popup Your computer is infected! Vyřešeno

[kecupek]

objevil se mi cca po 14 dnes od vyreseni znovu stejny problem...
Vyskakuje okno:

Your computer is infected!
Windows has detected spyware infection...

Prosim o pomoc.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:10:23, on 23.10.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Gigabyte\ET5Pro\GUI.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Genius\ioCentre\gTaskBar.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\Temp\wpv901255703227.exe
C:\Genius\ioCentre\gMouseTask.exe
C:\WINDOWS\system32\restorer64_a.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Genius\ioCentre\gKbdTask.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Genius\ioCentre\gAutoPan.exe
C:\WINDOWS\System32\svchost.exe
C:\Genius\ioCentre\gAutoScroll.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Genius\ioCentre\gZoom.exe
C:\Genius\ioCentre\gMGlass.exe
C:\Genius\ioCentre\gIMMgm.exe
C:\Program Files\Desktop Sidebar\dsidebar.exe
C:\Genius\ioCentre\gDeskMgm.exe
C:\WINDOWS\System32\svchost.exe
C:\Genius\ioCentre\gTaskSwitch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\EXPERTool ATI\TBPanel.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE
C:\Documents and Settings\Ketchup\Data aplikací\seres.exe
C:\Program Files\QIP\qip.exe
C:\Documents and Settings\Ketchup\Data aplikací\svcst.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Ketchup\restorer64_a.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TrndMicro\HJ\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe cpcp.cpo bef0regiiav
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [EasyTuneVPro] C:\Program Files\Gigabyte\ET5Pro\ETcall.exe
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\GENIUS~1\mouseElf.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [sysgif32] C:\WINDOWS\Temp\wpv901255703227.exe
O4 - HKLM\..\Run: [restorer64_a] C:\WINDOWS\system32\restorer64_a.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SIDEBAR] "C:\Program Files\Desktop Sidebar\dsidebar.exe"
O4 - HKCU\..\Run: [Gainward] C:\Program Files\EXPERTool ATI\TBPanel.exe /A
O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\DOCUME~1\Ketchup\LOCALS~1\Temp\E_S2A.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [QIP2005] C:\Program Files\QIP\qip.exe
O4 - HKCU\..\Run: [restorer64_a] C:\Documents and Settings\Ketchup\restorer64_a.exe
O4 - HKCU\..\Run: [mserv] C:\Documents and Settings\Ketchup\Data aplikací\seres.exe
O4 - HKCU\..\Run: [svchost] C:\Documents and Settings\Ketchup\Data aplikací\svcst.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: zavupd32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8937 bytes

[Reklama]

[Damned]

Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe cpcp.cpo bef0regiiav
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [sysgif32] C:\WINDOWS\Temp\wpv901255703227.exe
O4 - HKLM\..\Run: [restorer64_a] C:\WINDOWS\system32\restorer64_a.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKCU\..\Run: [restorer64_a] C:\Documents and Settings\Ketchup\restorer64_a.exe
O4 - HKCU\..\Run: [mserv] C:\Documents and Settings\Ketchup\Data aplikací\seres.exe
O4 - HKCU\..\Run: [svchost] C:\Documents and Settings\Ketchup\Data aplikací\svcst.exe
O4 - Startup: zavupd32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
*****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[kecupek]

Malwarebytes' Anti-Malware 1.41
Verze databáze: 2899
Windows 5.1.2600 Service Pack 2

23.10.2009 19:48:22
mbam-log-2009-10-23 (19-48-19).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 95943
Uplynulý čas: 2 minute(s), 49 second(s)

Infikované procesy v paměti: 2
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 3
Infikované datové položky registru: 1
Infikované adresáře: 0
Infikované soubory: 8

Infikované procesy v paměti:
C:\Documents and Settings\Ketchup\Data aplikací\seres.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Ketchup\Data aplikací\svcst.exe (Trojan.Agent) -> No action taken.

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mserv (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> No action taken.

Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\Documents and Settings\Ketchup\Data aplikací\seres.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Ketchup\Data aplikací\svcst.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Ketchup\Data aplikací\wiaserva.log (Malware.Trace) -> No action taken.
C:\Documents and Settings\Ketchup\Local Settings\temp\BN1.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Ketchup\Local Settings\temp\BN7.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\wpv291256085323.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\wpv901255703227.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Ketchup\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> No action taken.

[Damned]

Takže spusť znovu MbAM a dej Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Konec

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[kecupek]

Malwarebytes' Anti-Malware 1.41
Verze databáze: 2899
Windows 5.1.2600 Service Pack 2

23.10.2009 20:01:02
mbam-log-2009-10-23 (20-01-02).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 96070
Uplynulý čas: 2 minute(s), 46 second(s)

Infikované procesy v paměti: 2
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 3
Infikované datové položky registru: 1
Infikované adresáře: 0
Infikované soubory: 8

Infikované procesy v paměti:
C:\Documents and Settings\Ketchup\Data aplikací\seres.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Documents and Settings\Ketchup\Data aplikací\svcst.exe (Trojan.Agent) -> Unloaded process successfully.

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mserv (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Quarantined and deleted successfully.

Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\Documents and Settings\Ketchup\Data aplikací\seres.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ketchup\Data aplikací\svcst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ketchup\Data aplikací\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ketchup\Local Settings\temp\BN1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ketchup\Local Settings\temp\BN7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wpv291256085323.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wpv901255703227.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ketchup\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.

[kecupek]

ComboFix 09-10-22.01 - Ketchup 23.10.2009 20:08.4.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2046.1423 [GMT 2:00]
Spuštěný z: c:\documents and settings\Ketchup\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1356 [VPS 091022-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Ketchup\restorer64_a.exe
c:\windows\system32\restorer64_a.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-09-23 do 2009-10-23 )))))))))))))))))))))))))))))))
.

