Prosím o kontrolu logu Vyřešeno

[prdka20]

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 23:22:50, on 11.3.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Labtec Mouse V3.0\moffice.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Labtec Mouse V3.0\MOUSE32A.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Ufonuv fofr internet\EASYWIRELESSNET.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\Windows\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.seznam.cz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec Mouse V3.0\moffice.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.0\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Aktualizovat ESET licenci.lnk = C:\Program Files\ESET\MiNODLogin\MiNODLogin.exe
O9 - Extra button: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm (file missing)
O9 - Extra 'Tools' menuitem: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm (file missing)
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{78B7F8FA-20B3-4156-91FE-DDECDB13EDA7}: NameServer = 78.136.128.4 78.136.128.12
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {574940E0-1B7A-4881-8FA3-1E809714B156} - C:\Users\Danuška\AppData\LocalLow\Microńoft\redir.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Služba Google Update (gupdate1c9ce2770cff601) (gupdate1c9ce2770cff601) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Unknown owner - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (file missing)

--
End of file - 7569 bytes

[Reklama]

[Damned]

Vítám tě zde.

Nějaký problém? Spybot byl řádně odinstalován?

Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

O9 - Extra button: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm (file missing)
O9 - Extra 'Tools' menuitem: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm (file missing)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
*****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[prdka20]

ahojky, doufám že jsem to udělala dobře, jsem totiž hrozně šikovná a děkuji za pomoc.

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3510
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

12.3.2010 1:48:16
mbam-log-2010-03-12 (01-48-06).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 97668
Uplynulý čas: 6 minute(s), 32 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 22
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 9
Infikované soubory: 2

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\chrome (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\chrome\Nová složka (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\chrome\Nová složka (2) (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\chrome\Nová složka (3) (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin\chrome (Adware.MyWebSearch) -> No action taken.

Infikované soubory:
C:\Program Files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> No action taken.

[Damned]

Jasně

Takže spusť znovu MbAM a dej Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Konec

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[prdka20]

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3510
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

12.3.2010 3:16:50
mbam-log-2010-03-12 (03-16-50).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 97668
Uplynulý čas: 6 minute(s), 32 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 22
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 9
Infikované soubory: 2

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\chrome\Nová složka (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\chrome\Nová složka (2) (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\chrome\Nová složka (3) (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infikované soubory:
C:\Program Files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.





ComboFix 10-03-11.02 - Danuška 12.03.2010 3:42.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3000.1867 [GMT 1:00]
Spuštěný z: c:\users\Danuška\Downloads\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3618681061-1965329746-1127524543-1001
c:\windows\system32\detoured.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-12 do 2010-03-12 )))))))))))))))))))))))))))))))
.

2010-03-12 02:53 . 2010-03-12 02:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-12 00:38 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-12 00:38 . 2010-03-12 00:38 -------- d-----w- c:\programdata\Malwarebytes
2010-03-12 00:38 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-12 00:38 . 2010-03-12 00:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-11 22:15 . 2010-03-11 22:15 -------- d-----w- c:\program files\TrendMicro
2010-03-11 01:37 . 2010-03-11 01:37 -------- d-----w- c:\program files\Common Files\Apple
2010-03-11 01:36 . 2010-03-11 01:36 -------- d-----w- c:\program files\Apple Software Update
2010-03-11 01:36 . 2010-03-11 01:36 -------- d-----w- c:\programdata\Apple
2010-03-10 19:59 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2010-03-10 19:59 . 2009-03-08 11:31 48128 ----a-w- c:\windows\system32\mshtmler.dll
2010-03-10 19:59 . 2009-03-08 11:33 18944 ----a-w- c:\windows\system32\corpol.dll
2010-03-10 19:59 . 2009-03-08 11:31 34816 ----a-w- c:\windows\system32\imgutil.dll
2010-03-10 19:59 . 2009-03-08 11:22 156160 ----a-w- c:\windows\system32\msls31.dll
2010-03-10 17:34 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-03-10 17:29 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-10 17:29 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-10 17:29 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-03 12:49 . 2010-03-03 12:49 -------- d-----w- C:\inetpub
2010-03-03 11:46 . 2010-03-03 11:46 -------- d-----w- c:\program files\Synaptics
2010-03-03 10:25 . 2010-03-03 10:25 -------- d-----w- c:\programdata\ParetoLogic
2010-03-03 10:25 . 2010-03-03 10:25 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-03-03 10:04 . 2010-03-03 10:04 -------- d-----w- c:\programdata\FileCure
2010-03-03 10:04 . 2010-03-03 10:04 -------- d-----w- c:\program files\ParetoLogic
2010-03-01 01:07 . 2010-03-02 19:25 -------- d-----w- c:\program files\Seznam.cz
2010-02-28 16:37 . 2010-02-28 16:37 -------- d-----w- C:\Aplikace
2010-02-27 23:45 . 2010-02-27 23:45 -------- d-----w- c:\program files\Marvell
2010-02-27 22:18 . 2010-02-27 22:21 -------- d-----w- c:\program files\ESET
2010-02-27 20:49 . 2010-02-27 20:49 -------- d-----w- c:\program files\Labtec Mouse V3.0
2010-02-27 20:49 . 2010-02-27 20:49 27312 ----a-w- c:\windows\system32\drivers\chintps2.sys
2010-02-27 20:49 . 2010-02-27 20:49 12097 ----a-w- c:\windows\system32\drivers\moufiltr.sys
2010-02-27 18:30 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-27 18:30 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-27 18:30 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-27 18:30 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-27 18:30 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-27 18:30 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-27 18:29 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-27 18:29 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-27 18:29 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-27 18:29 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-27 18:29 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-27 18:29 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-27 18:29 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-27 07:33 . 2010-02-27 07:45 -------- d-----w- c:\program files\McAfee Security Scan
2010-02-21 07:15 . 2010-03-11 02:04 -------- d-----w- c:\program files\ICQ7.0
2010-02-20 21:19 . 2007-07-19 23:57 267112 ----a-w- c:\windows\system32\xactengine2_9.dll
2010-02-20 21:19 . 2007-07-19 17:14 444776 ----a-w- c:\windows\system32\d3dx10_35.dll
2010-02-20 21:19 . 2007-07-19 17:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2010-02-20 21:19 . 2007-07-19 17:14 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll
2010-02-20 21:19 . 2007-06-20 19:46 266088 ----a-w- c:\windows\system32\xactengine2_8.dll
2010-02-20 21:19 . 2007-07-19 23:54 18280 ----a-w- c:\windows\system32\x3daudio1_2.dll
2010-02-20 21:19 . 2007-05-16 15:45 443752 ----a-w- c:\windows\system32\d3dx10_34.dll
2010-02-20 21:19 . 2007-05-16 15:45 1124720 ----a-w- c:\windows\system32\D3DCompiler_34.dll
2010-02-20 21:19 . 2007-05-16 15:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2010-02-20 21:19 . 2007-03-15 15:57 443752 ----a-w- c:\windows\system32\d3dx10_33.dll
2010-02-20 21:19 . 2007-03-12 15:42 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll
2010-02-20 21:19 . 2006-11-29 12:06 440080 ----a-w- c:\windows\system32\d3dx10.dll
2010-02-20 21:12 . 2010-02-20 21:12 -------- d-----w- c:\program files\City Interactive
2010-02-20 20:00 . 2010-02-20 20:48 -------- d-----w- c:\program files\GameSpy Arcade
2010-02-20 19:48 . 2010-02-20 19:48 -------- d-----w- C:\WheelOfTime
2010-02-19 14:38 . 2010-02-24 12:37 -------- d-----w- c:\program files\Opera 10.50 Beta
2010-02-19 06:27 . 2010-02-19 06:27 -------- d-----w- c:\program files\Common Files\Java
2010-02-19 02:51 . 2010-02-19 02:51 -------- d-----w- c:\program files\CENZURA
2010-02-19 02:27 . 2010-02-19 17:43 -------- d-----w- c:\program files\Opera
2010-02-18 00:02 . 2010-02-18 00:02 -------- d-----w- c:\program files\AnvSoft
2010-02-16 11:43 . 2010-02-16 11:43 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-02-13 06:30 . 2009-06-04 14:13 58792 ------w- c:\windows\system32\wbload.dll
2010-02-13 06:30 . 2008-04-26 14:14 42672 ------w- c:\windows\system32\wbsys.dll
2010-02-13 06:30 . 2010-02-13 06:30 -------- d-----w- c:\program files\Stardock
2010-02-12 01:33 . 2010-02-12 01:52 -------- d-----w- c:\program files\PC MightyMax 2010
2010-02-10 09:28 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 09:28 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-10 09:27 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-10 09:27 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-10 09:26 . 2009-12-08 20:01 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-10 09:26 . 2009-12-08 17:26 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-02-10 09:26 . 2009-12-04 18:29 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-02-10 09:26 . 2009-12-04 18:28 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-02-10 09:26 . 2009-12-04 18:30 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-02-10 09:26 . 2009-12-04 18:28 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-02-10 09:26 . 2009-12-04 18:28 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-02-10 09:26 . 2009-12-04 18:28 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-02-10 09:26 . 2009-12-04 18:28 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-02-10 09:26 . 2009-12-04 18:28 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-02-10 09:26 . 2009-12-04 18:27 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-02-10 09:20 . 2009-12-04 15:56 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-10 09:20 . 2009-12-04 15:56 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-12 02:38 . 2009-04-01 07:10 12 ----a-w- c:\windows\bthservsdp.dat
2010-03-12 00:39 . 2009-12-04 23:07 -------- d-----w- c:\program files\Ufonuv fofr internet
2010-03-11 15:54 . 2008-05-09 08:18 660866 ----a-w- c:\windows\system32\perfh005.dat
2010-03-11 15:54 . 2008-05-09 08:18 140500 ----a-w- c:\windows\system32\perfc005.dat
2010-03-10 18:29 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-02 19:18 . 2009-06-18 17:39 -------- d-----w- c:\program files\CCleaner
2010-03-01 10:26 . 2009-10-16 20:11 -------- d-----w- c:\programdata\CanonIJPLM
2010-02-27 20:49 . 2010-02-27 20:49 27312 ----a-w- c:\windows\system32\drivers\chintps2.sys
2010-02-27 19:49 . 2009-12-03 13:56 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-27 19:47 . 2009-09-09 05:45 -------- d-----w- c:\program files\Google
2010-02-27 19:40 . 2009-08-13 06:07 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-02-27 19:35 . 2009-05-06 08:45 -------- d-----r- c:\program files\Skype
2010-02-27 19:15 . 2008-05-08 22:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-27 19:15 . 2008-05-08 22:53 -------- d-----w- c:\program files\Cyberlink
2010-02-21 11:22 . 2009-06-01 18:36 -------- d-----w- c:\program files\ICQ6Toolbar
2010-02-21 07:17 . 2009-06-01 18:36 -------- d-----w- c:\programdata\ICQ
2010-02-19 23:05 . 2009-07-05 06:06 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-19 23:05 . 2009-10-21 16:44 -------- d-----w- c:\program files\Java
2010-02-17 20:32 . 2008-05-08 22:30 -------- d-----w- c:\programdata\McAfee
2010-02-12 18:11 . 2009-10-16 20:27 -------- d-----w- c:\programdata\CanonIJ
2010-02-04 15:40 . 2010-02-02 22:32 -------- d-----w- c:\program files\Microsoft
2010-02-02 19:24 . 2010-02-02 19:24 -------- d-----w- c:\program files\Common Files\Windows Live
2010-01-13 16:42 . 2008-04-30 07:25 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-12 21:21 . 2009-12-03 06:22 -------- d-----w- c:\program files\Kooperativa
2010-01-08 07:13 . 2010-01-08 07:13 33096 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2010-01-06 15:38 . 2010-02-27 18:30 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-27 18:30 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 15:38 . 2010-02-27 18:30 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-27 18:30 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-02 06:38 . 2010-03-11 15:15 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-03-11 15:15 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-03-11 15:15 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-03-11 15:15 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-19 20:38 . 2009-12-19 20:38 515848 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-18 14:02 . 2009-12-18 14:02 38240 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2009-12-18 14:02 . 2009-12-18 14:02 135048 ----a-w- c:\windows\system32\drivers\epfw.sys
2009-02-03 17:15 . 2009-08-07 07:42 1412496 ----a-w- c:\program files\sfdrvup.exe
2009-03-21 07:45 . 2009-03-21 07:44 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
2008-01-21 02:23 . 2008-01-21 02:23 397312 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6001.18000_none_f1582d884fb532fb\WinMail.exe
2008-01-21 02:23 . 2008-01-21 02:23 397312 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6002.18005_none_f343a6944cd6fe47\WinMail.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2010-02-24 1771320]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2010-02-11 133368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-16 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-16 145944]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-10-10 36352]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-23 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312]
"FLMOFFICE4DMOUSE"="c:\program files\Labtec Mouse V3.0\moffice.exe" [2010-02-27 958464]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Aktualizovat ESET licenci.lnk - c:\program files\ESET\MiNODLogin\MiNODLogin.exe [2009-12-10 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):4b,57,ca,5b,1e,54,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3618681061-1965329746-1127524543-1000]
"EnableNotificationsRef"=dword:00000009

