Pls kontrolu HijackThis-chyba Explorer.exe

lukasen · Příspěvekod **lukasen** » 07 bře 2010 22:16

Dobrý den,když si stáhnu film v avi a pak vědu do složky kde je uložen,tak mi vyskočí chyba Explorer.exe a když dám neodesílat tak mi to vyskoči na plochu a vsechno zustane jak bylo otevrene,jen ta slozka se zavre,ale dela to jen u nekterych filmu!! A jeste se mi stava ze ten stahnutej film,i u toho kde to nehlasilo chybu,se mi proste samovolne smaze a ani o to nevim dokud se tam treba po tydnu nepodivam ze ho chci napr.: vypalit!!! Nevite kde by mohla byt chyba?? Tady je log HijackThis:

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 22:15:11, on 7.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Programy\QIP\QIP Infium\QIP Infium\infium.exe
C:\Program Files\Songbird\songbird.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\LUKAS\Plocha\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: (no name) - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - (no file)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Služba Google Update (gupdate1c9c5843b9acb08) (gupdate1c9c5843b9acb08) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6244 bytes

Reklama

Damned · Příspěvekod **Damned** » 07 bře 2010 22:32

Je to kodekama. Můžeme vyčistit PC, ať máš jistotu.

Odinstaluj si DAEMON Tools Toolbar.

Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

O3 - Toolbar: (no name) - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - (no file)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
*****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

lukasen · Příspěvekod **lukasen** » 07 bře 2010 22:52

Diky za rychlost!! Tady je log MBAM:

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3833
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7.3.2010 22:51:24
mbam-log-2010-03-07 (22-51-15).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 116953
Uplynulý čas: 6 minute(s), 54 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 3
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_CLASSES_ROOT\qndsfmao.bvqe (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\qndsfmao.toolbar.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)

Damned · Příspěvekod **Damned** » 07 bře 2010 23:11

Takže spusť znovu MbAM a dej Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Konec

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

lukasen · Příspěvekod **lukasen** » 08 bře 2010 16:38

Log Combofix:

ComboFix 10-03-07.05 - LUKAS 08.03.2010 16:21:34.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.632 [GMT 1:00]
Spuštěný z: c:\documents and settings\LUKAS\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1169 [VPS 100308-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\desktop
c:\windows\desktop\D5MBRF7T.FDPART
c:\windows\system32\msvcm80.dll
c:\windows\system32\msvcp80.dll
c:\windows\system32\msvcr80.dll
c:\windows\system32\skinboxer43.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-08 do 2010-03-08 )))))))))))))))))))))))))))))))
.

2010-03-07 21:42 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-07 21:42 . 2010-03-07 21:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-07 21:42 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-26 14:58 . 2010-02-26 14:58 130 ----a-w- c:\windows\system32\rpireica.bin
2010-02-26 14:50 . 2002-04-07 21:14 724992 ----a-w- c:\windows\system32\ebCrypt.dll
2010-02-26 14:42 . 2009-03-17 09:38 364544 ----a-w- c:\windows\system32\MACDll.dll
2010-02-26 14:42 . 2009-01-19 18:39 246424 ----a-w- c:\windows\system32\unicows.dll
2010-02-23 13:54 . 2010-02-23 13:54 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-02-15 09:35 . 2008-03-29 18:29 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-15 09:35 . 2008-03-29 18:27 42912 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-15 09:35 . 2008-03-29 18:26 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-02-15 09:35 . 2008-03-29 18:35 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-15 09:35 . 2008-03-29 18:35 94544 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-02-15 09:35 . 2008-03-29 18:31 75856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-15 09:35 . 2008-03-29 18:23 95608 ----a-w- c:\windows\system32\AvastSS.scr
2010-02-15 09:35 . 2008-01-17 16:34 93264 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-02-15 09:35 . 2008-03-29 18:45 1146232 ----a-w- c:\windows\system32\aswBoot.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-07 20:30 . 2009-10-19 18:37 -------- d-----w- c:\program files\Songbird
2010-03-06 14:43 . 2008-04-30 12:01 -------- d-----w- c:\program files\Smarty Uninstaller Pro
2010-03-06 14:30 . 2008-04-29 19:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-19 13:20 . 2004-08-18 12:00 437558 ----a-w- c:\windows\system32\perfh005.dat
2010-02-19 13:20 . 2004-08-18 12:00 82372 ----a-w- c:\windows\system32\perfc005.dat
2010-02-01 17:31 . 2010-01-21 17:44 -------- d-----w- c:\program files\Nokia
2010-01-21 17:44 . 2010-01-21 17:44 -------- d-----w- c:\program files\Common Files\PCSuite
2010-01-21 17:44 . 2009-05-25 14:55 -------- d-----w- c:\program files\Common Files\Nokia
2010-01-21 17:44 . 2010-01-21 17:44 -------- d-----w- c:\program files\PC Connectivity Solution
2010-01-19 16:35 . 2010-01-19 16:35 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2010-01-18 16:02 . 2010-01-18 16:02 15664 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-01-18 16:02 . 2010-01-18 16:02 109360 ----a-w- c:\windows\system32\GEARAspi.dll
2009-12-31 16:50 . 2005-05-10 00:17 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2008-04-29 17:28 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2004-08-18 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:11 . 2004-08-18 12:00 2191360 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2004-08-17 15:45 2068224 ----a-w- c:\windows\system32\ntkrnlpa.exe
2005-06-22 05:37 . 2006-05-24 17:37 45568 --sha-r- c:\windows\system32\cygz.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-02 13680640]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 07:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-12-02 22:11 1657376 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-01-31 21:13 385024 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-05-17 10:48 77824 ----a-r- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-11-27 20:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Java\\jre1.5.0_06\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"d:\\Programy\\QIP\\QIP Infium\\QIP Infium\\infium.exe"=
"d:\\Programy\\QIP\\QIP Infium\\QIP Infium\\QIP Infium\\infium.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\HRY\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"c:\\HRY\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [15.2.2010 10:35 75856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15.2.2010 10:35 20560]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.4.2008 14:21 691696]
S2 gupdate1c9c5843b9acb08;Služba Google Update (gupdate1c9c5843b9acb08);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S3 DynCal;Dynamic Calibration Service;c:\windows\system32\drivers\Dyncal.sys [22.4.2006 15:08 8704]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [22.11.2009 8:20 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [22.11.2009 8:20 8320]
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
FF - ProfilePath - c:\documents and settings\LUKAS\Data aplikací\Mozilla\Firefox\Profiles\zr3qjobe.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-WEBTRAN - (no file)
MSConfigStartUp-DAEMON Tools-1033 - c:\program files\D-Tools\daemon.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-PC Translator - c:\docume~1\LUKAS\LOCALS~1\Temp\UN32.EXE

