Prosím o kontrolu logu

[Dymon]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:34:47, on 19.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
E:\Program Files\Hotspot Shield\bin\openvpnas.exe
E:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
E:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
E:\Program Files\winamp\winampa.exe
E:\Program Files\Pošťák\Postak\Postak.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
E:\Program Files\HP\hpcoretech\hpcmpmgr.exe
E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Acronis True Image Home 11.0 cz\TrueImageMonitor.exe
C:\Acronis True Image Home 11.0 cz\TimounterMonitor.exe
E:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
E:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
E:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Microsoft ActiveSync\wcescomm.exe
E:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
E:\WINDOWS\system32\ctfmon.exe
E:\PROGRA~1\MI3AA1~1\rapimgr.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
E:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
E:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
E:\Program Files\Opera\opera.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - E:\Program Files\Pošťák\Postak\SRank.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - E:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\winamp\winampa.exe"
O4 - HKLM\..\Run: [SMail] "E:\Program Files\Pošťák\Postak\Postak.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Component Manager] "E:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [egui] "E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Acronis True Image Home 11.0 cz\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Acronis True Image Home 11.0 cz\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "E:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [StartCCC] "E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\sdasdas\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [AFProg] E:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "E:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = E:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Rychlé spuštění aplikace HP Image Zone.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Download Using &BitSpirit - E:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://E:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://E:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCFE3FAC-4BE7-41F6-B87B-87F2A7DA2B30}: NameServer = 62.129.50.20,85.135.32.100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: E:\WINDOWS\system32\wbsys.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - E:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - E:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - E:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - E:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - E:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - E:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - E:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

--
End of file - 10998 bytes

[Reklama]

[Damned]

Odinstaluj si Daemon Tools Toolbar.

Někdy problémy může způsobit i ten Alcohol.

Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - E:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [GrooveMonitor] "E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[Dymon]

Malwarebytes' Anti-Malware 1.42
Verze databáze: 3300
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

20.12.2009 9:50:53
mbam-log-2009-12-20 (09-50-53).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 121121
Uplynulý čas: 15 minute(s), 55 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)

[Damned]

Nefunguje režim spánku, nebo Úsporný režim?

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Dymon]

ComboFix 09-12-20.08 - Petr 21.12.2009 19:54:42.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3071.2643 [GMT 1:00]
Spuštěný z: e:\documents and settings\Petr\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((( Soubory vytvořené od 2009-11-21 do 2009-12-21 )))))))))))))))))))))))))))))))
.

2009-12-20 15:49 . 2009-12-20 15:49 107888 ----a-w- e:\windows\system32\CmdLineExt.dll
2009-12-19 20:28 . 2009-12-19 20:28 -------- d-----w- e:\program files\Microsoft Works
2009-12-19 20:28 . 2009-12-19 20:28 -------- d-----w- e:\program files\Microsoft Visual Studio 8
2009-12-19 13:28 . 2009-12-19 13:34 -------- d-----w- e:\program files\Bus Driver
2009-12-14 16:38 . 2009-12-14 16:38 -------- d-----w- e:\program files\Common Files\Skype
2009-12-14 16:38 . 2009-12-14 16:38 -------- d-----r- e:\program files\Skype
2009-12-11 22:11 . 2009-12-11 22:11 -------- d-----w- e:\program files\DAEMON Tools Lite
2009-12-05 17:58 . 2009-12-03 15:14 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2009-12-05 17:58 . 2009-12-03 15:13 19160 ----a-w- e:\windows\system32\drivers\mbam.sys
2009-12-05 17:58 . 2009-12-05 17:58 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware
2009-12-05 17:41 . 2009-12-05 17:41 2560 ----a-w- e:\windows\_MSRSTRT.EXE

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-20 15:39 . 2008-11-19 16:55 -------- d--h--w- e:\program files\InstallShield Installation Information
2009-12-20 14:53 . 2009-06-09 15:28 -------- d-----w- e:\program files\Common Files\Acronis
2009-12-19 20:29 . 2008-11-21 21:03 -------- d-----w- e:\program files\MSBuild
2009-12-17 16:43 . 2008-11-19 18:12 -------- d-----w- e:\program files\World of Warcraft
2009-12-11 22:11 . 2008-11-19 17:55 691696 ----a-w- e:\windows\system32\drivers\sptd.sys
2009-12-09 13:57 . 2009-07-24 17:36 -------- d-----w- e:\program files\DreamCom
2009-12-05 17:51 . 2008-11-19 18:52 -------- d-----w- e:\program files\ICQToolbar
2009-11-28 08:13 . 2008-11-19 17:25 -------- d-----w- e:\program files\Opera
2009-11-22 12:34 . 2002-09-23 12:00 487794 ----a-w- e:\windows\system32\perfh005.dat
2009-11-22 12:34 . 2002-09-23 12:00 101624 ----a-w- e:\windows\system32\perfc005.dat
2009-10-10 19:37 . 2009-10-10 19:37 23600 ----a-w- e:\windows\system32\drivers\TVICHW32.SYS
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- e:\program files\opera\program\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- e:\program files\opera\program\plugins\ssldivx.dll
2006-05-03 09:06 . 2009-07-07 10:57 163328 --sh--r- e:\windows\system32\flvDX.dll
1990-01-01 01:01 . 1990-01-01 01:01 45056 --sh--r- e:\windows\system32\lpad32.dll
2007-02-21 10:47 . 2009-07-07 10:57 31232 --sh--r- e:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-07-07 10:57 216064 --sh--r- e:\windows\system32\nbDX.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AFProg"="e:\program files\Hotspot Shield\AnchorFree\ctrl\AFController.exe" [2006-06-05 118784]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="e:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="e:\program files\winamp\winampa.exe" [2008-08-03 36352]
"SMail"="e:\program files\Pošťák\Postak\Postak.exe" [2008-02-21 453936]
"HP Component Manager"="e:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"egui"="e:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"StartCCC"="e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]
"Adobe Reader Speed Launcher"="e:\program files\sdasdas\Reader\Reader_sl.exe" [2009-02-27 35696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

e:\documents and settings\Petr\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - e:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

e:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - e:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-3-15 241664]
Rychl‚ spuçtŘnˇ aplikace HP Image Zone.lnk - e:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-3-15 53248]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{8DCB0AE8-533C-A1D2-29E1-3A811135D25A}"= "e:\windows\system32\lpad32.dll" [1990-01-01 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 22:34 24576 ----a-w- e:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=e:\windows\system32\wbsys.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"e:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\WINDOWS\\system32\\PnkBstrA.exe"=
"e:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Program Files\\World of Warcraft\\Launcher.exe"=
"e:\\Program Files\\ICQ6.5\\ICQ.exe"=
"e:\program files\Microsoft ActiveSync\rapimgr.exe"= e:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"e:\program files\Microsoft ActiveSync\wcescomm.exe"= e:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"e:\program files\Microsoft ActiveSync\WCESMgr.exe"= e:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"e:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\Hamachi\\hamachi.exe"=
"e:\\Program Files\\Garena\\Garena.exe"=
"e:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"e:\\WINDOWS\\system32\\dpvsetup.exe"=
"e:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"e:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"e:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"e:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"e:\\Program Files\\Opera\\opera.exe"=
"c:\\PES 10\\PLAY\\pes2010.exe"=
"e:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"e:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 ehdrv;ehdrv;e:\windows\system32\drivers\ehdrv.sys [6.2.2009 14:23 106208]
R1 epfwtdir;epfwtdir;e:\windows\system32\drivers\epfwtdir.sys [6.2.2009 14:24 93336]
R2 ekrn;ESET Service;e:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6.2.2009 14:23 727720]
S0 sptd;sptd;e:\windows\system32\drivers\sptd.sys [19.11.2008 18:55 691696]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);e:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [27.5.2009 2:27 29262680]
S3 TVICHW32;TVICHW32;e:\windows\system32\drivers\TVICHW32.SYS [10.10.2009 20:37 23600]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/?from=icqhp
uInternet Settings,ProxyServer = socks=
uInternet Settings,ProxyOverride = *.local
IE: Download Using &BitSpirit - e:\program files\BitSpirit\bsurl.htm
IE: E&xportovat do aplikace Microsoft Excel - e:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - e:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: ÓñČĚŘľ«ÁéĎÂÔŘ(&B)
TCP: {CCFE3FAC-4BE7-41F6-B87B-87F2A7DA2B30} = 62.129.50.20,85.135.32.100
FF - ProfilePath - e:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\5ei0sppd.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.cinema-world.biz/
FF - plugin: e:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: e:\program files\sdasdas\Reader\browser\nppdf32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
e:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-21 20:00
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(940)
e:\windows\system32\Ati2evxx.dll
e:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll
.
Celkový čas: 2009-12-21 20:01:55
ComboFix-quarantined-files.txt 2009-12-21 19:01

Před spuštěním: Volných bajtů: 12 939 874 304
Po spuštění: Volných bajtů: 12 894 683 136

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 5C584E72C894C96E83EE5D3FD39038CC


Nefunguje Úsporný režim

[Damned]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

KillAll::
DDS::
IE: ÓñČĚŘľ«ÁéĎÂÔŘ(&B)

FireFox::
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.cinema-world.biz/

Folder::
e:\program files\ICQToolbar



Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu
*****************************************************************************************************************************************
Stáhni si OTL na Plochu.
Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Output klikni na minimal Output.Pod Standard Registry změň na All. Zatrhni LOP Check a Purity Check. Klikni na Run Scan. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj

[Dymon]

ComboFix 10-01-02.05 - Petr 03.01.2010 19:45:29.5.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3071.2550 [GMT 1:00]
Spuštěný z: e:\documents and settings\Petr\Plocha\ComboFix.exe
Použité ovládací přepínače :: e:\documents and settings\Petr\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

e:\program files\ICQ6.5\ICQLRun.exe
e:\program files\ICQToolbar
e:\program files\ICQToolbar\about.html
e:\program files\ICQToolbar\basis.xml
e:\program files\ICQToolbar\Dlg_Res.xml
e:\program files\ICQToolbar\download.html
e:\program files\ICQToolbar\Games.xml
e:\program files\ICQToolbar\games_button.xml
e:\program files\ICQToolbar\icons.bmp
e:\program files\ICQToolbar\loading.html
e:\program files\ICQToolbar\logo_small.gif
e:\program files\ICQToolbar\newversion.txt
e:\program files\ICQToolbar\tb_buttons.xml
e:\program files\ICQToolbar\tb_games.xml
e:\program files\ICQToolbar\tb_options.xml
e:\program files\ICQToolbar\toolbaru.crc
e:\program files\ICQToolbar\version.txt

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-03 do 2010-01-03 )))))))))))))))))))))))))))))))
.

2009-12-27 10:04 . 2009-12-27 10:04 -------- d-----w- e:\program files\ValuSoft
2009-12-23 09:25 . 2009-12-23 09:25 -------- d-----w- e:\windows\system32\wbem\Repository
2009-12-20 15:49 . 2009-12-20 15:49 107888 ----a-w- e:\windows\system32\CmdLineExt.dll
2009-12-19 20:28 . 2009-12-19 20:28 -------- d-----w- e:\program files\Microsoft Works
2009-12-19 20:28 . 2009-12-23 09:23 -------- d-----w- e:\program files\Microsoft Visual Studio 8
2009-12-19 13:28 . 2009-12-19 13:34 -------- d-----w- e:\program files\Bus Driver
2009-12-14 16:38 . 2009-12-14 16:38 -------- d-----w- e:\program files\Common Files\Skype
2009-12-14 16:38 . 2009-12-14 16:38 -------- d-----r- e:\program files\Skype
2009-12-11 22:11 . 2009-12-11 22:11 -------- d-----w- e:\program files\DAEMON Tools Lite
2009-12-05 17:58 . 2009-12-03 15:14 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2009-12-05 17:58 . 2009-12-03 15:13 19160 ----a-w- e:\windows\system32\drivers\mbam.sys
2009-12-05 17:58 . 2009-12-05 17:58 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware
2009-12-05 17:41 . 2009-12-05 17:41 2560 ----a-w- e:\windows\_MSRSTRT.EXE