2009-10-23 17:02 . 2009-10-23 17:02 -------- d-----w- C:\rsit
2009-10-18 19:26 . 2009-10-18 19:26 -------- d-s---w- c:\documents and settings\Ketchup\UserData
2009-10-18 18:45 . 2009-10-18 18:45 -------- d-----w- c:\program files\Codemasters
2009-10-15 15:52 . 2009-10-15 15:52 -------- d-----w- c:\windows\Sun
2009-10-15 14:42 . 2009-10-15 14:42 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-15 14:42 . 2009-10-15 14:42 -------- d-----w- c:\program files\Java
2009-10-14 13:08 . 2009-03-09 13:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-10-14 13:08 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-10-14 13:08 . 2009-03-09 13:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-10-14 13:08 . 2009-03-16 12:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-10-14 13:08 . 2009-03-16 12:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-10-14 13:08 . 2009-03-16 12:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-10-14 13:08 . 2009-03-16 12:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-10-08 07:49 . 2009-10-14 13:03 -------- d-----w- c:\program files\Half-Life 2 Episode One
2009-10-03 17:06 . 2009-10-03 17:06 -------- d-----w- c:\program files\CCleaner
2009-10-03 15:02 . 2009-10-03 15:02 -------- d-----w- c:\program files\rapget
2009-10-03 14:52 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-03 14:52 . 2009-10-03 14:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-03 14:52 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-23 18:12 . 2008-11-20 09:51 62656544 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-23 18:02 . 2008-11-20 09:51 742652 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-10-23 16:43 . 2008-04-28 12:18 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2009-10-19 14:25 . 2008-04-28 11:58 -------- d-----w- c:\program files\ATI Technologies
2009-10-18 18:55 . 2008-04-28 13:13 -------- d-----w- c:\program files\rajce
2009-10-18 18:45 . 2008-04-28 11:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-14 13:08 . 2008-04-28 21:03 -------- d-----w- c:\program files\Electronic Arts
2009-10-14 13:06 . 2008-09-26 11:22 -------- d-----w- c:\program files\AGEIA Technologies
2009-10-03 14:43 . 2008-08-07 05:27 -------- d-----w- c:\program files\Runtime Software
2009-10-03 14:42 . 2008-09-30 11:10 -------- d-----w- c:\program files\Garden Defense
2009-10-03 14:41 . 2008-09-26 11:23 -------- d-----w- c:\program files\Crazy Machines II
2009-10-03 14:41 . 2008-05-04 12:52 -------- d-----w- c:\program files\RACE 07 Offline
2009-10-03 13:46 . 2001-10-25 14:00 68916 ----a-w- c:\windows\system32\perfc005.dat
2009-10-03 13:46 . 2001-10-25 14:00 389938 ----a-w- c:\windows\system32\perfh005.dat
2009-09-15 10:59 . 2008-09-27 13:44 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-15 10:56 . 2008-09-27 13:44 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-15 10:56 . 2008-09-27 13:44 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-15 10:55 . 2008-09-27 13:44 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-15 10:55 . 2008-09-27 13:44 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-15 10:54 . 2008-09-27 13:44 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-15 10:54 . 2008-09-27 13:44 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-15 10:53 . 2008-09-27 13:44 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-15 10:53 . 2008-09-27 13:44 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-14 04:27 . 2008-01-10 05:40 4485632 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2009-08-14 02:28 . 2008-04-28 11:58 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-08-14 02:27 . 2008-01-10 03:06 345600 ----a-w- c:\windows\system32\ati2dvag.dll
2009-08-14 02:10 . 2008-01-10 02:58 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2009-08-14 02:10 . 2008-01-10 02:57 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-08-14 02:09 . 2008-01-10 02:57 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-08-14 02:09 . 2008-01-10 02:57 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-08-14 02:09 . 2008-01-10 02:57 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-08-14 02:08 . 2008-01-10 02:56 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-08-14 02:06 . 2008-01-10 02:55 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-08-14 02:00 . 2008-04-28 11:58 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2009-08-14 01:58 . 2008-01-10 02:46 3492576 ----a-w- c:\windows\system32\ati3duag.dll
2009-08-14 01:47 . 2008-12-01 20:46 12959744 ----a-w- c:\windows\system32\atioglxx.dll
2009-08-14 01:42 . 2008-01-10 02:35 2081920 ----a-w- c:\windows\system32\ativvaxx.dll
2009-08-14 01:42 . 2008-04-28 11:58 887724 ----a-w- c:\windows\system32\ativva6x.dat
2009-08-14 01:42 . 2008-04-28 11:58 3 ----a-w- c:\windows\system32\ativva5x.dat
2009-08-14 01:25 . 2009-08-14 01:25 49664 ----a-w- c:\windows\system32\atimpc32.dll
2009-08-14 01:25 . 2008-01-10 02:24 49664 ----a-w- c:\windows\system32\amdpcom32.dll
2009-08-14 01:21 . 2008-01-10 02:20 561152 ----a-w- c:\windows\system32\atikvmag.dll
2009-08-14 01:21 . 2009-08-14 01:21 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-08-14 01:20 . 2009-08-14 01:20 45056 ----a-w- c:\windows\system32\aticalcl.dll
2009-08-14 01:19 . 2009-08-14 01:19 3469312 ----a-w- c:\windows\system32\aticaldd.dll
2009-08-14 01:19 . 2008-12-01 19:52 163840 ----a-w- c:\windows\system32\atiadlxx.dll
2009-08-14 01:18 . 2008-01-10 02:18 17408 ----a-w- c:\windows\system32\atitvo32.dll
2009-08-14 01:17 . 2008-01-10 02:17 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-08-14 01:17 . 2008-01-10 02:15 376832 ----a-w- c:\windows\system32\atiok3x2.dll
2009-08-14 01:12 . 2008-01-10 02:12 614400 ----a-w- c:\windows\system32\ati2cqag.dll
2009-08-13 19:05 . 2008-12-18 23:03 593920 ------w- c:\windows\system32\ati2sgag.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 139264]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"SIDEBAR"="c:\program files\Desktop Sidebar\dsidebar.exe" [2006-07-09 1777664]
"Gainward"="c:\program files\EXPERTool ATI\TBPanel.exe" [2008-07-31 2296360]
"QIP2005"="c:\program files\QIP\qip.exe" [2008-12-09 3259392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyTuneVPro"="c:\program files\Gigabyte\ET5Pro\ETcall.exe" [2007-07-26 20480]
"mouseElf"="c:\progra~1\GENIUS~1\mouseElf.exe" [2002-04-25 155648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2006-12-08 241664]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-13 98304]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-12-20 16860672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"d:\\programy instalacky\\strong dc++\\StrongDC.exe"=
"d:\\download\\strong\\StrongDC.exe"=
"c:\\Program Files\\QIP Infium\\infium.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"d:\\hry\\Pro.Evolution.Soccer.2009.Full-Rip.Skullptura\\PES 2009\\pes2009.exe"=
"c:\\Program Files\\ASUS\\WL-520GC Wireless Router Utilities\\Discovery.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Codemasters\\OF Dragon Rising\\OFDR.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3478:UDP"= 3478:UDP:stun
"3479:UDP"= 3479:UDP:stun 2
"6112:UDP"= 6112:UDP:stun 3
"5730:UDP"= 5730:UDP:game
"5739:UDP"= 5739:UDP:game 1
"9001:TCP"= 9001:TCP:game 2
"11881:TCP"= 11881:TCP:game 3

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [15.3.2009 16:54 40464]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [27.9.2008 15:44 114768]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\ACEDRV11.sys [23.1.2008 10:19 501560]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27.9.2008 15:44 20560]
R3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [4.3.2009 17:04 9984]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [4.3.2009 17:04 14848]
S3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [4.3.2009 17:04 17408]
S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [28.4.2008 14:18 24944]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [6.5.2008 21:15 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [6.5.2008 21:15 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [6.5.2008 21:15 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [6.5.2008 21:16 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [6.5.2008 21:16 98568]
.
.
------- Doplňkový sken -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Ketchup\Data aplikací\Mozilla\Firefox\Profiles\74w2cwu6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-23 20:12
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(832)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2009-10-23 20:13
ComboFix-quarantined-files.txt 2009-10-23 18:13

Před spuštěním: Volných bajtů: 14 451 200 000
Po spuštění: Volných bajtů: 14 552 272 896

- - End Of File - - F4B9C76B093372DB1432394DC2FEC30A

[Damned]

Vypni Body obnovení, po chvíli si je zapni. Restartuj PC.