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-08 16:25
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1409082233-2049760794-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:b9,42,f2,db,5f,ad,95,e7,92,0a,82,34,bf,3b,31,8b,9a,52,5e,a2,2d,
72,3b,09,ca,d1,a5,7a,36,52,fd,37,e2,cb,2a,79,c4,a9,93,c4,60,65,f7,ed,4f,b0,\
"rkeysecu"=hex:8b,06,20,e5,4c,23,ec,54,c7,9c,ff,e1,06,68,40,6d
.
Celkový čas: 2010-03-08 16:26:43
ComboFix-quarantined-files.txt 2010-03-08 15:26

Před spuštěním: 2 743 996 416
Po spuštění: 2 999 754 752

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 073BAEE31960AE52052A5ED632405A01

Log MBAM:

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3833
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8.3.2010 16:08:42
mbam-log-2010-03-08 (16-08-42).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 116611
Uplynulý čas: 7 minute(s), 9 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 3
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_CLASSES_ROOT\qndsfmao.bvqe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qndsfmao.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Damned · Příspěvekod **Damned** » 08 bře 2010 17:00

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\windows\system32\rpireica.bin
c:\program files\Google\Update\GoogleUpdate.exe

Driver::
gupdate1c9c5843b9acb08;Služba Google Update (gupdate1c9c5843b9acb08);"
gupdate1c9c5843b9acb08

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Java\\jre1.5.0_06\\launch4j-tmp\\JDownloader.exe"=-
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=-

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu

lukasen · Příspěvekod **lukasen** » 08 bře 2010 18:24

ComboFix 10-03-08.01 - LUKAS 08.03.2010 18:10:44.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.629 [GMT 1:00]
Spuštěný z: c:\documents and settings\LUKAS\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\LUKAS\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1169 [VPS 100308-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\program files\Google\Update\GoogleUpdate.exe"
"c:\windows\system32\rpireica.bin"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\rpireica.bin

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GUPDATE1C9C5843B9ACB08
-------\Service_gupdate1c9c5843b9acb08

((((((((((((((((((((((((( Soubory vytvořené od 2010-02-08 do 2010-03-08 )))))))))))))))))))))))))))))))
.

2010-03-07 21:42 . 2010-03-08 17:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-26 14:50 . 2002-04-07 21:14 724992 ----a-w- c:\windows\system32\ebCrypt.dll
2010-02-26 14:42 . 2009-03-17 09:38 364544 ----a-w- c:\windows\system32\MACDll.dll
2010-02-26 14:42 . 2009-01-19 18:39 246424 ----a-w- c:\windows\system32\unicows.dll
2010-02-23 13:54 . 2010-02-23 13:54 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-02-15 09:35 . 2008-03-29 18:29 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-15 09:35 . 2008-03-29 18:27 42912 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-15 09:35 . 2008-03-29 18:26 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-02-15 09:35 . 2008-03-29 18:35 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-15 09:35 . 2008-03-29 18:35 94544 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-02-15 09:35 . 2008-03-29 18:31 75856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-15 09:35 . 2008-03-29 18:23 95608 ----a-w- c:\windows\system32\AvastSS.scr
2010-02-15 09:35 . 2008-01-17 16:34 93264 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-02-15 09:35 . 2008-03-29 18:45 1146232 ----a-w- c:\windows\system32\aswBoot.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-08 17:06 . 2009-10-19 18:37 -------- d-----w- c:\program files\Songbird
2010-03-06 14:43 . 2008-04-30 12:01 -------- d-----w- c:\program files\Smarty Uninstaller Pro
2010-03-06 14:30 . 2008-04-29 19:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-19 13:20 . 2004-08-18 12:00 437558 ----a-w- c:\windows\system32\perfh005.dat
2010-02-19 13:20 . 2004-08-18 12:00 82372 ----a-w- c:\windows\system32\perfc005.dat
2010-02-01 17:31 . 2010-01-21 17:44 -------- d-----w- c:\program files\Nokia
2010-01-21 17:44 . 2010-01-21 17:44 -------- d-----w- c:\program files\Common Files\PCSuite
2010-01-21 17:44 . 2009-05-25 14:55 -------- d-----w- c:\program files\Common Files\Nokia
2010-01-21 17:44 . 2010-01-21 17:44 -------- d-----w- c:\program files\PC Connectivity Solution
2010-01-19 16:35 . 2010-01-19 16:35 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2010-01-18 16:02 . 2010-01-18 16:02 15664 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-01-18 16:02 . 2010-01-18 16:02 109360 ----a-w- c:\windows\system32\GEARAspi.dll
2009-12-31 16:50 . 2005-05-10 00:17 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2004-08-18 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2008-04-29 17:28 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2004-08-18 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:11 . 2004-08-18 12:00 2191360 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2004-08-17 15:45 2068224 ------w- c:\windows\system32\ntkrnlpa.exe
2005-06-22 05:37 . 2006-05-24 17:37 45568 --sha-r- c:\windows\system32\cygz.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-03-08_15.25.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-08 17:16 . 2010-03-08 17:16 16384 c:\windows\Temp\Perflib_Perfdata_7d8.dat
+ 2010-03-08 17:15 . 2010-03-08 17:15 16384 c:\windows\Temp\Perflib_Perfdata_680.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-02 13680640]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 07:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-12-02 22:11 1657376 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-01-31 21:13 385024 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-05-17 10:48 77824 ----a-r- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-11-27 20:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"d:\\Programy\\QIP\\QIP Infium\\QIP Infium\\infium.exe"=
"d:\\Programy\\QIP\\QIP Infium\\QIP Infium\\QIP Infium\\infium.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\HRY\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"c:\\HRY\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.4.2008 14:21 691696]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [15.2.2010 10:35 75856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15.2.2010 10:35 20560]
S3 DynCal;Dynamic Calibration Service;c:\windows\system32\drivers\Dyncal.sys [22.4.2006 15:08 8704]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [22.11.2009 8:20 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [22.11.2009 8:20 8320]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
FF - ProfilePath - c:\documents and settings\LUKAS\Data aplikací\Mozilla\Firefox\Profiles\zr3qjobe.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-08 18:16
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spry.sys >>UNKNOWN [0x86D79938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7659f28
\Driver\ACPI -> ACPI.sys @ 0xf73c1cb8
\Driver\atapi -> atapi.sys @ 0xf7356b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xf7235bb0
PacketIndicateHandler -> NDIS.sys @ 0xf7242a21
SendHandler -> NDIS.sys @ 0xf722087b
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1409082233-2049760794-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:b9,42,f2,db,5f,ad,95,e7,92,0a,82,34,bf,3b,31,8b,9a,52,5e,a2,2d,
72,3b,09,ca,d1,a5,7a,36,52,fd,37,e2,cb,2a,79,c4,a9,93,c4,60,65,f7,ed,4f,b0,\
"rkeysecu"=hex:8b,06,20,e5,4c,23,ec,54,c7,9c,ff,e1,06,68,40,6d
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3016)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Celkový čas: 2010-03-08 18:20:05 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-08 17:20
ComboFix2.txt 2010-03-08 15:26

