Prosím o kontrolu HJT

mirage. · Příspěvekod **mirage.** » 17 bře 2010 16:59

Zdravíčko prosím o kontrolu logu.Děkuji

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:58:52, on 17.3.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\adiras.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Documents and Settings\XXL\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\XXL\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\XXL\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Documents and Settings\XXL\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\WEBIE.DLL
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} (AnimatedGif Control) - https://www.mojebanka.cz/jars/confwiz/MVSGif.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.cz/Genoogle/Compo ... eQuery.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwa ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Výstrahy AlerterMSIServer (AlerterMSIServer) - Unknown owner - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Služba inteligentního přenosu na pozadí BITSlanmanworkstation (BITSlanmanworkstation) - Unknown owner - C:\WINDOWS\
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Prohledávání počítačů BrowserNtmsSvc (BrowserNtmsSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Prohledávání počítačů BrowserNtmsSvc BrowserNtmsSvcaspnet_state (BrowserNtmsSvcaspnet_state) - Unknown owner - C:\WINDOWS\
O23 - Service: Indexing Service CiSvcDcomLaunch (CiSvcDcomLaunch) - Unknown owner - C:\WINDOWS\
O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32ProtectedStorageSQLAgent$SONY_MEDIAMGR (clr_optimization_v2.0.50727_32ProtectedStorageSQLAgent$SONY_MEDIAMGR) - Unknown owner - C:\WINDOWS\
O23 - Service: Klient DHCP DhcpNtLmSsp (DhcpNtLmSsp) - Unknown owner - C:\WINDOWS\
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service gusvcPolicyAgent (gusvcPolicyAgent) - Unknown owner - C:\WINDOWS\
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pracovní stanice lanmanworkstationxmlprov (lanmanworkstationxmlprov) - Unknown owner - C:\WINDOWS\
O23 - Service: Služba DDE v síti NetDDEBrowserNtmsSvc (NetDDEBrowserNtmsSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Pml Driver HPZ12 PmlMSDTC (PmlMSDTC) - Unknown owner - C:\WINDOWS\
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PnkBstrB PnkBstrBupnphost (PnkBstrBupnphost) - Unknown owner - C:\WINDOWS\
O23 - Service: Chráněné úložiště ProtectedStorageSQLAgent$SONY_MEDIAMGR (ProtectedStorageSQLAgent$SONY_MEDIAMGR) - Unknown owner - C:\WINDOWS\
O23 - Service: Směrování a vzdálený přístup RemoteAccessrpcapd (RemoteAccessrpcapd) - Unknown owner - C:\WINDOWS\
O23 - Service: Správce zabezpečení účtů SamSsUPS (SamSsUPS) - Unknown owner - C:\WINDOWS\
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Brána Firewall / Sdílení připojení k Internetu (ICS) SharedAccessCOMSysApp (SharedAccessCOMSysApp) - Unknown owner - C:\WINDOWS\
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Motivy ThemesHidServ (ThemesHidServ) - Unknown owner - C:\WINDOWS\
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Hostitel zařízení UPnP upnphostPnkBstrA (upnphostPnkBstrA) - Unknown owner - C:\WINDOWS\
O23 - Service: Stínová kopie svazku VSSSSDPSRV (VSSSSDPSRV) - Unknown owner - C:\WINDOWS\
O23 - Service: Stínová kopie svazku VSSSSDPSRV VSSSSDPSRVWmi (VSSSSDPSRVWmi) - Unknown owner - C:\WINDOWS\
O23 - Service: Systémový čas W32Time HotKey Poller (W32Time HotKey Poller) - Unknown owner - C:\WINDOWS\
O23 - Service: Webroot Spy Sweeper Engine WebrootSpySweeperService Service (WebrootSpySweeperService Service) - Unknown owner - C:\WINDOWS\
O23 - Service: Služba WMI winmgmtEventlog (winmgmtEventlog) - Unknown owner - C:\WINDOWS\
O23 - Service: Služba sériového čísla přenosného zařízení WmdmPmSNBrowser (WmdmPmSNBrowser) - Unknown owner - C:\WINDOWS\
O23 - Service: Služba sériového čísla přenosného zařízení WmdmPmSNBrowser WmdmPmSNBrowserPnkBstrB (WmdmPmSNBrowserPnkBstrB) - Unknown owner - C:\WINDOWS\
O23 - Service: Automatická konfigurace bezdrátových zařízení WZCSVCSENS (WZCSVCSENS) - Unknown owner - C:\WINDOWS\

--
End of file - 9706 bytes

Reklama

Damned · Příspěvekod **Damned** » 17 bře 2010 17:27

Jejdááá, to je úroda :smile:

adirku sem už dlouho neviděl...

Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

R3 - URLSearchHook: (no name) - - (no file)
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
*****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

mirage. · Příspěvekod **mirage.** » 17 bře 2010 18:02

Tady je : ))

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3876
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

17.3.2010 18:01:21
mbam-log-2010-03-17 (18-01-16).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 127313
Uplynulý čas: 8 minute(s), 6 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 3
Infikované hodnoty registru: 1
Infikované datové položky registru: 3
Infikované adresáře: 1
Infikované soubory: 17

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.

Infikované datové položky registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované adresáře:
C:\WINDOWS\system32\28463 (Keylogger.Ardamax) -> No action taken.

Infikované soubory:
C:\WINDOWS\system32\drivers\oreans32.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\28463\AKV.exe (Keylogger.Ardamax) -> No action taken.
C:\WINDOWS\system32\28463\HLAL.001 (Keylogger.Ardamax) -> No action taken.
C:\WINDOWS\system32\28463\HLAL.002 (Keylogger.Ardamax) -> No action taken.
C:\WINDOWS\system32\28463\HLAL.005 (Keylogger.Ardamax) -> No action taken.
C:\WINDOWS\system32\28463\HLAL.006 (Keylogger.Ardamax) -> No action taken.
C:\WINDOWS\system32\28463\HLAL.008 (Keylogger.Ardamax) -> No action taken.
C:\WINDOWS\system32\28463\HLAL.exe (Keylogger.Ardamax) -> No action taken.
C:\WINDOWS\system32\28463\JDWL.001 (Keylogger.Ardamax) -> No action taken.
C:\WINDOWS\system32\28463\JDWL.002 (Keylogger.Ardamax) -> No action taken.
C:\WINDOWS\system32\28463\JDWL.005 (Keylogger.Ardamax) -> No action taken.
C:\WINDOWS\system32\28463\JDWL.006 (Keylogger.Ardamax) -> No action taken.
C:\WINDOWS\system32\28463\JDWL.008 (Keylogger.Ardamax) -> No action taken.
C:\WINDOWS\system32\28463\JDWL.009 (Keylogger.Ardamax) -> No action taken.
C:\WINDOWS\system32\28463\JDWL.009.tmp (Keylogger.Ardamax) -> No action taken.
C:\WINDOWS\system32\28463\JDWL.exe (Keylogger.Ardamax) -> No action taken.
C:\WINDOWS\system32\28463\key.bin (Keylogger.Ardamax) -> No action taken.

Damned · Příspěvekod **Damned** » 17 bře 2010 18:06

Spusť znovu MbAM a dej Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Konec

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

mirage. · Příspěvekod **mirage.** » 17 bře 2010 18:33

Tady Combo log, MV mi po scanu restartnul počítač, takže udělam ten scan znovu.. Ale smazlo všecko a myslím, že ten MV je ok, ale pro jistotu udělam znova.

ComboFix 10-03-16.05 - XXL 17.03.2010 18:24:57.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.767.479 [GMT 1:00]
Spuštěný z: c:\documents and settings\XXL\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 091124-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\XXL\Dokumenty\cc_20090704_111827.reg
c:\documents and settings\XXL\Dokumenty\cc_20090820_183252.reg
c:\documents and settings\XXL\Dokumenty\cc_20091006_192008.reg
c:\documents and settings\XXL\Dokumenty\cc_20091024_195559.reg
c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15.inf
c:\windows\system\sservice.exe.bat
c:\windows\system32\ieuinit.inf
c:\windows\system32\SIntf16.dll
c:\windows\wpe pro.INI

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-17 do 2010-03-17 )))))))))))))))))))))))))))))))
.