Stáhni si OTL na Plochu.
Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Output klikni na minimal Output.Pod Standard Registry změň na All. Zatrhni LOP Check a Purity Check. Klikni na Run Scan. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj

[kecupek]

OTL Extras logfile created on: 23.10.2009 20:42:17 - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Ketchup\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 74,26% Memory free
3,85 Gb Paging File | 3,34 Gb Available in Paging File | 86,84% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 49,82 Gb Total Space | 17,19 Gb Free Space | 34,51% Space Free | Partition Type: NTFS
Drive D: | 322,79 Gb Total Space | 136,68 Gb Free Space | 42,34% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 4,39 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 931,51 Gb Total Space | 186,98 Gb Free Space | 20,07% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KETCHUP-PC
Current User Name: Ketchup
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotolab Fotosvet 2] -- "C:\Fotolab Fotosvet 2.exe" "%1" ()
Directory [Prozkoumat v XnView] -- "C:\Program Files\XnView\xnview.exe" "%1" (XnView, http://www.xnview.com)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3478:UDP" = 3478:UDP:*:Enabled:stun
"3479:UDP" = 3479:UDP:*:Enabled:stun 2
"6112:UDP" = 6112:UDP:*:Enabled:stun 3
"5730:UDP" = 5730:UDP:*:Enabled:game
"5739:UDP" = 5739:UDP:*:Enabled:game 1
"9001:TCP" = 9001:TCP:*:Enabled:game 2
"11881:TCP" = 11881:TCP:*:Enabled:game 3

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)
"C:\Program Files\ICQ6\ICQ.exe" = C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, Inc.)
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe" = C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32 -- (Crytek GmbH)
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe" = C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32 -- (Crytek GmbH)
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\QIP\qip.exe" = C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager -- (The Author of QIP)
"D:\programy instalacky\strong dc++\StrongDC.exe" = D:\programy instalacky\strong dc++\StrongDC.exe:*:Enabled:StrongDC++ -- ()
"D:\download\strong\StrongDC.exe" = D:\download\strong\StrongDC.exe:*:Enabled:StrongDC++ -- (Big Muscle, KohlSoft® Corporation )
"C:\Program Files\QIP Infium\infium.exe" = C:\Program Files\QIP Infium\infium.exe:*:Enabled:QIP Infium -- (QIP)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"D:\hry\Pro.Evolution.Soccer.2009.Full-Rip.Skullptura\PES 2009\pes2009.exe" = D:\hry\Pro.Evolution.Soccer.2009.Full-Rip.Skullptura\PES 2009\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009 -- (Konami Digital Entertainment Co., Ltd.)
"C:\Program Files\ASUS\WL-520GC Wireless Router Utilities\Discovery.exe" = C:\Program Files\ASUS\WL-520GC Wireless Router Utilities\Discovery.exe:*:Enabled:ASUS Device Discovery Application -- (ASUSTeK COMPUTER INC.)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files\Codemasters\OF Dragon Rising\OFDR.exe" = C:\Program Files\Codemasters\OF Dragon Rising\OFDR.exe:*:Enabled:OF Dragon Rising -- (Codemasters Software Company Limited)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{02FB40EA-C8AC-36F7-A546-B083E00AF3AA}" = Catalyst Control Center Core Implementation
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A4052AB-BA77-44F7-8EE7-9F9131BFD7A6}" = OF Dragon Rising
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{25BEC3AB-5CD4-481D-9143-215C1BBB189E}" = Sony Ericsson PC Suite
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{28184E01-D57A-4933-A09B-F65403F16D82}" = i-Cool
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3D78F2A2-C893-4ABD-B5FE-AD7011837755}" = EPSON Easy Photo Print
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{4445BFF0-008A-8F5C-9D68-B0164F7E26FF}" = ccc-core-static
"{4D89AFAD-669B-514A-E150-7DA3208477DC}" = ccc-utility
"{4E47B686-8DFF-1AAD-3264-A537E2FC3833}" = Catalyst Control Center Graphics Previews Common
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.5
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{71ED4CA9-9AC5-48D9-A2AC-B1E4DFA84F62}" = ASUS Wireless Router WL-520GC Utilities
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7764393A-A48B-6BB2-28BC-A6B4EF3A95BC}" = Catalyst Control Center Graphics Full Existing
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{825DFF04-8FB0-3430-CB22-8725719B1A01}" = Catalyst Control Center Graphics Light
"{84430565-C205-B818-7D13-052F88707F70}" = CCC Help English
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90280405-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional s aplikací FrontPage
"{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}" = Camera RAW Plug-In for EPSON Creativity Suite
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{985F828E-0E98-429F-9C05-EF3BDE7568F7}" = Paragon Drive Backup™ 9.0 Express
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2B4621B-CEB9-4E44-95FD-3500D4DB3727}" = ioCentre
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A8DB611A-D80E-450D-85F6-3ACDD164BE31}" = Pro Evolution Soccer 2009
"{A92D7264-1A13-45BE-B769-88445DD04FD6}" = Desktop Sidebar
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}" = Sony Ericsson Drivers
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CAAB0192-5704-469F-A0BE-2D842D70E93B}_is1" = Sothink FLV Player
"{CF929EEB-CE39-4F06-B1BF-F51FC617A2B2}" = Catalyst Control Center - Branding
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3EC9E5A-27BA-4834-828E-5D7A77CDE964}" = Samsung PC Studio 3
"{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite
"{D99667FF-4A9B-B278-9014-BEA2896F413F}" = ccc-core-preinstall
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DBD86EB8-8536-DB02-EC42-31ED143497A8}" = Catalyst Control Center HydraVision Full
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E9F882ED-C2B8-2716-0330-7FBA5C9C455B}" = Catalyst Control Center Graphics Full New
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F14B8ECC-BDA0-4987-9201-D7B7DBE11029}" = Nero 7 Ultra Edition
"{F2E14C00-9990-11D6-8606-00C0DF22A91A}" = Genius Wireless TwinTouch+
"{F92682BB-EB1B-4664-A8F5-B9992FD075E9}" = MM809 Commander Pad
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Balíček ovladače systému Windows - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Balíček ovladače systému Windows - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"avast!" = avast! Antivirus
"Bink and Smacker" = Bink and Smacker
"CCleaner" = CCleaner (remove only)
"EasyTune5Pro" = EasyTune5Pro
"EPSON Printer and Utilities" = Software tiskárny EPSON
"EPSON Scanner" = EPSON Scan
"EPSON Stylus CX7300_CX8300_DX7400_DX8400 Uživatelská příručka" = EPSON Stylus CX7300_CX8300_DX7400_DX8400 Manuál
"EXPERTool ATI_is1" = EXPERTool ATI 4.0
"ffdshow_is1" = ffdshow [rev 1928] [2008-04-10]
"Governor of Poker1.0" = Governor of Poker
"Hamachi" = Hamachi 1.0.2.5
"HijackThis" = HijackThis 2.0.2
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 3.9.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.0.14)" = Mozilla Firefox (3.0.14)
"OpenAL" = OpenAL
"Peggle Nights Deluxe 1.00" = Peggle Nights Deluxe 1.00
"Picasa2" = Picasa 2
"Power Data Recovery_is1" = Power Data Recovery 4.0.0
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"QIP 2005_is1" = QIP 2005 8080
"QIP Infium_is1" = QIP Infium 2.0.9018 RC3
"QIP2005" = QIP 2005 Uninstall
"rajče.net_is1" = rajče beta48
"Recover Data for FAT & NTFS (Trial Version)_is1" = Recover Data for FAT & NTFS (Trial Version)
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Smart NTFS Recovery_is1" = Smart NTFS Recovery v3.9
"SopCast" = SopCast 3.0.3
"stepmania_is1" = stepmaniaV3.5
"Summer Athletics_is1" = Summer Athletics
"TC PowerPack" = TC PowerPack 1.7
"The KMPlayer" = The KMPlayer (remove only)
"uTorrent" = µTorrent
"VLC media player" = VideoLAN VLC media player 0.8.6h
"Vypínač na dobrou noc_is1" = Vypínač na dobrou noc verze 1.0.1
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinRAR archiver" = WinRAR
"XnView_is1" = XnView 1.93.6
"ZoneAlarm" = ZoneAlarm