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-03 18:50 . 2009-04-10 15:04 -------- d-----w- e:\program files\ICQ6.5
2009-12-29 10:31 . 2009-06-06 11:48 -------- d-----w- e:\program files\Garena
2009-12-23 16:16 . 2008-11-19 18:04 -------- d-----w- e:\program files\Common Files\Blizzard Entertainment
2009-12-23 09:14 . 2008-12-08 20:41 -------- d-----w- e:\program files\Microsoft.NET
2009-12-20 15:39 . 2008-11-19 16:55 -------- d--h--w- e:\program files\InstallShield Installation Information
2009-12-20 14:53 . 2009-06-09 15:28 -------- d-----w- e:\program files\Common Files\Acronis
2009-12-19 20:29 . 2008-11-21 21:03 -------- d-----w- e:\program files\MSBuild
2009-12-11 22:11 . 2008-11-19 17:55 691696 ----a-w- e:\windows\system32\drivers\sptd.sys
2009-12-09 13:57 . 2009-07-24 17:36 -------- d-----w- e:\program files\DreamCom
2009-11-28 08:13 . 2008-11-19 17:25 -------- d-----w- e:\program files\Opera
2009-11-22 12:34 . 2002-09-23 12:00 487794 ----a-w- e:\windows\system32\perfh005.dat
2009-11-22 12:34 . 2002-09-23 12:00 101624 ----a-w- e:\windows\system32\perfc005.dat
2009-10-10 19:37 . 2009-10-10 19:37 23600 ----a-w- e:\windows\system32\drivers\TVICHW32.SYS
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- e:\program files\opera\program\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- e:\program files\opera\program\plugins\ssldivx.dll
2006-05-03 09:06 . 2009-07-07 10:57 163328 --sh--r- e:\windows\system32\flvDX.dll
1990-01-01 01:01 . 1990-01-01 01:01 45056 --sh--r- e:\windows\system32\lpad32.dll
2007-02-21 10:47 . 2009-07-07 10:57 31232 --sh--r- e:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-07-07 10:57 216064 --sh--r- e:\windows\system32\nbDX.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AFProg"="e:\program files\Hotspot Shield\AnchorFree\ctrl\AFController.exe" [2006-06-05 118784]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="e:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="e:\program files\winamp\winampa.exe" [2008-08-03 36352]
"SMail"="e:\program files\Pošťák\Postak\Postak.exe" [2008-02-21 453936]
"HP Component Manager"="e:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"egui"="e:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"StartCCC"="e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]
"Adobe Reader Speed Launcher"="e:\program files\sdasdas\Reader\Reader_sl.exe" [2009-02-27 35696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

e:\documents and settings\Petr\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - e:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

e:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - e:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-3-15 241664]
Rychl‚ spuçtŘnˇ aplikace HP Image Zone.lnk - e:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-3-15 53248]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{8DCB0AE8-533C-A1D2-29E1-3A811135D25A}"= "e:\windows\system32\lpad32.dll" [1990-01-01 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 22:34 24576 ----a-w- e:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=e:\windows\system32\wbsys.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"e:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\WINDOWS\\system32\\PnkBstrA.exe"=
"e:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Program Files\\ICQ6.5\\ICQ.exe"=
"e:\program files\Microsoft ActiveSync\rapimgr.exe"= e:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"e:\program files\Microsoft ActiveSync\wcescomm.exe"= e:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"e:\program files\Microsoft ActiveSync\WCESMgr.exe"= e:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"e:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\Hamachi\\hamachi.exe"=
"e:\\Program Files\\Garena\\Garena.exe"=
"e:\\WINDOWS\\system32\\dpvsetup.exe"=
"e:\\Program Files\\Opera\\opera.exe"=
"c:\\PES 10\\PLAY\\pes2010.exe"=
"e:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"e:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\CoD4\\iw3mp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 sptd;sptd;e:\windows\system32\drivers\sptd.sys [19.11.2008 18:55 691696]
R1 ehdrv;ehdrv;e:\windows\system32\drivers\ehdrv.sys [6.2.2009 14:23 106208]
R1 epfwtdir;epfwtdir;e:\windows\system32\drivers\epfwtdir.sys [6.2.2009 14:24 93336]
R2 ekrn;ESET Service;e:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6.2.2009 14:23 727720]
S3 GarenaPEngine;GarenaPEngine;\??\e:\docume~1\Petr\LOCALS~1\Temp\UHW137E.tmp --> e:\docume~1\Petr\LOCALS~1\Temp\UHW137E.tmp [?]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);e:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [27.5.2009 2:27 29262680]
S3 TVICHW32;TVICHW32;e:\windows\system32\drivers\TVICHW32.SYS [10.10.2009 20:37 23600]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/?from=icqhp
uInternet Settings,ProxyServer = socks=
uInternet Settings,ProxyOverride = *.local
IE: Download Using &BitSpirit - e:\program files\BitSpirit\bsurl.htm
IE: E&xportovat do aplikace Microsoft Excel - e:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - e:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: ÓñČĚŘľ«ÁéĎÂÔŘ(&B)
TCP: {CCFE3FAC-4BE7-41F6-B87B-87F2A7DA2B30} = 62.129.50.20,85.135.32.100
FF - ProfilePath - e:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\5ei0sppd.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.cinema-world.biz/
FF - plugin: e:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: e:\program files\sdasdas\Reader\browser\nppdf32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
e:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-03 19:53
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys atapi.sys spfp.sys >>UNKNOWN [0x8AC7B938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> ACPI.sys @ 0xb9e74cb8
\Driver\atapi -> prosync1.sys @ 0xba5b06c1
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9d12bb0
PacketIndicateHandler -> NDIS.sys @ 0xb9d1fa21
SendHandler -> NDIS.sys @ 0xb9cfd87b
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\GarenaPEngine]
"ImagePath"="\??\e:\docume~1\Petr\LOCALS~1\Temp\UHW137E.tmp"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(984)
e:\windows\system32\Ati2evxx.dll
e:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll

- - - - - - - > 'explorer.exe'(3616)
e:\program files\ESET\ESET NOD32 Antivirus\eplgHooks.dll
e:\windows\system32\lpad32.dll
e:\windows\system32\webcheck.dll
e:\windows\system32\WPDShServiceObj.dll
e:\windows\system32\PortableDeviceTypes.dll
e:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
e:\windows\system32\Ati2evxx.exe
e:\windows\system32\Ati2evxx.exe
e:\program files\Bonjour\mDNSResponder.exe
e:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
e:\program files\Hotspot Shield\bin\openvpnas.exe
e:\program files\Hotspot Shield\HssWPR\hsssrv.exe
e:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
e:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
e:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
e:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
e:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
e:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
e:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
e:\program files\Microsoft ActiveSync\wcescomm.exe
e:\progra~1\MI3AA1~1\rapimgr.exe
e:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
e:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
e:\program files\HP\Digital Imaging\bin\hpqgalry.exe
e:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2010-01-03 19:58:57 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-03 18:58
ComboFix2.txt 2009-12-21 19:01

Před spuštěním: Volných bajtů: 20 233 302 016
Po spuštění: Volných bajtů: 20 817 362 944

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 757737F49B9D680B358B5AA461529485

[Dymon]

