Prosím o kontrolu - 2 šmejdi

guest · Příspěvekod **guest** » 10 bře 2010 14:43

Zdravím, tak se mi po čase objevily 2 potvory a nelze se toho zbavit. Přikládám logy z mbam a Hijack This.
///Pokud to v mbam odstraním, tak po restartu PC je to zpět///
Předem díky!

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3846
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

10.3.2010 14:38:09
mbam-log-2010-03-10 (14-38-00).txt

Typ kontroly: Kompletní kontrola (C:\|)
Zkontrolované objekty: 162923
Uplynulý čas: 24 minute(s), 41 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 2
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe (Security.Hijack) -> No action taken.

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:43:21, on 10.3.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ICQ6.5\ICQ.exe
C:\Program Files\Timer Wizard\Timer Wizard.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\IObit\IObit Security 360\is360.exe
C:\Instalovaný software\HJTInstall.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "C:\PROGRA~1\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Timer Wizard.lnk = C:\Program Files\Timer Wizard\Timer Wizard.exe
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag 2000 (OOD2000) - O&O Software GmbH - C:\WINDOWS\system32\OOD2000.exe

--
End of file - 5077 bytes

Reklama

Příspěvekod **jaro3** » 10 bře 2010 14:51

Jedná se pravděpodobně o chybu MbAM , oba soubory patří k ESET NOD32.

Vypni rez. ochranu u NOD32 a deaktivuj Spybot.

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

guest · Příspěvekod **guest** » 10 bře 2010 15:02

Díky, on ten NOD nějak zlobí. Vše dodám až večer musím jít k dr.

Příspěvekod **jaro3** » 10 bře 2010 15:06

Fajn, nebo ho odinstaluj , pak použij toto:
http://www.nod32.nl/download/tool/nod32removal.exe

a pak zkus zase nainstalovat znovu.

guest · Příspěvekod **guest** » 10 bře 2010 16:49

Tak už jsem zde a nějak se nedaří.
Nejprve jsem zkusil druhou možnost:
1/ Odinstaloval jsem Spybot /nechci a nepotřebuji ho/
2/ Odinstaloval jsem ESET
3/ Restart
4/ Použil jsem ten Removal na registry
5/ Nová kontrola mbam a ty potvory tam jsou zase !

Tak jsem zkusil tu první možnost
1/ Vypnutá rezidentní ochrana u NODu
2/ Stažení a spuštění Combofixu
a tady je nějakej problém. Po potvrzení ANO zčerná obrazovka monitoru a nic se neděje.

Neví jestli to tak má být a proto jsem restartoval. :evil:

guest · Příspěvekod **guest** » 10 bře 2010 17:05

Tak na druhý pokus se ComboFix podařil.

ComboFix 10-03-09.08 - Blue Spirit 10.03.2010 16:54:07.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.511.233 [GMT 1:00]
Spuštěný z: c:\documents and settings\Blue Spirit\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\regedit.com
c:\windows\system32\ieuinit.inf
c:\windows\system32\taskmgr.com

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-10 do 2010-03-10 )))))))))))))))))))))))))))))))
.

2010-03-10 14:29 . 2010-03-10 14:29 -------- d-----w- c:\program files\ESET
2010-03-09 09:13 . 2010-03-09 09:13 95872 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2010-03-09 09:13 . 2010-03-09 09:13 114984 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-03-09 09:11 . 2010-03-09 09:11 139192 ----a-w- c:\windows\system32\drivers\eamon.sys
2010-03-06 10:41 . 2010-03-10 12:08 -------- d-----w- c:\program files\SweetIM

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-10 15:35 . 2009-02-01 20:34 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-04 17:56 . 2009-02-08 11:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-12 16:07 . 2002-01-02 18:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-07 15:07 . 2009-02-08 11:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-02-08 11:31 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-04-06 11:15 . 2009-04-06 11:15 9216 --sha-w- c:\program files\Thumbs.db
2009-03-09 12:46 . 2009-03-09 12:52 262144 ----a-w- c:\program files\Uninstall Spy Blocker.dll
2009-03-01 13:38 . 2009-02-01 13:07 39798371 ----a-w- c:\program files\ANCS.DBF
2009-02-01 13:06 . 2009-02-01 13:06 11265369 ----a-w- c:\program files\A4.CMP
2009-02-01 13:06 . 2009-02-01 13:06 15636753 ----a-w- c:\program files\A3.CMP
2009-02-01 13:06 . 2009-02-01 13:06 15319767 ----a-w- c:\program files\A2.CMP
2009-02-01 13:06 . 2009-02-01 13:06 17604649 ----a-w- c:\program files\A1.CMP
2009-02-01 13:06 . 2009-02-01 13:06 17179235 ----a-w- c:\program files\A0.CMP
2009-02-01 13:06 . 2009-02-01 13:06 365568 ----a-w- c:\program files\READERA.CDX
2009-02-01 13:06 . 2009-02-01 13:06 1912405 ----a-w- c:\program files\READERA.DBF
2009-02-01 13:06 . 2009-02-01 13:06 105456 ----a-w- c:\program files\APPENDO.DTN
2009-01-20 02:12 . 2009-01-20 02:12 32539 ----a-w- c:\program files\nv4_disp.cat
2008-12-10 22:13 . 2008-12-10 22:13 36075288 ----a-w- c:\program files\PhysX_9.09.0010_SystemSoftware.exe
2003-10-30 17:23 . 2009-02-07 11:19 30 ----a-w- c:\program files\Serial.txt
2003-06-16 09:33 . 2009-04-24 10:48 244 ----a-w- c:\program files\Custom.ini
2003-06-16 09:33 . 2009-04-24 10:48 187 ----a-w- c:\program files\info.ini
2003-06-16 09:33 . 2009-02-07 11:20 239 ----a-w- c:\program files\Powerdvd.sim
2003-06-16 09:33 . 2009-02-07 11:20 183 ----a-w- c:\program files\CLAud.sim
2003-06-16 09:33 . 2009-02-07 11:20 344923 ----a-w- c:\program files\ikernel.ex_
2003-06-16 09:33 . 2009-02-07 11:19 119 ----a-w- c:\program files\iPower.txt
2003-06-16 09:33 . 2009-01-15 07:19 95 ----a-w- c:\program files\setup.ini
2003-06-16 09:33 . 2009-01-15 07:19 7914489 ----a-w- c:\program files\data2.cab
2003-06-16 09:33 . 2009-01-15 07:19 417 ----a-w- c:\program files\layout.bin
2003-06-16 09:33 . 2009-01-15 07:19 306712 ----a-w- c:\program files\setup.inx
2003-06-16 09:33 . 2009-01-15 07:19 23543 ----a-w- c:\program files\data1.hdr
2003-06-16 09:33 . 2009-01-15 07:19 1078849 ----a-w- c:\program files\data1.cab
.

