07:23 . 2009-06-26 07:23 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-06-25 17:54 . 2009-06-25 17:54 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2009-06-25 17:39 . 2009-06-25 17:39 -------- d-----w- c:\program files\Rockstar Games
2009-06-22 17:21 . 2009-06-22 17:21 -------- d-----w- c:\program files\IrfanView
2009-06-20 21:47 . 2009-06-20 21:47 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\Publish Providers
2009-06-20 21:46 . 2009-06-20 21:46 -------- d-----w- c:\documents and settings\Vlastnik\Local Settings\Application Data\Sony
2009-06-20 21:46 . 2009-06-20 21:46 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\Sony
2009-06-20 21:42 . 2009-06-20 21:42 -------- d-----w- c:\program files\Vstplugins
2009-06-20 21:39 . 2009-06-20 21:45 -------- d-----w- c:\program files\Sony
2009-06-20 21:38 . 2009-06-20 21:38 -------- d-----w- c:\program files\Sony Setup
2009-06-19 19:19 . 2009-06-19 19:19 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\Panasonic
2009-06-19 19:16 . 2009-06-19 19:16 -------- d-----w- c:\program files\Panasonic
2009-06-19 19:15 . 2009-06-19 19:15 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-17 20:36 . 2009-05-22 11:45 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\dvdcss
2009-07-16 21:02 . 2009-05-16 16:14 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\uTorrent
2009-07-16 16:00 . 2009-04-27 18:56 -------- d-----w- c:\program files\FlashGet
2009-07-13 23:45 . 2009-04-19 18:19 143600 ----a-w- c:\documents and settings\Vlastnik\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-13 23:23 . 2009-04-27 16:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-13 23:10 . 2009-06-14 17:50 297504 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-07-08 18:42 . 2009-05-16 16:13 -------- d-----w- c:\program files\uTorrent
2009-07-05 16:47 . 2009-06-04 12:53 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\Spyware Terminator
2009-07-05 15:34 . 2009-06-07 12:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\Spyware Terminator
2009-07-03 21:29 . 2009-05-10 18:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Bluetooth
2009-06-30 13:34 . 2009-06-03 14:57 -------- d-----w- c:\program files\VertrigoServ
2009-06-30 12:42 . 2009-06-04 12:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-06-29 21:17 . 2009-04-24 15:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-27 13:53 . 2009-06-06 14:05 -------- d-----w- c:\program files\WinClamAVShield
2009-06-25 21:59 . 2009-05-17 18:12 2627 ----a-w- c:\windows\system32\smport.sys
2009-06-25 19:17 . 2009-05-16 16:04 -------- d-----w- c:\program files\QIP Infium
2009-06-25 17:39 . 2009-04-19 10:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-23 21:45 . 2009-06-17 19:25 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\AIMP
2009-06-21 15:35 . 2009-05-31 18:38 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\Skype
2009-06-21 14:52 . 2009-05-31 18:39 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\skypePM
2009-06-17 19:25 . 2009-06-17 19:24 -------- d-----w- c:\program files\AIMP2
2009-06-17 16:04 . 2009-05-25 19:04 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\TeamViewer
2009-06-17 14:41 . 2009-04-26 13:21 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\HP
2009-06-15 18:09 . 2009-06-14 21:51 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\codeblocks
2009-06-15 13:51 . 2009-06-15 13:47 -------- d-----w- c:\program files\Game_Maker7
2009-06-15 13:48 . 2009-06-04 12:53 -------- d-----w- c:\program files\Spyware Terminator
2009-06-15 13:02 . 2009-06-15 13:02 -------- d-----w- c:\program files\BORLAND
2009-06-14 19:27 . 2009-06-14 17:33 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\Autodesk
2009-06-14 19:15 . 2009-06-14 17:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2009-06-14 18:12 . 2009-06-14 17:33 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-06-14 18:11 . 2009-06-14 17:56 -------- d-----w- c:\program files\AutoCAD 2009
2009-06-14 17:50 . 2009-04-27 16:16 -------- d-----w- c:\program files\MSBuild
2009-06-14 17:42 . 2009-06-14 17:42 -------- d-----w- c:\program files\Reference Assemblies
2009-06-14 17:33 . 2009-06-14 17:33 -------- d-----w- c:\program files\Autodesk
2009-06-09 19:04 . 2009-04-27 17:59 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\vlc
2009-06-07 12:46 . 2009-05-29 21:01 -------- d-----w- c:\program files\GIGABYTE
2009-06-06 20:35 . 2009-06-06 20:35 -------- d-----w- c:\program files\Lavalys
2009-06-06 19:17 . 2009-06-06 19:17 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\Apple Computer
2009-06-05 21:48 . 2009-05-31 15:05 -------- d-----w- c:\program files\Form Pilot Home Demo
2009-06-05 21:46 . 2009-06-04 12:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-05 21:46 . 2009-06-04 12:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-05 21:46 . 2009-05-28 21:42 -------- d-----w- c:\program files\Request Slip Generator
2009-06-05 21:32 . 2009-04-19 10:51 -------- d-----w- c:\program files\Mozilla Firefox 3.1 Beta 3
2009-06-04 12:53 . 2009-06-04 12:53 6144 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe
2009-06-04 12:53 . 2009-06-04 12:53 5632 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys
2009-06-04 12:53 . 2009-06-04 12:53 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-06-03 15:49 . 2009-06-03 15:49 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\Mikrotik
2009-05-31 21:16 . 2009-05-31 21:08 -------- d-----w- c:\program files\CpuIdle
2009-05-31 21:08 . 2009-05-31 21:08 4484 ----a-w- c:\windows\system32\drivers\cpuidlep.sys
2009-05-31 18:37 . 2009-05-31 18:37 -------- d-----w- c:\program files\Common Files\Skype
2009-05-31 18:37 . 2009-05-31 18:37 -------- d-----r- c:\program files\Skype
2009-05-31 18:37 . 2009-05-31 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-05-31 15:55 . 2009-05-24 18:56 -------- d-----w- c:\program files\ICQ6.5
2009-05-31 13:15 . 2009-05-31 13:15 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-05-31 12:05 . 2009-05-21 20:05 -------- d-----w- c:\program files\jalcds
2009-05-31 12:00 . 2009-05-16 16:07 -------- d-----w- c:\program files\Winamp
2009-05-30 20:04 . 2009-05-30 20:04 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\TuneUp Software
2009-05-30 20:03 . 2009-05-30 20:03 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-05-30 20:02 . 2009-05-30 20:02 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-05-29 21:01 . 2009-05-29 21:01 -------- d-----w- c:\program files\I-Cool
2009-05-29 14:01 . 2009-05-29 14:01 -------- d-----w- c:\program files\Microsoft Games
2009-05-29 11:10 . 2009-05-30 15:09 39916 ----a-w- c:\windows\Fonts\handsean.ttf
2009-05-28 21:57 . 2009-05-28 21:57 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-05-28 21:57 . 2009-05-28 21:57 -------- d-----w- c:\program files\DVDVideoSoft
2009-05-27 20:18 . 2009-05-25 14:06 -------- d-----w- c:\program files\WebSite X5 v8 - Smart
2009-05-25 19:36 . 2009-05-25 19:35 -------- d-----w- c:\program files\GoldWave
2009-05-25 19:03 . 2009-05-25 19:03 -------- d-----w- c:\program files\TeamViewer
2009-05-25 15:26 . 2009-05-25 15:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\ESET
2009-05-25 15:26 . 2009-05-25 15:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\ProcessLasso
2009-05-25 15:11 . 2009-05-25 15:10 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\Zoner
2009-05-25 15:10 . 2009-05-25 15:10 -------- d-----w- c:\program files\Zoner
2009-05-25 14:57 . 2009-05-25 14:57 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\Ashampoo
2009-05-25 14:54 . 2009-05-25 14:54 103424 ----a-w- c:\windows\system32\PowerUp3_nat.dll
2009-05-25 14:54 . 2009-05-25 14:54 -------- d-----w- c:\program files\Ashampoo
2009-05-24 18:57 . 2009-04-19 11:00 -------- d-----w- c:\program files\ICQ6
2009-05-24 17:45 . 2009-05-24 17:45 -------- d-----w- c:\program files\SpacialAudio
2009-05-24 17:45 . 2009-05-24 17:45 -------- d-----w- c:\program files\Firebird
2009-05-24 14:32 . 2009-05-20 19:54 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\FileZilla
2009-05-23 19:41 . 2009-05-23 19:41 235513 ----a-w- c:\documents and settings\Vlastnik\Application Data\QIP\Profiles\351255296\RcvdFiles\Moloch_cz_235612104\strobo.exe
2009-05-23 18:35 . 2009-05-23 18:35 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2009-05-23 18:27 . 2009-05-23 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-05-23 17:26 . 2009-05-23 17:26 -------- d-----w- c:\program files\Barvy
2009-05-21 20:06 . 2009-05-21 20:05 -------- d-----w- c:\program files\DLPortIO
2009-05-21 19:56 . 2009-05-21 19:56 249856 ------w- c:\windows\Setup1.exe
2009-05-21 19:56 . 2009-05-21 19:56 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-05-20 19:53 . 2009-05-20 19:53 -------- d-----w- c:\program files\FileZilla FTP Client
2009-05-19 16:43 . 2009-05-19 13:26 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\PSpad
2009-05-19 14:16 . 2009-05-19 14:16 2996 ----a-w- c:\windows\system32\drivers\hwinterface.sys
2009-05-19 13:26 . 2009-05-19 13:26 -------- d-----w- c:\program files\PSPad editor
2009-05-17 19:24 . 2009-05-17 19:24 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-17 19:24 . 2009-05-17 19:24 152576 ----a-w- c:\documents and settings\Vlastnik\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-15 09:13 . 2009-05-30 15:09 42188 ----a-w- c:\windows\Fonts\Les_oeufs_de_Cassowary.ttf
2009-05-14 18:12 . 2009-04-19 10:41 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-14 18:12 . 2009-04-19 10:40 2722 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-05-14 18:11 . 2009-04-19 10:41 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-05-10 18:42 . 2009-05-10 18:42 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstCCD.exe
2009-05-10 18:42 . 2009-05-10 18:42 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-05-10 18:42 . 2009-05-10 18:42 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCS.exe
2009-05-10 10:47 . 2009-05-10 18:43 33963176 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_slk_web.exe
2009-05-08 15:51 . 2009-05-30 15:09 779996 ----a-w- c:\windows\Fonts\Urban.ttf
2009-07-17 09:16 . 2009-06-04 22:48 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357} ----