Před spuštěním: 3 021 291 520
Po spuštění: 2 928 345 088

- - End Of File - - A5E04A13AB6A47C7F4811AC4271CF242

Damned · Příspěvekod **Damned** » 08 bře 2010 18:50

Odinstaluj ComboFix ( nutné ) .
ComboFix se odinstaluje takto:
Start-Spustit a zadej Combofix[mezera]/uninstall

Stáhni si T-Cleaner ( nutné - smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš)

(pozn.Pokud máš AVG nebo Aviru, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG i Aviru (i rezidenty), následně T-Cleaner smaž a zapni si AVG, Aviru.)
*****************************************************************************************************************************************
Stáhni si OTL na Plochu.
Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Output klikni na minimal Output.Pod Standard Registry změň na All. Zatrhni LOP Check a Purity Check. File age změň na 14 days. Všechny ostatní nastavení ponech jak jsou. Klikni na Run Scan. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj

lukasen · Příspěvekod **lukasen** » 08 bře 2010 21:51

OTL.Txt :

OTL logfile created on: 8.3.2010 21:43:04 - Run 1
OTL by OldTimer - Version 3.1.35.0 Folder = C:\Documents and Settings\LUKAS\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1 023,00 Mb Total Physical Memory | 589,00 Mb Available Physical Memory | 58,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 44,63 Gb Total Space | 5,35 Gb Free Space | 11,99% Space Free | Partition Type: NTFS
Drive D: | 108,03 Gb Total Space | 47,71 Gb Free Space | 44,16% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC-AEB07BE00D02
Current User Name: LUKAS
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 14 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\LUKAS\Plocha\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe (Nokia)
PRC - D:\Programy\QIP\QIP Infium\QIP Infium\infium.exe (QIP)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\LUKAS\Plocha\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (gusvc) -- File not found
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (Capture Device Service) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)

========== Driver Services (SafeList) ==========

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (nmwcdnsu) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (DynCal) -- C:\WINDOWS\system32\drivers\Dyncal.sys (Windows (R) Server 2003 DDK provider)
DRV - (nvatabus) -- C:\WINDOWS\system32\drivers\nvatabus.sys (NVIDIA Corporation)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (Btcsrusb) -- C:\WINDOWS\system32\drivers\btcusb.sys (IVT Corporation)
DRV - (BTHidMgr) -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys (IVT Corporation)
DRV - (BT) -- C:\WINDOWS\system32\drivers\BtNetDrv.sys (IVT Corporation)
DRV - (BTHidEnum) -- C:\WINDOWS\system32\drivers\vbtenum.sys ()
DRV - (VcommMgr) -- C:\WINDOWS\system32\drivers\VcommMgr.sys (IVT Corporation)
DRV - (VComm) -- C:\WINDOWS\system32\drivers\VComm.sys (IVT Corporation)
DRV - (BlueletAudio) -- C:\WINDOWS\system32\drivers\blueletaudio.sys (IVT Corporation)
DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.0.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {003D3EDC-99B9-4a34-9C20-60CB94F7E829}:2009
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.01.21 18:44:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.02.24 16:24:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.02.24 16:24:50 | 000,000,000 | ---D | M]