------- Sigcheck -------

[-] 2008-04-13 21:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\dllcache\aec.sys
[-] 2008-04-13 21:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[7] 2004-08-03 21:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\ServicePackFiles\i386\aec.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-10-19 187192]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\progra~1\ICQ6.5\ICQ.exe" [2009-11-16 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-01-07 46592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"nwiz"="nwiz.exe" [2009-01-15 1657376]
"BootSkin Startup Jobs"="c:\progra~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 270336]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2003-05-23 159744]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-12-24 1280272]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-09 2140880]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-2-2 113664]
Timer Wizard.lnk - c:\program files\Timer Wizard\Timer Wizard.exe [2005-6-5 225280]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-10-01 16:26 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
2010-03-09 09:12 2140880 ----a-w- c:\program files\ESET\ESET NOD32 Antivirus\egui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2009-11-16 15:36 172792 ----a-w- c:\progra~1\ICQ6.5\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9.3.2010 10:13 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [9.3.2010 10:13 95872]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [15.1.2009 16:17 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [15.1.2009 16:17 74480]
R2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [12.1.2010 17:03 81356]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9.3.2010 10:13 810120]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [5.3.2010 12:02 311568]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys [12.1.2010 17:03 39182]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kXbar.sys [12.1.2010 17:03 9804]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [12.1.2010 17:07 6085]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [15.1.2009 16:17 7408]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]
.
.
------- Doplňkový sken -------
.
IE: &NeoTrace It! - c:\progra~1\NEOTRA~1\NTXcontext.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
Notify-dimsntfy - (no file)
AddRemove-HijackThis - c:\instalovaný software\HijackThis.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-10 16:59
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ICQ = "c:\progra~1\ICQ6.5\ICQ.exe" silent??5

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(676)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-03-10 17:02:49 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-10 16:02

Před spuštěním: Volných bajtů: 95 358 980 096
Po spuštění: Volných bajtů: 95 259 926 528

- - End Of File - - FF9D495CFA7A32DA4A1A595E60235F4F

Příspěvekod **jaro3** » 10 bře 2010 17:49

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Driver::
SetupNTGLM7X

Registry::
[-HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Všechny samostatné soubory v c:\program files\ bych smazal..

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\program files\Uninstall Spy Blocker.dll
c:\windows\system32\drivers\aec.sys
Pokud už byl soubor testován-klikni na otestovat znovu.
Vlož sem pak odkazy na stránky s výsledky.

Stáhni si OTL
na plochu. Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Output klikni na minimal Output.Pod Standard Registry změň na All.. Zatrhni LOP Check a Purity Check. Klikni na Run Scan. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.

guest · Příspěvekod **guest** » 10 bře 2010 19:05

Tak znovu 2 logy - omlouvám se, že to tak trvá, ale mám poškozenou RAM a ComboFix se podaří až napodruhé.

ComboFix 10-03-09.08 - Blue Spirit 10.03.2010 18:56:26.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.511.273 [GMT 1:00]
Spuštěný z: c:\documents and settings\Blue Spirit\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Blue Spirit\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SETUPNTGLM7X
-------\Service_SetupNTGLM7X

((((((((((((((((((((((((( Soubory vytvořené od 2010-02-10 do 2010-03-10 )))))))))))))))))))))))))))))))
.

2010-03-10 14:29 . 2010-03-10 14:29 -------- d-----w- c:\program files\ESET
2010-03-09 09:13 . 2010-03-09 09:13 95872 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2010-03-09 09:13 . 2010-03-09 09:13 114984 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-03-09 09:11 . 2010-03-09 09:11 139192 ----a-w- c:\windows\system32\drivers\eamon.sys
2010-03-06 10:41 . 2010-03-10 12:08 -------- d-----w- c:\program files\SweetIM