2010-03-17 16:46 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-17 16:46 . 2010-03-17 17:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-17 16:46 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-03 20:43 . 2010-03-03 20:43 37844 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-03 20:41 . 2010-03-03 20:41 -------- d-----w- c:\program files\Common Files\Apple
2010-03-03 20:41 . 2010-03-03 20:41 -------- d-----w- c:\program files\Apple Software Update

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-17 17:12 . 2009-10-12 15:28 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-03-17 15:49 . 2008-02-19 19:44 -------- d-----w- c:\program files\Ashampoo
2010-03-17 15:38 . 2009-10-27 16:14 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-03-17 15:38 . 2009-10-12 15:28 -------- d-----w- c:\program files\World of Warcraft
2010-03-16 16:12 . 2009-10-24 14:21 -------- d-----w- c:\program files\Steam
2010-03-11 23:48 . 2008-09-20 14:45 -------- d-----w- c:\program files\Common Files\Java
2010-03-11 23:47 . 2008-09-20 14:45 -------- d-----w- c:\program files\Java
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2009-3-2 966756]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=
"c:\\Program Files\\Quake III Arena\\quake3.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"d:\\Warcraft III\\war3.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0-enGB-downloader.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\duhicek\\counter-strike\\hl.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.3.0.10958-enGB-downloader.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"26429:TCP"= 26429:TCP:BitComet 26429 TCP
"26429:UDP"= 26429:UDP:BitComet 26429 UDP

R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [29.11.2005 21:08 5248]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [14.9.2008 19:10 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14.9.2008 19:10 20560]
S0 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [29.11.2005 21:08 159616]
S1 oreans32;oreans32;\??\c:\windows\system32\drivers\oreans32.sys --> c:\windows\system32\drivers\oreans32.sys [?]
S2 AlerterMSIServer;Výstrahy AlerterMSIServer;đ%€|x srv --> đ%€|x srv [?]
S2 BITSlanmanworkstation;Služba inteligentního přenosu na pozadí BITSlanmanworkstation;đ%€|x srv --> đ%€|x srv [?]
S2 BrowserNtmsSvc;Prohledávání počítačů BrowserNtmsSvc;đ%€|x srv --> đ%€|x srv [?]
S2 BrowserNtmsSvcaspnet_state;Prohledávání počítačů BrowserNtmsSvc BrowserNtmsSvcaspnet_state;đ%€|x srv --> đ%€|x srv [?]
S2 CiSvcDcomLaunch;Indexing Service CiSvcDcomLaunch;đ%€|x srv --> đ%€|x srv [?]
S2 clr_optimization_v2.0.50727_32ProtectedStorageSQLAgent$SONY_MEDIAMGR;.NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32ProtectedStorageSQLAgent$SONY_MEDIAMGR;đ%€|x srv --> đ%€|x srv [?]
S2 DhcpNtLmSsp;Klient DHCP DhcpNtLmSsp;đ%€|x srv --> đ%€|x srv [?]
S2 gusvcPolicyAgent;Google Updater Service gusvcPolicyAgent;đ%€|x srv --> đ%€|x srv [?]
S2 lanmanworkstationxmlprov;Pracovní stanice lanmanworkstationxmlprov;đ%€|x srv --> đ%€|x srv [?]
S2 NetDDEBrowserNtmsSvc;Služba DDE v síti NetDDEBrowserNtmsSvc;đ%€|x srv --> đ%€|x srv [?]
S2 PmlMSDTC;Pml Driver HPZ12 PmlMSDTC;đ%€|x srv --> đ%€|x srv [?]
S2 PnkBstrBupnphost;PnkBstrB PnkBstrBupnphost;đ%€|x srv --> đ%€|x srv [?]
S2 ProtectedStorageSQLAgent$SONY_MEDIAMGR;Chráněné úložiště ProtectedStorageSQLAgent$SONY_MEDIAMGR;đ%€|x srv --> đ%€|x srv [?]
S2 RemoteAccessrpcapd;Směrování a vzdálený přístup RemoteAccessrpcapd;đ%€|x srv --> đ%€|x srv [?]
S2 SamSsUPS;Správce zabezpečení účtů SamSsUPS;đ%€|x srv --> đ%€|x srv [?]
S2 SharedAccessCOMSysApp;Brána Firewall / Sdílení připojení k Internetu (ICS) SharedAccessCOMSysApp;đ%€|x srv --> đ%€|x srv [?]
S2 ThemesHidServ;Motivy ThemesHidServ;đ%€|x srv --> đ%€|x srv [?]
S2 upnphostPnkBstrA;Hostitel zařízení UPnP upnphostPnkBstrA;đ%€|x srv --> đ%€|x srv [?]
S2 VSSSSDPSRV;Stínová kopie svazku VSSSSDPSRV;đ%€|x srv --> đ%€|x srv [?]
S2 VSSSSDPSRVWmi;Stínová kopie svazku VSSSSDPSRV VSSSSDPSRVWmi;đ%€|x srv --> đ%€|x srv [?]
S2 W32Time HotKey Poller;Systémový čas W32Time HotKey Poller;đ%€|x srv --> đ%€|x srv [?]
S2 WebrootSpySweeperService Service;Webroot Spy Sweeper Engine WebrootSpySweeperService Service;đ%€|x srv --> đ%€|x srv [?]
S2 winmgmtEventlog;Služba WMI winmgmtEventlog;đ%€|x srv --> đ%€|x srv [?]
S2 WmdmPmSNBrowser;Služba sériového čísla přenosného zařízení WmdmPmSNBrowser;đ%€|x srv --> đ%€|x srv [?]
S2 WmdmPmSNBrowserPnkBstrB;Služba sériového čísla přenosného zařízení WmdmPmSNBrowser WmdmPmSNBrowserPnkBstrB;đ%€|x srv --> đ%€|x srv [?]
S2 WZCSVCSENS;Automatická konfigurace bezdrátových zařízení WZCSVCSENS;đ%€|x srv --> đ%€|x srv [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\XXL\LOCALS~1\Temp\IJM41.tmp --> c:\docume~1\XXL\LOCALS~1\Temp\IJM41.tmp [?]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [13.3.2007 21:55 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [13.3.2007 22:02 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [13.3.2007 22:02 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [13.3.2007 22:02 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [13.3.2007 22:02 83344]
S3 SetupNTGLM7X;SetupNTGLM7X; [x]
S3 z530bus;Sony Ericsson Z530 Driver driver (WDM);c:\windows\system32\drivers\z530bus.sys [13.3.2007 22:02 58288]
S3 z530mdfl;Sony Ericsson Z530 USB WMC Modem Filter;c:\windows\system32\drivers\z530mdfl.sys [13.3.2007 22:02 8336]
S3 z530mdm;Sony Ericsson Z530 USB WMC Modem Driver;c:\windows\system32\drivers\z530mdm.sys [13.3.2007 22:02 94064]
S3 z530mgmt;Sony Ericsson Z530 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\z530mgmt.sys [13.3.2007 22:02 85408]
S3 z530obex;Sony Ericsson Z530 USB WMC OBEX Interface;c:\windows\system32\drivers\z530obex.sys [13.3.2007 22:02 83344]
.
Obsah adresáře 'Naplánované úlohy'

2007-02-16 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2005-09-21 22:11]

2010-03-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\translat\WEBIE.DLL
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\www
DPF: {50E43D86-A74D-11D0-98CE-004005249458} - hxxps://www.mojebanka.cz/jars/confwiz/MVSGif.cab
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.cz/Genoogle/Compo ... eQuery.dll
FF - ProfilePath - c:\documents and settings\XXL\Data aplikací\Mozilla\Firefox\Profiles\nakh0zrk.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.atlas.cz/?from=icqhp
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-17 18:29
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AlerterMSIServer]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BITSlanmanworkstation]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BrowserNtmsSvc]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BrowserNtmsSvcaspnet_state]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CiSvcDcomLaunch]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\clr_optimization_v2.0.50727_32ProtectedStorageSQLAgent$SONY_MEDIAMGR]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DhcpNtLmSsp]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\XXL\LOCALS~1\Temp\IJM41.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvcPolicyAgent]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstationxmlprov]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEBrowserNtmsSvc]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PmlMSDTC]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PnkBstrBupnphost]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorageSQLAgent$SONY_MEDIAMGR]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccessrpcapd]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSsUPS]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccessCOMSysApp]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ThemesHidServ]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphostPnkBstrA]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSSSSDPSRV]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSSSSDPSRVWmi]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W32Time HotKey Poller]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebrootSpySweeperService Service]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmtEventlog]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSNBrowser]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSNBrowserPnkBstrB]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVCSENS]
"ImagePath"="đ%€|x\01\09 srv"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-606747145-1383384898-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:71,fd,4d,0a,5f,44,d0,5d,cb,4e,1a,a2,d2,39,6b,2e,f8,ba,17,c3,69,d5,11,
47,da,21,a9,62,6f,5a,69,b5,71,83,02,8f,0f,41,62,82,9e,ec,96,db,74,6d,f9,5e,\
"??"=hex:f9,a3,a5,0f,36,81,90,ff,8e,3b,52,23,1f,d0,04,04
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-03-17 18:32:09
ComboFix-quarantined-files.txt 2010-03-17 17:31

Před spuštěním: Volných bajtů: 24 493 244 416
Po spuštění: Volných bajtů: 24 476 033 024

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /TUTag=PDW17Q /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional (záloha TuneUp)" /noexecute=optin /fastdetect /TUTag=PDW17Q-BAK

- - End Of File - - 37974B5057863FFF0FCDC03EC1DB5129

Damned · Příspěvekod **Damned** » 17 bře 2010 18:54

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\windows\system32\drivers\oreans32.sys
c:\docume~1\XXL\LOCALS~1\Temp\IJM41.tmp

Driver::
oreans32
AlerterMSIServer
BITSlanmanworkstation
BrowserNtmsSvc
BrowserNtmsSvcaspnet_state
CiSvcDcomLaunch
DhcpNtLmSsp
gusvcPolicyAgent
lanmanworkstationxmlprov
NetDDEBrowserNtmsSvc
PmlMSDTC
PnkBstrBupnphost
ProtectedStorageSQLAgent$SONY_MEDIAMGR
RemoteAccessrpcapd
SamSsUPS
SharedAccessCOMSysApp
ThemesHidServ
upnphostPnkBstrA
VSSSSDPSRV
VSSSSDPSRVWmi
W32Time HotKey Poller
WebrootSpySweeperService Service
winmgmtEventlog
WmdmPmSNBrowser
WmdmPmSNBrowserPnkBstrB
WmdmPmSNBrowserPnkBstrB
WZCSVCSENS
GarenaPEngine
SetupNTGLM7X