[2009.10.19 19:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LUKAS\Data aplikací\Mozilla\Extensions
[2009.08.01 17:25:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\LUKAS\Data aplikací\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009.10.19 19:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LUKAS\Data aplikací\Mozilla\Extensions\songbird@songbirdnest.com
[2010.03.08 20:30:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LUKAS\Data aplikací\Mozilla\Firefox\Profiles\zr3qjobe.default\extensions
[2009.08.01 17:25:36 | 000,000,000 | ---D | M] (WebTran) -- C:\Documents and Settings\LUKAS\Data aplikací\Mozilla\Firefox\Profiles\zr3qjobe.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
[2009.09.03 15:01:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\LUKAS\Data aplikací\Mozilla\Firefox\Profiles\zr3qjobe.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.11.19 22:09:19 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Documents and Settings\LUKAS\Data aplikací\Mozilla\Firefox\Profiles\zr3qjobe.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2010.03.07 22:41:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LUKAS\Data aplikací\Mozilla\Firefox\Profiles\zr3qjobe.default\extensions\DTToolbar@toolbarnet.com-trash
[2009.12.07 17:12:00 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\LUKAS\Data aplikací\Mozilla\Firefox\Profiles\zr3qjobe.default\searchplugins\daemon-search.xml
[2010.03.02 15:27:43 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\LUKAS\Data aplikací\Mozilla\Firefox\Profiles\zr3qjobe.default\searchplugins\icqplugin-1.xml
[2008.07.16 11:47:20 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\LUKAS\Data aplikací\Mozilla\Firefox\Profiles\zr3qjobe.default\searchplugins\icqplugin-2.xml
[2008.08.26 10:21:48 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\LUKAS\Data aplikací\Mozilla\Firefox\Profiles\zr3qjobe.default\searchplugins\icqplugin-3.xml
[2008.10.18 15:21:52 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\LUKAS\Data aplikací\Mozilla\Firefox\Profiles\zr3qjobe.default\searchplugins\icqplugin-4.xml
[2008.05.22 13:22:48 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\LUKAS\Data aplikací\Mozilla\Firefox\Profiles\zr3qjobe.default\searchplugins\icqplugin.xml
[2010.03.08 20:30:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.02.20 12:41:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009.11.27 21:23:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.01.16 04:11:42 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010.01.16 04:11:42 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009.11.27 21:23:23 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009.06.25 13:20:28 | 001,446,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2010.01.16 04:11:42 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2010.01.16 01:50:40 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010.01.16 01:50:40 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.01.16 01:50:40 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.01.16 01:50:40 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.01.16 01:50:40 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.01.16 01:50:40 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.03.08 18:16:03 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (WebTransBHO Class) - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (WebTranslator) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKCU\..\Toolbar\WebBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKCU\..\Toolbar\WebBrowser: (&Odkazy) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll ()
O9 - Extra 'Tools' menuitem : &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll ()
O9 - Extra 'Tools' menuitem : &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll ()
O9 - Extra 'Tools' menuitem : Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll ()
O9 - Extra 'Tools' menuitem : Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Proces mezipaměti kategorií součástí - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\LUKAS\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\LUKAS\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010.03.08 21:40:42 | 000,554,496 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\LUKAS\Plocha\OTL.exe
[2010.03.08 18:23:42 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.03.08 16:20:29 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.03.01 23:42:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LUKAS\Dokumenty\Obrázky
[2010.02.27 12:21:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LUKAS\Data aplikací\Photodex
[2010.02.26 15:50:49 | 000,102,400 | ---- | C] (ECX Programming / CCRP) -- C:\WINDOWS\System32\ccrpprg6.ocx
[2010.02.26 15:50:48 | 000,724,992 | ---- | C] (EB Design Pty Ltd) -- C:\WINDOWS\System32\ebCrypt.dll
[2010.02.26 15:42:12 | 000,364,544 | ---- | C] (Matthew T. Ashland) -- C:\WINDOWS\System32\MACDll.dll
[2010.02.26 15:42:12 | 000,246,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\unicows.dll
[2010.02.23 14:54:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2009.09.19 14:38:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\J River
[2009.04.25 17:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Google
[2009.04.25 10:00:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Google
[2008.04.30 14:00:51 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\LUKAS\Data aplikací\pcouffin.sys
[2008.04.29 20:53:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[2008.04.29 18:40:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[2008.04.29 18:33:14 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[2008.04.29 18:33:14 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Data aplikací\Microsoft
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[34 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010.03.08 21:41:27 | 000,002,396 | ---- | M] () -- C:\WINDOWS\MAILTRAN.INI
[2010.03.08 21:40:46 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LUKAS\Plocha\OTL.exe
[2010.03.08 21:10:54 | 000,002,905 | ---- | M] () -- C:\WINDOWS\TRNCOM.INI
[2010.03.08 18:33:29 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010.03.08 18:16:52 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.03.08 18:16:33 | 000,195,924 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.03.08 18:16:22 | 000,000,332 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.03.08 18:16:03 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.03.08 18:15:56 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.03.08 18:15:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.03.08 18:14:50 | 012,582,912 | ---- | M] () -- C:\Documents and Settings\LUKAS\ntuser.dat
[2010.03.08 18:14:50 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\LUKAS\ntuser.ini
[2010.03.08 18:06:32 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010.03.08 16:20:33 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010.03.07 22:09:18 | 000,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.03.07 21:51:14 | 000,148,992 | ---- | M] () -- C:\Documents and Settings\LUKAS\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.07 19:01:14 | 000,000,140 | ---- | M] () -- C:\Documents and Settings\LUKAS\default.pls
[2010.02.24 11:38:41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[34 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.03.08 18:06:32 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010.03.08 18:06:32 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010.03.08 16:20:33 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010.03.08 16:20:31 | 000,261,312 | ---- | C] () -- C:\cmldr
[2010.02.13 13:45:17 | 000,000,084 | ---- | C] () -- C:\WINDOWS\netdet.ini
[2009.12.20 15:29:42 | 000,377,792 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2009.12.13 20:17:48 | 000,001,173 | ---- | C] () -- C:\Documents and Settings\LUKAS\Data aplikací\vso_ts_preview.xml