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 25.2.2009 12:50:39 | Computer Name = KETCHUP-PC | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of G:\Foto\italie\07-16-2008_200914_220.jpg failed, 000005AA.

Error - 25.2.2009 12:50:39 | Computer Name = KETCHUP-PC | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of G:\Foto\italie\07-16-2008_200928_221.jpg failed, 000005AA.

Error - 25.2.2009 12:50:39 | Computer Name = KETCHUP-PC | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of G:\Foto\italie\07-16-2008_201005_148.jpg failed, 000005AA.

Error - 25.2.2009 12:50:40 | Computer Name = KETCHUP-PC | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of G:\Foto\italie\07-16-2008_201136_149.jpg failed, 000005AA.

Error - 25.2.2009 12:50:40 | Computer Name = KETCHUP-PC | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of G:\Foto\italie\07-16-2008_201144_150.jpg failed, 000005AA.

Error - 25.2.2009 12:50:40 | Computer Name = KETCHUP-PC | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of G:\Foto\italie\07-16-2008_201153_151.jpg failed, 000005AA.

Error - 25.2.2009 12:50:49 | Computer Name = KETCHUP-PC | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of G:\Foto\italie\07-16-2008_201228_153.jpg failed, 000005AA.

Error - 25.2.2009 12:50:49 | Computer Name = KETCHUP-PC | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of G:\Foto\italie\07-16-2008_201334_154.jpg failed, 000005AA.

Error - 14.10.2009 12:34:36 | Computer Name = KETCHUP-PC | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of http://free9.helldata.com/a3683e091ad93 ... /xpsp3.iso failed,
00000084.

Error - 15.10.2009 9:43:06 | Computer Name = KETCHUP-PC | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of http://free9.helldata.com/9e4455f1809e0 ... /xpsp3.iso failed,
00000084.

[ Application Events ]
Error - 15.12.2008 14:56:48 | Computer Name = KETCHUP-PC | Source = Application Error | ID = 1000
Description = Chybující aplikace mouseelf.exe, verze 2.0.0.1, chybující modul unknown,
verze 0.0.0.0, adresa chyby 0x5345505c.

Error - 16.12.2008 16:30:27 | Computer Name = KETCHUP-PC | Source = Application Error | ID = 1000
Description = Chybující aplikace mouseelf.exe, verze 2.0.0.1, chybující modul unknown,
verze 0.0.0.0, adresa chyby 0x5345505c.

Error - 18.12.2008 8:28:48 | Computer Name = KETCHUP-PC | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace Race07.exe, verze 1.0.0.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 18.12.2008 14:56:48 | Computer Name = KETCHUP-PC | Source = Application Error | ID = 1000
Description = Chybující aplikace mouseelf.exe, verze 2.0.0.1, chybující modul unknown,
verze 0.0.0.0, adresa chyby 0x5345505c.

Error - 22.12.2008 8:05:14 | Computer Name = KETCHUP-PC | Source = Application Error | ID = 1000
Description = Chybující aplikace mouseelf.exe, verze 2.0.0.1, chybující modul unknown,
verze 0.0.0.0, adresa chyby 0x5345505c.

Error - 23.12.2008 18:16:41 | Computer Name = KETCHUP-PC | Source = Application Error | ID = 1000
Description = Chybující aplikace mouseelf.exe, verze 2.0.0.1, chybující modul unknown,
verze 0.0.0.0, adresa chyby 0x5345505c.

Error - 24.12.2008 6:37:05 | Computer Name = KETCHUP-PC | Source = Application Error | ID = 1000
Description = Chybující aplikace mouseelf.exe, verze 2.0.0.1, chybující modul unknown,
verze 0.0.0.0, adresa chyby 0x5345505c.

Error - 24.12.2008 13:27:23 | Computer Name = KETCHUP-PC | Source = Application Error | ID = 1000
Description = Chybující aplikace mouseelf.exe, verze 2.0.0.1, chybující modul unknown,
verze 0.0.0.0, adresa chyby 0x5345505c.

Error - 26.12.2008 11:57:17 | Computer Name = KETCHUP-PC | Source = Application Error | ID = 1000
Description = Chybující aplikace mouseelf.exe, verze 2.0.0.1, chybující modul unknown,
verze 0.0.0.0, adresa chyby 0x5345505c.

Error - 26.12.2008 15:50:23 | Computer Name = KETCHUP-PC | Source = Application Error | ID = 1000
Description = Chybující aplikace mouseelf.exe, verze 2.0.0.1, chybující modul unknown,
verze 0.0.0.0, adresa chyby 0x5345505c.