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AlerterMSIServer]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BITSlanmanworkstation]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BrowserNtmsSvc]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BrowserNtmsSvcaspnet_state]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CiSvcDcomLaunch]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\clr_optimization_v2.0.50727_32ProtectedStorageSQLAgent$SONY_MEDIAMGR]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DhcpNtLmSsp]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvcPolicyAgent]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstationxmlprov]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEBrowserNtmsSvc]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PmlMSDTC]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PnkBstrBupnphost]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorageSQLAgent$SONY_MEDIAMGR]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccessrpcapd]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSsUPS]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccessCOMSysApp]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ThemesHidServ]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphostPnkBstrA]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSSSSDPSRV]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSSSSDPSRVWmi]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W32Time HotKey Poller]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebrootSpySweeperService Service]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmtEventlog]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSNBrowser]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSNBrowserPnkBstrB]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVCSENS]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu

mirage. · Příspěvekod **mirage.** » 17 bře 2010 19:21

Tady je log z Combofixu po očistě

ComboFix 10-03-16.05 - XXL 17.03.2010 19:00:51.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.767.472 [GMT 1:00]
Spuštěný z: c:\documents and settings\XXL\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\XXL\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1229 [VPS 091124-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\docume~1\XXL\LOCALS~1\Temp\IJM41.tmp"
"c:\windows\system32\drivers\oreans32.sys"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ALERTERMSISERVER
-------\Legacy_BITSLANMANWORKSTATION
-------\Legacy_BROWSERNTMSSVC
-------\Legacy_BROWSERNTMSSVCASPNET_STATE
-------\Legacy_CISVCDCOMLAUNCH
-------\Legacy_DHCPNTLMSSP
-------\Legacy_GARENAPENGINE
-------\Legacy_GUSVCPOLICYAGENT
-------\Legacy_LANMANWORKSTATIONXMLPROV
-------\Legacy_NETDDEBROWSERNTMSSVC
-------\Legacy_OREANS32
-------\Legacy_PMLMSDTC
-------\Legacy_PNKBSTRBUPNPHOST
-------\Legacy_PROTECTEDSTORAGESQLAGENT$SONY_MEDIAMGR
-------\Legacy_REMOTEACCESSRPCAPD
-------\Legacy_SAMSSUPS
-------\Legacy_SETUPNTGLM7X
-------\Legacy_SHAREDACCESSCOMSYSAPP
-------\Legacy_THEMESHIDSERV
-------\Legacy_UPNPHOSTPNKBSTRA
-------\Legacy_VSSSSDPSRV
-------\Legacy_VSSSSDPSRVWMI
-------\Legacy_W32TIME_HOTKEY_POLLER
-------\Legacy_WEBROOTSPYSWEEPERSERVICE_SERVICE
-------\Legacy_WINMGMTEVENTLOG
-------\Legacy_WMDMPMSNBROWSER
-------\Legacy_WMDMPMSNBROWSERPNKBSTRB
-------\Legacy_WZCSVCSENS
-------\Service_oreans32
-------\Service_SetupNTGLM7X

((((((((((((((((((((((((( Soubory vytvořené od 2010-02-17 do 2010-03-17 )))))))))))))))))))))))))))))))
.

2010-03-17 16:46 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-17 16:46 . 2010-03-17 17:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-17 16:46 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-03 20:43 . 2010-03-03 20:43 37844 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-03 20:41 . 2010-03-03 20:41 -------- d-----w- c:\program files\Common Files\Apple
2010-03-03 20:41 . 2010-03-03 20:41 -------- d-----w- c:\program files\Apple Software Update

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-17 17:12 . 2009-10-12 15:28 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-03-17 15:49 . 2008-02-19 19:44 -------- d-----w- c:\program files\Ashampoo
2010-03-17 15:38 . 2009-10-27 16:14 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-03-17 15:38 . 2009-10-12 15:28 -------- d-----w- c:\program files\World of Warcraft
2010-03-16 16:12 . 2009-10-24 14:21 -------- d-----w- c:\program files\Steam
2010-03-11 23:48 . 2008-09-20 14:45 -------- d-----w- c:\program files\Common Files\Java
2010-03-11 23:47 . 2008-09-20 14:45 -------- d-----w- c:\program files\Java
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2009-3-2 966756]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=
"c:\\Program Files\\Quake III Arena\\quake3.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"d:\\Warcraft III\\war3.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0-enGB-downloader.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\duhicek\\counter-strike\\hl.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.3.0.10958-enGB-downloader.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"26429:TCP"= 26429:TCP:BitComet 26429 TCP
"26429:UDP"= 26429:UDP:BitComet 26429 UDP

R0 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [29.11.2005 21:08 159616]
R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [29.11.2005 21:08 5248]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [14.9.2008 19:10 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14.9.2008 19:10 20560]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [13.3.2007 21:55 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [13.3.2007 22:02 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [13.3.2007 22:02 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [13.3.2007 22:02 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [13.3.2007 22:02 83344]
S3 z530bus;Sony Ericsson Z530 Driver driver (WDM);c:\windows\system32\drivers\z530bus.sys [13.3.2007 22:02 58288]
S3 z530mdfl;Sony Ericsson Z530 USB WMC Modem Filter;c:\windows\system32\drivers\z530mdfl.sys [13.3.2007 22:02 8336]
S3 z530mdm;Sony Ericsson Z530 USB WMC Modem Driver;c:\windows\system32\drivers\z530mdm.sys [13.3.2007 22:02 94064]
S3 z530mgmt;Sony Ericsson Z530 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\z530mgmt.sys [13.3.2007 22:02 85408]
S3 z530obex;Sony Ericsson Z530 USB WMC OBEX Interface;c:\windows\system32\drivers\z530obex.sys [13.3.2007 22:02 83344]
.
Obsah adresáře 'Naplánované úlohy'

2007-02-16 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2005-09-21 22:11]

2010-03-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\translat\WEBIE.DLL
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\www
DPF: {50E43D86-A74D-11D0-98CE-004005249458} - hxxps://www.mojebanka.cz/jars/confwiz/MVSGif.cab
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.cz/Genoogle/Compo ... eQuery.dll
FF - ProfilePath - c:\documents and settings\XXL\Data aplikací\Mozilla\Firefox\Profiles\nakh0zrk.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.atlas.cz/?from=icqhp
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-17 19:10
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

c:\windows\system32\wuaueng.dll.wusetup.333093.bak 1809944 bytes executable

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: TUKERNEL.EXE CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x83A3A008]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf778dfc3
\Driver\ACPI -> ACPI.sys @ 0xf76d9cb8
\Driver\atapi -> 0x83a3a008
IoDeviceObjectType -> DeleteProcedure -> TUKERNEL.EXE @ 0x8059c876
ParseProcedure -> TUKERNEL.EXE @ 0x8057016c
\Device\Harddisk0\DR0 -> DeleteProcedure -> TUKERNEL.EXE @ 0x8059c876
ParseProcedure -> TUKERNEL.EXE @ 0x8057016c
NDIS: VIA Compatible Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf755fba0
PacketIndicateHandler -> NDIS.sys @ 0xf756cb21
SendHandler -> NDIS.sys @ 0xf754a87b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-606747145-1383384898-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:71,fd,4d,0a,5f,44,d0,5d,cb,4e,1a,a2,d2,39,6b,2e,f8,ba,17,c3,69,d5,11,
47,da,21,a9,62,6f,5a,69,b5,71,83,02,8f,0f,41,62,82,9e,ec,96,db,74,6d,f9,5e,\
"??"=hex:f9,a3,a5,0f,36,81,90,ff,8e,3b,52,23,1f,d0,04,04
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(732)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3144)
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-03-17 19:19:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-17 18:19
ComboFix2.txt 2010-03-17 17:32

Před spuštěním: Volných bajtů: 24 468 180 992
Po spuštění: Volných bajtů: 24 345 092 096

- - End Of File - - 166E98FD8B52C5C1B38581034B0D85C0

Damned · Příspěvekod **Damned** » 17 bře 2010 19:28

Odinstaluj ComboFix ( nutné ) .
ComboFix se odinstaluje takto:
Start-Spustit a zadej:
Combofix[mezera]/uninstall

Stáhni si T-Cleaner ( nutné - smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš)

(pozn.Pokud máš AVG nebo Aviru, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG i Aviru (i rezidenty), následně T-Cleaner smaž a zapni si AVG, Aviru.)
*****************************************************************************************************************************************
Stáhni si OTL na Plochu.
Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Output klikni na minimal Output.Pod Standard Registry změň na All. Zatrhni LOP Check a Purity Check. File age změň na 14 days. Všechny ostatní nastavení ponech jak jsou. Klikni na Run Scan. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj

mirage. · Příspěvekod **mirage.** » 17 bře 2010 19:57

EXTRAS.TXT

OTL Extras logfile created on: 17.3.2010 19:50:47 - Run 1
OTL by OldTimer - Version 3.1.37.2 Folder = C:\Documents and Settings\XXL\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