[2009.12.13 20:07:21 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009.11.28 12:35:20 | 000,027,955 | ---- | C] () -- C:\Documents and Settings\LUKAS\Data aplikací\OFMissionEditorConfig.xml
[2009.09.19 14:37:39 | 000,000,076 | ---- | C] () -- C:\WINDOWS\System32\llbiirc.dll
[2009.05.17 19:00:57 | 000,000,011 | ---- | C] () -- C:\WINDOWS\wanpatan.ini
[2009.04.21 23:19:06 | 000,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2008.12.30 23:53:20 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\LUKAS\Data aplikací\inst.exe
[2008.12.17 15:12:44 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008.10.19 13:34:21 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll
[2008.07.13 22:25:57 | 000,286,208 | ---- | C] () -- C:\WINDOWS\System32\binkw32.dll
[2008.05.27 21:18:21 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\LUKAS\Data aplikací\PnkBstrK.sys
[2008.05.18 09:12:28 | 000,000,796 | ---- | C] () -- C:\WINDOWS\ARPR.INI
[2008.05.08 14:22:12 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQ.dll
[2008.05.08 14:15:40 | 000,408,576 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2008.05.08 12:00:34 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008.05.08 12:00:34 | 000,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll
[2008.05.06 21:04:32 | 000,013,299 | ---- | C] () -- C:\WINDOWS\System32\drivers\packet.sys
[2008.05.06 21:02:22 | 000,010,579 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys
[2008.05.06 20:16:11 | 000,000,514 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.05.06 19:51:24 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7K.DLL
[2008.05.06 19:28:06 | 000,148,992 | ---- | C] () -- C:\Documents and Settings\LUKAS\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.05.02 08:33:20 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008.05.02 08:33:20 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008.04.30 14:21:44 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008.04.30 14:00:55 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\LUKAS\Data aplikací\pcouffin.log
[2008.04.30 14:00:51 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\LUKAS\Data aplikací\pcouffin.cat
[2008.04.30 14:00:51 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\LUKAS\Data aplikací\pcouffin.inf
[2008.04.30 13:35:34 | 000,491,520 | ---- | C] () -- C:\WINDOWS\WebIE.dll
[2008.04.30 13:34:25 | 000,000,033 | ---- | C] () -- C:\WINDOWS\WTRDCTM.INI
[2008.04.30 13:33:47 | 000,002,575 | ---- | C] () -- C:\WINDOWS\UN32P.INI
[2008.04.30 13:33:14 | 000,002,396 | ---- | C] () -- C:\WINDOWS\MAILTRAN.INI
[2008.04.30 13:33:13 | 000,002,905 | ---- | C] () -- C:\WINDOWS\TRNCOM.INI
[2008.04.30 13:33:07 | 000,004,578 | ---- | C] () -- C:\WINDOWS\WTRAN32.INI
[2008.04.30 13:33:07 | 000,001,581 | ---- | C] () -- C:\WINDOWS\WDICT32.INI
[2008.04.30 13:29:35 | 000,000,229 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.04.29 20:24:26 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2008.04.29 18:42:51 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\LUKAS\Local Settings\Data aplikací\fusioncache.dat
[2008.04.29 18:36:26 | 000,001,180 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007.05.10 23:03:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007.05.10 23:03:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007.05.10 23:03:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007.05.10 23:03:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007.05.10 23:03:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006.05.24 18:37:27 | 000,045,568 | RHS- | C] () -- C:\WINDOWS\System32\cygz.dll
[2006.02.23 17:36:20 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\LMOggSpl.dll
[2004.08.18 13:00:00 | 000,024,515 | ---- | C] () -- C:\WINDOWS\System32\aaxjga.dll
[2002.10.15 23:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2002.03.17 01:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000079.DLL
[2001.03.30 21:58:36 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\Property.dll
[1996.04.03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2008.11.30 20:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Anvsoft
[2008.05.06 21:07:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Bluetooth
[2008.05.06 19:51:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonBJ
[2009.12.06 16:40:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
[2010.01.19 18:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Downloaded Installations
[2010.02.01 17:59:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Installations
[2009.07.23 15:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\LangSoft
[2009.05.25 16:05:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Nokia
[2010.01.19 18:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\NokiaMusic
[2009.12.17 14:03:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\OviInstallerCache
[2010.01.21 18:45:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Suite
[2010.01.25 21:17:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Photodex
[2009.12.20 12:28:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pinnacle
[2009.02.21 10:07:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Ubisoft
[2009.11.28 17:39:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Ulead Systems
[2009.12.13 22:45:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\vsosdk
[2009.07.31 17:08:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LUKAS\Data aplikací\ACD Systems
[2009.11.03 15:26:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LUKAS\Data aplikací\avidemux
[2010.02.19 16:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LUKAS\Data aplikací\Canon
[2009.09.01 15:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LUKAS\Data aplikací\DAEMON Tools
[2009.09.01 15:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LUKAS\Data aplikací\DAEMON Tools Lite
[2009.09.01 15:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LUKAS\Data aplikací\DAEMON Tools Pro
[2010.02.19 14:41:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LUKAS\Data aplikací\Facebook
[2008.04.29 20:26:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LUKAS\Data aplikací\InterTrust
[2010.03.08 21:11:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LUKAS\Data aplikací\LangSoft
[2008.12.01 18:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LUKAS\Data aplikací\Leadertech
[2009.12.20 12:25:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LUKAS\Data aplikací\LEAPS
[2008.05.08 14:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LUKAS\Data aplikací\Moyea
[2008.05.08 13:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LUKAS\Data aplikací\MoyeaFLV2Video
[2010.01.25 21:17:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LUKAS\Data aplikací\Netscape
[2009.12.24 12:08:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LUKAS\Data aplikací\Netscape(2)
[2010.01.26 18:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LUKAS\Data aplikací\Nokia
[2010.01.22 15:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LUKAS\Data aplikací\PC Suite
[2010.02.27 12:21:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LUKAS\Data aplikací\Photodex
[2009.10.19 19:37:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LUKAS\Data aplikací\Songbird2
[2009.11.28 17:45:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LUKAS\Data aplikací\SoundSpectrum
[2009.07.31 22:20:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LUKAS\Data aplikací\Thinstall
[2009.11.28 17:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LUKAS\Data aplikací\Ulead Systems
[2009.11.27 21:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LUKAS\Data aplikací\VitySoft
[2010.02.09 21:55:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LUKAS\Data aplikací\Vso