Vyjeli mi pouze OTL log



OTL logfile created on: 3.1.2010 20:05:35 - Run 2
OTL by OldTimer - Version 3.1.20.2 Folder = E:\Documents and Settings\Petr\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 81,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): E:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive C: | 97,65 Gb Total Space | 21,02 Gb Free Space | 21,53% Space Free | Partition Type: NTFS
Drive D: | 17,73 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 51,39 Gb Total Space | 19,42 Gb Free Space | 37,79% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PETR-93F360F962
Current User Name: Petr
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - E:\Documents and Settings\Petr\Plocha\OTL.exe (OldTimer Tools)
PRC - E:\Program Files\Opera\opera.exe (Opera Software)
PRC - E:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - E:\Program Files\Hotspot Shield\bin\openvpnas.exe ()
PRC - E:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
PRC - E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - E:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
PRC - E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.)
PRC - E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
PRC - E:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - E:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - E:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - E:\Program Files\winamp\winampa.exe ()
PRC - E:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - E:\Program Files\Pošťák\Postak\Postak.exe (Seznam.cz a.s.)
PRC - E:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
PRC - E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - E:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - E:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA Corporation)
PRC - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA Corporation)
PRC - E:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe ()
PRC - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe (Apache Software Foundation)
PRC - E:\Program Files\Bonjour\mDNSResponder.exe (Apple Computer, Inc.)
PRC - E:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
PRC - E:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe (Hewlett-Packard Co.)
PRC - E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)


========== Modules (SafeList) ==========

MOD - E:\Documents and Settings\Petr\Plocha\OTL.exe (OldTimer Tools)
MOD - E:\Program Files\ESET\ESET NOD32 Antivirus\eplgHooks.dll (ESET)
MOD - E:\WINDOWS\system32\iphlpapi.dll (Microsoft Corporation)
MOD - E:\WINDOWS\system32\wbsys.dll (Stardock.Net, Inc)
MOD - E:\Program Files\Stardock\Object Desktop\ThemeManager\wbhelp.dll (Stardock.Net, Inc)
MOD - E:\WINDOWS\system32\lpad32.dll ()


========== Win32 Services (SafeList) ==========

SRV - (MSSQL$SONY_MEDIAMGR2) SQL Server (SONY_MEDIAMGR2) -- E:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (HssTrayService) -- E:\Program Files\Hotspot Shield\bin\HssTrayService.exe ()
SRV - (HotspotShieldService) -- E:\Program Files\Hotspot Shield\bin\openvpnas.exe ()
SRV - (HssSrv) -- E:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (EhttpSrv) -- E:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn) -- E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (Ati HotKey Poller) -- E:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart) -- E:\WINDOWS\system32\ati2sgag.exe ()
SRV - (SQLWriter) -- E:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- E:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- E:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- E:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (NetTcpPortSharing) -- E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NMIndexingService) -- E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (NBService) -- E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG)
SRV - (ose) -- E:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (nSvcIp) -- E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA Corporation)
SRV - (nSvcLog) -- E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA Corporation)
SRV - (ForcewareWebInterface) -- E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (Apache Software Foundation)
SRV - (Bonjour Service) -- E:\Program Files\Bonjour\mDNSResponder.exe (Apple Computer, Inc.)
SRV - (IDriverT) -- E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- File not found
DRV - (sptd) -- E:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (TVICHW32) -- E:\WINDOWS\system32\drivers\TVICHW32.SYS (EnTech Taiwan)
DRV - (timounter) -- E:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)
DRV - (tifsfilter) -- E:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)
DRV - (hamachi) -- E:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (epfwtdir) -- E:\WINDOWS\system32\drivers\epfwtdir.sys (ESET)
DRV - (ehdrv) -- E:\WINDOWS\system32\drivers\ehdrv.sys (ESET)
DRV - (eamon) -- E:\WINDOWS\system32\drivers\eamon.sys (ESET)
DRV - (ati2mtag) -- E:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AtiHdmiService) -- E:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (usb_rndisx) -- E:\WINDOWS\system32\drivers\usb8023x.sys (Microsoft Corporation)
DRV - (MPE) -- E:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)
DRV - (Secdrv) -- E:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (HDAudBus) -- E:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (tapvpn) -- E:\WINDOWS\system32\drivers\tapvpn.sys (The OpenVPN Project)
DRV - (ENTECH) -- E:\WINDOWS\system32\drivers\Entech.sys (EnTech Taiwan)
DRV - (PxHelp20) -- E:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ADIHdAudAddService) -- E:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (nvnetbus) -- E:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- E:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (AmdK8) -- E:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (ATIAVAIW) -- E:\WINDOWS\system32\drivers\atinavt2.sys (ATI Technologies Inc.)
DRV - (AEAudio) -- E:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (SenFiltService) -- E:\WINDOWS\system32\drivers\senfilt.sys (Sensaura)
DRV - (prohlp02) -- E:\WINDOWS\System32\drivers\prohlp02.sys (Protection Technology)
DRV - (prodrv06) -- E:\WINDOWS\System32\drivers\prodrv06.sys (Protection Technology)
DRV - (MTsensor) -- E:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (prosync1) -- E:\WINDOWS\System32\drivers\prosync1.sys (Protection Technology)
DRV - (sfhlp01) -- E:\WINDOWS\System32\drivers\sfhlp01.sys (Protection Technology)
DRV - (Ptilink) -- E:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = E:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = E:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - E:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..browser.startup.homepage: "http://www.cinema-world.biz/"
FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:3.5
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.5.1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.6

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.09.01 21:17:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2009.12.20 18:57:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2009.12.23 10:23:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: E:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009.03.19 19:49:13 | 00,000,000 | ---D | M]

[2008.11.19 17:30:18 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Petr\Data aplikací\Mozilla\Extensions
[2008.11.19 17:30:18 | 00,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\Petr\Data aplikací\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009.12.22 20:43:04 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\5ei0sppd.default\extensions
[2009.10.05 12:54:22 | 00,000,000 | ---D | M] (Winamp Toolbar) -- E:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\5ei0sppd.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2009.10.17 12:02:33 | 00,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- E:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\5ei0sppd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008.11.19 19:52:42 | 00,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\5ei0sppd.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.12.18 18:11:46 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\5ei0sppd.default\extensions\illimitux@illimitux.net
[2009.12.11 23:11:37 | 00,002,055 | ---- | M] () -- E:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\5ei0sppd.default\searchplugins\daemon-search.xml
[2009.12.18 18:21:48 | 00,000,962 | ---- | M] () -- E:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\5ei0sppd.default\searchplugins\icqplugin-1.xml
[2008.11.19 19:52:19 | 00,000,962 | ---- | M] () -- E:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\5ei0sppd.default\searchplugins\icqplugin.xml
[2009.10.05 12:54:10 | 00,000,000 | ---D | M] -- E:\Program Files\Mozilla Firefox\extensions
[2009.12.20 18:57:06 | 00,000,000 | ---D | M] (Default) -- E:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009.12.20 18:56:58 | 00,023,512 | ---- | M] (Mozilla Foundation) -- E:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009.12.20 18:56:58 | 00,137,176 | ---- | M] (Mozilla Foundation) -- E:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009.12.20 18:57:11 | 00,064,984 | ---- | M] (mozilla.org) -- E:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009.12.20 18:57:14 | 00,002,371 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009.12.20 18:57:14 | 00,000,638 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2009.12.20 18:57:14 | 00,001,687 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2009.12.20 18:57:14 | 00,001,367 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2009.12.20 18:57:14 | 00,000,654 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2009.12.20 18:57:14 | 00,001,179 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