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3618681061-1965329746-1127524543-1001]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-03-23 685816]
R2 gupdate1c9ce2770cff601;Služba Google Update (gupdate1c9ce2770cff601);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 135664]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-11-16 735960]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-12-18 38240]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\adusbser.sys [2006-12-20 97920]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'

2010-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 08:11]

2010-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 08:11]

2010-03-12 c:\windows\Tasks\User_Feed_Synchronization-{9EA01272-0BCA-448C-AE0E-303AE520F50A}.job
- c:\windows\system32\msfeedssync.exe [2010-03-11 04:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://www.seznam.cz/
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\ICQ7.0\ICQ.exe
TCP: {78B7F8FA-20B3-4156-91FE-DDECDB13EDA7} = 78.136.128.4 78.136.128.12
FF - ProfilePath - c:\users\Danuška\AppData\Roaming\Mozilla\Firefox\Profiles\zl7god4y.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... cqskins&q=
FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Toolbar-Locked - (no file)
WebBrowser-{631AC2D4-57B3-42B0-A148-DA33B462C1A3} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-12 03:53
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-03-12 03:57:08
ComboFix-quarantined-files.txt 2010-03-12 02:57

Před spuštěním: Volných bajtů: 120 429 879 296
Po spuštění: Volných bajtů: 120 359 342 080

- - End Of File - - 5DCD1B87E4272C60F85A6E1B8BEDFB84

[Damned]

Odinstaluj si ICQ6Toolbar a McAFee.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

Folder::
c:\program files\McAfee Security Scan
c:\program files\ICQ6Toolbar
c:\programdata\McAfee

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3618681061-1965329746-1127524543-1000]
"EnableNotificationsRef"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3618681061-1965329746-1127524543-1001]
"EnableNotifications"=dword:00000000
"EnableNotificationsRef"=dword:00000000



Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu

[prdka20]

ComboFix 10-03-11.02 - Danuška 12.03.2010 5:39.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3000.1909 [GMT 1:00]
Spuštěný z: c:\users\Danuška\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\Danuška\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý

.
/wow section - STAGE 6A


((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\1002111253\config.xml
c:\program files\ICQ6Toolbar\1002111253\Icons.bmp
c:\program files\ICQ6Toolbar\1002111253\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\1002111253\ICQToolBar.dll
c:\program files\ICQ6Toolbar\1002111253\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\1002111253\logo_small.gif
c:\program files\ICQ6Toolbar\1002111253\short.wav
c:\program files\ICQ6Toolbar\1002111253\Version.txt
c:\program files\ICQ6Toolbar\config.xml
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt
c:\program files\McAfee Security Scan
c:\program files\McAfee Security Scan\2.0.181\avvclean.dat
c:\program files\McAfee Security Scan\2.0.181\avvnames.dat
c:\program files\McAfee Security Scan\2.0.181\avvscan.dat
c:\program files\McAfee Security Scan\2.0.181\config.dat
c:\program files\McAfee Security Scan\2.0.181\sacore.db
c:\program files\McAfee Security Scan\2.0.181\sacoredata\uds_filetypes.txt
c:\program files\McAfee Security Scan\2.0.181\sacoredata\uds_hosting.txt
c:\program files\McAfee Security Scan\2.0.181\sacoredata\uds_tlds.txt
c:\programdata\McAfee
c:\programdata\McAfee\dspwrp\SmartMessaging.db
c:\programdata\McAfee\MCLOGS\Common\McCHSvc\McCHSvc000.log
c:\programdata\McAfee\MCLOGS\Common\McUICnt\McUICnt000.log
c:\programdata\McAfee\MCLOGS\McUICnt\McUICnt\McUICnt000.log
c:\programdata\McAfee\MCLOGS\PartnerCustom\McCHSvc\McCHSvc000.log
c:\programdata\McAfee\MCLOGS\PartnerCustom\McUICnt\McUICnt000.log
c:\programdata\McAfee\MCLOGS\PartnerCustom\SecurityScan_Release\SecurityScan_Release000.log
c:\programdata\McAfee\MCLOGS\PartnerCustom\SSScheduler\SSScheduler000.log
c:\programdata\McAfee\MCLOGS\SecurityScanner\McUICnt\McUICnt000.log
c:\programdata\McAfee\MSC\Cache\McSubDB.Bak
c:\programdata\McAfee\MSC\mcini.ini
c:\programdata\McAfee\MSC\McSubDB.Dat

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-12 do 2010-03-12 )))))))))))))))))))))))))))))))
.