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-10 15:35 . 2009-02-01 20:34 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-04 17:56 . 2009-02-08 11:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-12 16:07 . 2002-01-02 18:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-07 15:07 . 2009-02-08 11:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-02-08 11:31 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-04-06 11:15 . 2009-04-06 11:15 9216 --sha-w- c:\program files\Thumbs.db
2009-03-09 12:46 . 2009-03-09 12:52 262144 ----a-w- c:\program files\Uninstall Spy Blocker.dll
2009-03-01 13:38 . 2009-02-01 13:07 39798371 ----a-w- c:\program files\ANCS.DBF
2009-02-01 13:06 . 2009-02-01 13:06 11265369 ----a-w- c:\program files\A4.CMP
2009-02-01 13:06 . 2009-02-01 13:06 15636753 ----a-w- c:\program files\A3.CMP
2009-02-01 13:06 . 2009-02-01 13:06 15319767 ----a-w- c:\program files\A2.CMP
2009-02-01 13:06 . 2009-02-01 13:06 17604649 ----a-w- c:\program files\A1.CMP
2009-02-01 13:06 . 2009-02-01 13:06 17179235 ----a-w- c:\program files\A0.CMP
2009-02-01 13:06 . 2009-02-01 13:06 365568 ----a-w- c:\program files\READERA.CDX
2009-02-01 13:06 . 2009-02-01 13:06 1912405 ----a-w- c:\program files\READERA.DBF
2009-02-01 13:06 . 2009-02-01 13:06 105456 ----a-w- c:\program files\APPENDO.DTN
2009-01-20 02:12 . 2009-01-20 02:12 32539 ----a-w- c:\program files\nv4_disp.cat
2008-12-10 22:13 . 2008-12-10 22:13 36075288 ----a-w- c:\program files\PhysX_9.09.0010_SystemSoftware.exe
2003-10-30 17:23 . 2009-02-07 11:19 30 ----a-w- c:\program files\Serial.txt
2003-06-16 09:33 . 2009-04-24 10:48 244 ----a-w- c:\program files\Custom.ini
2003-06-16 09:33 . 2009-04-24 10:48 187 ----a-w- c:\program files\info.ini
2003-06-16 09:33 . 2009-02-07 11:20 239 ----a-w- c:\program files\Powerdvd.sim
2003-06-16 09:33 . 2009-02-07 11:20 183 ----a-w- c:\program files\CLAud.sim
2003-06-16 09:33 . 2009-02-07 11:20 344923 ----a-w- c:\program files\ikernel.ex_
2003-06-16 09:33 . 2009-02-07 11:19 119 ----a-w- c:\program files\iPower.txt
2003-06-16 09:33 . 2009-01-15 07:19 95 ----a-w- c:\program files\setup.ini
2003-06-16 09:33 . 2009-01-15 07:19 7914489 ----a-w- c:\program files\data2.cab
2003-06-16 09:33 . 2009-01-15 07:19 417 ----a-w- c:\program files\layout.bin
2003-06-16 09:33 . 2009-01-15 07:19 306712 ----a-w- c:\program files\setup.inx
2003-06-16 09:33 . 2009-01-15 07:19 23543 ----a-w- c:\program files\data1.hdr
2003-06-16 09:33 . 2009-01-15 07:19 1078849 ----a-w- c:\program files\data1.cab
.

------- Sigcheck -------

[-] 2008-04-13 21:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\dllcache\aec.sys
[-] 2008-04-13 21:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[7] 2004-08-03 21:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\ServicePackFiles\i386\aec.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-03-10_15.59.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-10 17:50 . 2010-03-10 17:50 16384 c:\windows\Temp\Perflib_Perfdata_d8.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-01-07 46592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"nwiz"="nwiz.exe" [2009-01-15 1657376]
"BootSkin Startup Jobs"="c:\progra~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 270336]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2003-05-23 159744]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-12-24 1280272]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-09 2140880]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-2-2 113664]
Timer Wizard.lnk - c:\program files\Timer Wizard\Timer Wizard.exe [2005-6-5 225280]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-10-01 16:26 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
2010-03-09 09:12 2140880 ----a-w- c:\program files\ESET\ESET NOD32 Antivirus\egui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2009-11-16 15:36 172792 ----a-w- c:\progra~1\ICQ6.5\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9.3.2010 10:13 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [9.3.2010 10:13 95872]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [15.1.2009 16:17 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [15.1.2009 16:17 74480]
R2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [12.1.2010 17:03 81356]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9.3.2010 10:13 810120]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [5.3.2010 12:02 311568]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys [12.1.2010 17:03 39182]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kXbar.sys [12.1.2010 17:03 9804]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [12.1.2010 17:07 6085]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [15.1.2009 16:17 7408]
.
.
------- Doplňkový sken -------
.
IE: &NeoTrace It! - c:\progra~1\NEOTRA~1\NTXcontext.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-10 19:00
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(668)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Celkový čas: 2010-03-10 19:01:59
ComboFix-quarantined-files.txt 2010-03-10 18:01
ComboFix2.txt 2010-03-10 16:02

Před spuštěním: Volných bajtů: 95 335 714 816
Po spuštění: Volných bajtů: 95 304 351 744

- - End Of File - - C5BB5C7938569178AC658AF8E9AB9331

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:04:57, on 10.3.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Opera\opera.exe
C:\Instalovaný software\HJTInstall.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Timer Wizard.lnk = C:\Program Files\Timer Wizard\Timer Wizard.exe
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag 2000 (OOD2000) - O&O Software GmbH - C:\WINDOWS\system32\OOD2000.exe

--
End of file - 4067 bytes

Příspěvekod **jaro3** » 10 bře 2010 19:27

Fajn, ještě ty soubory na VT a log z OTL.

guest · Příspěvekod **guest** » 10 bře 2010 19:33

Výsledky Virus Totalu:

http://www.virustotal.com/cs/analisis/e ... 1268245490

http://www.virustotal.com/cs/analisis/1 ... 1268245849

Oboje testováno 2x

//Trvá mi to déle protože padá net!//

guest · Příspěvekod **guest** » 10 bře 2010 19:41

OTL /ale ač jsem to správně zaškrtal tak vyšel jen tento log ?/

OTL logfile created on: 10.3.2010 19:37:35 - Run 1
OTL by OldTimer - Version 3.1.36.0 Folder = C:\Documents and Settings\Blue Spirit\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