========== Purity Check ==========

< End of report >

lukasen · Příspěvekod **lukasen** » 08 bře 2010 21:51

Extras.Txt :

OTL Extras logfile created on: 8.3.2010 21:43:04 - Run 1
OTL by OldTimer - Version 3.1.35.0 Folder = C:\Documents and Settings\LUKAS\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1 023,00 Mb Total Physical Memory | 589,00 Mb Available Physical Memory | 58,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 44,63 Gb Total Space | 5,35 Gb Free Space | 11,99% Space Free | Partition Type: NTFS
Drive D: | 108,03 Gb Total Space | 47,71 Gb Free Space | 44,16% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC-AEB07BE00D02
Current User Name: LUKAS
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 14 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe" = C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime -- (Nero AG)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Disabled:Bluetooth Application -- (IVT Corporation)
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Disabled:Java(TM) 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"D:\Programy\QIP\QIP Infium\QIP Infium\infium.exe" = D:\Programy\QIP\QIP Infium\QIP Infium\infium.exe:*:Disabled:QIP Infium -- (QIP)
"D:\Programy\QIP\QIP Infium\QIP Infium\QIP Infium\infium.exe" = D:\Programy\QIP\QIP Infium\QIP Infium\QIP Infium\infium.exe:*:Disabled:QIP Infium -- (QIP)
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- (Nokia Corporation)
"C:\HRY\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe" = C:\HRY\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI) -- ()
"C:\HRY\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe" = C:\HRY\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) -- ()
"C:\Program Files\Windows Media Player\wmplayer.exe" = C:\Program Files\Windows Media Player\wmplayer.exe:*:Disabled:Windows Media Player -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45D4F727-43B5-49CD-B474-B9866A8F4FB8}" = Nokia Map Loader
"{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}" = Nokia Software Updater
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{5E65E94D-69F2-4850-9E93-6459C53A0F50}" = Microsoft .NET Framework 1.1 Czech Language Pack
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DEAFEA-A208-4A3D-8C01-796E33BA91A6}" = GameDevice Drivers
"{6869591A-7DD8-46D2-837F-57CBF7358955}" = Nokia Connectivity Cable Driver
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{702563CE-516C-40CF-B69C-A4E2A8FC8F14}" = OviMPlatform
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{91130405-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
"{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}" = Nokia PC Suite
"{A1416622-0DDE-45B5-B06C-DFC3ED94C53B}" = Kmotr® II
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}" = BlueSoleil
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CA9A3609-3ECC-4574-8824-A8161A71A603}" = Canon MP150
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.3.313
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Balíček ovladače systému Windows - Nokia Modem (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Balíček ovladače systému Windows - Nokia Modem (06/01/2009 7.01.0.4)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast!" = avast! Antivirus
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"DVDFab Platinum_is1" = DVDFab Platinum 4.0.1.2 Ghosthunter release
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MP Navigator 2.0" = Canon MP Navigator 2.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NeroVision!UninstallKey" = Nero Digital
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl
"Smarty Uninstaller 2007 Pro_is1" = Smarty Uninstaller 2007 Pro 1.8.0
"Songbird-release-1146" = Songbird 1.2.0 (Build 1146)
"SystemRequirementsLab" = System Requirements Lab
"Total Video Converter 3.12_is1" = Total Video Converter 3.12 080330
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"QIP Infium" = QIP Infium 2.0.9032 RC4

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 16.2.2009 11:57:13 | Computer Name = PC-AEB07BE00D02 | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of http://cz.static.etargetnet.com/generic ... ont:tahoma
failed, 0000A413.

Error - 15.6.2009 13:25:45 | Computer Name = PC-AEB07BE00D02 | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of http://dl.free.fr/auKXCNhBs/htd-kldm.by ... br.iso.001
failed, 00000084.

Error - 17.7.2009 4:30:42 | Computer Name = PC-AEB07BE00D02 | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of http://www.planetaher.cz/images/winmail.dat failed, 0000000D.

Error - 31.7.2009 16:09:53 | Computer Name = PC-AEB07BE00D02 | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of http://pro70.webgarden.cz/file/10038828 failed, 00000084.

Error - 31.7.2009 16:45:42 | Computer Name = PC-AEB07BE00D02 | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of http://download.sosej.cz/programy4/Tota ... r_3.50.exe failed, 00000084.

Error - 31.7.2009 16:55:00 | Computer Name = PC-AEB07BE00D02 | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of http://s47.hotfile.com/get/54e35e82aaa7 ... r_3.10.rar
failed, 00000084.

Error - 31.7.2009 17:04:40 | Computer Name = PC-AEB07BE00D02 | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of http://rs84gc2.rapidshare.com/files/165 ... 3.14.0.rar
failed, 00000084.

Error - 31.7.2009 17:10:45 | Computer Name = PC-AEB07BE00D02 | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of http://dl.s3.uloz.to/Ps;Hs;fid=566709;c ... 0+%20Crack
failed, 00000084.

Error - 18.11.2009 12:30:58 | Computer Name = PC-AEB07BE00D02 | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of C:\DOCUME~1\LUKAS\LOCALS~1\Temp\~00025C20.sznpkg\postak-2.3.6.exe failed, 00000005.

Error - 21.1.2010 10:21:05 | Computer Name = PC-AEB07BE00D02 | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of C:\DOCUME~1\LUKAS\LOCALS~1\Temp\~00017A2C.sznpkg\postak-2.4.0.exe failed, 00000005.

[ Application Events ]
Error - 3.3.2010 14:14:28 | Computer Name = PC-AEB07BE00D02 | Source = PerfNet | ID = 2006
Description = Nelze číst data o výkonu fronty ze služby serveru. V tomto vzorku nebudou
vrácena žádná data o výkonu fronty serveru. Vrácený chybový kód je v datech DWORD
0, IOSB.Status je DWORD 1 a IOSB.Information je DWORD 2.

Error - 4.3.2010 11:26:50 | Computer Name = PC-AEB07BE00D02 | Source = PerfNet | ID = 2005
Description = Nelze číst data o výkonu ze služby serveru. V tomto vzorku nebudou
vrácena žádná data o výkonu serveru. Vrácený chybový kód je v datech DWORD 0, IOSB.Status
je DWORD 1 a IOSB.Information je DWORD 2.

Error - 4.3.2010 11:26:50 | Computer Name = PC-AEB07BE00D02 | Source = PerfNet | ID = 2006
Description = Nelze číst data o výkonu fronty ze služby serveru. V tomto vzorku nebudou
vrácena žádná data o výkonu fronty serveru. Vrácený chybový kód je v datech DWORD
0, IOSB.Status je DWORD 1 a IOSB.Information je DWORD 2.

Error - 5.3.2010 10:56:57 | Computer Name = PC-AEB07BE00D02 | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.