[ System Events ]
Error - 12.10.2009 16:14:02 | Computer Name = KETCHUP-PC | Source = HTTP | ID = 15005
Description = Nelze vytvořit vazbu k základnímu přenosu pro 0.0.0.0:2869. Seznam
protokolu IP jen pro naslouchání (Listen-Only) pravděpodobně obsahuje odkaz na
rozhraní, které v tomto počítači nemusí existovat. Číslo chyby se nachází v poli
s daty.

Error - 12.10.2009 16:14:02 | Computer Name = KETCHUP-PC | Source = HTTP | ID = 15005
Description = Nelze vytvořit vazbu k základnímu přenosu pro 0.0.0.0:2869. Seznam
protokolu IP jen pro naslouchání (Listen-Only) pravděpodobně obsahuje odkaz na
rozhraní, které v tomto počítači nemusí existovat. Číslo chyby se nachází v poli
s daty.

Error - 20.10.2009 10:30:41 | Computer Name = KETCHUP-PC | Source = System Error | ID = 1003
Description = Kód chyby 10000050, parametr1 bdc29000, parametr2 00000000, parametr3
805398c3, parametr4 00000000.

Error - 23.10.2009 14:08:24 | Computer Name = KETCHUP-PC | Source = Service Control Manager | ID = 7034
Description = Služba Java Quick Starter byla neočekávaně ukončena. Tento stav nastal
již 1krát.

Error - 23.10.2009 14:08:43 | Computer Name = KETCHUP-PC | Source = Service Control Manager | ID = 7009
Description = Vypršel časový limit (30000 milisekund) čekání na připojení služby
PEVSystemStart.

Error - 23.10.2009 14:12:52 | Computer Name = KETCHUP-PC | Source = Service Control Manager | ID = 7009
Description = Vypršel časový limit (30000 milisekund) čekání na připojení služby
PEVSystemStart.


< End of report >

[kecupek]

OTL logfile created on: 23.10.2009 20:42:17 - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Ketchup\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 74,26% Memory free
3,85 Gb Paging File | 3,34 Gb Available in Paging File | 86,84% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 49,82 Gb Total Space | 17,19 Gb Free Space | 34,51% Space Free | Partition Type: NTFS
Drive D: | 322,79 Gb Total Space | 136,68 Gb Free Space | 42,34% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 4,39 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 931,51 Gb Total Space | 186,98 Gb Free Space | 20,07% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KETCHUP-PC
Current User Name: Ketchup
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Ketchup\Plocha\OTL.exe (OldTimer Tools)
PRC - C:\Genius\ioCentre\gAutoPan.exe (TODO: <Company name>)
PRC - C:\Genius\ioCentre\gAutoScroll.exe ()
PRC - C:\Genius\ioCentre\gDeskMgm.exe (TODO: <Company name>)
PRC - C:\Genius\ioCentre\gIMMgm.exe (TODO: <Company name>)
PRC - C:\Genius\ioCentre\gKbdTask.exe (TODO: <Company name>)
PRC - C:\Genius\ioCentre\gMGlass.exe (TODO: <Company name>)
PRC - C:\Genius\ioCentre\gMouseTask.exe (TODO: <Company name>)
PRC - C:\Genius\ioCentre\gTaskBar.exe (TODO: <Company name>)
PRC - C:\Genius\ioCentre\gTaskSwitch.exe (TODO: <Company name>)
PRC - C:\Genius\ioCentre\gZoom.exe (TODO: <Company name>)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe (ATI Technologies Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Computer, Inc.)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Program Files\Desktop Sidebar\dsidebar.exe (Idea2)
PRC - C:\Program Files\EXPERTool ATI\TBPanel.exe (Gainward Co.)
PRC - C:\Program Files\Gigabyte\ET5Pro\GUI.exe ()
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Zone Labs, LLC)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart [Auto | Stopped]) -- C:\WINDOWS\System32\ati2sgag.exe ()
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Computer, Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (NBService [On_Demand | Stopped]) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG)
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)
SRV - (vsmon [Auto | Running]) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Zone Labs, LLC)

========== Driver Services (SafeList) ==========

DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (acedrv11 [Auto | Running]) -- C:\WINDOWS\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (AmdK8 [System | Running]) -- C:\WINDOWS\System32\DRIVERS\AmdK8.sys (Advanced Micro Devices)
DRV - (ASNDIS5 [On_Demand | Stopped]) -- C:\WINDOWS\System32\ASNDIS5.SYS (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AtiHdmiService [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (atksgt [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\atksgt.sys ()
DRV - (ET5Drv [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\ET5Drv.sys (Windows (R) 2000 DDK provider)
DRV - (gdrv [On_Demand | Stopped]) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (genmcmn [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\gmfiltr.sys (KYE Systems Corp.)
DRV - (gHidPnp [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\gHidPnp.Sys ()
DRV - (gMouPS2 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\gMouPS2.sys ( Mouse Upfilter Driver )
DRV - (gMouUsb [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\gMouUsb.sys ()
DRV - (GVTDrv [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GVTDrv.sys ()
DRV - (hamachi [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\hamachi.sys (LogMeIn, Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows (R) Server 2003 DDK provider)
DRV - (hotcore3 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\hotcore3.sys (Paragon Software Group)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (KLIF [System | Running]) -- C:\WINDOWS\System32\DRIVERS\klif.sys (Kaspersky Lab)
DRV - (lirsgt [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\lirsgt.sys ()
DRV - (MarkFun_NT [On_Demand | Running]) -- C:\Program Files\Gigabyte\ET5Pro\markfun.w32 (Windows (R) 2000 DDK provider)
DRV - (PQNTDrv [System | Running]) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RTHDMIAzAudService [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\RtHDMI.sys (Realtek Semiconductor Corp.)
DRV - (RTLE8023xp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (s115bus [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\s115bus.sys (MCCI Corporation)
DRV - (s115mdfl [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\s115mdfl.sys (MCCI Corporation)
DRV - (s115mdm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\s115mdm.sys (MCCI Corporation)
DRV - (s115mgmt [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\s115mgmt.sys (MCCI Corporation)
DRV - (s115obex [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\s115obex.sys (MCCI Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys ()
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (srescan [Boot | Running]) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Zone Labs, LLC)
DRV - (sscdbus [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sscdbus.sys (MCCI Corporation)
DRV - (sscdmdfl [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdmdm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sscdmdm.sys (MCCI Corporation)
DRV - (StarOpen [System | Running]) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (vsdatant [System | Running]) -- C:\WINDOWS\System32\vsdatant.sys (Zone Labs, LLC)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Ketchup\Plocha\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\shdocvw.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.cz"
FF - prefs.js..extensions.enabledItems: {8b86149f-01fb-4842-9dd8-4d7eb02fd055}:0.20.0
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.4
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.0.5
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.0.6
FF - prefs.js..extensions.enabledItems: tabscope@xuldev.org:0.2.2.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.0.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009.10.15 16:42:22 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.10.15 17:52:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.10.15 16:42:36 | 00,000,000 | ---D | M]