2010-03-12 04:48 . 2010-03-12 04:48 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-12 04:48 . 2010-03-12 04:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-12 00:38 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-12 00:38 . 2010-03-12 00:38 -------- d-----w- c:\programdata\Malwarebytes
2010-03-12 00:38 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-12 00:38 . 2010-03-12 00:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-11 22:15 . 2010-03-11 22:15 -------- d-----w- c:\program files\TrendMicro
2010-03-11 01:37 . 2010-03-11 01:37 -------- d-----w- c:\program files\Common Files\Apple
2010-03-11 01:36 . 2010-03-11 01:36 -------- d-----w- c:\program files\Apple Software Update
2010-03-11 01:36 . 2010-03-11 01:36 -------- d-----w- c:\programdata\Apple
2010-03-10 19:59 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2010-03-10 19:59 . 2009-03-08 11:31 48128 ----a-w- c:\windows\system32\mshtmler.dll
2010-03-10 19:59 . 2009-03-08 11:33 18944 ----a-w- c:\windows\system32\corpol.dll
2010-03-10 19:59 . 2009-03-08 11:31 34816 ----a-w- c:\windows\system32\imgutil.dll
2010-03-10 19:59 . 2009-03-08 11:22 156160 ----a-w- c:\windows\system32\msls31.dll
2010-03-10 17:34 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-03-10 17:29 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-10 17:29 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-10 17:29 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-03 12:49 . 2010-03-03 12:49 -------- d-----w- C:\inetpub
2010-03-03 11:46 . 2010-03-03 11:46 -------- d-----w- c:\program files\Synaptics
2010-03-03 10:25 . 2010-03-03 10:25 -------- d-----w- c:\programdata\ParetoLogic
2010-03-03 10:25 . 2010-03-03 10:25 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-03-03 10:04 . 2010-03-03 10:04 -------- d-----w- c:\programdata\FileCure
2010-03-03 10:04 . 2010-03-03 10:04 -------- d-----w- c:\program files\ParetoLogic
2010-03-01 01:07 . 2010-03-02 19:25 -------- d-----w- c:\program files\Seznam.cz
2010-02-28 16:37 . 2010-02-28 16:37 -------- d-----w- C:\Aplikace
2010-02-27 23:45 . 2010-02-27 23:45 -------- d-----w- c:\program files\Marvell
2010-02-27 22:18 . 2010-02-27 22:21 -------- d-----w- c:\program files\ESET
2010-02-27 20:49 . 2010-02-27 20:49 -------- d-----w- c:\program files\Labtec Mouse V3.0
2010-02-27 20:49 . 2010-02-27 20:49 27312 ----a-w- c:\windows\system32\drivers\chintps2.sys
2010-02-27 20:49 . 2010-02-27 20:49 12097 ----a-w- c:\windows\system32\drivers\moufiltr.sys
2010-02-27 18:30 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-27 18:30 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-27 18:30 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-27 18:30 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-27 18:30 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-27 18:30 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-27 18:29 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-27 18:29 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-27 18:29 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-27 18:29 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-27 18:29 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-27 18:29 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-27 18:29 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-21 07:15 . 2010-03-11 02:04 -------- d-----w- c:\program files\ICQ7.0
2010-02-20 21:19 . 2007-07-19 23:57 267112 ----a-w- c:\windows\system32\xactengine2_9.dll
2010-02-20 21:19 . 2007-07-19 17:14 444776 ----a-w- c:\windows\system32\d3dx10_35.dll
2010-02-20 21:19 . 2007-07-19 17:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2010-02-20 21:19 . 2007-07-19 17:14 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll
2010-02-20 21:19 . 2007-06-20 19:46 266088 ----a-w- c:\windows\system32\xactengine2_8.dll
2010-02-20 21:19 . 2007-07-19 23:54 18280 ----a-w- c:\windows\system32\x3daudio1_2.dll
2010-02-20 21:19 . 2007-05-16 15:45 443752 ----a-w- c:\windows\system32\d3dx10_34.dll
2010-02-20 21:19 . 2007-05-16 15:45 1124720 ----a-w- c:\windows\system32\D3DCompiler_34.dll
2010-02-20 21:19 . 2007-05-16 15:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2010-02-20 21:19 . 2007-03-15 15:57 443752 ----a-w- c:\windows\system32\d3dx10_33.dll
2010-02-20 21:19 . 2007-03-12 15:42 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll
2010-02-20 21:19 . 2006-11-29 12:06 440080 ----a-w- c:\windows\system32\d3dx10.dll
2010-02-20 21:12 . 2010-02-20 21:12 -------- d-----w- c:\program files\City Interactive
2010-02-20 20:00 . 2010-02-20 20:48 -------- d-----w- c:\program files\GameSpy Arcade
2010-02-20 19:48 . 2010-02-20 19:48 -------- d-----w- C:\WheelOfTime
2010-02-19 14:38 . 2010-02-24 12:37 -------- d-----w- c:\program files\Opera 10.50 Beta
2010-02-19 06:27 . 2010-02-19 06:27 -------- d-----w- c:\program files\Common Files\Java
2010-02-19 02:51 . 2010-02-19 02:51 -------- d-----w- c:\program files\CENZURA
2010-02-19 02:27 . 2010-02-19 17:43 -------- d-----w- c:\program files\Opera
2010-02-18 00:02 . 2010-02-18 00:02 -------- d-----w- c:\program files\AnvSoft
2010-02-16 11:43 . 2010-02-16 11:43 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-02-13 06:30 . 2009-06-04 14:13 58792 ------w- c:\windows\system32\wbload.dll
2010-02-13 06:30 . 2008-04-26 14:14 42672 ------w- c:\windows\system32\wbsys.dll
2010-02-13 06:30 . 2010-02-13 06:30 -------- d-----w- c:\program files\Stardock
2010-02-12 01:33 . 2010-02-12 01:52 -------- d-----w- c:\program files\PC MightyMax 2010
2010-02-10 09:28 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 09:28 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-10 09:27 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-10 09:27 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-10 09:26 . 2009-12-08 20:01 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-10 09:26 . 2009-12-08 17:26 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-02-10 09:26 . 2009-12-04 18:29 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-02-10 09:26 . 2009-12-04 18:28 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-02-10 09:26 . 2009-12-04 18:30 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-02-10 09:26 . 2009-12-04 18:28 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-02-10 09:26 . 2009-12-04 18:28 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-02-10 09:26 . 2009-12-04 18:28 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-02-10 09:26 . 2009-12-04 18:28 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-02-10 09:26 . 2009-12-04 18:28 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-02-10 09:26 . 2009-12-04 18:27 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-02-10 09:20 . 2009-12-04 15:56 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-10 09:20 . 2009-12-04 15:56 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-12 04:35 . 2009-12-04 23:07 -------- d-----w- c:\program files\Ufonuv fofr internet
2010-03-12 02:38 . 2009-04-01 07:10 12 ----a-w- c:\windows\bthservsdp.dat
2010-03-11 15:54 . 2008-05-09 08:18 660866 ----a-w- c:\windows\system32\perfh005.dat
2010-03-11 15:54 . 2008-05-09 08:18 140500 ----a-w- c:\windows\system32\perfc005.dat
2010-03-10 18:29 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-02 19:18 . 2009-06-18 17:39 -------- d-----w- c:\program files\CCleaner
2010-03-01 10:26 . 2009-10-16 20:11 -------- d-----w- c:\programdata\CanonIJPLM
2010-02-27 20:49 . 2010-02-27 20:49 27312 ----a-w- c:\windows\system32\drivers\chintps2.sys
2010-02-27 19:49 . 2009-12-03 13:56 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-27 19:47 . 2009-09-09 05:45 -------- d-----w- c:\program files\Google
2010-02-27 19:40 . 2009-08-13 06:07 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-02-27 19:35 . 2009-05-06 08:45 -------- d-----r- c:\program files\Skype
2010-02-27 19:15 . 2008-05-08 22:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-27 19:15 . 2008-05-08 22:53 -------- d-----w- c:\program files\Cyberlink
2010-02-21 07:17 . 2009-06-01 18:36 -------- d-----w- c:\programdata\ICQ
2010-02-19 23:05 . 2009-07-05 06:06 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-19 23:05 . 2009-10-21 16:44 -------- d-----w- c:\program files\Java
2010-02-12 18:11 . 2009-10-16 20:27 -------- d-----w- c:\programdata\CanonIJ
2010-02-04 15:40 . 2010-02-02 22:32 -------- d-----w- c:\program files\Microsoft
2010-02-02 19:24 . 2010-02-02 19:24 -------- d-----w- c:\program files\Common Files\Windows Live
2010-01-13 16:42 . 2008-04-30 07:25 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-12 21:21 . 2009-12-03 06:22 -------- d-----w- c:\program files\Kooperativa
2010-01-08 07:13 . 2010-01-08 07:13 33096 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2010-01-06 15:38 . 2010-02-27 18:30 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-27 18:30 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 15:38 . 2010-02-27 18:30 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-27 18:30 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-02 06:38 . 2010-03-11 15:15 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-03-11 15:15 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-03-11 15:15 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-03-11 15:15 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-19 20:38 . 2009-12-19 20:38 515848 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-18 14:02 . 2009-12-18 14:02 38240 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2009-12-18 14:02 . 2009-12-18 14:02 135048 ----a-w- c:\windows\system32\drivers\epfw.sys
2009-02-03 17:15 . 2009-08-07 07:42 1412496 ----a-w- c:\program files\sfdrvup.exe
2009-03-21 07:45 . 2009-03-21 07:44 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
2008-01-21 02:23 . 2008-01-21 02:23 397312 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6001.18000_none_f1582d884fb532fb\WinMail.exe
2008-01-21 02:23 . 2008-01-21 02:23 397312 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6002.18005_none_f343a6944cd6fe47\WinMail.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2010-02-24 1771320]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2010-02-11 133368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-16 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-16 145944]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-10-10 36352]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-23 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312]
"FLMOFFICE4DMOUSE"="c:\program files\Labtec Mouse V3.0\moffice.exe" [2010-02-27 958464]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Aktualizovat ESET licenci.lnk - c:\program files\ESET\MiNODLogin\MiNODLogin.exe [2009-12-10 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):4b,57,ca,5b,1e,54,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3618681061-1965329746-1127524543-1000]
"EnableNotificationsRef"=dword:00000009