2009-05-30 20:02 . 2009-05-30 20:51 17620992 ----a-w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}\{F772927D-E82B-4B20-971C-5F7184456502}.msi


((((((((((((((((((((((((((((( SnapShot@2009-07-18_09.19.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-18 11:17 . 2009-07-18 11:17 16384 c:\windows\Temp\Perflib_Perfdata_6bc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-03-01 1443072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"LPT LED Effect"="c:\documents and settings\Vlastnik\Desktop\lle-1\LLE.exe" [2007-11-24 42496]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-27 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-08-11 1519616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2007-04-15 53760]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk
backup=c:\windows\pss\LUMIX Simple Viewer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"FirebirdServerDefaultInstance"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe"=

R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [19. 5. 2009 16:16 2996]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [4. 6. 2009 14:53 142592]
R2 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\drivers\DLPORTIO.sys [21. 5. 2009 22:05 3584]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21. 12. 2007 8:21 468224]
R2 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVicHW32.sys [24. 4. 2009 17:52 25040]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [19. 4. 2009 22:05 33176]
S3 Smport;Smport;c:\windows\system32\smport.sys [17. 5. 2009 20:12 2627]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [10. 7. 2008 17:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10. 7. 2008 2:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [10. 7. 2008 17:28 369688]
.
Contents of the 'Scheduled Tasks' folder