Hosts file not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&S-Rank) - {B71B15CF-3093-459C-B764-AEB2486F2273} - E:\Program Files\Pošťák\Postak\SRank.dll (Seznam.cz a.s.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - E:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKCU\..\Toolbar\WebBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - E:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKCU\..\Toolbar\WebBrowser: (&Odkazy) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - E:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&S-Rank) - {B71B15CF-3093-459C-B764-AEB2486F2273} - E:\Program Files\Pošťák\Postak\SRank.dll (Seznam.cz a.s.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] E:\Program Files\sdasdas\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [egui] E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [HP Component Manager] E:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SMail] E:\Program Files\Pošťák\Postak\Postak.exe (Seznam.cz a.s.)
O4 - HKLM..\Run: [StartCCC] E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] E:\Program Files\winamp\winampa.exe ()
O4 - HKCU..\Run: [AFProg] E:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [DAEMON Tools Lite] E:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [H/PC Connection Agent] E:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - Startup: E:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: E:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Rychlé spuštění aplikace HP Image Zone.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: E:\Documents and Settings\Petr\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = E:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download Using &BitSpirit - E:\Program Files\BitSpirit\bsurl.htm ()
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - E:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - E:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - E:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - E:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - E:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - E:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://icq.oberon-media.com/Gameshell/G ... meHost.cab (Oberon Flash Game Host)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - E:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - E:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - E:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - E:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - E:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - E:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - E:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - E:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - E:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - E:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - E:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - E:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - E:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - E:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - E:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - E:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - E:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - E:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - E:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - E:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - E:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - E:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - E:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - E:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - E:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - E:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - E:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - E:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - E:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - E:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - E:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (E:\WINDOWS\system32\wbsys.dll) - E:\WINDOWS\system32\wbsys.dll (Stardock.Net, Inc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - E:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (E:\WINDOWS\system32\userinit.exe) - E:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - E:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - E:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - E:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - E:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - E:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - E:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - E:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - E:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - E:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - E:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - E:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - E:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - E:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WB: DllName - E:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll - E:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll (Stardock)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - E:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - E:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - E:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - E:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - E:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - E:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - E:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Proces mezipaměti kategorií součástí - E:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O28 - HKLM ShellExecuteHooks: {8DCB0AE8-533C-A1D2-29E1-3A811135D25A} - E:\WINDOWS\system32\lpad32.dll ()
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - E:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - E:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - E:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - E:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - E:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - E:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - E:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - E:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - E:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - E:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.12.12 03:35:05 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.01.03 20:04:21 | 00,513,536 | ---- | C] (OldTimer Tools) -- E:\Documents and Settings\Petr\Plocha\OTL.exe
[2010.01.03 19:59:00 | 00,000,000 | ---D | C] -- E:\WINDOWS\temp
[2010.01.03 19:44:28 | 00,000,000 | ---D | C] -- E:\ComboFix
[2009.12.27 11:06:54 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Petr\Dokumenty\18 WoS American Long Haul
[2009.12.27 11:04:01 | 00,000,000 | ---D | C] -- E:\Program Files\ValuSoft
[2009.12.23 18:39:08 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Petr\Plocha\addons 3.1.3
[2009.12.23 11:23:38 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Petr\Plocha\pathce
[2009.12.23 10:23:31 | 00,000,000 | ---D | C] -- E:\Program Files\Common Files\DESIGNER
[2009.12.23 10:13:08 | 00,000,000 | ---D | C] -- E:\Program Files\Microsoft Office
[2009.12.23 09:15:34 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Petr\Dokumenty\Stažené soubory
[2009.12.21 19:53:57 | 00,031,232 | ---- | C] (NirSoft) -- E:\WINDOWS\NIRCMD.exe
[2009.12.21 19:53:54 | 00,161,792 | ---- | C] (SteelWerX) -- E:\WINDOWS\SWREG.exe
[2009.12.21 19:53:53 | 00,212,480 | ---- | C] (SteelWerX) -- E:\WINDOWS\SWXCACLS.exe
[2009.12.21 19:53:53 | 00,136,704 | ---- | C] (SteelWerX) -- E:\WINDOWS\SWSC.exe
[2009.12.21 19:53:45 | 00,000,000 | ---D | C] -- E:\WINDOWS\ERDNT
[2009.12.21 19:51:58 | 00,000,000 | ---D | C] -- E:\Qoobox
[2009.12.20 16:50:38 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Petr\Dokumenty\Stronghold Crusader
[2009.12.20 16:49:14 | 00,107,888 | ---- | C] (Sony DADC Austria AG.) -- E:\WINDOWS\System32\CmdLineExt.dll
[2009.12.19 21:29:07 | 00,000,000 | ---D | C] -- E:\Program Files\Microsoft Visual Studio
[2009.12.19 21:28:36 | 00,000,000 | ---D | C] -- E:\Program Files\Microsoft Works
[2009.12.19 21:28:33 | 00,000,000 | ---D | C] -- E:\Program Files\Microsoft Visual Studio 8
[2009.12.19 14:35:03 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Petr\Dokumenty\Bus Driver
[2009.12.19 14:28:24 | 00,000,000 | ---D | C] -- E:\Program Files\Bus Driver
[2009.12.18 19:18:53 | 00,000,000 | RH-D | C] -- E:\Documents and Settings\Petr\Recent
[2009.12.14 17:38:23 | 00,000,000 | ---D | C] -- E:\Program Files\Common Files\Skype
[2009.12.14 17:38:09 | 00,000,000 | R--D | C] -- E:\Program Files\Skype
[2009.12.12 10:25:51 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Petr\Dokumenty\NFS Carbon
[2009.12.12 10:07:08 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Petr\Dokumenty\Nová složka
[2009.12.11 23:11:05 | 00,000,000 | ---D | C] -- E:\Program Files\DAEMON Tools Lite
[2009.12.05 18:58:24 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Petr\Data aplikací\Malwarebytes
[2009.12.05 18:58:16 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009.12.05 18:58:14 | 00,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2009.12.05 18:58:12 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbam.sys
[2009.12.05 18:58:11 | 00,000,000 | ---D | C] -- E:\Program Files\Malwarebytes' Anti-Malware
[2009.12.05 18:56:29 | 00,000,000 | -HSD | C] -- E:\Documents and Settings\All Users\Data aplikací\{55A29068-F2CE-456C-9148-C869879E2357}
[2009.12.05 18:40:57 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Petr\Local Settings\Data aplikací\Hotspot_Shield
[2009.07.17 05:54:13 | 00,000,000 | --SD | M] -- E:\Documents and Settings\LocalService\Data aplikací\Microsoft
[2009.07.08 06:22:08 | 00,000,000 | ---D | M] -- E:\Documents and Settings\NetworkService\Data aplikací\Acronis
[2009.06.09 18:11:49 | 00,000,000 | ---D | M] -- E:\Documents and Settings\LocalService\Data aplikací\Acronis
[2009.04.05 11:22:36 | 00,000,000 | ---D | M] -- E:\Documents and Settings\LocalService\Local Settings\Data aplikací\ESET
[2008.11.19 16:39:59 | 00,000,000 | ---D | M] -- E:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[2008.11.19 16:39:42 | 00,000,000 | --SD | M] -- E:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[2008.11.19 16:39:42 | 00,000,000 | ---D | M] -- E:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[2004.11.24 19:25:52 | 00,335,872 | ---- | C] ( ) -- E:\WINDOWS\System32\drvc.dll