511,00 Mb Total Physical Memory | 190,00 Mb Available Physical Memory | 37,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): C:\pagefile.sys 760 766 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 88,78 Gb Free Space | 90,91% Space Free | Partition Type: NTFS
Drive D: | 97,65 Gb Total Space | 34,00 Gb Free Space | 34,81% Space Free | Partition Type: NTFS
Drive E: | 37,57 Gb Total Space | 18,49 Gb Free Space | 49,21% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHARP-9PKS1MO9G
Current User Name: Blue Spirit
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Blue Spirit\Plocha\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\Program Files\IObit\IObit Security 360\is360srv.exe (IObit)
PRC - C:\Program Files\Opera\opera.exe (Opera Software)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\WinFast\WFTVFM\WFWIZ.exe (Leadtek Research Inc.)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Blue Spirit\Plocha\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (IS360service) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe (IObit)
SRV - (OOD2000) -- C:\WINDOWS\System32\OOD2000.exe (O&O Software GmbH)

========== Driver Services (SafeList) ==========

DRV - (catchme) -- File not found
DRV - (epfwtdir) -- C:\WINDOWS\system32\drivers\epfwtdir.sys (ESET)
DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET)
DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (BootScreen) -- C:\WINDOWS\System32\drivers\vidstub.sys ()
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (videX32) -- C:\WINDOWS\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.)
DRV - (viaagp1) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (WFIOCTL) -- C:\Program Files\WinFast\WFTVFM\WFIOCTL.sys ()
DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)
DRV - (tv2ktunr) -- C:\WINDOWS\system32\drivers\wf2ktunr.sys (Leadtek Research Inc.)
DRV - (Tv2kXbar) -- C:\WINDOWS\system32\drivers\wf2kXbar.sys (Leadtek Research Inc.)
DRV - (BT848) -- C:\WINDOWS\system32\drivers\wf2kvcap.sys (Leadtek Research Inc.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009.02.02 10:30:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010.03.10 15:29:26 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2010.03.10 18:10:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKCU\..\Toolbar\WebBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKCU\..\Toolbar\WebBrowser: (&Odkazy) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [BootSkin Startup Jobs] C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe (Leadtek Research Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Timer Wizard.lnk = C:\Program Files\Timer Wizard\Timer Wizard.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mvadvd.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Proces mezipaměti kategorií součástí - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Blue Spirit\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Blue Spirit\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002.01.02 18:56:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.03.10 19:34:22 | 000,554,496 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Blue Spirit\Plocha\OTL.exe
[2010.03.10 16:53:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.03.10 16:53:03 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.03.10 16:53:03 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.03.10 16:53:03 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.03.10 16:52:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.03.10 16:39:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.03.10 15:29:24 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010.03.10 15:29:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2010.03.09 10:13:32 | 000,095,872 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\epfwtdir.sys
[2010.03.09 10:13:00 | 000,114,984 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\ehdrv.sys
[2010.03.09 10:11:22 | 000,139,192 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\eamon.sys
[2010.03.06 11:41:38 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM
[2010.03.06 11:41:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\SweetIM
[2010.03.02 14:02:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Blue Spirit\Recent
[2009.03.09 13:52:34 | 000,262,144 | ---- | C] (ZoneAlarm) -- C:\Program Files\Uninstall Spy Blocker.dll
[2009.02.03 21:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\ESET
[2009.02.01 14:05:54 | 000,246,424 | ---- | C] (Microsoft Corporation) -- C:\Program Files\UNICOWS.DLL
[2009.02.01 14:05:50 | 000,155,648 | ---- | C] (POLAR) -- C:\Program Files\AutoCorrectDLL.DLL
[2009.02.01 14:05:49 | 000,212,992 | ---- | C] (Polar) -- C:\Program Files\POLSPELL.DLL
[2009.02.01 14:05:46 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ATL.DLL
[2009.02.01 14:05:36 | 000,174,352 | ---- | C] (Microsoft Corporation) -- C:\Program Files\RICHED32.DLL
[2009.02.01 14:05:36 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WRITE32.WPC
[2009.02.01 14:05:35 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MSWD6_32.WPC
[2009.02.01 14:05:31 | 000,244,736 | ---- | C] (Sequiter Software Inc.) -- C:\Program Files\C4DLL320.DLL
[2009.02.01 14:05:01 | 001,009,152 | ---- | C] (Langsoft & METEOR Software) -- C:\Program Files\WTRAN32.EXE
[2009.01.15 08:19:00 | 003,734,272 | ---- | C] (NVIDIA Corporation ) -- C:\Program Files\PDsetup.exe
[2009.01.15 08:19:00 | 000,535,552 | ---- | C] (Macrovision Corporation) -- C:\Program Files\ISSetup.dll