767,00 Mb Total Physical Memory | 504,00 Mb Available Physical Memory | 66,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 800 800 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 30,12 Gb Free Space | 40,42% Space Free | Partition Type: NTFS
Drive D: | 38,28 Gb Total Space | 19,00 Gb Free Space | 49,65% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: UKUCHYNE
Current User Name: XXL
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 14 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [!ezcddaxa] -- "C:\Program Files\Easy CD-DA Extractor 9\convert.exe" "%1" ()
Directory [!ezcddaxb] -- "C:\Program Files\Easy CD-DA Extractor 9\burn.exe" "%1" ()
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\8.0\ACDSee8.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"26429:TCP" = 26429:TCP:*:Enabled:BitComet 26429 TCP
"26429:UDP" = 26429:UDP:*:Enabled:BitComet 26429 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\InterVideo\DVD7\WinDVD.exe" = C:\Program Files\InterVideo\DVD7\WinDVD.exe:*:Disabled:WinDVD -- (InterVideo Inc.)
"C:\Program Files\Quake III Arena\quake3.exe" = C:\Program Files\Quake III Arena\quake3.exe:*:Enabled:quake3 -- ()
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe" = C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s -- ()
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"D:\Warcraft III\war3.exe" = D:\Warcraft III\war3.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\World of Warcraft\WoW-3.2.0-enGB-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Steam\steamapps\duhicek\counter-strike\hl.exe" = C:\Program Files\Steam\steamapps\duhicek\counter-strike\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.3.0.10958-enGB-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.3.0.10958-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{009E545F-4846-0CDD-0560-A9DFC8598134}" = CCC Help Czech
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05C56753-F144-44BC-BA67-83CC5DBF395C}" = F300
"{066D65EA-ED53-44E4-A96A-F81B6E409D2E}" = PC Connectivity Solution
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0AA97D42-3BBB-EB76-F572-D422806CF158}" = Catalyst Control Center Localization Portuguese
"{0B533F34-22BA-4301-BAF8-EA1CEDB06F9E}" = Quake Live Mozilla Plugin
"{13632239-7686-8D1E-F0B9-123AA2902E43}" = Catalyst Control Center Localization German
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18652404-4857-3ED3-7F09-A29E6F68FAFD}" = Catalyst Control Center Core Implementation
"{232230B8-65D9-29D1-356E-FCBFC18498F2}" = CCC Help Polish
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 18
"{292D65EA-6113-0329-78FF-D66728D04FA6}" = CCC Help Swedish
"{294BC355-2869-F9BD-A1C7-1AA054E8526D}" = Catalyst Control Center Localization Hungarian
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F1D86D-D16C-9BEE-8757-35D7189363AD}" = Catalyst Control Center Localization Finnish
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{38A11DAC-1B93-B697-BEB5-0F37767F6347}" = Catalyst Control Center Graphics Light
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4193C526-031D-1C21-4B2C-E2980B8654A3}" = CCC Help Danish
"{4210F550-BCA8-903D-3A65-0FD1254B109D}" = CCC Help Norwegian
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{49F11AEE-DF90-B606-0E3E-50C60F8FDB36}" = CCC Help French
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A5A5AFD-A449-593C-474A-53CC63F6E568}" = Catalyst Control Center Graphics Full Existing
"{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = SAGEM F@st 800-840
"{4C4F84FF-FB61-5A5C-D2D2-31E8F29FD0B6}" = Catalyst Control Center Localization Thai
"{4CBF6D2C-64B2-ED99-C643-8DB643856225}" = CCC Help German
"{4E5E22C2-1386-47AE-8EDE-32DDCDCD6653}" = QuickTime
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{4F0D2C92-826B-611B-0842-D26655BEA966}" = Skins
"{50F2EC54-26DB-4F8F-8984-C5E3AA894CC3}_is1" = mIRC 6.15
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{53351EFD-67E1-4603-A7B9-5C8560AAF38F}" = Catalyst Control Center Localization Dutch
"{53428412-84F4-1C3B-3D3C-C7E7A8C48C24}" = Catalyst Control Center Localization Swedish
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5A41C8CE-5F2D-61C8-D01B-40548008BA70}" = Catalyst Control Center Localization Danish
"{5C55B074-2958-CBCC-5A1B-FC3A7ABFAB5A}" = Catalyst Control Center Graphics Previews Common
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5F6FBBE5-E20E-11B1-895A-119079D3008E}" = Catalyst Control Center Localization Chinese Traditional
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B5E3C84-1829-8A7D-AC5A-5F08BE0973BE}" = CCC Help Thai
"{6D316D67-DA52-4659-9C98-F479963534D6}" = Audiosurf
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{6FFDD43F-271E-B953-0105-CA7EEA2DD017}" = CCC Help Chinese Traditional
"{700FEDE4-BAB6-FB0E-36AE-35B7C2B3ECAF}" = CCC Help Japanese
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{76B0CBC3-9482-F745-B940-1F3B48320E95}" = Catalyst Control Center Localization Czech
"{77564D1B-9492-B85E-122E-78A845E7F9F2}" = Catalyst Control Center Localization Japanese
"{791C39B5-DB24-E611-6B10-CCC2B25B0F06}" = Catalyst Control Center Localization Norwegian
"{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty(R) 2 Patch 1.3
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7F31A962-5484-6CE6-1A84-554226E3A43E}" = Catalyst Control Center Localization Italian
"{7F34A21F-2DEB-4598-BB19-611D6BD24271}" = Managed DirectX (0901)
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81538B19-7E55-E0D9-8AC9-AE9494BB3D55}" = CCC Help Dutch
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{868D7896-99D4-4513-BC62-2B3AD3E24926}" = TuneUp Utilities 2006
"{878D2EB2-2D55-42A9-955E-1E08F28529FD}" = Sony Media Manager 2.2
"{88743E08-4332-15F1-DB8A-72AED7D069FA}" = ccc-core-preinstall
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{8AAD21E3-3561-9C61-F416-B7648993C0EC}" = Catalyst Control Center Localization Spanish
"{8B1B5F0A-5BD2-8DBA-8256-1787961D0F34}" = ccc-core-static
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E240C1C-25D0-4248-BC6C-ACC3472E35CE}" = SigmaTel MSCN Audio Player
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90885A82-9673-49EA-AB39-AF776639C67C}" = InterVideo WinDVD 7
"{951EDFAE-B29A-2FB6-7BBA-B5FA80D56ACA}" = CCC Help Korean
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{96F11791-3916-8BC0-AB17-B959A642160E}" = CCC Help English
"{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}" = Nokia Connectivity Cable Driver
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{99E447AA-C24F-7E07-AAA0-2533D2BA1857}" = Catalyst Control Center Localization Polish
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A00CF943-CB73-D593-731B-7FC462CC79F8}" = Catalyst Control Center Localization Greek
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3CBDF8A-4E8C-360C-5E8F-3E091364E87D}" = Catalyst Control Center Localization Turkish
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1029-7B44-CE0000000001}" = Adobe Reader 6.0 CE
"{AE80641A-0C8D-4670-A518-B4EC154B1027}" = ACDSee 8
"{B13F5727-F12F-4253-B6AD-26AFA880B709}" = Sony Media Manager 2.0
"{B1AFE717-EDC1-6B67-8136-AE735D37795A}" = CCC Help Spanish
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B46DE583-C8C5-CB70-FA59-FAE6D2FEA58D}" = CCC Help Italian
"{B5BDC1B8-FAE5-2E99-D861-0E5B0D01113E}" = CCC Help Chinese Standard
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B81AA136-4243-92EC-0169-2CACCB977BBA}" = Catalyst Control Center Localization French
"{B9169E14-DF66-BD28-5318-E1D3029B8EE3}" = CCC Help Portuguese
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{BE8B2261-C89D-10E3-22FC-DA5059B17D1D}" = Catalyst Control Center Localization Korean
"{BEDBC661-8D69-8CCA-400B-6289F3CEE1FF}" = Catalyst Control Center Localization Chinese Standard
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D5866667-789F-9078-3B2F-032E46BFF70A}" = Catalyst Control Center Localization Russian
"{D6AFFAD0-56D3-2D76-3466-B3084E171424}" = CCC Help Turkish
"{D8CD91C7-4A1A-7D7D-0930-2806D97D137E}" = ccc-utility
"{DA26293D-57F1-8832-042C-FDE09EFE1BD3}" = CCC Help Hungarian
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1" = NOD32 FiX v2.1
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio Plus VX
"{DFB951D6-4270-42D8-B4B7-AA4B01911DC3}" = Sony Vegas 7.0
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E5966E4C-0A93-4F59-A981-BD3173D4799F}" = F300_Help
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E87991C6-AF87-072B-10DC-9B7100504A22}" = Catalyst Control Center Graphics Full New
"{E89921E3-013F-3518-F930-42673090C567}" = CCC Help Russian
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" = Alcohol 120%
"{EF901A4B-A25A-4962-83C6-C6691D062ED9}" = Nero Mega Plugin Pack
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F46CC671-A61E-D471-35F6-2C565C50706A}" = CCC Help Finnish
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F8F35EDE-7816-36DF-C6EC-DCA2954B0C78}" = CCC Help Greek
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"All ATI Software" = Softarová utilita ATI - Odinstalovat
"Ashampoo ClipFinder HD_is1" = Ashampoo ClipFinder HD 2.06
"ATF" = ATF
"ATI Display Driver" = ATI Display Driver
"avast!" = avast! Antivirus
"CCleaner" = CCleaner (remove only)
"CloneDVD2" = CloneDVD2
"Cyklotrasy 2.18 + mapy ČR" = Cyklotrasy 2.18 + mapy ČR
"Easy CD-DA Extractor 9.0" = Easy CD-DA Extractor 9.0
"eBay Icon" = eBay Icon
"Eurobattle.net2.0" = Eurobattle.net
"F064B256B4A20996EA9E333B5E0F14B61AB3333D" = Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
"ffdshow_is1" = ffdshow [rev 1245] [2007-06-04]
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"GameParkClient_is1" = GamePark
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"Indeo® XP Software" = Indeo® XP Software
"InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{4E5E22C2-1386-47AE-8EDE-32DDCDCD6653}" = QuickTime
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InterActual Player" = InterActual Player
"jetAudio 6.2.x Czech Language Pack" = jetAudio 6.2.x Czech Language Pack
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"mIRC" = mIRC
"Mozilla Firefox (3.5.