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3618681061-1965329746-1127524543-1001]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-03-23 685816]
R2 gupdate1c9ce2770cff601;Služba Google Update (gupdate1c9ce2770cff601);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 135664]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-11-16 735960]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-12-18 38240]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\adusbser.sys [2006-12-20 97920]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'

2010-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 08:11]

2010-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 08:11]

2010-03-12 c:\windows\Tasks\User_Feed_Synchronization-{9EA01272-0BCA-448C-AE0E-303AE520F50A}.job
- c:\windows\system32\msfeedssync.exe [2010-03-11 04:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://www.seznam.cz/
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\ICQ7.0\ICQ.exe
FF - ProfilePath - c:\users\Danuška\AppData\Roaming\Mozilla\Firefox\Profiles\zl7god4y.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... cqskins&q=
FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-12 05:48
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-03-12 05:52:51
ComboFix-quarantined-files.txt 2010-03-12 04:52
ComboFix2.txt 2010-03-12 02:57

Před spuštěním: Volných bajtů: 120 386 834 432
Po spuštění: Volných bajtů: 120 344 944 640

- - End Of File - - 6DE7BD29EAA4810C3AC57B3EE0E116F3

[Damned]

Odinstaluj ComboFix ( nutné ) .
ComboFix se odinstaluje takto:
Start-Spustit a zadej Combofix[mezera]/uninstall

Stáhni si T-Cleaner ( nutné - smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš)

(pozn.Pokud máš AVG nebo Aviru, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG i Aviru (i rezidenty), následně T-Cleaner smaž a zapni si AVG, Aviru.)
*****************************************************************************************************************************************
Stáhni si OTL na Plochu.
Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Output klikni na minimal Output.Pod Standard Registry změň na All. Zatrhni LOP Check a Purity Check. File age změň na 14 days. Všechny ostatní nastavení ponech jak jsou. Klikni na Run Scan. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj

[prdka20]

OTL logfile created on: 12.3.2010 13:10:08 - Run 1
OTL by OldTimer - Version 3.1.37.0 Folder = C:\Users\Danuška\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,17 Gb Total Space | 112,31 Gb Free Space | 77,90% Space Free | Partition Type: NTFS
Drive D: | 144,15 Gb Total Space | 117,01 Gb Free Space | 81,17% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DANUŠKA-PC
Current User Name: Danuška
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 14 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Danuška\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
PRC - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Danuška\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (SBSDWSCService) -- File not found
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetTcpActivator) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetPipeActivator) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetMsmqActivator) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (NTIBackupSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (NTISchedulerSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()
SRV - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (BUNAgentSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (moufiltr) -- C:\Windows\System32\drivers\moufiltr.sys (Compuware Corporation)
DRV - (Epfwndis) -- C:\Windows\System32\drivers\epfwndis.sys (ESET)
DRV - (epfw) -- C:\Windows\System32\drivers\epfw.sys (ESET)
DRV - (epfwwfp) -- C:\Windows\System32\drivers\epfwwfp.sys (ESET)
DRV - (ehdrv) -- C:\Windows\System32\drivers\ehdrv.sys (ESET)
DRV - (eamon) -- C:\Windows\System32\drivers\eamon.sys (ESET)
DRV - (RMCAST) Ovladač protokolu RMCAST (Pgm) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (NSCIRDA) -- C:\Windows\System32\drivers\nscirda.sys (National Semiconductor Corporation)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (adusbser) -- C:\Windows\System32\drivers\adusbser.sys (QUALCOMM Incorporated)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: {6236BA26-C117-4007-928C-DE0716C7FA99}:1.0.1
FF - prefs.js..extensions.enabledItems: {6236BA26-C117-4007-928C-DE0716C7FA80}:1.0.22
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0
FF - prefs.js..extensions.enabledItems: {6236BA26-C117-4007-928C-DE0716C7FA96}:1.0.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=icqskins&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.09.02 02:00:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\3.bin File not found
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.03.11 03:11:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.03.11 03:11:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010.02.27 23:18:25 | 000,000,000 | ---D | M]

[2009.04.14 15:13:40 | 000,000,000 | ---D | M] -- C:\Users\Danuška\AppData\Roaming\Mozilla\Extensions
[2009.04.14 15:13:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danuška\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010.03.12 01:19:14 | 000,000,000 | ---D | M] -- C:\Users\Danuška\AppData\Roaming\Mozilla\Firefox\Profiles\zl7god4y.default\extensions
[2010.02.16 05:14:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danuška\AppData\Roaming\Mozilla\Firefox\Profiles\zl7god4y.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}
[2010.02.16 05:14:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danuška\AppData\Roaming\Mozilla\Firefox\Profiles\zl7god4y.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96}
[2010.02.16 05:14:55 | 000,000,000 | ---D | M] (FBFan) -- C:\Users\Danuška\AppData\Roaming\Mozilla\Firefox\Profiles\zl7god4y.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA99}
[2009.12.04 21:58:12 | 000,002,255 | ---- | M] () -- C:\Users\Danuška\AppData\Roaming\Mozilla\Firefox\Profiles\zl7god4y.default\searchplugins\askcom.xml
[2010.02.03 22:58:54 | 000,002,171 | ---- | M] () -- C:\Users\Danuška\AppData\Roaming\Mozilla\Firefox\Profiles\zl7god4y.default\searchplugins\bing.xml
[2010.03.05 21:15:39 | 000,000,961 | ---- | M] () -- C:\Users\Danuška\AppData\Roaming\Mozilla\Firefox\Profiles\zl7god4y.default\searchplugins\icqplugin-1.xml
[2009.11.08 20:25:44 | 000,000,961 | ---- | M] () -- C:\Users\Danuška\AppData\Roaming\Mozilla\Firefox\Profiles\zl7god4y.default\searchplugins\icqplugin-2.xml
[2009.12.03 14:19:52 | 000,000,961 | ---- | M] () -- C:\Users\Danuška\AppData\Roaming\Mozilla\Firefox\Profiles\zl7god4y.default\searchplugins\icqplugin-3.xml
[2010.01.03 03:26:19 | 000,000,961 | ---- | M] () -- C:\Users\Danuška\AppData\Roaming\Mozilla\Firefox\Profiles\zl7god4y.default\searchplugins\icqplugin-4.xml
[2010.02.11 21:59:28 | 000,000,958 | ---- | M] () -- C:\Users\Danuška\AppData\Roaming\Mozilla\Firefox\Profiles\zl7god4y.default\searchplugins\icqplugin-5.xml
[2010.02.19 18:33:55 | 000,000,961 | ---- | M] () -- C:\Users\Danuška\AppData\Roaming\Mozilla\Firefox\Profiles\zl7god4y.default\searchplugins\icqplugin-6.xml
[2010.03.10 21:03:06 | 000,000,947 | ---- | M] () -- C:\Users\Danuška\AppData\Roaming\Mozilla\Firefox\Profiles\zl7god4y.default\searchplugins\icqplugin-7.xml
[2008.03.31 14:52:00 | 000,000,168 | ---- | M] () -- C:\Users\Danuška\AppData\Roaming\Mozilla\Firefox\Profiles\zl7god4y.default\searchplugins\icqplugin.gif
[2009.11.19 15:35:02 | 000,000,615 | ---- | M] () -- C:\Users\Danuška\AppData\Roaming\Mozilla\Firefox\Profiles\zl7god4y.default\searchplugins\icqplugin.src
[2008.07.10 13:07:28 | 000,000,944 | ---- | M] () -- C:\Users\Danuška\AppData\Roaming\Mozilla\Firefox\Profiles\zl7god4y.default\searchplugins\icqplugin.xml
[2010.02.19 09:22:09 | 000,009,985 | ---- | M] () -- C:\Users\Danuška\AppData\Roaming\Mozilla\Firefox\Profiles\zl7god4y.default\searchplugins\mywebsearch.xml
[2009.11.30 11:14:21 | 000,003,915 | ---- | M] () -- C:\Users\Danuška\AppData\Roaming\Mozilla\Firefox\Profiles\zl7god4y.default\searchplugins\sweetim.xml
[2010.03.11 21:27:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.01.02 03:15:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.03.10 21:02:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010.02.19 07:28:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2010.02.20 00:06:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.01.16 04:11:42 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010.01.16 04:11:42 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2010.02.20 00:05:43 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2010.01.16 04:11:42 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007.03.22 18:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2009.12.21 18:34:06 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2010.01.16 01:50:40 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010.01.16 01:50:40 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.01.16 01:50:40 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.01.16 01:50:40 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.01.16 01:50:40 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.01.16 01:50:40 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.02.27 20:20:59 | 000,380,280 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13103 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec Mouse V3.0\moffice.exe ()
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd.)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.0\ICQ.exe (ICQ, Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, Inc.)
O9 - Extra Button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Společnost Microsoft)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Danuška\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Danuška\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[prdka20]