[2009.01.15 08:19:00 | 000,453,152 | ---- | C] (NVIDIA Corporation) -- C:\Program Files\nvudisp.exe
[2009.01.15 08:19:00 | 000,148,416 | ---- | C] (Macrovision Corporation) -- C:\Program Files\_setup.dll
[2002.01.02 19:17:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[2002.01.02 19:00:20 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[2002.01.02 19:00:20 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Data aplikací\Microsoft
[2002.01.02 19:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.03.10 19:34:32 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Blue Spirit\Plocha\OTL.exe
[2010.03.10 19:01:59 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.03.10 19:00:05 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.03.10 18:49:49 | 000,200,828 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.03.10 18:49:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.03.10 18:10:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.03.10 18:09:20 | 008,388,608 | ---- | M] () -- C:\Documents and Settings\Blue Spirit\NTUSER.DAT
[2010.03.10 18:09:05 | 005,891,196 | -H-- | M] () -- C:\Documents and Settings\Blue Spirit\Local Settings\Data aplikací\IconCache.db
[2010.03.10 16:38:36 | 003,885,368 | R--- | M] () -- C:\Documents and Settings\Blue Spirit\Plocha\ComboFix.exe
[2010.03.09 16:21:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.03.09 10:13:32 | 000,095,872 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\epfwtdir.sys
[2010.03.09 10:13:00 | 000,114,984 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\ehdrv.sys
[2010.03.09 10:11:22 | 000,139,192 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\eamon.sys
[2010.03.05 19:13:59 | 000,001,232 | ---- | M] () -- C:\Documents and Settings\Blue Spirit\default.pls
[2010.03.05 19:13:58 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.03.05 12:02:21 | 000,000,733 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\IObit Security 360.lnk
[2010.03.02 12:01:18 | 000,000,444 | ---- | M] () -- C:\Documents and Settings\Blue Spirit\Plocha\Zástupce - PhotoFunia.lnk
[2010.02.23 13:28:10 | 000,002,561 | ---- | M] () -- C:\Documents and Settings\Blue Spirit\Plocha\Microsoft Office Word 2003.lnk
[2010.02.18 18:55:53 | 000,002,436 | ---- | M] () -- C:\Documents and Settings\Blue Spirit\Dokumenty\cc_20100218_185549.reg
[2010.02.16 09:04:50 | 000,000,616 | ---- | M] () -- C:\Documents and Settings\Blue Spirit\Plocha\Zástupce - HJTInstall.lnk
[2010.02.14 09:40:52 | 000,000,606 | ---- | M] () -- C:\Documents and Settings\Blue Spirit\Plocha\Dr.Web.lnk
[2010.02.10 20:28:21 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Blue Spirit\Plocha\CCleaner.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.03.10 16:53:03 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.03.10 16:53:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.03.10 16:53:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.03.10 16:53:03 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.03.10 16:53:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.03.10 16:37:40 | 003,885,368 | R--- | C] () -- C:\Documents and Settings\Blue Spirit\Plocha\ComboFix.exe
[2010.03.05 12:02:21 | 000,000,733 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\IObit Security 360.lnk
[2010.03.02 12:01:18 | 000,000,444 | ---- | C] () -- C:\Documents and Settings\Blue Spirit\Plocha\Zástupce - PhotoFunia.lnk
[2010.02.18 18:55:52 | 000,002,436 | ---- | C] () -- C:\Documents and Settings\Blue Spirit\Dokumenty\cc_20100218_185549.reg
[2010.02.16 09:04:50 | 000,000,616 | ---- | C] () -- C:\Documents and Settings\Blue Spirit\Plocha\Zástupce - HJTInstall.lnk
[2010.02.14 09:40:52 | 000,000,606 | ---- | C] () -- C:\Documents and Settings\Blue Spirit\Plocha\Dr.Web.lnk
[2009.07.13 14:54:16 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009.06.12 15:33:29 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009.04.24 11:48:31 | 000,000,244 | ---- | C] () -- C:\Program Files\Custom.ini
[2009.04.24 11:48:31 | 000,000,187 | ---- | C] () -- C:\Program Files\info.ini
[2009.04.06 12:15:19 | 000,009,216 | -HS- | C] () -- C:\Program Files\Thumbs.db
[2009.03.05 13:30:07 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009.02.11 08:02:50 | 000,001,564 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2009.02.09 19:05:59 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2009.02.08 17:32:48 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Blue Spirit\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.02.07 12:20:32 | 000,000,239 | ---- | C] () -- C:\Program Files\Powerdvd.sim
[2009.02.07 12:20:32 | 000,000,183 | ---- | C] () -- C:\Program Files\CLAud.sim
[2009.02.07 12:20:30 | 000,344,923 | ---- | C] () -- C:\Program Files\ikernel.ex_
[2009.02.07 12:19:51 | 000,000,119 | ---- | C] () -- C:\Program Files\iPower.txt
[2009.02.07 12:19:51 | 000,000,030 | ---- | C] () -- C:\Program Files\Serial.txt
[2009.02.02 12:56:53 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\ood2kmsg.dll
[2009.02.02 12:56:51 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\OODCSPRO.dll
[2009.02.02 12:02:23 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.02.01 21:08:29 | 000,163,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\vidstub.sys
[2009.02.01 15:55:20 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.02.01 14:07:40 | 000,000,038 | ---- | C] () -- C:\WINDOWS\WTRDCTM.INI
[2009.02.01 14:07:38 | 003,465,911 | ---- | C] () -- C:\Program Files\pronan.dbf