[2008.07.27 15:37:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ketchup\Data aplikací\mozilla\Extensions
[2008.07.27 15:37:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ketchup\Data aplikací\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009.10.23 18:56:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ketchup\Data aplikací\mozilla\Firefox\Profiles\74w2cwu6.default\extensions
[2009.10.14 14:56:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ketchup\Data aplikací\mozilla\Firefox\Profiles\74w2cwu6.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2008.10.17 15:19:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ketchup\Data aplikací\mozilla\Firefox\Profiles\74w2cwu6.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2009.10.14 14:56:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ketchup\Data aplikací\mozilla\Firefox\Profiles\74w2cwu6.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
[2009.10.14 14:56:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ketchup\Data aplikací\mozilla\Firefox\Profiles\74w2cwu6.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009.10.14 14:56:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ketchup\Data aplikací\mozilla\Firefox\Profiles\74w2cwu6.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2009.10.14 14:56:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ketchup\Data aplikací\mozilla\Firefox\Profiles\74w2cwu6.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009.10.14 14:56:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ketchup\Data aplikací\mozilla\Firefox\Profiles\74w2cwu6.default\extensions\tabscope@xuldev.org
[2009.10.23 18:56:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009.10.03 16:05:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008.04.29 19:33:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009.10.15 16:42:38 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009.10.03 16:04:50 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009.10.03 16:04:50 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008.12.05 23:52:44 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009.10.15 16:42:21 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2008.10.17 20:29:52 | 01,332,224 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2008.08.05 23:59:16 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009.10.03 16:04:54 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2004.12.14 02:19:18 | 00,057,344 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008.04.14 05:00:00 | 00,144,720 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2008.05.01 15:29:14 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008.05.01 15:29:14 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008.05.01 15:29:14 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008.05.01 15:29:14 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008.05.01 15:29:14 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008.05.01 15:29:14 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008.05.01 15:29:14 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008.04.14 05:00:00 | 00,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009.10.03 16:04:58 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009.10.03 16:04:58 | 00,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2009.10.03 16:04:58 | 00,001,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mall-cz.xml
[2009.10.03 16:04:58 | 00,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2009.10.03 16:04:58 | 00,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2009.10.03 16:04:58 | 00,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Idea2 SidebarBrowserMonitor Class) - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll (Idea2)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Společnost Microsoft)
O3 - HKCU\..\Toolbar\WebBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Společnost Microsoft)
O3 - HKCU\..\Toolbar\WebBrowser: (&Odkazy) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [EasyTuneVPro] C:\Program Files\Gigabyte\ET5Pro\ETcall.exe ()
O4 - HKLM..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe (TODO: <Company name>)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mouseElf] C:\Program Files\Genius Wireless TwinTouch+\MouseElf.exe (Genius)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Gainward] C:\Program Files\EXPERTool ATI\TBPanel.exe (Gainward Co.)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [QIP2005] C:\Program Files\QIP\qip.exe (The Author of QIP)
O4 - HKCU..\Run: [SIDEBAR] C:\Program Files\Desktop Sidebar\dsidebar.exe (Idea2)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll (Idea2)
O9 - Extra 'Tools' menuitem : Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll (Idea2)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\System32\browseui.dll (Společnost Microsoft)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Proces mezipaměti kategorií součástí - C:\WINDOWS\System32\browseui.dll (Společnost Microsoft)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.09.04 16:37:47 | 01,064,960 | R--- | M] (Codemasters Software Co.) - F:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2009.09.17 15:10:53 | 00,000,067 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{d9796a0c-8411-11dd-a7d4-001d7dd5cbf0}\Shell - "" = AutoRun
O33 - MountPoints2\{d9796a0c-8411-11dd-a7d4-001d7dd5cbf0}\Shell\AutoRun\command - "" = F:\autorun.exe -- [2009.09.04 16:37:47 | 01,064,960 | R--- | M] (Codemasters Software Co.)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\*.tmp files]
[2009.10.19 16:29:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\ATI
[2009.10.15 16:41:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ketchup\Data aplikací\Sun
[2009.10.04 11:02:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ketchup\Data aplikací\WinRAR
[2009.10.03 17:04:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ketchup\Local Settings\Data aplikací\RapidSharing.eu
[2009.10.03 19:06:19 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009.10.18 20:45:58 | 00,000,000 | ---D | C] -- C:\Program Files\Codemasters
[2009.10.08 09:49:08 | 00,000,000 | ---D | C] -- C:\Program Files\Half-Life 2 Episode One
[2009.10.15 16:42:16 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009.10.03 16:52:07 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009.10.03 17:02:49 | 00,000,000 | ---D | C] -- C:\Program Files\rapget
[2009.10.04 10:56:54 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2009.10.23 20:40:00 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ketchup\Plocha\OTL.exe
[2009.10.23 20:08:03 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009.10.23 20:08:03 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009.10.23 20:08:03 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009.10.23 20:08:03 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009.10.23 20:07:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009.10.23 20:07:58 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009.10.23 20:07:51 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009.10.23 19:02:03 | 00,000,000 | ---D | C] -- C:\rsit
[2009.10.15 17:52:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2009.10.15 16:42:36 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009.10.15 16:42:36 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009.10.15 16:42:36 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009.10.15 16:42:36 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009.10.15 16:42:36 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009.10.14 17:55:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ketchup\Dokumenty\NFS SHIFT
[2009.10.14 15:08:29 | 04,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll
[2009.10.14 15:08:29 | 01,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll
[2009.10.14 15:08:29 | 00,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll
[2009.10.14 15:08:28 | 00,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll
[2009.10.14 15:08:28 | 00,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll
[2009.10.14 15:08:28 | 00,069,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll
[2009.10.14 15:08:28 | 00,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll
[2009.10.03 19:08:01 | 00,000,000 | ---D | C] -- C:\RECYCLER
[2009.10.03 17:21:59 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009.10.03 17:02:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ketchup\Dokumenty\Nová složka
[2009.10.03 16:52:08 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009.10.03 16:52:07 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009.10.03 16:51:16 | 04,045,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Ketchup\Plocha\mbam-setup.exe