========== Files - Modified Within 30 Days ==========

[2010.01.03 20:04:40 | 00,513,536 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Petr\Plocha\OTL.exe
[2010.01.03 19:53:36 | 00,000,227 | ---- | M] () -- E:\WINDOWS\system.ini
[2010.01.03 19:52:51 | 00,000,006 | -H-- | M] () -- E:\WINDOWS\tasks\SA.DAT
[2010.01.03 19:52:49 | 00,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat
[2010.01.03 19:52:46 | 32,205,57824 | -HS- | M] () -- E:\hiberfil.sys
[2010.01.03 19:51:13 | 06,029,312 | ---- | M] () -- E:\Documents and Settings\Petr\ntuser.dat
[2010.01.03 19:51:13 | 00,000,178 | -HS- | M] () -- E:\Documents and Settings\Petr\ntuser.ini
[2010.01.03 19:41:46 | 03,818,002 | R--- | M] () -- E:\Documents and Settings\Petr\Plocha\ComboFix.exe
[2010.01.03 19:24:45 | 00,068,577 | ---- | M] () -- E:\Documents and Settings\Petr\Plocha\wtf.JPG
[2010.01.03 19:23:58 | 01,458,834 | ---- | M] () -- E:\Documents and Settings\Petr\Plocha\wtf.bmp
[2010.01.03 09:59:46 | 08,542,544 | ---- | M] () -- E:\Documents and Settings\Petr\Plocha\WoW-3.2.0.10192-to-3.2.0.10314-enGB-patch.exe
[2010.01.03 09:47:56 | 00,810,984 | ---- | M] () -- E:\Documents and Settings\Petr\Plocha\ZOMGBuffs-r140.zip
[2010.01.03 00:11:25 | 01,578,544 | -H-- | M] () -- E:\Documents and Settings\Petr\Local Settings\Data aplikací\IconCache.db
[2010.01.02 19:58:24 | 00,237,186 | ---- | M] () -- E:\Documents and Settings\Petr\Plocha\PallyPower-v3.2.5-release.zip
[2010.01.02 10:44:15 | 00,002,206 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl
[2009.12.31 16:50:37 | 49,236,4868 | ---- | M] () -- E:\Documents and Settings\Petr\Plocha\wow-3.1.3-to-3.2.0-engb-win-patch.zip
[2009.12.31 11:14:24 | 00,000,030 | ---- | M] () -- E:\Documents and Settings\Petr\Plocha\realmlist.wtf
[2009.12.30 09:59:06 | 00,483,540 | ---- | M] () -- E:\Documents and Settings\Petr\Plocha\AuctionMaster-3.32.zip
[2009.12.30 09:37:31 | 00,801,469 | ---- | M] () -- E:\Documents and Settings\Petr\Plocha\AuctionMaster-3.38.5.zip
[2009.12.30 09:29:35 | 00,757,530 | ---- | M] () -- E:\Documents and Settings\Petr\Plocha\AuctionMaster-3.38.2.zip
[2009.12.27 13:16:28 | 00,000,433 | ---- | M] () -- E:\Documents and Settings\All Users\Plocha\Call of Duty(R) 4 - Modern Warfare(TM) Singleplayer.lnk
[2009.12.27 13:16:28 | 00,000,433 | ---- | M] () -- E:\Documents and Settings\All Users\Plocha\Call of Duty(R) 4 - Modern Warfare(TM) Multiplayer.lnk
[2009.12.27 13:16:20 | 00,000,281 | ---- | M] () -- E:\WINDOWS\game.ini
[2009.12.25 08:45:11 | 00,022,862 | ---- | M] () -- E:\Documents and Settings\Petr\Plocha\OmniCC_2.5.5.zip
[2009.12.25 08:11:17 | 00,492,526 | ---- | M] () -- E:\Documents and Settings\Petr\Plocha\GroupCalendar_4.5.zip
[2009.12.24 13:14:38 | 00,000,074 | ---- | M] () -- E:\Documents and Settings\Petr\Plocha\IW.m3u
[2009.12.23 18:37:48 | 00,000,069 | ---- | M] () -- E:\WINDOWS\NeroDigital.ini
[2009.12.23 18:37:46 | 00,059,392 | ---- | M] () -- E:\Documents and Settings\Petr\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.23 18:36:23 | 00,000,662 | ---- | M] () -- E:\Documents and Settings\All Users\Plocha\World of Warcraft.lnk
[2009.12.23 08:38:57 | 00,068,800 | ---- | M] () -- E:\Documents and Settings\Petr\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
[2009.12.23 08:38:00 | 01,553,296 | ---- | M] () -- E:\WINDOWS\System32\FNTCACHE.DAT
[2009.12.22 23:03:15 | 00,000,582 | ---- | M] () -- E:\WINDOWS\win.ini
[2009.12.20 16:51:53 | 00,000,759 | ---- | M] () -- E:\Documents and Settings\Petr\Plocha\Stronghold Crusader.lnk
[2009.12.20 16:49:14 | 00,107,888 | ---- | M] (Sony DADC Austria AG.) -- E:\WINDOWS\System32\CmdLineExt.dll
[2009.12.19 14:28:52 | 00,000,730 | ---- | M] () -- E:\Documents and Settings\Petr\Plocha\Bus Driver.lnk
[2009.12.12 10:20:00 | 00,000,660 | ---- | M] () -- E:\Documents and Settings\All Users\Plocha\Need for Speed™ Carbon.lnk
[2009.12.11 23:11:25 | 00,691,696 | ---- | M] () -- E:\WINDOWS\System32\drivers\sptd.sys
[2009.12.09 22:54:07 | 00,261,632 | ---- | M] () -- E:\WINDOWS\PEV.exe
[2009.12.08 06:52:57 | 00,004,096 | ---- | M] () -- E:\WINDOWS\System32\crash
[2009.12.05 18:58:19 | 00,000,700 | ---- | M] () -- E:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2009.12.05 18:41:04 | 00,002,560 | ---- | M] () -- E:\WINDOWS\_MSRSTRT.EXE
[2009.12.05 17:48:25 | 00,001,738 | ---- | M] () -- E:\Documents and Settings\Petr\Plocha\HijackThis.lnk