Error - 7.3.2010 7:07:14 | Computer Name = PC-AEB07BE00D02 | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.

Error - 7.3.2010 13:32:17 | Computer Name = PC-AEB07BE00D02 | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.

Error - 7.3.2010 16:49:59 | Computer Name = PC-AEB07BE00D02 | Source = Application Error | ID = 1000
Description = Chybující aplikace explorer.exe, verze 6.0.2900.5512, chybující modul
emzdecmp4_h263.dll, verze 2.11.0.0, adresa chyby 0x00002847.

Error - 7.3.2010 16:52:21 | Computer Name = PC-AEB07BE00D02 | Source = Application Error | ID = 1000
Description = Chybující aplikace explorer.exe, verze 6.0.2900.5512, chybující modul
emzdecmp4_h263.dll, verze 2.11.0.0, adresa chyby 0x00002847.

Error - 7.3.2010 17:09:18 | Computer Name = PC-AEB07BE00D02 | Source = Application Error | ID = 1000
Description = Chybující aplikace explorer.exe, verze 6.0.2900.5512, chybující modul
emzdecmp4_h263.dll, verze 2.11.0.0, adresa chyby 0x00002847.

Error - 8.3.2010 11:19:09 | Computer Name = PC-AEB07BE00D02 | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.

[ System Events ]
Error - 3.3.2010 14:14:40 | Computer Name = PC-AEB07BE00D02 | Source = Service Control Manager | ID = 7000
Description = Služba Služba Google Update (gupdate1c9c5843b9acb08) neuspěla při
spuštění v důsledku následující chyby: %%3

Error - 4.3.2010 11:27:07 | Computer Name = PC-AEB07BE00D02 | Source = Service Control Manager | ID = 7000
Description = Služba Služba Google Update (gupdate1c9c5843b9acb08) neuspěla při
spuštění v důsledku následující chyby: %%3

Error - 5.3.2010 6:35:49 | Computer Name = PC-AEB07BE00D02 | Source = Service Control Manager | ID = 7000
Description = Služba Služba Google Update (gupdate1c9c5843b9acb08) neuspěla při
spuštění v důsledku následující chyby: %%3

Error - 5.3.2010 10:57:08 | Computer Name = PC-AEB07BE00D02 | Source = Service Control Manager | ID = 7000
Description = Služba Služba Google Update (gupdate1c9c5843b9acb08) neuspěla při
spuštění v důsledku následující chyby: %%3

Error - 6.3.2010 7:59:24 | Computer Name = PC-AEB07BE00D02 | Source = Service Control Manager | ID = 7000
Description = Služba Služba Google Update (gupdate1c9c5843b9acb08) neuspěla při
spuštění v důsledku následující chyby: %%3

Error - 7.3.2010 7:07:25 | Computer Name = PC-AEB07BE00D02 | Source = Service Control Manager | ID = 7000
Description = Služba Služba Google Update (gupdate1c9c5843b9acb08) neuspěla při
spuštění v důsledku následující chyby: %%3

Error - 7.3.2010 13:32:27 | Computer Name = PC-AEB07BE00D02 | Source = Service Control Manager | ID = 7000
Description = Služba Služba Google Update (gupdate1c9c5843b9acb08) neuspěla při
spuštění v důsledku následující chyby: %%3

Error - 8.3.2010 10:58:28 | Computer Name = PC-AEB07BE00D02 | Source = Service Control Manager | ID = 7000
Description = Služba Služba Google Update (gupdate1c9c5843b9acb08) neuspěla při
spuštění v důsledku následující chyby: %%3

Error - 8.3.2010 11:19:18 | Computer Name = PC-AEB07BE00D02 | Source = Service Control Manager | ID = 7000
Description = Služba Služba Google Update (gupdate1c9c5843b9acb08) neuspěla při
spuštění v důsledku následující chyby: %%3

Error - 8.3.2010 16:16:55 | Computer Name = PC-AEB07BE00D02 | Source = WPDMTPDriver | ID = 80836
Description = MTP WPD Driver has failed to start. Error 0x8007001f.

< End of report >

Damned · Příspěvekod **Damned** » 08 bře 2010 22:42

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Custom Scans/Fixes do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
SRV - (gusvc) -- File not found
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&q="
[2010.03.07 22:41:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LUKAS\Data aplikací\Mozilla\Firefox\Profiles\zr3qjobe.default\extensions\DTToolbar@toolbarnet.com-trash
[2009.12.07 17:12:00 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\LUKAS\Data aplikací\Mozilla\Firefox\Profiles\zr3qjobe.default\searchplugins\daemon-search.xml
[2010.03.02 15:27:43 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\LUKAS\Data aplikací\Mozilla\Firefox\Profiles\zr3qjobe.default\searchplugins\icqplugin-1.xml
[2008.07.16 11:47:20 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\LUKAS\Data aplikací\Mozilla\Firefox\Profiles\zr3qjobe.default\searchplugins\icqplugin-2.xml
[2008.08.26 10:21:48 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\LUKAS\Data aplikací\Mozilla\Firefox\Profiles\zr3qjobe.default\searchplugins\icqplugin-3.xml
[2008.10.18 15:21:52 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\LUKAS\Data aplikací\Mozilla\Firefox\Profiles\zr3qjobe.default\searchplugins\icqplugin-4.xml
[2008.05.22 13:22:48 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\LUKAS\Data aplikací\Mozilla\Firefox\Profiles\zr3qjobe.default\searchplugins\icqplugin.xml
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll File not found

:Files
C:\Windows\*.tmp
C:\Windows\System32\*.tmp
C:\RECYCLER
C:\$RECYCLE.BIN
C:\Documents and Settings\LUKAS\Data aplikací\inst.exe
C:\Windows\tasks\SA.DAT

:Reg

:Commands
[purity]
[emptytemp]
[emptyflash]
[start explorer]
[Reboot]

Poté klikni nahoře na Run Fix. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.
*****************************************************************************************************************************************
Červený soubor zkontroluj na Virustotalu a vlož sem odkaz na výsledek.
Pokud ho nenajdeš, dej si zobrazit skryté a systémové soubory. Pokud ti nabídne, že soubor už kontroloval,
nech ho zkontrolovat znovu, a počkej až se objeví "Dokončeno" a výsledek.Potom sem zkopíruj adresní řádek.