========== Files - Modified Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009.10.23 20:43:15 | 62,709,792 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009.10.23 20:40:07 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ketchup\Plocha\OTL.exe
[2009.10.23 20:35:12 | 00,024,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\GVTDrv.sys
[2009.10.23 20:35:11 | 00,000,004 | ---- | M] () -- C:\WINDOWS\System32\GVTunner.ref
[2009.10.23 20:34:36 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009.10.23 20:34:34 | 00,352,918 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009.10.23 20:34:30 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009.10.23 20:33:19 | 00,744,044 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009.10.23 20:12:56 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009.10.23 20:06:51 | 03,351,787 | R--- | M] () -- C:\Documents and Settings\Ketchup\Plocha\ComboFix.exe
[2009.10.23 19:40:57 | 00,000,432 | ---- | M] () -- C:\Documents and Settings\Ketchup\Plocha\Připojení k místní síti.lnk
[2009.10.23 19:01:56 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\Ketchup\Plocha\RSIT.exe
[2009.10.23 18:42:42 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009.10.22 12:05:14 | 00,027,136 | ---- | M] () -- C:\WINDOWS\System32\cpcp.cpo
[2009.10.22 11:13:43 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009.10.22 00:40:17 | 00,121,856 | ---- | M] () -- C:\Documents and Settings\Ketchup\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.21 07:19:33 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009.10.19 16:22:43 | 00,001,186 | ---- | M] () -- C:\Documents and Settings\Ketchup\Plocha\'Folding@Home'.lnk
[2009.10.18 20:53:58 | 00,001,760 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\OF Dragon Rising.lnk
[2009.10.18 16:28:45 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009.10.15 16:42:19 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009.10.15 16:42:19 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009.10.15 16:42:19 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009.10.15 16:42:19 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009.10.15 16:42:19 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009.10.14 18:36:14 | 00,001,835 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Need for Speed™ SHIFT.lnk
[2009.10.11 08:10:09 | 00,236,544 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009.10.03 19:09:36 | 00,101,008 | ---- | M] () -- C:\Documents and Settings\Ketchup\Dokumenty\cc_20091003_190904.reg
[2009.10.03 19:06:19 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Ketchup\Plocha\CCleaner.lnk
[2009.10.03 17:22:06 | 00,000,293 | RHS- | M] () -- C:\boot.ini
[2009.10.03 17:03:55 | 00,000,919 | ---- | M] () -- C:\Documents and Settings\Ketchup\Plocha\Zástupce - RapgetRS.exe.lnk
[2009.10.03 16:52:11 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2009.10.03 16:51:25 | 04,045,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Ketchup\Plocha\mbam-setup.exe
[2009.10.03 16:18:38 | 00,002,553 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009.10.03 15:46:55 | 00,920,954 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009.10.03 15:46:55 | 00,392,432 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009.10.03 15:46:55 | 00,389,938 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2009.10.03 15:46:55 | 00,068,916 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2009.10.03 15:46:55 | 00,058,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files - No Company Name ==========
[2009.10.23 20:08:03 | 00,236,544 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009.10.23 20:08:03 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009.10.23 20:08:03 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009.10.23 20:08:03 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009.10.23 20:06:41 | 03,351,787 | R--- | C] () -- C:\Documents and Settings\Ketchup\Plocha\ComboFix.exe
[2009.10.23 19:40:57 | 00,000,432 | ---- | C] () -- C:\Documents and Settings\Ketchup\Plocha\Připojení k místní síti.lnk
[2009.10.23 19:01:56 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\Ketchup\Plocha\RSIT.exe
[2009.10.22 12:05:25 | 00,027,136 | ---- | C] () -- C:\WINDOWS\System32\cpcp.cpo
[2009.10.18 20:53:58 | 00,001,760 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\OF Dragon Rising.lnk
[2009.10.18 16:28:45 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009.10.18 16:28:45 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009.10.14 15:17:15 | 00,001,835 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Need for Speed™ SHIFT.lnk
[2009.10.03 19:21:33 | 00,000,004 | ---- | C] () -- C:\WINDOWS\System32\GVTunner.ref
[2009.10.03 19:09:06 | 00,101,008 | ---- | C] () -- C:\Documents and Settings\Ketchup\Dokumenty\cc_20091003_190904.reg
[2009.10.03 19:06:19 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\Ketchup\Plocha\CCleaner.lnk
[2009.10.03 17:22:06 | 00,000,223 | ---- | C] () -- C:\Boot.bak
[2009.10.03 17:22:01 | 00,261,312 | ---- | C] () -- C:\cmldr
[2009.10.03 17:03:55 | 00,000,919 | ---- | C] () -- C:\Documents and Settings\Ketchup\Plocha\Zástupce - RapgetRS.exe.lnk
[2009.10.03 16:52:11 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2009.06.19 20:06:22 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2009.06.19 20:06:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009.06.19 20:06:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009.06.19 20:06:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009.06.19 20:06:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009.06.19 20:06:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009.06.19 20:06:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009.06.19 20:06:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009.06.19 20:06:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009.06.19 20:06:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2009.03.04 17:04:37 | 00,014,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\gHidPnp.sys
[2009.03.04 17:04:37 | 00,009,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\gMouUsb.sys
[2008.11.20 11:47:18 | 00,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2008.10.09 13:27:30 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\LauncherAccess.dt
[2008.10.09 13:17:50 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008.09.26 13:25:50 | 00,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008.09.26 13:25:50 | 00,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008.08.20 20:29:30 | 00,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2008.08.06 00:02:12 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.08.05 23:59:04 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008.08.05 23:59:04 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008.08.05 23:58:14 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008.07.13 21:59:36 | 00,020,640 | ---- | C] () -- C:\Documents and Settings\Ketchup\Data aplikací\GDIPFONTCACHEV1.DAT
[2008.06.11 11:07:00 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2008.05.15 14:21:36 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008.05.15 14:21:35 | 00,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008.05.15 14:21:35 | 00,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008.05.15 14:21:34 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.05.15 14:21:34 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008.05.15 13:46:03 | 00,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008.05.03 01:37:53 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.05.02 11:02:45 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\gmcoinst.dll
[2008.04.29 00:40:31 | 00,121,856 | ---- | C] () -- C:\Documents and Settings\Ketchup\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.04.28 23:09:50 | 00,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008.04.28 23:09:50 | 00,022,328 | ---- | C] () -- C:\Documents and Settings\Ketchup\Data aplikací\PnkBstrK.sys
[2008.04.28 21:23:58 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008.04.28 21:21:11 | 00,000,026 | ---- | C] () -- C:\WINDOWS\CDEDX7400EXPORT.ini
[2008.04.28 15:40:29 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\desktop.ini
[2008.04.28 15:07:59 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008.04.28 14:58:39 | 00,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.04.28 14:18:27 | 00,024,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\GVTDrv.sys
[2008.04.28 14:04:26 | 00,020,640 | ---- | C] () -- C:\Documents and Settings\Ketchup\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
[2008.04.28 14:02:54 | 02,649,814 | -H-- | C] () -- C:\Documents and Settings\Ketchup\Local Settings\Data aplikací\IconCache.db
[2008.04.28 13:54:57 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Ketchup\Data aplikací\desktop.ini
[2004.08.17 15:49:10 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004.07.17 11:36:38 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2002.03.21 12:51:52 | 00,503,808 | R--- | C] () -- C:\WINDOWS\System32\lt_xtrans.dll
[2002.03.21 12:51:52 | 00,286,720 | R--- | C] () -- C:\WINDOWS\System32\MrSIDD.dll
[2002.03.21 12:51:52 | 00,163,840 | R--- | C] () -- C:\WINDOWS\System32\lt_common.dll
[2002.03.21 12:51:52 | 00,126,976 | R--- | C] () -- C:\WINDOWS\System32\lt_trans.dll
[2002.03.21 12:51:52 | 00,069,632 | R--- | C] () -- C:\WINDOWS\System32\lt_meta.dll
[2002.03.21 12:51:52 | 00,053,248 | R--- | C] () -- C:\WINDOWS\System32\lt_encrypt.dll
[2002.03.21 12:51:52 | 00,020,480 | R--- | C] () -- C:\WINDOWS\System32\lt_messagetext.dll
[2002.03.20 21:01:06 | 00,006,688 | R--- | C] () -- C:\WINDOWS\System32\Digita.sys
[2002.03.20 21:00:20 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
[2002.03.20 21:00:20 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
[2002.03.20 21:00:20 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll
[2002.03.20 21:00:20 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll
[2001.10.25 16:00:00 | 00,000,664 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2001.10.25 16:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== LOP Check ==========