" = Mozilla Firefox (3.5.

"MultiRes (remove only)" = MultiRes (remove only)
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NeroVision!UninstallKey" = Nero Digital
"NI Service Center" = NI Service Center
"OfficeCalculator" = OfficeCalculator
"PunkBusterSvc" = PunkBuster Services
"Quake III Arena" = Quake III Arena
"Quake III Arena Point Release 1.32" = Quake III Arena Point Release 1.32
"RivaTuner" = RivaTuner v2.02
"Steam App 10" = Counter-Strike
"Steam App 100" = Condition Zero Deleted Scenes
"Steam App 150" = Counter-Strike Steamworks Beta
"Steam App 80" = Condition Zero
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"The KMPlayer" = The KMPlayer (remove only)
"Total Video Converter_is1" = Total Video Converter 2.52
"Totalcmd" = Total Commander (Remove or Repair)
"Uninstall_is1" = Uninstall 1.0.0.1
"VentriloMIX" = VentriloMIX
"VIA Vinyl Audio Codecs Driver Setup Program" = VIA Vinyl Audio Codecs Driver Setup Program
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Zero-X BeatCreator Demo" = Zero-X BeatCreator Demo

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 25.2.2010 15:24:00 | Computer Name = UKUCHYNE | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of \\6c0f08832c4f41a\!!!!!hudba!!!!!\Normal\Linkin Park - Minutes to Midnight [2007]\Folder.jpg
failed, 00000005.

Error - 25.2.2010 15:24:01 | Computer Name = UKUCHYNE | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of \\6c0f08832c4f41a\!!!!!hudba!!!!!\Normal\Linkin Park - Minutes to Midnight [2007]\AlbumArtSmall.jpg
failed, 00000005.

Error - 25.2.2010 15:24:01 | Computer Name = UKUCHYNE | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of \\6c0f08832c4f41a\!!!!!hudba!!!!!\Normal\Linkin Park - Minutes to Midnight [2007]\AlbumArt_{EA445DCD-D5E0-42C7-B659-8675D562EFB3}_Small.jpg
failed, 00000005.

Error - 25.2.2010 15:24:01 | Computer Name = UKUCHYNE | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of \\6c0f08832c4f41a\!!!!!hudba!!!!!\Normal\Linkin Park - Minutes to Midnight [2007]\AlbumArt_{EA445DCD-D5E0-42C7-B659-8675D562EFB3}_Large.jpg
failed, 00000005.

Error - 25.2.2010 16:03:55 | Computer Name = UKUCHYNE | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of \\6c0f08832c4f41a\!!!!!hudba!!!!!\Normal\The Prodigy - Invaders Must Die (2009)\AlbumArt_{4461F98C-8547-43F7-AF08-451D58C8952B}_Small.jpg
failed, 00000005.

Error - 25.2.2010 16:03:55 | Computer Name = UKUCHYNE | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of \\6c0f08832c4f41a\!!!!!hudba!!!!!\Normal\The Prodigy - Invaders Must Die (2009)\AlbumArt_{4461F98C-8547-43F7-AF08-451D58C8952B}_Large.jpg
failed, 00000005.

Error - 4.3.2010 16:18:42 | Computer Name = UKUCHYNE | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of \\6c0f08832c4f41a\!!!!!hudba!!!!!\Normal\The Prodigy - Invaders Must Die (2009)\AlbumArt_{4461F98C-8547-43F7-AF08-451D58C8952B}_Small.jpg
failed, 00000005.

Error - 4.3.2010 16:18:43 | Computer Name = UKUCHYNE | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of \\6c0f08832c4f41a\!!!!!hudba!!!!!\Normal\The Prodigy - Invaders Must Die (2009)\AlbumArt_{4461F98C-8547-43F7-AF08-451D58C8952B}_Large.jpg
failed, 00000005.

Error - 13.3.2010 9:23:57 | Computer Name = UKUCHYNE | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of \\6c0f08832c4f41a\!!!!!hudba!!!!!\Normal\Pendulum-In_Silico-2008-DV8\00-pendulum-in_silico-2008.jpg
failed, 00000005.

Error - 13.3.2010 9:23:59 | Computer Name = UKUCHYNE | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of \\6c0f08832c4f41a\!!!!!hudba!!!!!\Normal\Pendulum-In_Silico-2008-DV8\Thumbs.db
failed, 00000005.

[ Application Events ]
Error - 7.2.2010 12:10:41 | Computer Name = UKUCHYNE | Source = Application Error | ID = 1000
Description = Chybující aplikace gameparkclient.exe, verze 1.1.0.24, chybující modul
ntdll.dll, verze 5.1.2600.2180, adresa chyby 0x000122ba.

Error - 11.2.2010 12:42:57 | Computer Name = UKUCHYNE | Source = Application Error | ID = 1000
Description = Chybující aplikace iexplore.exe, verze 6.0.2900.2180, chybující modul
mshtml.dll, verze 6.0.2900.3492, adresa chyby 0x000ad544.

Error - 14.2.2010 12:03:49 | Computer Name = UKUCHYNE | Source = Application Error | ID = 1000
Description = Chybující aplikace hpwucli.exe, verze 5.0.8.1, chybující modul hpwucli.exe,
verze 5.0.8.1, adresa chyby 0x000045ea.

Error - 25.2.2010 10:00:42 | Computer Name = UKUCHYNE | Source = Google Update | ID = 20
Description =

Error - 27.2.2010 7:11:25 | Computer Name = UKUCHYNE | Source = Google Update | ID = 20
Description =

Error - 28.2.2010 13:04:18 | Computer Name = UKUCHYNE | Source = Google Update | ID = 20
Description =

Error - 4.3.2010 15:33:16 | Computer Name = UKUCHYNE | Source = Application Error | ID = 1000
Description = Chybující aplikace safari.exe, verze 5.31.21.10, chybující modul unknown,
verze 0.0.0.0, adresa chyby 0xfffffffe.

Error - 10.3.2010 2:25:09 | Computer Name = UKUCHYNE | Source = Google Update | ID = 20
Description =

Error - 13.3.2010 8:36:15 | Computer Name = UKUCHYNE | Source = Google Update | ID = 20
Description =

Error - 17.3.2010 13:26:29 | Computer Name = UKUCHYNE | Source = Application Error | ID = 1000
Description = Chybující aplikace pev.exe, verze 0.0.0.0, chybující modul pev.exe,
verze 0.0.0.0, adresa chyby 0x00090ae0.

[ System Events ]
Error - 17.3.2010 14:38:48 | Computer Name = UKUCHYNE | Source = Service Control Manager | ID = 7011
Description = Vypršel časový limit (30000 milisekund) čekání na odezvu transakce
služby wuauserv.

Error - 17.3.2010 14:38:48 | Computer Name = UKUCHYNE | Source = Service Control Manager | ID = 7000
Description = Služba Automatické aktualizace neuspěla při spuštění v důsledku následující
chyby: %%1053

Error - 17.3.2010 14:38:48 | Computer Name = UKUCHYNE | Source = Service Control Manager | ID = 7011
Description = Vypršel časový limit (30000 milisekund) čekání na odezvu transakce
služby TrkWks.

Error - 17.3.2010 14:38:48 | Computer Name = UKUCHYNE | Source = Service Control Manager | ID = 7011
Description = Vypršel časový limit (30000 milisekund) čekání na odezvu transakce
služby Browser.

Error - 17.3.2010 14:38:48 | Computer Name = UKUCHYNE | Source = Service Control Manager | ID = 7000
Description = Služba Prohledávání počítačů neuspěla při spuštění v důsledku následující
chyby: %%1053

Error - 17.3.2010 14:38:48 | Computer Name = UKUCHYNE | Source = Service Control Manager | ID = 7001
Description = Služba Brána Firewall / Sdílení připojení k Internetu (ICS) závisí
na službě Služba WMI, která neuspěla při spuštění v důsledku následující chyby:
%%1053

Error - 17.3.2010 14:38:48 | Computer Name = UKUCHYNE | Source = Service Control Manager | ID = 7011
Description = Vypršel časový limit (30000 milisekund) čekání na odezvu transakce
služby ShellHWDetection.

Error - 17.3.2010 14:38:48 | Computer Name = UKUCHYNE | Source = Service Control Manager | ID = 7011
Description = Vypršel časový limit (30000 milisekund) čekání na odezvu transakce
služby BITS.