C:\WINDOWS\System32\LMOggSpl.dll
C:\WINDOWS\System32\drivers\Property.dll
C:\WINDOWS\System32\aaxjga.dll

lukasen · Příspěvekod **lukasen** » 09 bře 2010 22:07

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
Service gusvc stopped successfully!
Service gusvc deleted successfully!
File File not found not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "http://search.icq.com/search/afe_results.php?ch_id=afex&q=" removed from keyword.URL
C:\Documents and Settings\LUKAS\Data aplikací\Mozilla\Firefox\Profiles\zr3qjobe.default\extensions\DTToolbar@toolbarnet.com-trash\components folder moved successfully.
C:\Documents and Settings\LUKAS\Data aplikací\Mozilla\Firefox\Profiles\zr3qjobe.default\extensions\DTToolbar@toolbarnet.com-trash folder moved successfully.
C:\Documents and Settings\LUKAS\Data aplikací\Mozilla\Firefox\Profiles\zr3qjobe.default\searchplugins\daemon-search.xml moved successfully.
C:\Documents and Settings\LUKAS\Data aplikací\Mozilla\Firefox\Profiles\zr3qjobe.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Documents and Settings\LUKAS\Data aplikací\Mozilla\Firefox\Profiles\zr3qjobe.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Documents and Settings\LUKAS\Data aplikací\Mozilla\Firefox\Profiles\zr3qjobe.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Documents and Settings\LUKAS\Data aplikací\Mozilla\Firefox\Profiles\zr3qjobe.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Documents and Settings\LUKAS\Data aplikací\Mozilla\Firefox\Profiles\zr3qjobe.default\searchplugins\icqplugin.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
========== FILES ==========
C:\Windows\003062_.tmp moved successfully.
C:\Windows\NV3601660.TMP folder moved successfully.
C:\Windows\SET25.tmp moved successfully.
C:\Windows\SET26.tmp moved successfully.
C:\Windows\SET27.tmp moved successfully.
C:\Windows\SET28.tmp moved successfully.
C:\Windows\SET29.tmp moved successfully.
C:\Windows\SET2A.tmp moved successfully.
C:\Windows\SET2B.tmp moved successfully.
C:\Windows\SET2C.tmp moved successfully.
C:\Windows\SET2D.tmp moved successfully.
C:\Windows\SET2E.tmp moved successfully.
C:\Windows\SET2F.tmp moved successfully.
C:\Windows\SET3.tmp moved successfully.
C:\Windows\SET30.tmp moved successfully.
C:\Windows\SET31.tmp moved successfully.
C:\Windows\SET32.tmp moved successfully.
C:\Windows\SET33.tmp moved successfully.
C:\Windows\SET34.tmp moved successfully.
C:\Windows\SET35.tmp moved successfully.
C:\Windows\SET36.tmp moved successfully.
C:\Windows\SET37.tmp moved successfully.
C:\Windows\SET38.tmp moved successfully.
C:\Windows\SET39.tmp moved successfully.
C:\Windows\SET3A.tmp moved successfully.
C:\Windows\SET3B.tmp moved successfully.
C:\Windows\SET3C.tmp moved successfully.
C:\Windows\SET3D.tmp moved successfully.
C:\Windows\SET3E.tmp moved successfully.
C:\Windows\SET3F.tmp moved successfully.
C:\Windows\SET4.tmp moved successfully.
C:\Windows\SET40.tmp moved successfully.
C:\Windows\SET41.tmp moved successfully.
C:\Windows\SET8.tmp moved successfully.
C:\Windows\System32\CONFIG.TMP moved successfully.
C:\Windows\System32\SET100.tmp moved successfully.
C:\Windows\System32\SET147.tmp moved successfully.
C:\Windows\System32\SETF4.tmp moved successfully.
C:\Windows\System32\SETF8.tmp moved successfully.
C:\RECYCLER\S-1-5-21-1409082233-2049760794-839522115-1003 folder moved successfully.
C:\RECYCLER folder moved successfully.
File\Folder C:\$RECYCLE.BIN not found.
C:\Documents and Settings\LUKAS\Data aplikací\inst.exe moved successfully.
C:\Windows\tasks\SA.DAT moved successfully.
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LUKAS
->Temp folder emptied: 18164 bytes
->Temporary Internet Files folder emptied: 2776949 bytes
->Java cache emptied: 24388558 bytes
->FireFox cache emptied: 169455965 bytes
->Flash cache emptied: 58548 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33251 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 188,00 mb

[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: LUKAS
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.1.35.0 log created on 03092010_215158

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_67c.dat not found!

Registry entries deleted on Reboot...

Soubor LMOggSpl.dll........http://www.virustotal.com/cs/analisis/6 ... 1268168275

Soubor Property.dll.........http://www.virustotal.com/cs/analisis/1 ... 1268168566

Soubor aaxjga.dll...........http://www.virustotal.com/cs/analisis/a ... 1268168744

Pls kontrolu HijackThis-chyba Explorer.exe Vyřešeno

Pls kontrolu HijackThis-chyba Explorer.exe Vyřešeno

Re: Pls kontrolu HijackThis-chyba Explorer.exe

Re: Pls kontrolu HijackThis-chyba Explorer.exe

Re: Pls kontrolu HijackThis-chyba Explorer.exe

Re: Pls kontrolu HijackThis-chyba Explorer.exe

Re: Pls kontrolu HijackThis-chyba Explorer.exe

Re: Pls kontrolu HijackThis-chyba Explorer.exe

Re: Pls kontrolu HijackThis-chyba Explorer.exe

Re: Pls kontrolu HijackThis-chyba Explorer.exe

Re: Pls kontrolu HijackThis-chyba Explorer.exe

Re: Pls kontrolu HijackThis-chyba Explorer.exe

Re: Pls kontrolu HijackThis-chyba Explorer.exe

Kdo je online