[2009.10.19 16:29:23 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Data aplikací
[2008.04.29 12:13:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ACD Systems
[2009.10.19 16:29:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ATI
[2008.04.28 21:23:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\EPSON
[2008.12.25 18:13:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\FLEXnet
[2008.11.20 11:47:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\MailFrontier
[2009.10.03 16:43:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\River Past G5
[2008.05.06 21:14:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Teleca
[2008.04.28 21:27:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\UDL
[2009.10.23 20:01:02 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Ketchup\Data aplikací
[2008.04.29 12:13:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ketchup\Data aplikací\ACD Systems
[2008.06.05 16:21:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ketchup\Data aplikací\Ahead
[2008.04.28 14:04:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ketchup\Data aplikací\ATI
[2008.09.16 17:05:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ketchup\Data aplikací\DAEMON Tools
[2009.10.23 20:14:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ketchup\Data aplikací\Desktop Sidebar
[2009.02.10 21:32:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ketchup\Data aplikací\dvdcss
[2008.08.06 13:12:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ketchup\Data aplikací\EPSON
[2008.06.06 20:41:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ketchup\Data aplikací\Hamachi
[2008.06.18 18:08:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ketchup\Data aplikací\ICQ
[2008.09.30 13:18:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ketchup\Data aplikací\iWin
[2008.09.08 17:45:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ketchup\Data aplikací\ProtectDisc
[2008.05.15 13:45:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ketchup\Data aplikací\River Past G5
[2008.10.09 13:28:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ketchup\Data aplikací\Samsung
[2008.09.09 20:53:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ketchup\Data aplikací\Summer Athletics 2008
[2008.05.15 21:50:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ketchup\Data aplikací\Teleca
[2009.03.12 20:57:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ketchup\Data aplikací\uTorrent
[2009.10.23 19:35:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ketchup\Data aplikací\XnView
[2001.10.25 16:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009.10.23 20:34:36 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


< End of report >

[Damned]

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Custom Scans/Fixes do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home

:Files
C:\WINDOWS\*.tmp
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\System32\cpcp.cpo
C:\WINDOWS\Tasks\SA.DAT

:Reg

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]


Poté klikni nahoře na Run Fix. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah a log z HJT.

[kecupek]

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0\ deleted successfully.
File About:Home not found.
========== FILES ==========
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\WINDOWS\System32\CONFIG.TMP moved successfully.
C:\WINDOWS\System32\tmp23EB.tmp moved successfully.
C:\WINDOWS\System32\tmp23EC.tmp moved successfully.
C:\WINDOWS\System32\cpcp.cpo moved successfully.
C:\WINDOWS\Tasks\SA.DAT moved successfully.
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Ketchup
File delete failed. C:\Documents and Settings\Ketchup\Local Settings\Temp\dsidebar.log scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ketchup\Local Settings\Temp\Perflib_Perfdata_e2c.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ketchup\Local Settings\Temp\sidebar.threads scheduled to be deleted on reboot.
->Temp folder emptied: 613116 bytes
File delete failed. C:\Documents and Settings\Ketchup\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 1413915 bytes
->Java cache emptied: 26954001 bytes
->FireFox cache emptied: 53408513 bytes

User: LocalService
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
->Temp folder emptied: 65716 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_1d0.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_4d8.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT00ad3.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT05fa7.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied: 33280 bytes
RecycleBin emptied: 169 bytes

Total Files Cleaned = 78,73 mb


OTL by OldTimer - Version 3.0.22.1 log created on 10232009_212050

Files\Folders moved on Reboot...
C:\Documents and Settings\Ketchup\Local Settings\Temp\dsidebar.log moved successfully.
File\Folder C:\Documents and Settings\Ketchup\Local Settings\Temp\Perflib_Perfdata_e2c.dat not found!
C:\Documents and Settings\Ketchup\Local Settings\Temp\sidebar.threads moved successfully.
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_1d0.dat not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_4d8.dat not found!
C:\WINDOWS\temp\ZLT00ad3.TMP moved successfully.
C:\WINDOWS\temp\ZLT05fa7.TMP moved successfully.

Registry entries deleted on Reboot...

[kecupek]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:26:38, on 23.10.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Gigabyte\ET5Pro\GUI.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Genius\ioCentre\gTaskBar.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Genius\ioCentre\gMouseTask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Genius\ioCentre\gKbdTask.exe
C:\Genius\ioCentre\gAutoPan.exe
C:\Program Files\Desktop Sidebar\dsidebar.exe
C:\Genius\ioCentre\gAutoScroll.exe
C:\Program Files\EXPERTool ATI\TBPanel.exe
C:\Genius\ioCentre\gZoom.exe
C:\Genius\ioCentre\gMGlass.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Genius\ioCentre\gIMMgm.exe
C:\Program Files\QIP\qip.exe
C:\Genius\ioCentre\gDeskMgm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Genius\ioCentre\gTaskSwitch.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TrndMicro\HJ\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [EasyTuneVPro] C:\Program Files\Gigabyte\ET5Pro\ETcall.exe
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\GENIUS~1\mouseElf.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SIDEBAR] "C:\Program Files\Desktop Sidebar\dsidebar.exe"
O4 - HKCU\..\Run: [Gainward] C:\Program Files\EXPERTool ATI\TBPanel.exe /A
O4 - HKCU\..\Run: [QIP2005] C:\Program Files\QIP\qip.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7420 bytes