========== Files Created - No Company Name ==========

[2010.01.03 19:40:18 | 03,818,002 | R--- | C] () -- E:\Documents and Settings\Petr\Plocha\ComboFix.exe
[2010.01.03 19:24:45 | 00,068,577 | ---- | C] () -- E:\Documents and Settings\Petr\Plocha\wtf.JPG
[2010.01.03 19:23:58 | 01,458,834 | ---- | C] () -- E:\Documents and Settings\Petr\Plocha\wtf.bmp
[2010.01.03 09:59:21 | 08,542,544 | ---- | C] () -- E:\Documents and Settings\Petr\Plocha\WoW-3.2.0.10192-to-3.2.0.10314-enGB-patch.exe
[2010.01.03 09:47:48 | 00,810,984 | ---- | C] () -- E:\Documents and Settings\Petr\Plocha\ZOMGBuffs-r140.zip
[2010.01.02 19:58:16 | 00,237,186 | ---- | C] () -- E:\Documents and Settings\Petr\Plocha\PallyPower-v3.2.5-release.zip
[2009.12.31 12:38:11 | 49,236,4868 | ---- | C] () -- E:\Documents and Settings\Petr\Plocha\wow-3.1.3-to-3.2.0-engb-win-patch.zip
[2009.12.30 09:59:06 | 00,483,540 | ---- | C] () -- E:\Documents and Settings\Petr\Plocha\AuctionMaster-3.32.zip
[2009.12.30 09:37:21 | 00,801,469 | ---- | C] () -- E:\Documents and Settings\Petr\Plocha\AuctionMaster-3.38.5.zip
[2009.12.30 09:29:27 | 00,757,530 | ---- | C] () -- E:\Documents and Settings\Petr\Plocha\AuctionMaster-3.38.2.zip
[2009.12.27 13:16:28 | 00,000,433 | ---- | C] () -- E:\Documents and Settings\All Users\Plocha\Call of Duty(R) 4 - Modern Warfare(TM) Singleplayer.lnk
[2009.12.27 13:16:28 | 00,000,433 | ---- | C] () -- E:\Documents and Settings\All Users\Plocha\Call of Duty(R) 4 - Modern Warfare(TM) Multiplayer.lnk
[2009.12.25 08:45:10 | 00,022,862 | ---- | C] () -- E:\Documents and Settings\Petr\Plocha\OmniCC_2.5.5.zip
[2009.12.25 08:11:17 | 00,492,526 | ---- | C] () -- E:\Documents and Settings\Petr\Plocha\GroupCalendar_4.5.zip
[2009.12.24 13:14:38 | 00,000,074 | ---- | C] () -- E:\Documents and Settings\Petr\Plocha\IW.m3u
[2009.12.23 12:18:42 | 00,000,662 | ---- | C] () -- E:\Documents and Settings\All Users\Plocha\World of Warcraft.lnk
[2009.12.23 11:28:58 | 00,000,759 | ---- | C] () -- E:\Documents and Settings\Petr\Plocha\Stronghold Crusader.lnk
[2009.12.22 15:59:14 | 06,029,312 | ---- | C] () -- E:\Documents and Settings\Petr\ntuser.dat
[2009.12.21 19:53:57 | 00,077,312 | ---- | C] () -- E:\WINDOWS\MBR.exe
[2009.12.21 19:53:54 | 00,261,632 | ---- | C] () -- E:\WINDOWS\PEV.exe
[2009.12.21 19:53:54 | 00,068,096 | ---- | C] () -- E:\WINDOWS\zip.exe
[2009.12.21 19:53:53 | 00,098,816 | ---- | C] () -- E:\WINDOWS\sed.exe
[2009.12.21 19:53:53 | 00,080,412 | ---- | C] () -- E:\WINDOWS\grep.exe
[2009.12.19 16:29:26 | 32,205,57824 | -HS- | C] () -- E:\hiberfil.sys
[2009.12.19 14:28:51 | 00,000,730 | ---- | C] () -- E:\Documents and Settings\Petr\Plocha\Bus Driver.lnk
[2009.12.12 10:20:00 | 00,000,660 | ---- | C] () -- E:\Documents and Settings\All Users\Plocha\Need for Speed™ Carbon.lnk
[2009.12.05 18:58:19 | 00,000,700 | ---- | C] () -- E:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2009.12.05 18:41:02 | 00,002,560 | ---- | C] () -- E:\WINDOWS\_MSRSTRT.EXE
[2009.12.05 17:48:24 | 00,001,738 | ---- | C] () -- E:\Documents and Settings\Petr\Plocha\HijackThis.lnk
[2009.08.22 13:18:54 | 00,000,038 | ---- | C] () -- E:\WINDOWS\AviSplitter.INI
[2009.07.11 16:30:50 | 00,000,151 | ---- | C] () -- E:\WINDOWS\PhotoSnapViewer.INI
[2009.07.09 07:38:22 | 00,815,104 | ---- | C] () -- E:\WINDOWS\System32\xvidcore.dll
[2009.07.09 07:38:21 | 00,180,224 | ---- | C] () -- E:\WINDOWS\System32\xvidvfw.dll
[2009.07.07 11:59:12 | 00,027,648 | ---- | C] () -- E:\WINDOWS\System32\AVSredirect.dll
[2009.05.04 14:03:00 | 00,059,904 | ---- | C] () -- E:\WINDOWS\System32\zlib1.dll
[2009.05.04 13:53:28 | 00,286,720 | ---- | C] () -- E:\WINDOWS\System32\libcurl.dll
[2009.05.04 13:53:10 | 00,143,360 | ---- | C] () -- E:\WINDOWS\System32\libexpatw.dll
[2009.05.01 13:45:37 | 00,002,528 | ---- | C] () -- E:\Documents and Settings\Petr\Data aplikací\$_hpcst$.hpc
[2009.04.21 23:19:06 | 00,172,173 | ---- | C] () -- E:\WINDOWS\System32\xlive.dll.cat
[2009.04.10 14:56:04 | 00,000,675 | ---- | C] () -- E:\WINDOWS\System32\WEHLanguage.ini
[2009.04.10 14:56:04 | 00,000,580 | ---- | C] () -- E:\WINDOWS\System32\WEH5ColorConfig.ini
[2009.03.07 14:12:45 | 00,000,390 | ---- | C] () -- E:\WINDOWS\ODBC.INI
[2009.03.03 14:30:26 | 00,000,010 | ---- | C] () -- E:\WINDOWS\WININIT.INI
[2009.02.08 19:22:38 | 00,000,390 | ---- | C] () -- E:\Documents and Settings\All Users\Data aplikací\hpzinstall.log
[2009.01.26 17:09:42 | 00,022,328 | ---- | C] () -- E:\Documents and Settings\Petr\Data aplikací\PnkBstrK.sys
[2009.01.26 17:09:22 | 00,000,281 | ---- | C] () -- E:\WINDOWS\game.ini
[2009.01.05 19:03:27 | 00,003,972 | ---- | C] () -- E:\WINDOWS\System32\drivers\PciBus.sys
[2008.12.25 15:12:11 | 00,000,082 | ---- | C] () -- E:\WINDOWS\wb.ini
[2008.12.25 07:27:58 | 00,000,580 | ---- | C] () -- E:\WINDOWS\wincmd.ini
[2008.12.19 15:15:58 | 04,338,246 | ---- | C] () -- E:\WINDOWS\System32\libavcodec.dll
[2008.12.17 17:41:18 | 00,884,237 | ---- | C] () -- E:\WINDOWS\System32\ff_x264.dll
[2008.12.17 17:22:58 | 00,093,184 | ---- | C] () -- E:\WINDOWS\System32\ff_wmv9.dll
[2008.12.17 17:22:48 | 00,057,344 | ---- | C] () -- E:\WINDOWS\System32\ff_vfw.dll
[2008.12.17 17:17:34 | 00,239,247 | ---- | C] () -- E:\WINDOWS\System32\ff_theora.dll
[2008.12.17 16:59:54 | 00,560,802 | ---- | C] () -- E:\WINDOWS\System32\libmplayer.dll
[2008.12.12 14:24:59 | 00,059,392 | ---- | C] () -- E:\Documents and Settings\Petr\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.11 11:27:02 | 00,000,547 | ---- | C] () -- E:\WINDOWS\System32\ff_vfw.dll.manifest
[2008.12.04 14:51:49 | 00,000,157 | ---- | C] () -- E:\Documents and Settings\Petr\Data aplikací\default.rss
[2008.11.21 22:15:19 | 00,000,069 | ---- | C] () -- E:\WINDOWS\NeroDigital.ini
[2008.11.21 21:16:51 | 00,004,767 | ---- | C] () -- E:\WINDOWS\Irremote.ini
[2008.11.21 13:29:58 | 00,138,184 | ---- | C] () -- E:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008.11.19 18:55:04 | 00,691,696 | ---- | C] () -- E:\WINDOWS\System32\drivers\sptd.sys
[2008.11.19 18:13:16 | 00,354,816 | ---- | C] () -- E:\WINDOWS\System32\PsisDecd.dll
[2008.11.19 18:12:54 | 00,000,124 | ---- | C] () -- E:\Documents and Settings\Petr\Local Settings\Data aplikací\fusioncache.dat
[2008.11.19 17:53:44 | 00,017,704 | ---- | C] () -- E:\WINDOWS\Ascd_log.ini
[2008.11.19 17:53:16 | 00,017,470 | ---- | C] () -- E:\WINDOWS\Ascd_tmp.ini
[2008.11.19 17:53:13 | 00,005,810 | R--- | C] () -- E:\WINDOWS\System32\drivers\ASACPI.sys
[2008.11.19 17:53:03 | 00,005,824 | ---- | C] () -- E:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2004.10.03 17:50:54 | 00,129,024 | ---- | C] () -- E:\WINDOWS\System32\ff_mpeg2enc.dll
[2003.04.09 15:38:04 | 00,005,664 | ---- | C] () -- E:\WINDOWS\System32\OUTLPERF.INI
[1996.04.03 20:33:26 | 00,005,248 | ---- | C] () -- E:\WINDOWS\System32\giveio.sys
[1990.01.01 02:01:14 | 00,045,056 | RHS- | C] () -- E:\WINDOWS\System32\lpad32.dll