[2009.02.01 14:07:38 | 000,923,648 | ---- | C] () -- C:\Program Files\pronan.cdx
[2009.02.01 14:07:38 | 000,001,514 | ---- | C] () -- C:\Program Files\SPCS.CET
[2009.02.01 14:07:38 | 000,001,262 | ---- | C] () -- C:\Program Files\RUCS.CET
[2009.02.01 14:07:38 | 000,000,682 | ---- | C] () -- C:\Program Files\SLOZENI.DTA
[2009.02.01 14:07:37 | 000,884,706 | ---- | C] () -- C:\Program Files\PRONAN.DAT
[2009.02.01 14:07:37 | 000,618,496 | ---- | C] () -- C:\Program Files\NAME.CDX
[2009.02.01 14:07:37 | 000,472,062 | ---- | C] () -- C:\Program Files\NAME.DBF
[2009.02.01 14:07:37 | 000,001,358 | ---- | C] () -- C:\Program Files\GRCS.CET
[2009.02.01 14:07:37 | 000,001,286 | ---- | C] () -- C:\Program Files\FRCS.CET
[2009.02.01 14:07:37 | 000,001,253 | ---- | C] () -- C:\Program Files\ITCS.CET
[2009.02.01 14:07:36 | 000,719,568 | ---- | C] () -- C:\Program Files\CZL4.DBF
[2009.02.01 14:07:36 | 000,696,320 | ---- | C] () -- C:\Program Files\CZL4.CDX
[2009.02.01 14:07:35 | 001,678,504 | ---- | C] () -- C:\Program Files\CZCS.DIC
[2009.02.01 14:07:35 | 000,112,851 | ---- | C] () -- C:\Program Files\CORRECT.CS0
[2009.02.01 14:07:35 | 000,021,606 | ---- | C] () -- C:\Program Files\CORRECT.CZA
[2009.02.01 14:07:35 | 000,021,496 | ---- | C] () -- C:\Program Files\CORRECT.CZN
[2009.02.01 14:07:35 | 000,018,859 | ---- | C] () -- C:\Program Files\CORRECT.CS
[2009.02.01 14:07:35 | 000,007,113 | ---- | C] () -- C:\Program Files\CORRECT.PJS
[2009.02.01 14:07:35 | 000,005,881 | ---- | C] () -- C:\Program Files\CORRECTF.AN
[2009.02.01 14:07:35 | 000,004,547 | ---- | C] () -- C:\Program Files\CORRECT.AN
[2009.02.01 14:07:35 | 000,002,787 | ---- | C] () -- C:\Program Files\CORRECT.AN0
[2009.02.01 14:07:35 | 000,001,052 | ---- | C] () -- C:\Program Files\CORRECTX.AN
[2009.02.01 14:07:34 | 004,136,609 | ---- | C] () -- C:\Program Files\COR4AN.DBF
[2009.02.01 14:07:32 | 004,160,512 | ---- | C] () -- C:\Program Files\COR4AN.CDX
[2009.02.01 14:07:32 | 001,030,343 | ---- | C] () -- C:\Program Files\ANCS.DIC
[2009.02.01 14:07:32 | 000,001,170 | ---- | C] () -- C:\Program Files\ANCS.CET
[2009.02.01 14:07:31 | 001,381,236 | ---- | C] () -- C:\Program Files\CSAN.TCX
[2009.02.01 14:07:28 | 009,759,612 | ---- | C] () -- C:\Program Files\ANCS.TCX
[2009.02.01 14:07:28 | 000,013,022 | ---- | C] () -- C:\Program Files\ANCS.GRM
[2009.02.01 14:07:26 | 006,169,600 | ---- | C] () -- C:\Program Files\CSAN.CDX
[2009.02.01 14:07:24 | 005,924,352 | ---- | C] () -- C:\Program Files\ANCS.CDX
[2009.02.01 14:07:23 | 001,703,563 | ---- | C] () -- C:\Program Files\ANCS2.DBF
[2009.02.01 14:07:12 | 039,798,371 | ---- | C] () -- C:\Program Files\ANCS.DBF
[2009.02.01 14:06:29 | 011,265,369 | ---- | C] () -- C:\Program Files\A4.CMP
[2009.02.01 14:06:25 | 015,636,753 | ---- | C] () -- C:\Program Files\A3.CMP
[2009.02.01 14:06:21 | 015,319,767 | ---- | C] () -- C:\Program Files\A2.CMP
[2009.02.01 14:06:16 | 017,604,649 | ---- | C] () -- C:\Program Files\A1.CMP
[2009.02.01 14:06:12 | 017,179,235 | ---- | C] () -- C:\Program Files\A0.CMP
[2009.02.01 14:06:11 | 000,365,568 | ---- | C] () -- C:\Program Files\READERA.CDX
[2009.02.01 14:06:10 | 001,912,405 | ---- | C] () -- C:\Program Files\READERA.DBF
[2009.02.01 14:06:00 | 000,105,456 | ---- | C] () -- C:\Program Files\APPENDO.DTN
[2009.02.01 14:05:59 | 000,343,689 | ---- | C] () -- C:\Program Files\APPEND.DTN
[2009.02.01 14:05:59 | 000,000,226 | ---- | C] () -- C:\Program Files\MAILTRAN.CFG
[2009.02.01 14:05:58 | 000,032,109 | ---- | C] () -- C:\Program Files\APPEND.DTA
[2009.02.01 14:05:58 | 000,010,401 | ---- | C] () -- C:\Program Files\APPENDO.DTA
[2009.02.01 14:05:58 | 000,001,224 | ---- | C] () -- C:\Program Files\TRNCOM.CFG
[2009.02.01 14:05:54 | 000,000,226 | ---- | C] () -- C:\WINDOWS\MAILTRAN.INI
[2009.02.01 14:05:53 | 000,011,362 | ---- | C] () -- C:\Program Files\MAILTRAN.HLP
[2009.02.01 14:05:50 | 000,198,656 | ---- | C] () -- C:\Program Files\MAILTRAN.EXE
[2009.02.01 14:05:50 | 000,001,224 | ---- | C] () -- C:\WINDOWS\TRNCOM.INI
[2009.02.01 14:05:49 | 000,375,774 | ---- | C] () -- C:\Program Files\TRNIKONY.BMP
[2009.02.01 14:05:49 | 000,375,774 | ---- | C] () -- C:\Program Files\SETUPWEB.BMP
[2009.02.01 14:05:48 | 000,360,448 | ---- | C] () -- C:\Program Files\WEBIE.DL_
[2009.02.01 14:05:48 | 000,098,304 | ---- | C] () -- C:\Program Files\REG.EXE
[2009.02.01 14:05:47 | 001,683,456 | ---- | C] () -- C:\Program Files\TRNCOM.DL_
[2009.02.01 14:05:45 | 000,000,877 | ---- | C] () -- C:\Program Files\SETUPWEB.IST
[2009.02.01 14:05:43 | 000,162,816 | ---- | C] () -- C:\Program Files\SETUPWEB.EXE
[2009.02.01 14:05:42 | 000,000,614 | ---- | C] () -- C:\Program Files\TRNIKONY.IST
[2009.02.01 14:05:40 | 000,162,816 | ---- | C] () -- C:\Program Files\TRNIKONY.EXE
[2009.02.01 14:05:39 | 000,499,878 | ---- | C] () -- C:\Program Files\WINTRAN.DCZ
[2009.02.01 14:05:29 | 000,001,831 | ---- | C] () -- C:\WINDOWS\WDICT32.INI
[2009.02.01 14:05:28 | 000,018,653 | ---- | C] () -- C:\Program Files\WDICT32.HLP
[2009.02.01 14:05:28 | 000,015,178 | ---- | C] () -- C:\Program Files\WTRDCTM.HLP
[2009.02.01 14:05:28 | 000,004,233 | ---- | C] () -- C:\WINDOWS\WTRAN32.INI
[2009.02.01 14:05:27 | 000,051,010 | ---- | C] () -- C:\Program Files\WTRAN32.HLP
[2009.02.01 14:05:17 | 000,737,280 | ---- | C] () -- C:\Program Files\WDICT32.EXE
[2009.02.01 14:05:11 | 000,189,440 | ---- | C] () -- C:\Program Files\WTRDCTM.EXE
[2009.02.01 14:05:00 | 000,004,193 | ---- | C] () -- C:\Program Files\WTRAN32.CFG
[2009.02.01 14:05:00 | 000,001,777 | ---- | C] () -- C:\Program Files\WDICT32.CFG