2009-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-436374069-839522115-1003Core.job
- c:\documents and settings\Vlastnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-29 21:03]

2009-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-436374069-839522115-1003UA.job
- c:\documents and settings\Vlastnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-29 21:03]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Stáhnout &vše FlashGetem - c:\program files\FlashGet\jc_all.htm
IE: &Stáhnout FlashGetem - c:\program files\FlashGet\jc_link.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Vlastnik\Application Data\Mozilla\Firefox\Profiles\pd6hutzw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/ig?hl=sk&source=iglk
FF - component: c:\documents and settings\Vlastnik\Application Data\Mozilla\Firefox\Profiles\pd6hutzw.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\Vlastnik\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-18 13:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3336)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSSK.DLL
c:\windows\system32\wpdshext.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\wpdshserviceobj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_slk.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\portabledevicetypes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-07-18 13:20 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-18 11:20
ComboFix2.txt 2009-07-18 09:21

Pre-Run: 5 981 691 904 bytes free
Post-Run: 5 856 837 632 bytes free

385


Log z HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:23:31, on 18. 7. 2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Documents and Settings\Vlastnik\Desktop\lle-1\LLE.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LPT LED Effect] C:\Documents and Settings\Vlastnik\Desktop\lle-1\LLE.exe hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &Stáhnout &vše FlashGetem - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Stáhnout FlashGetem - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 7644 bytes


Odkaz na virustotal:
http://www.virustotal.com/analisis/6ab5 ... 1238932962

Pri zapínani mám v ponuke OS už iba 1x Windows XP (predtym bol 2x ten istý) Internetové stránky, ktoré predtým nenačitalo (chyba 404) zatiaľ fungujú v pohode a mám pocit že celkovo ide rýchlejšie firefox. Eset smart security stále nefunguje (Firewall, antivirus a antispyware) a na plochu mi pribudla ikonka IE (to asi nebude dôležité )

Zase sa nenačita stránka http://www.exalink.eu Zdá sa mi, že po reštarte funguje OK a po čase začne vypísovať chybu 404

Edit: teraz sa načitá normálne... raz funguje a raz nie. A cez anonymizer funguje vždy.

Edit: teraz som si všimol, že ak sa na ňu dostanem cez odkaz z iného webu tak sa načita. Potom keď si ju otvorim zo záložiek tak sa načíta. Dam refresh = chyba 404 kliknem na záložku a zase sa načita. Ako keby to robil refresh cez F5 a tlacitko obnovit. Lebo ked ju napisem alebo kliknem na zalozku, pridem z ineho webu cez odkaz tak vacsinou funguje ale ked dam refresh tak chyba 404

Ikonu dal ComboFix, resetuje některé nastavení do výchozího. Co ten ClamAV?
Skusíme ten ESET.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok. )
Zkopíruj do něj následující celý text označený zeleně:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000


Ulož si ho jako na Plochu jako fix.reg a jako typ všechny soubory , najdi tento soubor na Ploše a poklepáním ho spusť. Budeš dotázán na přidání hodnoty do registru. Schval.
*****************************************************************************************************************************************
Stáhni si Security Check by screen317 nebo Security Check by screen317 a ulož si ho na Plochu.
Dvojklikem ho spusť a následuj instrukce v černém okně. Po skončení se vytvoří soubor checkup.txt. Ten mi sem zkopíruj.

S tym ClamAV bude problem... nemam tam ziadny ninstal a neda sa odinstalovat ani cez CCleaner lebo sa tam nezobrazuje. Pri odinstalovani Spyware Terminatora som omylom klikol na "nie" pri otazke ci odinstalovat aj ClamAV.

fix.reg som zapisal do registrov

SpywareTerminator tam je. A běží, takže si ho asi neodinstaloval.
Ještě ten log z SCh