========== Files/Folders - Created Within 14 Days ==========

[2010.03.12 13:04:09 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\Danuška\Desktop\OTL.exe
[2010.03.12 05:52:59 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010.03.12 05:52:54 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010.03.12 05:52:54 | 000,000,000 | ---D | C] -- C:\Users\Danuška\AppData\Local\temp
[2010.03.12 01:38:31 | 000,000,000 | ---D | C] -- C:\Users\Danuška\AppData\Roaming\Malwarebytes
[2010.03.12 01:38:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.03.12 01:38:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.03.12 01:38:21 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.03.12 01:38:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.03.11 23:15:58 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010.03.11 16:15:08 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.03.11 16:15:08 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.03.11 16:15:07 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.03.11 16:15:06 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.03.11 16:15:05 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.03.11 16:15:05 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.03.11 16:15:05 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.03.11 16:15:04 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.03.11 16:15:04 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.03.11 16:15:04 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.03.11 16:15:04 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.03.11 16:15:03 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.03.11 16:15:03 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.03.11 16:15:03 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.03.11 03:15:13 | 000,000,000 | R--D | C] -- C:\Users\Danuška\Documents\Notes
[2010.03.11 02:49:29 | 000,000,000 | ---D | C] -- C:\Users\Danuška\AppData\Local\Apple Computer
[2010.03.11 02:37:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010.03.11 02:36:52 | 000,000,000 | ---D | C] -- C:\Users\Danuška\AppData\Local\Apple
[2010.03.11 02:36:49 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010.03.11 02:36:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010.03.10 23:18:49 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010.03.10 20:59:02 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2010.03.10 20:59:02 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2010.03.10 20:59:01 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2010.03.10 20:59:01 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2010.03.10 20:59:01 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2010.03.10 20:59:01 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2010.03.10 20:59:01 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2010.03.10 20:59:00 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2010.03.10 20:58:59 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010.03.10 20:58:59 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2010.03.10 20:58:59 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2010.03.10 20:58:59 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010.03.10 20:58:58 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.03.10 20:58:58 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2010.03.10 20:58:58 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2010.03.10 20:58:58 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2010.03.10 20:58:57 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.03.10 20:58:57 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2010.03.10 20:58:56 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.03.10 20:58:56 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2010.03.10 20:58:54 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2010.03.10 20:58:54 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.03.10 20:58:54 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2010.03.10 20:58:54 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2010.03.10 20:58:54 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2010.03.10 20:58:54 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2010.03.10 20:58:54 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2010.03.10 18:34:48 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010.03.10 18:29:29 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010.03.10 18:29:21 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010.03.04 07:40:53 | 000,000,000 | ---D | C] -- C:\Users\Danuška\Desktop\milášek
[2010.03.03 13:49:36 | 000,000,000 | ---D | C] -- C:\inetpub
[2010.03.03 12:46:58 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2010.03.03 11:25:47 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2010.03.03 11:25:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2010.03.03 11:04:31 | 000,000,000 | ---D | C] -- C:\ProgramData\FileCure
[2010.03.03 11:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2010.03.01 02:07:53 | 000,000,000 | ---D | C] -- C:\Program Files\Seznam.cz
[2010.02.28 20:24:46 | 000,000,000 | R--D | C] -- C:\Users\Danuška\Pictures
[2010.02.28 17:39:15 | 000,000,000 | ---D | C] -- C:\Users\Danuška\AppData\Local\ČSOB_Pojišťovna,_a.s
[2010.02.28 17:37:56 | 000,000,000 | ---D | C] -- C:\Aplikace
[2010.02.28 17:33:02 | 000,000,000 | ---D | C] -- C:\Users\Danuška\AppData\Roaming\Simulace_2009
[2010.02.28 12:21:54 | 000,000,000 | ---D | C] -- C:\Users\Danuška\Documents\The KMPlayer
[2010.02.28 03:33:21 | 000,000,000 | R--D | C] -- C:\Users\Danuška\Music
[2010.02.28 00:59:14 | 000,000,000 | ---D | C] -- C:\Users\Danuška\AppData\Local\ESET
[2010.02.28 00:45:15 | 000,000,000 | ---D | C] -- C:\Program Files\Marvell
[2010.02.27 23:20:14 | 000,000,000 | ---D | C] -- C:\Users\Danuška\AppData\Roaming\ESET
[2010.02.27 23:18:23 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2010.02.27 23:18:23 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010.02.27 21:49:56 | 000,000,000 | ---D | C] -- C:\Program Files\Labtec Mouse V3.0
[2010.02.27 21:49:30 | 000,012,097 | ---- | C] (Compuware Corporation) -- C:\Windows\System32\drivers\moufiltr.sys
[2010.02.27 19:30:55 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.02.27 19:30:29 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010.02.27 19:30:28 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010.02.27 19:30:28 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010.02.27 19:30:02 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010.02.27 19:30:01 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010.02.27 19:29:59 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010.02.27 19:29:58 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010.02.27 19:29:58 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010.02.27 19:29:58 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010.02.27 19:29:57 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010.02.27 19:29:57 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010.02.27 19:29:57 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2009.08.07 08:42:12 | 001,412,496 | ---- | C] (Protection Technology (StarForce)) -- C:\Program Files\sfdrvup.exe
[2009.03.21 08:57:59 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010.03.12 13:09:25 | 000,000,386 | ---- | M] () -- C:\Windows\red_dialer.ini
[2010.03.12 13:05:57 | 007,340,032 | -HS- | M] () -- C:\Users\Danuška\ntuser.dat
[2010.03.12 13:05:11 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Danuška\Desktop\OTL.exe
[2010.03.12 12:39:53 | 000,302,863 | ---- | M] () -- C:\Users\Danuška\Desktop\IMG_0001.pdf
[2010.03.12 12:39:23 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.03.12 12:00:37 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.03.12 11:39:50 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.03.12 11:39:50 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.03.12 11:38:13 | 000,000,470 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9EA01272-0BCA-448C-AE0E-303AE520F50A}.job
[2010.03.12 05:48:52 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010.03.12 03:39:59 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.03.12 03:39:57 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.03.12 03:39:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.03.12 03:38:50 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.03.12 03:38:48 | 000,524,288 | -HS- | M] () -- C:\Users\Danuška\ntuser.dat{b6b7fdb6-23c6-11df-ba02-946224eaeddb}.TMContainer00000000000000000001.regtrans-ms
[2010.03.12 03:38:48 | 000,065,536 | -HS- | M] () -- C:\Users\Danuška\ntuser.dat{b6b7fdb6-23c6-11df-ba02-946224eaeddb}.TM.blf
[2010.03.12 03:38:47 | 005,054,886 | -H-- | M] () -- C:\Users\Danuška\AppData\Local\IconCache.db
[2010.03.12 01:38:29 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.03.12 01:32:33 | 000,002,521 | ---- | M] () -- C:\Users\Danuška\Desktop\HiJackThis.lnk
[2010.03.11 20:59:32 | 000,002,395 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.03.11 17:21:42 | 000,026,624 | ---- | M] () -- C:\Users\Danuška\Desktop\Zadost_2009.doc
[2010.03.11 16:54:41 | 000,660,866 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2010.03.11 16:54:41 | 000,647,778 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.03.11 16:54:41 | 000,140,500 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2010.03.11 16:54:41 | 000,121,324 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.03.11 16:54:40 | 001,585,088 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.03.10 21:02:25 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.03.10 18:36:07 | 000,000,373 | ---- | M] () -- C:\Windows\win.ini
[2010.03.10 02:30:44 | 000,183,296 | ---- | M] () -- C:\Users\Danuška\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.06 12:25:06 | 001,429,829 | ---- | M] () -- C:\Users\Danuška\Desktop\faktura.pdf
[2010.03.04 08:52:00 | 000,023,040 | ---- | M] () -- C:\Users\Danuška\smlouvy-2010-03-02.xls
[2010.03.03 14:45:04 | 000,002,673 | ---- | M] () -- C:\Users\Danuška\Desktop\Microsoft Office Word 2003.lnk
[2010.03.02 20:18:35 | 000,001,674 | ---- | M] () -- C:\Users\Danuška\Desktop\CCleaner.lnk
[2010.02.28 00:58:12 | 000,072,088 | ---- | M] () -- C:\Users\Danuška\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.02.27 23:29:19 | 000,299,848 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.02.27 23:21:20 | 000,000,969 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Aktualizovat ESET licenci.lnk
[2010.02.27 23:21:20 | 000,000,933 | ---- | M] () -- C:\Users\Public\Desktop\Aktualizovat ESET licenci.lnk
[2010.02.27 21:49:30 | 000,027,312 | ---- | M] () -- C:\Windows\System32\drivers\chintps2.sys
[2010.02.27 21:49:30 | 000,012,097 | ---- | M] (Compuware Corporation) -- C:\Windows\System32\drivers\moufiltr.sys
[2010.02.27 20:47:05 | 000,524,288 | -HS- | M] () -- C:\Users\Danuška\ntuser.dat{b6b7fdb6-23c6-11df-ba02-946224eaeddb}.TMContainer00000000000000000002.regtrans-ms
[2010.02.27 20:20:59 | 000,380,280 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.02.27 19:58:09 | 000,000,871 | ---- | M] () -- C:\Users\Danuška\Desktop\Internet explorer.lnk
[2010.02.27 19:11:57 | 000,524,288 | -HS- | M] () -- C:\Users\Danuška\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.02.27 19:11:57 | 000,065,536 | -HS- | M] () -- C:\Users\Danuška\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.03.12 12:40:02 | 000,302,863 | ---- | C] () -- C:\Users\Danuška\Desktop\IMG_0001.pdf
[2010.03.12 01:38:29 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.03.11 23:16:01 | 000,002,521 | ---- | C] () -- C:\Users\Danuška\Desktop\HiJackThis.lnk
[2010.03.11 17:18:12 | 000,026,624 | ---- | C] () -- C:\Users\Danuška\Desktop\Zadost_2009.doc
[2010.03.11 16:15:02 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010.03.10 21:02:25 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.03.06 12:25:05 | 001,429,829 | ---- | C] () -- C:\Users\Danuška\Desktop\faktura.pdf
[2010.03.04 08:51:54 | 000,023,040 | ---- | C] () -- C:\Users\Danuška\smlouvy-2010-03-02.xls
[2010.02.27 23:21:20 | 000,000,969 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Aktualizovat ESET licenci.lnk
[2010.02.27 23:21:20 | 000,000,933 | ---- | C] () -- C:\Users\Public\Desktop\Aktualizovat ESET licenci.lnk
[2010.02.27 21:49:30 | 000,027,312 | ---- | C] () -- C:\Windows\System32\drivers\chintps2.sys
[2010.02.27 19:16:59 | 000,524,288 | -HS- | C] () -- C:\Users\Danuška\ntuser.dat{b6b7fdb6-23c6-11df-ba02-946224eaeddb}.TMContainer00000000000000000002.regtrans-ms
[2010.02.27 19:16:59 | 000,524,288 | -HS- | C] () -- C:\Users\Danuška\ntuser.dat{b6b7fdb6-23c6-11df-ba02-946224eaeddb}.TMContainer00000000000000000001.regtrans-ms
[2010.02.27 19:16:59 | 000,065,536 | -HS- | C] () -- C:\Users\Danuška\ntuser.dat{b6b7fdb6-23c6-11df-ba02-946224eaeddb}.TM.blf
[2010.02.13 07:30:27 | 000,058,792 | ---- | C] () -- C:\Windows\System32\wbload.dll
[2009.12.05 00:30:45 | 000,000,386 | ---- | C] () -- C:\Windows\red_dialer.ini
[2009.12.04 21:36:31 | 000,000,408 | ---- | C] () -- C:\Windows\wininit.ini
[2009.10.24 12:58:06 | 000,000,443 | R--- | C] () -- C:\Windows\hpw0460k.ini
[2009.10.24 12:50:15 | 000,000,560 | ---- | C] () -- C:\Windows\hpdj460.ini
[2009.10.23 08:59:50 | 000,000,704 | ---- | C] () -- C:\Windows\wsnk.ini
[2009.10.20 21:14:42 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.10.12 23:22:03 | 000,000,552 | ---- | C] () -- C:\Users\Danuška\AppData\Local\d3d8caps.dat
[2009.10.08 06:25:28 | 000,004,096 | -H-- | C] () -- C:\Users\Danuška\AppData\Local\keyfile3.drm
[2009.08.08 11:57:56 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2009.08.07 09:20:32 | 000,000,270 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.04.14 16:00:04 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.04.14 15:09:13 | 000,000,384 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.03.23 22:21:51 | 000,009,728 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2009.03.23 00:42:32 | 000,183,296 | ---- | C] () -- C:\Users\Danuška\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.03.21 21:41:30 | 000,005,972 | ---- | C] () -- C:\Users\Danuška\AppData\Local\d3d9caps.dat
[2009.03.21 08:43:48 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009.03.21 08:43:37 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2008.05.08 23:54:53 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.05.08 23:51:54 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.05.08 23:51:54 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.04.30 09:09:01 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2008.04.30 09:09:01 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2008.04.30 09:09:01 | 000,000,040 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.10.14 10:56:50 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2005.10.14 10:56:50 | 000,921,600 | ---- | C] () -- C:\Windows\System32\VorbisEnc.dll
[2005.10.14 10:56:50 | 000,761,856 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2005.10.14 10:56:50 | 000,344,064 | ---- | C] () -- C:\Windows\System32\xvid.dll
[2005.10.14 10:56:50 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2005.10.14 10:56:50 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2005.10.14 10:56:50 | 000,155,136 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2005.10.14 10:56:50 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2005.10.14 10:56:48 | 000,077,824 | ---- | C] () -- C:\Windows\System32\MMSwitch.dll
[2003.04.09 14:38:04 | 000,005,664 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2009.03.24 13:47:30 | 000,000,000 | -HSD | M] -- C:\Users\Danuška\AppData\Roaming\.#
[2009.05.19 12:08:17 | 000,000,000 | ---D | M] -- C:\Users\Danuška\AppData\Roaming\ACD Systems
[2008.05.08 23:49:13 | 000,000,000 | ---D | M] -- C:\Users\Danuška\AppData\Roaming\Acer GameZone Console
[2010.02.18 01:02:16 | 000,000,000 | ---D | M] -- C:\Users\Danuška\AppData\Roaming\AnvSoft
[2009.03.21 16:27:45 | 000,000,000 | ---D | M] -- C:\Users\Danuška\AppData\Roaming\Big Fish Games
[2009.12.31 10:57:19 | 000,000,000 | ---D | M] -- C:\Users\Danuška\AppData\Roaming\Black Sea Studios
[2009.10.16 21:26:46 | 000,000,000 | ---D | M] -- C:\Users\Danuška\AppData\Roaming\Canon
[2009.04.14 14:38:18 | 000,000,000 | ---D | M] -- C:\Users\Danuška\AppData\Roaming\DAEMON Tools Pro
[2010.02.27 23:20:14 | 000,000,000 | ---D | M] -- C:\Users\Danuška\AppData\Roaming\ESET
[2009.03.21 16:11:06 | 000,000,000 | ---D | M] -- C:\Users\Danuška\AppData\Roaming\FloodLightGames
[2009.03.23 20:00:00 | 000,000,000 | ---D | M] -- C:\Users\Danuška\AppData\Roaming\Gaijin Ent
[2009.08.04 06:04:17 | 000,000,000 | ---D | M] -- C:\Users\Danuška\AppData\Roaming\Gearbox Software
[2010.03.03 11:32:21 | 000,000,000 | ---D | M] -- C:\Users\Danuška\AppData\Roaming\GHISLER
[2010.03.12 03:25:15 | 000,000,000 | ---D | M] -- C:\Users\Danuška\AppData\Roaming\ICQ
[2009.04.14 14:56:05 | 000,000,000 | ---D | M] -- C:\Users\Danuška\AppData\Roaming\ICQ Toolbar
[2009.03.22 17:59:48 | 000,000,000 | ---D | M] -- C:\Users\Danuška\AppData\Roaming\iWin
[2009.08.29 12:12:59 | 000,000,000 | ---D | M] -- C:\Users\Danuška\AppData\Roaming\Leadertech
[2010.02.12 02:33:30 | 000,000,000 | ---D | M] -- C:\Users\Danuška\AppData\Roaming\licenses
[2010.02.19 15:39:06 | 000,000,000 | ---D | M] -- C:\Users\Danuška\AppData\Roaming\Opera
[2010.02.12 02:35:38 | 000,000,000 | ---D | M] -- C:\Users\Danuška\AppData\Roaming\PCMM2009
[2010.02.12 02:33:26 | 000,000,000 | ---D | M] -- C:\Users\Danuška\AppData\Roaming\PCMM2010
[2009.03.21 16:26:48 | 000,000,000 | ---D | M] -- C:\Users\Danuška\AppData\Roaming\PlayFirst
[2010.02.28 17:33:02 | 000,000,000 | ---D | M] -- C:\Users\Danuška\AppData\Roaming\Simulace_2009
[2009.03.24 10:36:01 | 000,000,000 | ---D | M] -- C:\Users\Danuška\AppData\Roaming\Wildfire
[2010.03.12 03:38:51 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.03.12 11:38:13 | 000,000,470 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{9EA01272-0BCA-448C-AE0E-303AE520F50A}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:131C0EE9
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:2B99FE60
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:FEBEC560
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:55F44B88
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:9E22BBE8
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:193426B4
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:4BB26BE9
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:580E04D8
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:793F316E
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:8173A019
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:3E7393FC
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:EC2246A6
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:FC420CE6
< End of report >