========== LOP Check ==========

[2009.06.09 16:31:48 | 00,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Data aplikací\Acronis
[2009.12.11 23:10:54 | 00,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
[2009.03.19 19:49:11 | 00,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Data aplikací\ESET
[2008.12.19 19:12:13 | 00,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Data aplikací\ICQ
[2009.12.04 15:50:53 | 00,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Data aplikací\KONAMI
[2009.10.11 14:09:52 | 00,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Data aplikací\PC Drivers HeadQuarters
[2009.07.06 12:12:09 | 00,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Data aplikací\Sony
[2009.08.12 09:32:49 | 00,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Data aplikací\TEMP
[2009.12.05 18:56:29 | 00,000,000 | -HSD | M] -- E:\Documents and Settings\All Users\Data aplikací\{55A29068-F2CE-456C-9148-C869879E2357}
[2009.06.09 20:25:59 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Petr\Data aplikací\Acronis
[2009.04.19 16:37:57 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Petr\Data aplikací\Atari
[2008.11.20 18:55:36 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Petr\Data aplikací\BitSpirit
[2008.12.14 15:41:06 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Petr\Data aplikací\BSplayer
[2008.12.14 15:33:15 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Petr\Data aplikací\BSplayer Pro
[2009.03.07 15:13:17 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Petr\Data aplikací\DAEMON Tools
[2009.12.12 10:03:26 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Petr\Data aplikací\DAEMON Tools Lite
[2009.03.07 15:13:17 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Petr\Data aplikací\DAEMON Tools Pro
[2009.02.03 07:05:43 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Petr\Data aplikací\EuroTalk
[2008.12.02 17:41:12 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Petr\Data aplikací\HideIP
[2010.01.02 17:57:09 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Petr\Data aplikací\ICQ
[2008.11.20 22:14:41 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Petr\Data aplikací\ICQ Toolbar
[2009.04.09 13:49:29 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Petr\Data aplikací\ICQLite
[2008.12.13 11:27:26 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Petr\Data aplikací\LangSoft
[2008.11.21 13:28:13 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Petr\Data aplikací\Leadertech
[2008.11.19 18:26:18 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Petr\Data aplikací\Opera
[2009.07.06 12:20:22 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Petr\Data aplikací\Publish Providers
[2009.07.06 12:19:48 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Petr\Data aplikací\Sony
[2009.06.12 14:06:06 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Petr\Data aplikací\TeamViewer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 498 bytes -> E:\Documents and Settings\All Users\Data aplikací\TEMP:05EE1EEF
@Alternate Data Stream - 110 bytes -> E:\Documents and Settings\All Users\Data aplikací\TEMP:888AFB86
< End of report >