Error - 17.3.2010 14:38:48 | Computer Name = UKUCHYNE | Source = Service Control Manager | ID = 7022
Description = Služba StarWind iSCSI Service přestala během spouštění reagovat.

Error - 17.3.2010 14:38:49 | Computer Name = UKUCHYNE | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: Beep

< End of report >

mirage. · Příspěvekod **mirage.** » 17 bře 2010 19:59

OTL.TXT

OTL logfile created on: 17.3.2010 19:50:47 - Run 1
OTL by OldTimer - Version 3.1.37.2 Folder = C:\Documents and Settings\XXL\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

767,00 Mb Total Physical Memory | 504,00 Mb Available Physical Memory | 66,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 800 800 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 30,12 Gb Free Space | 40,42% Space Free | Partition Type: NTFS
Drive D: | 38,28 Gb Total Space | 19,00 Gb Free Space | 49,65% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: UKUCHYNE
Current User Name: XXL
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 14 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\XXL\Plocha\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe ()
PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (Rocket Division Software)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\XXL\Plocha\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll (ALWIL Software)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (gusvc) -- File not found
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (TUWinStylerThemeSvc) -- C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe (TuneUp Software GmbH)
SRV - (StarWindService) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (Rocket Division Software)
SRV - (MSSQL$SONY_MEDIAMGR) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$SONY_MEDIAMGR) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (PnkBstrK) -- C:\WINDOWS\system32\drivers\PnkBstrK.sys ()
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (RivaTuner32) -- C:\Program Files\RivaTuner v2.02\RivaTuner32.sys ()
DRV - (k510mdm) -- C:\WINDOWS\system32\drivers\k510mdm.sys (MCCI)
DRV - (k510mgmt) Sony Ericsson K510 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\k510mgmt.sys (MCCI)
DRV - (k510obex) -- C:\WINDOWS\system32\drivers\k510obex.sys (MCCI)
DRV - (k510mdfl) -- C:\WINDOWS\system32\drivers\k510mdfl.sys (MCCI)
DRV - (z530mdm) -- C:\WINDOWS\system32\drivers\z530mdm.sys (MCCI)
DRV - (z530mgmt) Sony Ericsson Z530 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\z530mgmt.sys (MCCI)
DRV - (z530obex) -- C:\WINDOWS\system32\drivers\z530obex.sys (MCCI)
DRV - (z530bus) Sony Ericsson Z530 Driver driver (WDM) -- C:\WINDOWS\system32\drivers\z530bus.sys (MCCI)
DRV - (z530mdfl) -- C:\WINDOWS\system32\drivers\z530mdfl.sys (MCCI)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\nmwcd.sys (Nokia)
DRV - (nmwcdcm) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys (Nokia)
DRV - (nmwcdcj) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\nmwcdc.sys (Nokia)
DRV - (videX32) -- C:\WINDOWS\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.)
DRV - (k510bus) Sony Ericsson K510 Driver driver (WDM) -- C:\WINDOWS\system32\drivers\k510bus.sys (MCCI)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (VIAudio) Vinyl AC'97 Audio Controller (WDM) -- C:\WINDOWS\system32\drivers\vinyl97.sys (VIA Technologies, Inc.)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (Vax347b) -- C:\WINDOWS\system32\drivers\Vax347b.sys ( )
DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (ElbyDelay) -- C:\WINDOWS\system32\drivers\ElbyDelay.sys (Elaborate Bytes AG)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (usbaudio) Ovladač zvukové karty USB (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (Vax347s) -- C:\WINDOWS\System32\Drivers\Vax347s.sys ( )
DRV - (ADILOADER) General Purpose USB Driver (adildr.sys) -- C:\WINDOWS\system32\drivers\adildr.sys (Analog Deivces)
DRV - (adiusbaw) -- C:\WINDOWS\system32\drivers\adiusbaw.sys (Analog Devices Inc.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchcust.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://www.atlas.cz/?from=icqhp"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.7.2.11
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.8
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009.03.08 13:49:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.02.20 10:45:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.02.20 10:45:28 | 000,000,000 | ---D | M]