OTL Extras logfile created on: 12.3.2010 13:10:08 - Run 1
OTL by OldTimer - Version 3.1.37.0 Folder = C:\Users\Danuška\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,17 Gb Total Space | 112,31 Gb Free Space | 77,90% Space Free | Partition Type: NTFS
Drive D: | 144,15 Gb Total Space | 117,01 Gb Free Space | 81,17% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DANUŠKA-PC
Current User Name: Danuška
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 14 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 2.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee Pro\2.0\ACDSeeQVPro2.exe" "%1" (ACD Systems)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3618681061-1965329746-1127524543-1000]
"EnableNotificationsRef" = 9
"EnableNotifications" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3618681061-1965329746-1127524543-1001]
"EnableNotifications" = 1
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F7C7249-00AA-4F33-9971-622BDF3A1755}" = rport=139 | protocol=6 | dir=out | app=system |
"{1CC87963-F357-4676-89C8-9134B8E88A49}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2A7487D6-E014-4920-890A-CCEBE9A47DF1}" = lport=445 | protocol=6 | dir=in | app=system |
"{2B7F0843-E457-46DE-B2FE-1B54F0B08904}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3FE9958B-E39A-4A09-B8F1-17C40F4D00BB}" = rport=137 | protocol=17 | dir=out | app=system |
"{4D9CCFDB-A769-4EFC-AA22-0A6AD241BCCA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{745B2C66-88F2-4EA0-9986-66EE0296D0EF}" = rport=445 | protocol=6 | dir=out | app=system |
"{8F56102E-BEC8-409D-B5E0-10B444ECB475}" = lport=137 | protocol=17 | dir=in | app=system |
"{95AA8F2A-BF21-42DD-BB12-607B04A634CA}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{99E249C3-810B-4A5A-A2F1-7C39D0C258D7}" = lport=138 | protocol=17 | dir=in | app=system |
"{B203FD8C-CF24-4637-B629-A82F5098FDB4}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B20728C2-E6E8-41CA-A340-7E832CD649F3}" = rport=138 | protocol=17 | dir=out | app=system |
"{B474C9C1-8DF4-46B7-AA02-1A74B5F965CA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BE08CB13-1723-42CC-965B-B7FC142A1ABA}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C3402E21-8656-445D-BFCE-E688AA45C5FD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D35543F5-6144-4222-8A2C-BB49147B1E39}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{DFCF05FE-1AEF-48B5-83F2-1B6B31CE67A6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{ECAE19C6-8A3C-43F2-B78E-7CEC4B22C1E4}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{027CC237-8005-4E6A-AE16-0F68F0B33031}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{14D43708-24D2-4DD1-8383-94A059A5AE1E}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{18137001-9B66-4CBD-8DA0-495D8C90F830}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{27BFC9E6-1505-4A05-85E1-5734AE3CDDDC}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{30545E7F-69E4-4ECB-AD7B-064624068CB8}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{3B60FA4A-39E8-4D9D-AF31-CAF51C2D5EC5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{446E3C17-B297-4A67-A6F4-575D7363D028}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4AF9BE5B-A444-44C4-8E13-35DDAE80101B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56BCBC80-A4DD-4E93-BABC-0552CFC51565}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{583DC260-0607-4CF3-91AA-0137BB954E00}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{65945D97-60E8-4B30-8ADA-A978663C1BF5}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{6D47387F-508E-4CE1-8A8E-5723E6798711}" = protocol=6 | dir=in | app=c:\program files\gamespy arcade\aphex.exe |
"{7503F71A-179E-4067-B59F-D40E9FB9D106}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{768FF10C-222B-4C8B-8816-F3854F2AA49C}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{80DF0657-1F16-43D4-884D-19EE40FD65D0}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{820192B5-B98D-453D-9CCC-E6D898355B21}" = protocol=17 | dir=in | app=c:\program files\gamespy arcade\aphex.exe |
"{9AC5F585-DB26-41DA-B1DF-60C2A41CA6B3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A86A02A5-51EE-4226-924F-ECFE5155F5E4}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{B4920A0F-4184-4097-9DB8-A9D7358A4260}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{C5E167DB-93C0-4727-8273-CE37DAC5300D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D0364B79-BF67-4C96-A5E2-B6A965BB0E09}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{F7AB2E10-21DD-4E14-8016-E98BCD16A67D}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"TCP Query User{22DC416B-9E8B-4E4E-9654-6B8B0E0FD86D}C:\program files\icq7.0\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"TCP Query User{38F08470-38AB-49CE-9921-EA3C9B91C41A}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{613C5594-DDB9-422B-ADFF-BD9EA52AAEA4}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{779E4FF7-9B0F-421F-8144-4D44B584F36D}C:\program files\opera 10.50 beta\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera 10.50 beta\opera.exe |
"TCP Query User{830A4759-BBF7-4528-BBFE-89929AAAEBB9}C:\users\danuška\appdata\local\temp\rar$ex02.083\megarapidmanager.exe" = protocol=6 | dir=in | app=c:\users\danuška\appdata\local\temp\rar$ex02.083\megarapidmanager.exe |
"UDP Query User{368500CD-D031-4AA4-A80C-9B66A5E2B4D3}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{6A46BFE5-1E61-45EF-BBEC-8DC7AFC243B3}C:\program files\icq7.0\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"UDP Query User{8F2A9DD5-CED2-4E69-9C07-3CF89F1C380E}C:\program files\opera 10.50 beta\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera 10.50 beta\opera.exe |
"UDP Query User{FD937EC0-25A6-4325-ABC4-0C0C6C661EA8}C:\users\danuška\appdata\local\temp\rar$ex02.083\megarapidmanager.exe" = protocol=17 | dir=in | app=c:\users\danuška\appdata\local\temp\rar$ex02.083\megarapidmanager.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{14B7A9EF-BB68-4529-9190-8CE164E0F548}" = ESET Smart Security
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = CENZURA 2.5.3
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4AAC95F4-A30E-4EE5-A086-6F79581D0D70}" = ACDSee Pro 2
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5E152D08-572A-3375-8FDE-DAD1EFB379BA}" = Microsoft Report Viewer Redistributable 2008
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{919635D1-5C0D-4B64-B724-BDDB31D11029}" = Nero 8
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-A93000000001}" = Adobe Reader 9.3.1 - Czech
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B67C01B3-8502-4BE7-AEAB-BBDE910AD3EE}" = Microsoft Web Platform Installer 2.0
"{C73B5B3B-F974-48CA-8B91-3E8A432AEA5B}" = Microsoft Works
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"41978AA3537FE156CA0678A15CD1FC997E3070F4" = Balíček ovladače systému Windows - AnyDATA Corporation (adusbser) Ports (12/21/2006 2.0.3.7)
"5CAA468D5260C976817F43472B09AECA6964F1FB" = Balíček ovladače systému Windows - AnyDATA Corporated (adusbser) Modem (12/21/2006 2.0.3.7)
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adresní modul UIR-ADR_is1" = Adresní modul UIR-ADR
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Any Video Converter_is1" = Any Video Converter 3.0.3
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"Code of Honor 2_is1" = Code of Honor 2 (1.0)
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InterBase 6 Client Open Edition - 6.0.2.0" = InterBase 6 Client Open Edition - 6.0.2.0
"ISOS_is1" = ISOS 3.3.3 (Externí síť, XP/Vista)
"Kalkulátory_is1" = ČSOBP Kalkulátory 1.3.0.0 (BALÍČEK
"Labtec Mouse Software 3.0" = Labtec Mouse Software 3.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Report Viewer Redistributable 2008" = Microsoft Report Viewer Redistributable 2005
"Microsoft Report Viewer Redistributable 2008 (KB971118)" = Microsoft Report Viewer Redistributable 2005
"MiNODLogin" = ESET Antivirus License Finder (MiNODLogin)
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"Registrace uživatele zařízení Canon MP250 series" = Registrace uživatele zařízení Canon MP250 series
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The KMPlayer" = The KMPlayer (remove only)
"Totalcmd" = Total Commander (Remove or Repair)
"Ufonuv fofr internet" = Ufonuv fofr internet 3.258.47
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archiver
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"b5373354f7277318" = KISS