[2009.01.20 03:12:58 | 000,032,539 | ---- | C] () -- C:\Program Files\nv4_disp.cat
[2009.01.15 08:19:00 | 007,914,489 | ---- | C] () -- C:\Program Files\data2.cab
[2009.01.15 08:19:00 | 007,789,504 | ---- | C] () -- C:\Program Files\NvCpl.dl_
[2009.01.15 08:19:00 | 004,408,971 | ---- | C] () -- C:\Program Files\nvoglnt.dl_
[2009.01.15 08:19:00 | 003,605,504 | ---- | C] () -- C:\Program Files\nvDispS.dl_
[2009.01.15 08:19:00 | 003,595,361 | ---- | C] () -- C:\Program Files\nv4_disp.dl_
[2009.01.15 08:19:00 | 003,391,581 | ---- | C] () -- C:\Program Files\nv4_mini.sy_
[2009.01.15 08:19:00 | 003,155,912 | ---- | C] () -- C:\Program Files\nvViTvS.dl_
[2009.01.15 08:19:00 | 002,195,673 | ---- | C] () -- C:\Program Files\nvGameS.dl_
[2009.01.15 08:19:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009.01.15 08:19:00 | 001,628,583 | ---- | C] () -- C:\Program Files\nvwss.dl_
[2009.01.15 08:19:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009.01.15 08:19:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009.01.15 08:19:00 | 001,078,849 | ---- | C] () -- C:\Program Files\data1.cab
[2009.01.15 08:19:00 | 000,986,076 | ---- | C] () -- C:\Program Files\nvcuda.dl_
[2009.01.15 08:19:00 | 000,886,767 | ---- | C] () -- C:\Program Files\nvwdmcpl.dl_
[2009.01.15 08:19:00 | 000,696,530 | ---- | C] () -- C:\Program Files\nvMoblS.dl_
[2009.01.15 08:19:00 | 000,682,988 | ---- | C] () -- C:\Program Files\nwiz.ex_
[2009.01.15 08:19:00 | 000,677,695 | ---- | C] () -- C:\Program Files\nview.dl_
[2009.01.15 08:19:00 | 000,559,919 | ---- | C] () -- C:\Program Files\NvPVEnc.ax_
[2009.01.15 08:19:00 | 000,474,242 | ---- | C] () -- C:\Program Files\nvdspsch.ex_
[2009.01.15 08:19:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009.01.15 08:19:00 | 000,435,004 | ---- | C] () -- C:\Program Files\nvcplui.ex_
[2009.01.15 08:19:00 | 000,354,919 | ---- | C] () -- C:\Program Files\nvwimg.dl_
[2009.01.15 08:19:00 | 000,308,110 | ---- | C] () -- C:\Program Files\nvapi.dl_
[2009.01.15 08:19:00 | 000,306,712 | ---- | C] () -- C:\Program Files\setup.inx
[2009.01.15 08:19:00 | 000,228,812 | ---- | C] () -- C:\Program Files\keystone.ex_
[2009.01.15 08:19:00 | 000,210,986 | ---- | C] () -- C:\Program Files\nvappbar.ex_
[2009.01.15 08:19:00 | 000,202,444 | ---- | C] () -- C:\Program Files\nvshell.dl_
[2009.01.15 08:19:00 | 000,187,817 | ---- | C] () -- C:\Program Files\nvdsp.chm
[2009.01.15 08:19:00 | 000,176,756 | ---- | C] () -- C:\Program Files\setup.bmp
[2009.01.15 08:19:00 | 000,164,070 | ---- | C] () -- C:\Program Files\nvmccs.dl_
[2009.01.15 08:19:00 | 000,155,983 | ---- | C] () -- C:\Program Files\nvnt4cpl.dl_
[2009.01.15 08:19:00 | 000,154,402 | ---- | C] () -- C:\Program Files\NVCPL.HL_
[2009.01.15 08:19:00 | 000,123,842 | ---- | C] () -- C:\Program Files\nv3d.chm
[2009.01.15 08:19:00 | 000,123,643 | ---- | C] () -- C:\Program Files\nvcpl.chm
[2009.01.15 08:19:00 | 000,117,527 | ---- | C] () -- C:\Program Files\nvcpl.cp_
[2009.01.15 08:19:00 | 000,105,012 | ---- | C] () -- C:\Program Files\nvMccsS.dl_
[2009.01.15 08:19:00 | 000,090,908 | ---- | C] () -- C:\Program Files\nvsvc32.ex_
[2009.01.15 08:19:00 | 000,086,869 | ---- | C] () -- C:\Program Files\NvColor.ex_
[2009.01.15 08:19:00 | 000,080,771 | ---- | C] () -- C:\Program Files\NVEPClnt.ex_
[2009.01.15 08:19:00 | 000,076,009 | ---- | C] () -- C:\Program Files\setup.isn
[2009.01.15 08:19:00 | 000,075,057 | ---- | C] () -- C:\Program Files\nv4_disp.inf
[2009.01.15 08:19:00 | 000,073,826 | ---- | C] () -- C:\Program Files\nvcod.dl_
[2009.01.15 08:19:00 | 000,058,584 | ---- | C] () -- C:\Program Files\modes.txt
[2009.01.15 08:19:00 | 000,054,988 | ---- | C] () -- C:\Program Files\nvmob.chm
[2009.01.15 08:19:00 | 000,048,497 | ---- | C] () -- C:\Program Files\nvwddi.dl_
[2009.01.15 08:19:00 | 000,045,119 | ---- | C] () -- C:\Program Files\NvMCTray.dl_
[2009.01.15 08:19:00 | 000,044,516 | ---- | C] () -- C:\Program Files\NvApps.xm_
[2009.01.15 08:19:00 | 000,040,057 | ---- | C] () -- C:\Program Files\nvtuicpl.cp_
[2009.01.15 08:19:00 | 000,037,359 | ---- | C] () -- C:\Program Files\nvwcplen.hl_
[2009.01.15 08:19:00 | 000,023,543 | ---- | C] () -- C:\Program Files\data1.hdr
[2009.01.15 08:19:00 | 000,018,725 | ---- | C] () -- C:\Program Files\nvdisp.nvu
[2009.01.15 08:19:00 | 000,010,222 | ---- | C] () -- C:\Program Files\default.tv_
[2009.01.15 08:19:00 | 000,009,088 | ---- | C] () -- C:\Program Files\nvmccsrs.dl_
[2009.01.15 08:19:00 | 000,008,322 | ---- | C] () -- C:\Program Files\NvwsApps.xm_
[2009.01.15 08:19:00 | 000,006,144 | ---- | C] () -- C:\Program Files\Finance.tv_
[2009.01.15 08:19:00 | 000,006,101 | ---- | C] () -- C:\Program Files\Advanced.tv_
[2009.01.15 08:19:00 | 000,005,857 | ---- | C] () -- C:\Program Files\DCC.tv_
[2009.01.15 08:19:00 | 000,005,661 | ---- | C] () -- C:\Program Files\CAD.tv_
[2009.01.15 08:19:00 | 000,003,593 | ---- | C] () -- C:\Program Files\Readme.txt
[2009.01.15 08:19:00 | 000,000,431 | ---- | C] () -- C:\Program Files\setup.iss
[2009.01.15 08:19:00 | 000,000,417 | ---- | C] () -- C:\Program Files\layout.bin
[2009.01.15 08:19:00 | 000,000,095 | ---- | C] () -- C:\Program Files\setup.ini
[2008.12.10 23:13:50 | 036,075,288 | ---- | C] () -- C:\Program Files\PhysX_9.09.0010_SystemSoftware.exe
[2003.04.09 15:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.01.02 19:26:23 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2002.01.02 19:25:46 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2002.01.02 19:07:25 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