[2008.09.15 15:36:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\Mozilla\Extensions
[2008.09.15 15:36:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\XXL\Data aplikací\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010.02.21 11:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\Mozilla\Firefox\Profiles\nakh0zrk.default\extensions
[2009.03.29 09:42:50 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Documents and Settings\XXL\Data aplikací\Mozilla\Firefox\Profiles\nakh0zrk.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2010.02.14 14:09:01 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\XXL\Data aplikací\Mozilla\Firefox\Profiles\nakh0zrk.default\searchplugins\icqplugin-1.xml
[2009.03.06 19:44:46 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\XXL\Data aplikací\Mozilla\Firefox\Profiles\nakh0zrk.default\searchplugins\icqplugin-2.xml
[2008.07.10 12:58:44 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\XXL\Data aplikací\Mozilla\Firefox\Profiles\nakh0zrk.default\searchplugins\icqplugin.xml
[2010.03.12 00:47:47 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.02.20 10:45:28 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009.03.08 13:49:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009.12.07 18:16:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.03.12 00:47:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
[2010.02.20 10:45:19 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010.02.20 10:45:20 | 000,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009.12.17 17:14:01 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2010.02.20 10:45:22 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2010.01.25 18:16:46 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010.01.25 18:16:46 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.01.25 18:16:46 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.01.25 18:16:46 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.01.25 18:16:46 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.01.25 18:16:46 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.03.17 19:08:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (WebTranslator) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\WEBIE.DLL ()
O3 - HKCU\..\Toolbar\ShellBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Odkazy) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKCU\..\Toolbar\WebBrowser: (&Odkazy) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [combofix] C:\ComboFix\CF24493.cfx File not found
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O9 - Extra Button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\TRANSLAT\WEBIE.DLL ()
O9 - Extra 'Tools' menuitem : &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL ()
O9 - Extra 'Tools' menuitem : Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL ()
O9 - Extra 'Tools' menuitem : Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: mojebanka.cz ([www] https in Důvěryhodné servery)
O15 - HKCU\..Trusted Domains: mojebanka.cz ([www] https in Důvěryhodné servery)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} https://www.mojebanka.cz/jars/confwiz/MVSGif.cab (AnimatedGif Control)
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritage.cz/Genoogle/Compo ... eQuery.dll (CSEQueryObject Object)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {A27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://icq.oberon-media.com/Gameshell/G ... meHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.adobe.com/pub/shockwa ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Proces mezipaměti kategorií součástí - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010.03.17 19:47:46 | 000,556,032 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\XXL\Plocha\OTL.exe
[2010.03.17 19:47:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.03.17 18:21:50 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.03.17 17:46:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XXL\Data aplikací\Malwarebytes
[2010.03.17 17:46:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.03.17 17:46:34 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.03.17 17:46:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.03.17 17:46:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2010.03.12 00:48:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Sun
[2010.03.12 00:47:46 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.03.12 00:47:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.03.12 00:47:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.03.03 21:41:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010.03.03 21:41:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XXL\Local Settings\Data aplikací\Apple
[2010.03.03 21:41:29 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010.03.03 21:41:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Apple
[2008.04.24 11:48:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\Xfire
[2007.09.09 18:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Macromedia
[2007.08.23 10:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Xfire
[2006.11.13 14:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\Google
[2005.11.29 21:08:31 | 000,159,616 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Vax347b.sys
[2005.11.29 21:08:31 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Vax347s.sys
[2005.11.29 20:17:34 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Data aplikací\Microsoft
[2005.11.29 20:17:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[2005.11.29 18:59:49 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[2005.11.29 18:59:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010.03.17 19:47:46 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\XXL\Plocha\OTL.exe
[2010.03.17 19:33:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.03.17 19:32:31 | 008,912,896 | ---- | M] () -- C:\Documents and Settings\XXL\NTUSER.DAT
[2010.03.17 19:32:31 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\XXL\ntuser.ini
[2010.03.17 19:08:54 | 000,000,827 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.03.17 19:08:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.03.17 18:22:01 | 000,000,460 | RHS- | M] () -- C:\boot.ini
[2010.03.17 18:12:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.03.17 16:32:14 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.03.16 07:50:39 | 000,000,673 | ---- | M] () -- C:\Documents and Settings\XXL\Plocha\Cyklotrasy 2.18.lnk
[2010.03.15 20:42:56 | 000,004,602 | ---- | M] () -- C:\WINDOWS\WDICT32.INI
[2010.03.11 21:02:35 | 000,477,463 | ---- | M] () -- C:\Documents and Settings\XXL\Dokumenty\japonsko-cesky_cesko-japonsky_slovnik.zip
[2010.03.10 07:55:12 | 000,237,568 | ---- | M] () -- C:\Documents and Settings\XXL\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.09 21:10:18 | 000,000,042 | ---- | M] () -- C:\Documents and Settings\XXL\default.pls
[2010.03.04 19:42:57 | 001,019,924 | ---- | M] () -- C:\Documents and Settings\XXL\Dokumenty\Worms_2010_240x320.jar
[2010.03.04 19:38:37 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010.03.04 19:22:55 | 000,393,217 | ---- | M] () -- C:\Documents and Settings\XXL\Dokumenty\EDGE+240x320.jar
[2010.03.03 21:43:00 | 000,037,844 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010.03.03 21:42:54 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010.03.03 21:41:34 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.03.17 18:22:00 | 000,000,389 | ---- | C] () -- C:\Boot.bak
[2010.03.17 18:21:56 | 000,261,312 | ---- | C] () -- C:\cmldr
[2010.03.16 07:50:39 | 000,000,673 | ---- | C] () -- C:\Documents and Settings\XXL\Plocha\Cyklotrasy 2.18.lnk
[2010.03.12 00:53:01 | 001,676,800 | ---- | C] () -- C:\Documents and Settings\XXL\Dokumenty\japonsko-cesky_cesko-japonsky_slovnik.xls
[2010.03.11 21:02:35 | 000,477,463 | ---- | C] () -- C:\Documents and Settings\XXL\Dokumenty\japonsko-cesky_cesko-japonsky_slovnik.zip
[2010.03.04 19:42:57 | 001,019,924 | ---- | C] () -- C:\Documents and Settings\XXL\Dokumenty\Worms_2010_240x320.jar
[2010.03.04 19:22:55 | 000,393,217 | ---- | C] () -- C:\Documents and Settings\XXL\Dokumenty\EDGE+240x320.jar
[2010.03.03 21:43:00 | 000,037,844 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010.03.03 21:42:54 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010.03.03 21:42:54 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010.03.03 21:41:34 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009.03.12 18:07:32 | 000,000,287 | ---- | C] () -- C:\WINDOWS\game.ini
[2009.03.11 14:46:30 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\XXL\Data aplikací\PnkBstrK.sys
[2009.03.02 19:50:12 | 000,000,154 | ---- | C] () -- C:\WINDOWS\adidsl.ini
[2009.03.02 19:50:12 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Fast800.ini
[2009.03.02 19:50:04 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\coclassfast.dll
[2009.03.02 19:50:02 | 000,046,892 | ---- | C] () -- C:\WINDOWS\System32\adadix16.dll
[2009.03.02 19:43:37 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\adinst32.dll
[2008.12.24 15:36:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2008.11.01 14:45:38 | 000,000,314 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2008.08.28 15:20:24 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008.07.20 14:00:24 | 000,002,770 | ---- | C] () -- C:\WINDOWS\WoWEmuHackSettings.ini
[2008.06.12 00:55:04 | 000,041,296 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2008.04.25 09:31:10 | 000,000,525 | ---- | C] () -- C:\WINDOWS\Viewer.INI
[2008.04.25 09:12:56 | 000,000,877 | ---- | C] () -- C:\WINDOWS\MyHeritage.INI
[2008.04.25 09:09:50 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\PaintX.dll
[2007.10.14 18:01:35 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007.10.14 18:01:35 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007.08.22 11:24:20 | 000,137,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2006.12.25 10:03:14 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2006.12.24 18:21:28 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2006.12.24 18:15:35 | 000,009,043 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\hpzinstall.log
[2006.09.11 17:01:40 | 000,000,032 | ---- | C] () -- C:\WINDOWS\wowCP.ini
[2006.07.25 19:40:20 | 000,001,355 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\QTSBandwidthCache
[2006.07.20 14:17:24 | 000,000,123 | ---- | C] () -- C:\Documents and Settings\XXL\Local Settings\Data aplikací\fusioncache.dat
[2006.07.03 08:04:35 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006.06.03 15:36:59 | 000,000,926 | ---- | C] () -- C:\WINDOWS\adiras.ini
[2006.05.24 16:38:04 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2006.05.24 16:38:04 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2006.03.16 15:05:21 | 000,000,091 | ---- | C] () -- C:\WINDOWS\level.ini
[2006.03.09 17:52:35 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2006.01.17 19:50:07 | 000,000,036 | ---- | C] () -- C:\WINDOWS\CONTEXT.INI
[2006.01.17 18:07:51 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2006.01.14 09:59:52 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2006.01.14 09:59:52 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2006.01.03 15:56:53 | 000,000,948 | ---- | C] () -- C:\WINDOWS\QIII.INI
[2006.01.03 15:54:07 | 000,000,044 | ---- | C] () -- C:\WINDOWS\STXKBD.INI
[2005.12.20 13:20:30 | 000,000,083 | ---- | C] () -- C:\WINDOWS\CDPLAYER.INI
[2005.12.20 13:03:16 | 000,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005.12.19 17:33:04 | 000,000,025 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005.12.18 18:50:34 | 000,237,568 | ---- | C] () -- C:\Documents and Settings\XXL\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005.12.13 22:54:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2005.12.01 09:06:16 | 000,000,033 | ---- | C] () -- C:\WINDOWS\WTRDCTM.INI
[2005.12.01 09:05:08 | 000,000,226 | ---- | C] () -- C:\WINDOWS\MAILTRAN.INI
[2005.12.01 09:05:07 | 000,000,533 | ---- | C] () -- C:\WINDOWS\TRNCOM.INI
[2005.12.01 09:04:59 | 000,004,602 | ---- | C] () -- C:\WINDOWS\WDICT32.INI
[2005.12.01 09:04:59 | 000,004,590 | ---- | C] () -- C:\WINDOWS\WTRAN32.INI
[2005.12.01 08:59:09 | 000,000,174 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005.12.01 08:33:05 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005.12.01 08:09:57 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\UnAudioNT.dll
[2005.11.29 21:56:32 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005.11.29 21:39:26 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005.11.29 21:39:26 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005.11.29 21:39:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005.11.29 21:39:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005.11.29 21:39:26 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005.11.29 21:39:26 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005.11.29 21:07:16 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2005.11.29 20:41:01 | 000,001,708 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2005.10.14 11:56:51 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 11:56:51 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 11:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 11:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 11:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 11:56:50 | 000,152,064 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 11:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.07.15 19:35:56 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005.07.15 19:35:56 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004.08.17 14:49:10 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2003.04.09 15:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.10.03 14:42:27 | 000,000,034 | ---- | C] () -- C:\WINDOWS\Q3version.ini
[2001.07.07 03:00:00 | 000,003,165 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI

========== LOP Check ==========

[2005.11.29 21:42:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ACD Systems
[2006.04.03 14:10:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Buena Vista Games
[2008.11.28 16:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2009.03.11 14:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\id Software
[2008.01.23 21:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Installations
[2008.04.24 10:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Locktime
[2006.03.07 16:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\MSScanAppDataDir
[2008.01.23 21:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Suite
[2009.07.02 12:52:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Propellerhead Software
[2007.10.02 17:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Sony
[2009.02.22 20:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Teleca
[2009.08.28 17:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2009.02.23 17:19:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
[2005.11.29 21:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\ACD Systems
[2007.07.05 12:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\Allstar
[2009.08.24 12:52:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\Ashampoo
[2006.07.03 08:06:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\AVS Video Converter
[2009.02.20 21:01:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\BitTorrent
[2008.09.15 15:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\Blender Foundation
[2005.12.16 11:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\COWON
[2009.10.27 17:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\Desktopicon
[2006.03.13 16:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\Gearbox Software
[2009.02.22 23:11:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\GetRightToGo
[2009.02.22 23:11:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\HLSW
[2010.03.17 18:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\ICQ
[2006.06.04 15:49:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\ICQLite
[2009.03.11 14:47:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\id Software
[2009.10.10 17:07:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\Image Zone Express
[2005.11.29 21:41:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\InterVideo
[2008.12.27 14:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\Kingston
[2006.03.11 17:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\Lionhead Studios
[2008.04.24 10:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\Locktime
[2006.07.17 20:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\NetMedia Providers
[2008.01.23 21:05:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\Nokia
[2006.10.18 12:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\Nvu
[2008.01.23 21:06:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\PC Suite
[2009.07.02 12:52:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\Propellerhead Software
[2006.07.17 20:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\Publish Providers
[2007.10.02 17:02:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\Sony
[2008.12.24 15:30:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\Teleca
[2008.04.25 09:09:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\The Complete Genealogy Reporter - FTB
[2005.11.29 21:47:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\TuneUp Software
[2009.02.20 21:01:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\uTorrent
[2007.02.16 22:38:50 | 000,000,386 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:CB0AACC9
@Alternate Data Stream - 288 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:05EE1EEF
< End of report >
[2010.03.17 19:47:46 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\XXL\Plocha\OTL.exe
[2010.03.17 19:33:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.03.17 19:32:31 | 008,912,896 | ---- | M] () -- C:\Documents and Settings\XXL\NTUSER.DAT
[2010.03.17 19:32:31 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\XXL\ntuser.ini
[2010.03.17 19:08:54 | 000,000,827 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.03.17 19:08:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.03.17 19:04:34 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010.03.17 18:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\ICQ
[2010.03.17 18:12:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.03.17 18:12:07 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\Blizzard Entertainment
[2010.03.17 18:01:18 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.03.17 17:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\Malwarebytes
[2010.03.17 17:46:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2010.03.17 16:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
[2010.03.17 16:49:32 | 000,000,000 | ---D | M] -- C:\Program Files\Ashampoo
[2010.03.17 16:41:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010.03.17 16:38:43 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\DVDVideoSoft
[2010.03.17 16:38:04 | 000,000,000 | ---D | M] -- C:\Program Files\World of Warcraft
[2010.03.17 16:32:14 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.03.16 17:12:16 | 000,000,000 | ---D | M] -- C:\Program Files\Steam
[2010.03.16 07:50:39 | 000,000,673 | ---- | M] () -- C:\Documents and Settings\XXL\Plocha\Cyklotrasy 2.18.lnk
[2010.03.15 20:42:56 | 000,004,602 | ---- | M] () -- C:\WINDOWS\WDICT32.INI
[2010.03.12 00:48:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Sun
[2010.03.12 00:48:03 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\Java
[2010.03.12 00:47:44 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010.03.11 21:02:35 | 000,477,463 | ---- | M] () -- C:\Documents and Settings\XXL\Dokumenty\japonsko-cesky_cesko-japonsky_slovnik.zip
[2010.03.10 07:55:12 | 000,237,568 | ---- | M] () -- C:\Documents and Settings\XXL\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.09 21:10:18 | 000,000,042 | ---- | M] () -- C:\Documents and Settings\XXL\default.pls
[2010.03.04 19:42:57 | 001,019,924 | ---- | M] () -- C:\Documents and Settings\XXL\Dokumenty\Worms_2010_240x320.jar
[2010.03.04 19:38:37 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010.03.04 19:22:55 | 000,393,217 | ---- | M] () -- C:\Documents and Settings\XXL\Dokumenty\EDGE+240x320.jar
[2010.03.03 21:43:00 | 000,037,844 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010.03.03 21:42:54 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010.03.03 21:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\Apple Computer
[2010.03.03 21:42:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Local Settings\Data aplikací\Apple Computer
[2010.03.03 21:41:43 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\Apple
[2010.03.03 21:41:34 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.03.03 21:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Local Settings\Data aplikací\Apple
[2010.03.03 21:41:30 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010.03.03 21:41:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Apple
[2010.02.08 07:23:07 | 002,108,996 | -H-- | M] () -- C:\Documents and Settings\XXL\Local Settings\Data aplikací\IconCache.db
[2009.07.29 11:05:33 | 000,045,768 | ---- | M] () -- C:\Documents and Settings\XXL\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
[2009.03.11 14:46:30 | 000,022,328 | ---- | M] () -- C:\Documents and Settings\XXL\Data aplikací\PnkBstrK.sys
[2008.04.24 11:48:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\Xfire
[2007.09.09 18:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Macromedia
[2007.08.23 10:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Xfire
[2007.06.18 21:20:13 | 000,009,043 | ---- | M] () -- C:\Documents and Settings\All Users\Data aplikací\hpzinstall.log
[2006.11.13 14:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\Google
[2006.07.25 19:40:20 | 000,001,355 | ---- | M] () -- C:\Documents and Settings\All Users\Data aplikací\QTSBandwidthCache
[2006.07.20 14:17:24 | 000,000,123 | ---- | M] () -- C:\Documents and Settings\XXL\Local Settings\Data aplikací\fusioncache.dat
[2005.11.29 20:17:34 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Data aplikací\Microsoft
[2005.11.29 20:17:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[2005.11.29 19:45:47 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\XXL\Data aplikací\desktop.ini
[2005.11.29 19:45:47 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\desktop.ini
[2005.11.29 18:59:49 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[2005.11.29 18:59:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010.03.17 19:47:46 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\XXL\Plocha\OTL.exe
[2010.03.17 19:33:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.03.17 19:32:31 | 008,912,896 | ---- | M] () -- C:\Documents and Settings\XXL\NTUSER.DAT
[2010.03.17 19:32:31 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\XXL\ntuser.ini
[2010.03.17 19:08:54 | 000,000,827 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.03.17 19:08:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.03.17 18:22:01 | 000,000,460 | RHS- | M] () -- C:\boot.ini
[2010.03.17 18:12:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.03.17 16:32:14 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.03.16 07:50:39 | 000,000,673 | ---- | M] () -- C:\Documents and Settings\XXL\Plocha\Cyklotrasy 2.18.lnk
[2010.03.15 20:42:56 | 000,004,602 | ---- | M] () -- C:\WINDOWS\WDICT32.INI
[2010.03.11 21:02:35 | 000,477,463 | ---- | M] () -- C:\Documents and Settings\XXL\Dokumenty\japonsko-cesky_cesko-japonsky_slovnik.zip
[2010.03.10 07:55:12 | 000,237,568 | ---- | M] () -- C:\Documents and Settings\XXL\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.09 21:10:18 | 000,000,042 | ---- | M] () -- C:\Documents and Settings\XXL\default.pls
[2010.03.04 19:42:57 | 001,019,924 | ---- | M] () -- C:\Documents and Settings\XXL\Dokumenty\Worms_2010_240x320.jar
[2010.03.04 19:38:37 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010.03.04 19:22:55 | 000,393,217 | ---- | M] () -- C:\Documents and Settings\XXL\Dokumenty\EDGE+240x320.jar
[2010.03.03 21:43:00 | 000,037,844 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010.03.03 21:42:54 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010.03.03 21:41:34 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

mirage. · Příspěvekod **mirage.** » 17 bře 2010 20:00

========== LOP Check ==========

[2005.11.29 21:42:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ACD Systems
[2006.04.03 14:10:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Buena Vista Games
[2008.11.28 16:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2009.03.11 14:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\id Software
[2008.01.23 21:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Installations
[2008.04.24 10:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Locktime
[2006.03.07 16:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\MSScanAppDataDir
[2008.01.23 21:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Suite
[2009.07.02 12:52:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Propellerhead Software
[2007.10.02 17:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Sony
[2009.02.22 20:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Teleca
[2009.08.28 17:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2009.02.23 17:19:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
[2005.11.29 21:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\ACD Systems
[2007.07.05 12:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\Allstar
[2009.08.24 12:52:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\Ashampoo
[2006.07.03 08:06:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\AVS Video Converter
[2009.02.20 21:01:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\BitTorrent
[2008.09.15 15:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\Blender Foundation
[2005.12.16 11:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\COWON
[2009.10.27 17:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\Desktopicon
[2006.03.13 16:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\Gearbox Software
[2009.02.22 23:11:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\GetRightToGo
[2009.02.22 23:11:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\HLSW
[2010.03.17 18:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\ICQ
[2006.06.04 15:49:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\ICQLite
[2009.03.11 14:47:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\id Software
[2009.10.10 17:07:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\Image Zone Express
[2005.11.29 21:41:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\InterVideo
[2008.12.27 14:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\Kingston
[2006.03.11 17:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\Lionhead Studios
[2008.04.24 10:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\Locktime
[2006.07.17 20:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\NetMedia Providers
[2008.01.23 21:05:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\Nokia
[2006.10.18 12:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\Nvu
[2008.01.23 21:06:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\PC Suite
[2009.07.02 12:52:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\Propellerhead Software
[2006.07.17 20:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\Publish Providers
[2007.10.02 17:02:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\Sony
[2008.12.24 15:30:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\Teleca
[2008.04.25 09:09:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\The Complete Genealogy Reporter - FTB
[2005.11.29 21:47:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\TuneUp Software
[2009.02.20 21:01:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XXL\Data aplikací\uTorrent
[2007.02.16 22:38:50 | 000,000,386 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:CB0AACC9
@Alternate Data Stream - 288 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:05EE1EEF

< End of report >

Je tady nějaky limit 60K znaků, takže je to bohužel po kouscích.

Damned · Příspěvekod **Damned** » 17 bře 2010 20:21

Tyto logy jsou někdy i na pět příspěvků.

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Custom Scans/Fixes do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
SRV - (gusvc) -- File not found
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&q="
[2010.02.14 14:09:01 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\XXL\Data aplikací\Mozilla\Firefox\Profiles\nakh0zrk.default\searchplugins\icqplugin-1.xml
[2009.03.06 19:44:46 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\XXL\Data aplikací\Mozilla\Firefox\Profiles\nakh0zrk.default\searchplugins\icqplugin-2.xml
[2008.07.10 12:58:44 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\XXL\Data aplikací\Mozilla\Firefox\Profiles\nakh0zrk.default\searchplugins\icqplugin.xml
O4 - HKLM..\Run: [combofix] C:\ComboFix\CF24493.cfx File not found
O16 - DPF: {A27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:CB0AACC9
@Alternate Data Stream - 288 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:05EE1EEF

:Files
C:\WINDOWS\*.tmp
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\system32\*.tmp.dll
C:\WINDOWS\system32\SET*.tmp
c:\windows\system32\wuaueng.dll.wusetup.333093.bak
C:\Recycler
C:\$RECYCLE.BIN
C:\Documents and Settings\NetworkService\Data aplikací\rbuwzv.dat
C:\Windows\tasks\SA.DAT
C:\WINDOWS\system32\28463

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

:Commands
[purity]
[emptytemp]
[emptyflash]
[start explorer]
[Reboot]

Poté klikni nahoře na Run Fix. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

Prosím o kontrolu HJT Vyřešeno

Prosím o kontrolu HJT

Re: Prosím o kontrolu HJT

Re: Prosím o kontrolu HJT

Re: Prosím o kontrolu HJT

Re: Prosím o kontrolu HJT

Re: Prosím o kontrolu HJT

Re: Prosím o kontrolu HJT

Re: Prosím o kontrolu HJT

Re: Prosím o kontrolu HJT

Re: Prosím o kontrolu HJT

Re: Prosím o kontrolu HJT

Re: Prosím o kontrolu HJT

Kdo je online