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4.12.2009 3:53:38 | Computer Name = Danuška-PC | Source = Application Hang | ID = 1002
Description = Program iexplore.exe verze 8.0.6001.18828 přestal spolupracovat se
systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací
o tomto problému, vyhledejte historii problému v ovládacím panelu Oznámení a řešení
problémů. ID procesu: 1070 Čas zahájení: 01ca749b49986682 Čas ukončení: 31

Error - 4.12.2009 4:52:36 | Computer Name = Danuška-PC | Source = WinMgmt | ID = 10
Description =

Error - 4.12.2009 5:05:02 | Computer Name = Danuška-PC | Source = WinMgmt | ID = 10
Description =

Error - 4.12.2009 5:14:47 | Computer Name = Danuška-PC | Source = WinMgmt | ID = 10
Description =

Error - 4.12.2009 5:21:03 | Computer Name = Danuška-PC | Source = WinMgmt | ID = 10
Description =

Error - 4.12.2009 7:03:22 | Computer Name = Danuška-PC | Source = MsiInstaller | ID = 1013
Description =

Error - 4.12.2009 7:07:08 | Computer Name = Danuška-PC | Source = WinMgmt | ID = 10
Description =

Error - 4.12.2009 8:14:49 | Computer Name = Danuška-PC | Source = Application Hang | ID = 1002
Description = Program ICQ.exe verze 6.5.0.1042 přestal spolupracovat se systémem
Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto
problému, vyhledejte historii problému v ovládacím panelu Oznámení a řešení problémů.
ID
procesu: 6c4 Čas zahájení: 01ca74d1e3171365 Čas ukončení: 0

Error - 4.12.2009 8:20:06 | Computer Name = Danuška-PC | Source = Application Hang | ID = 1002
Description = Program EASYWIRELESSNET.EXE verze 3.255.0.0 přestal spolupracovat
se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací
o tomto problému, vyhledejte historii problému v ovládacím panelu Oznámení a řešení
problémů. ID procesu: abc Čas zahájení: 01ca74d2175fcf95 Čas ukončení: 156

Error - 4.12.2009 8:46:19 | Computer Name = Danuška-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 1.1.2010 13:48:07 | Computer Name = Danuška-PC | Source = Media Center Guide | ID = 0
Description = Informace o události: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Proces: DefaultDomain Název objektu: Media Center
Guide