========== LOP Check ==========

[2010.03.10 15:29:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2009.02.01 12:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2010.01.05 05:03:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\IObit
[2009.03.09 13:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\MailFrontier
[2009.11.07 08:51:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\SecTaskMan
[2010.03.10 13:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\SweetIM
[2010.03.10 16:59:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blue Spirit\Data aplikací\ICQ
[2009.03.04 14:08:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blue Spirit\Data aplikací\IObit
[2002.01.02 19:37:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blue Spirit\Data aplikací\Opera
[2009.07.11 17:36:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blue Spirit\Data aplikací\Thinstall

========== Purity Check ==========

< End of report >

Příspěvekod **jaro3** » 10 bře 2010 20:21

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Custom Scans/Fixes do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\msdaipp - No CLSID value found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

:Files
C:\WINDOWS\System32\*.tmp /s
C:\WINDOWS\*.tmp /s
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
c:\windows\Tasks\*.job /s
C:\WINDOWS\tasks\SA.DAT
C:\Documents and Settings\All Users\Data aplikací\SecTaskMan

:Reg
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Poté klikni nahoře na Run Fix. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

Poklepej znovu na ikonu OTL by OldTimer, pod Custom Scans/Fixes vlož následující text , zeleně zbarvený:

Kód: Vybrat vše

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT

Neměň nastavení, jen klikni na Run Scan, nech sken dokončit. Až se se objeví textový soubor , tak sem vlož prosím jeho celý obsah.

Prosím o kontrolu - 2 šmejdi Vyřešeno

Prosím o kontrolu - 2 šmejdi

Re: Prosím o kontrolu - 2 šmejdi

Re: Prosím o kontrolu - 2 šmejdi

Re: Prosím o kontrolu - 2 šmejdi

Re: Prosím o kontrolu - 2 šmejdi

Re: Prosím o kontrolu - 2 šmejdi

Re: Prosím o kontrolu - 2 šmejdi

Re: Prosím o kontrolu - 2 šmejdi

Re: Prosím o kontrolu - 2 šmejdi

Re: Prosím o kontrolu - 2 šmejdi

Re: Prosím o kontrolu - 2 šmejdi

Re: Prosím o kontrolu - 2 šmejdi

Kdo je online