Error - 3.3.2010 9:55:53 | Computer Name = Danuška-PC | Source = Media Center Guide | ID = 0
Description = Informace o události: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Proces: DefaultDomain Název objektu: Media Center
Guide

[ System Events ]
Error - 11.3.2010 22:50:45 | Computer Name = Danuška-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 11.3.2010 22:52:10 | Computer Name = Danuška-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 11.3.2010 22:53:22 | Computer Name = Danuška-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 12.3.2010 0:38:48 | Computer Name = Danuška-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 12.3.2010 0:38:50 | Computer Name = Danuška-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 12.3.2010 0:40:28 | Computer Name = Danuška-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 12.3.2010 0:43:03 | Computer Name = Danuška-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 12.3.2010 0:45:34 | Computer Name = Danuška-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 12.3.2010 0:47:07 | Computer Name = Danuška-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 12.3.2010 0:48:38 | Computer Name = Danuška-PC | Source = Service Control Manager | ID = 7030
Description =


< End of report >

[Damned]

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Custom Scans/Fixes do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- File not found
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=icqskins&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&q="
[2009.12.04 21:58:12 | 000,002,255 | ---- | M] () -- C:\Users\Danuška\AppData\Roaming\Mozilla\Firefox\Profiles\zl7god4y.default\searchplugins\askcom.xml
[2010.03.05 21:15:39 | 000,000,961 | ---- | M] () -- C:\Users\Danuška\AppData\Roaming\Mozilla\Firefox\Profiles\zl7god4y.default\searchplugins\icqplugin-1.xml
[2009.11.08 20:25:44 | 000,000,961 | ---- | M] () -- C:\Users\Danuška\AppData\Roaming\Mozilla\Firefox\Profiles\zl7god4y.default\searchplugins\icqplugin-2.xml
[2009.12.03 14:19:52 | 000,000,961 | ---- | M] () -- C:\Users\Danuška\AppData\Roaming\Mozilla\Firefox\Profiles\zl7god4y.default\searchplugins\icqplugin-3.xml
[2010.01.03 03:26:19 | 000,000,961 | ---- | M] () -- C:\Users\Danuška\AppData\Roaming\Mozilla\Firefox\Profiles\zl7god4y.default\searchplugins\icqplugin-4.xml
[2010.02.11 21:59:28 | 000,000,958 | ---- | M] () -- C:\Users\Danuška\AppData\Roaming\Mozilla\Firefox\Profiles\zl7god4y.default\searchplugins\icqplugin-5.xml
[2010.02.19 18:33:55 | 000,000,961 | ---- | M] () -- C:\Users\Danuška\AppData\Roaming\Mozilla\Firefox\Profiles\zl7god4y.default\searchplugins\icqplugin-6.xml
[2010.03.10 21:03:06 | 000,000,947 | ---- | M] () -- C:\Users\Danuška\AppData\Roaming\Mozilla\Firefox\Profiles\zl7god4y.default\searchplugins\icqplugin-7.xml
[2008.03.31 14:52:00 | 000,000,168 | ---- | M] () -- C:\Users\Danuška\AppData\Roaming\Mozilla\Firefox\Profiles\zl7god4y.default\searchplugins\icqplugin.gif
[2009.11.19 15:35:02 | 000,000,615 | ---- | M] () -- C:\Users\Danuška\AppData\Roaming\Mozilla\Firefox\Profiles\zl7god4y.default\searchplugins\icqplugin.src
[2008.07.10 13:07:28 | 000,000,944 | ---- | M] () -- C:\Users\Danuška\AppData\Roaming\Mozilla\Firefox\Profiles\zl7god4y.default\searchplugins\icqplugin.xml
[2010.02.19 09:22:09 | 000,009,985 | ---- | M] () -- C:\Users\Danuška\AppData\Roaming\Mozilla\Firefox\Profiles\zl7god4y.default\searchplugins\mywebsearch.xml
[2009.11.30 11:14:21 | 000,003,915 | ---- | M] () -- C:\Users\Danuška\AppData\Roaming\Mozilla\Firefox\Profiles\zl7god4y.default\searchplugins\sweetim.xml
C:\Windows\System32\drivers\etc\hosts
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:131C0EE9
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:2B99FE60
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:FEBEC560
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:55F44B88
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:9E22BBE8
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:193426B4
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:4BB26BE9
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:580E04D8
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:793F316E
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:8173A019
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:3E7393FC
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:EC2246A6
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:FC420CE6

:Files
C:\Windows\*.tmp
C:\Windows\System32\*.tmp
C:\Recycler
C:\$RECYCLE.BIN
C:\Users\Danuška\AppData\Local\d3d8caps.dat
C:\Users\Danuška\AppData\Roaming\.#
C:\Documents and Settings\NetworkService\Data aplikací\rbuwzv.dat
C:\Windows\tasks\SA.DAT

:Reg

:Commands
[purity]
[emptytemp]
[resethosts]
[emptyflash]
[start explorer]
[Reboot]


Poté klikni nahoře na Run Fix. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

[prdka20]

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
Service SBSDWSCService stopped successfully!
Service SBSDWSCService deleted successfully!
File File not found not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "http://search.sweetim.com/search.asp?src=2&q=" removed from browser.search.defaulturl
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "chr-greentree_ff&type=937811" removed from browser.search.param.yahoo-fr
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: "http://search.icq.com/search/afe_results.php?ch_id=icqskins&q=" removed from keyword.URL
Prefs.js: "ICQ Search" removed from sweetim.toolbar.previous.browser.search.defaultenginename
Prefs.js: "http://search.sweetim.com/search.asp?src=2&q=" removed from sweetim.toolbar.previous.browser.search.defaulturl
Prefs.js: "ICQ Search" removed from sweetim.toolbar.previous.browser.search.selectedEngine
Prefs.js: "http://search.icq.com/search/afe_results.php?ch_id=afex&q=" removed from sweetim.toolbar.previous.keyword.URL
C:\Users\Danuška\AppData\Roaming\Mozilla\Firefox\Profiles\zl7god4y.default\searchplugins\askcom.xml moved successfully.
C:\Users\Danuška\AppData\Roaming\Mozilla\Firefox\Profiles\zl7god4y.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\Danuška\AppData\Roaming\Mozilla\Firefox\Profiles\zl7god4y.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\Danuška\AppData\Roaming\Mozilla\Firefox\Profiles\zl7god4y.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\Danuška\AppData\Roaming\Mozilla\Firefox\Profiles\zl7god4y.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\Danuška\AppData\Roaming\Mozilla\Firefox\Profiles\zl7god4y.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\Danuška\AppData\Roaming\Mozilla\Firefox\Profiles\zl7god4y.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Users\Danuška\AppData\Roaming\Mozilla\Firefox\Profiles\zl7god4y.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Users\Danuška\AppData\Roaming\Mozilla\Firefox\Profiles\zl7god4y.default\searchplugins\icqplugin.gif moved successfully.
C:\Users\Danuška\AppData\Roaming\Mozilla\Firefox\Profiles\zl7god4y.default\searchplugins\icqplugin.src moved successfully.
C:\Users\Danuška\AppData\Roaming\Mozilla\Firefox\Profiles\zl7god4y.default\searchplugins\icqplugin.xml moved successfully.
C:\Users\Danuška\AppData\Roaming\Mozilla\Firefox\Profiles\zl7god4y.default\searchplugins\mywebsearch.xml moved successfully.
C:\Users\Danuška\AppData\Roaming\Mozilla\Firefox\Profiles\zl7god4y.default\searchplugins\sweetim.xml moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
ADS C:\ProgramData\TEMP:4F636E25 deleted successfully.
ADS C:\ProgramData\TEMP:131C0EE9 deleted successfully.
ADS C:\ProgramData\TEMP:2B99FE60 deleted successfully.
ADS C:\ProgramData\TEMP:FEBEC560 deleted successfully.
ADS C:\ProgramData\TEMP:55F44B88 deleted successfully.
ADS C:\ProgramData\TEMP:9E22BBE8 deleted successfully.
ADS C:\ProgramData\TEMP:193426B4 deleted successfully.
ADS C:\ProgramData\TEMP:8AB6C1D7 deleted successfully.
ADS C:\ProgramData\TEMP:4BB26BE9 deleted successfully.
ADS C:\ProgramData\TEMP:4CF61E54 deleted successfully.
ADS C:\ProgramData\TEMP:9F683177 deleted successfully.
ADS C:\ProgramData\TEMP:580E04D8 deleted successfully.
ADS C:\ProgramData\TEMP:861A898F deleted successfully.
ADS C:\ProgramData\TEMP:B623B5B8 deleted successfully.
ADS C:\ProgramData\TEMP:793F316E deleted successfully.
ADS C:\ProgramData\TEMP:8173A019 deleted successfully.
ADS C:\ProgramData\TEMP:3E7393FC deleted successfully.
ADS C:\ProgramData\TEMP:EC2246A6 deleted successfully.
ADS C:\ProgramData\TEMP:FC420CE6 deleted successfully.
File rity] not found.
File ptytemp] not found.
File sethosts] not found.
File ptyflash] not found.
File art explorer] not found.
File boot] not found.

OTL by OldTimer - Version 3.1.37.0 log created on 03122010_141005

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...