automatické nechtěné přesměrování

pitrsnoaco · Příspěvekod **pitrsnoaco** » 14 dub 2010 22:27

Zdravim, nevim jestli to patří zrovna sem, ale předpokládám, že problém bude virovýho původu.

Zkrátka mi nejde doména www.myspace.com ani žádnej myspace profil. Vždy se mi prohlížeč okamžitě přesměruje na www.google.com

Čistil jsem PC SpywareTerminatorem, CC Cleanerem, AD-Awarem, a kontroloval Avastem.

Vzhledem k tomu, že to dělá v Mozille i Exploreru, přeinstalování prohlížeče by asi nemělo smysl. Tak už nevím, co bych měl zkusit.

Zatim dík.

Reklama

Příspěvekod **mike007** » 14 dub 2010 22:29

Můžeš sem zkusit dát výpis z HJT ...

pitrsnoaco · Příspěvekod **pitrsnoaco** » 14 dub 2010 23:18

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 23:15:37, on 14.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Petr Ouda\Plocha\yodm3D\Yodm3D.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Petr Ouda\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Petr Ouda\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Petr Ouda\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Petr Ouda\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yodm3D] C:\Documents and Settings\Petr Ouda\Plocha\yodm3D\Yodm3D.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Hlavní panel ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 9028 bytes

alenka_v_říši_divů

Vypni ostatní prohlížeče a aplikace, odpoj se od netu, odinstaluj Foxit a Crawler toolbary a fixni:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Petr Ouda\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll

R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Petr Ouda\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll

R3 - URLSearchHook: (no name) - - (no file)R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Petr Ouda\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll

R3 - URLSearchHook: (no name) - - (no file)

R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Petr Ouda\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll

O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Petr Ouda\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll

O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

pitrsnoaco · Příspěvekod **pitrsnoaco** » 19 dub 2010 00:40

Dostal jsem se k tomu až teď, tady je log:
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Verze databáze: 3930

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

19.4.2010 0:37:34
mbam-log-2010-04-19 (00-37-34).txt

Typ skenu: Rychlý sken
Skenované objekty: 103504
Uplynulý čas: 4 minuta(y), 10 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 3
Infikované složky: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\WINDOWS\system32\winlogon.ex (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\Documents and Settings\Petr Ouda\Plocha\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.

alenka_v_říši_divů

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní ochranu Avastu, Spyware Terminatora, vypni Ad-Aware a případně firewall.

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

pitrsnoaco · Příspěvekod **pitrsnoaco** » 20 dub 2010 01:05

Takže první log:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Verze databáze: 3930

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

20.4.2010 0:40:50
mbam-log-2010-04-20 (00-40-50).txt

Typ skenu: Rychlý sken
Skenované objekty: 103810
Uplynulý čas: 5 minuta(y), 15 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 3
Infikované složky: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\WINDOWS\system32\winlogon.ex (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\Documents and Settings\Petr Ouda\Plocha\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

A z Combo Fixu:

ComboFix 10-04-18.04 - Petr Ouda 20.04.2010 0:51.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1024.469 [GMT 2:00]
Spuštěný z: c:\documents and settings\Petr Ouda\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100419-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AskSearch\bin\DefaultSearch.dll
c:\windows\system32\Chip.dll
c:\windows\system32\Pvt.tmp
c:\windows\system32\winlogon.bak

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-19 do 2010-04-19 )))))))))))))))))))))))))))))))
.

2010-04-18 22:30 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-18 22:30 . 2010-04-18 22:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-18 22:30 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-14 21:14 . 2010-04-14 21:14 -------- d-----w- c:\program files\TrendMicro
2010-04-14 20:02 . 2010-04-14 19:10 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-04-14 19:10 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-04-14 19:08 . 2010-04-14 19:08 -------- d-----w- c:\program files\Lavasoft
2010-04-04 07:58 . 2010-04-04 07:58 -------- d-----w- c:\program files\TomTom DesktopSuite
2010-03-27 20:07 . 2010-03-27 20:07 -------- d-----w- c:\program files\Common Files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-17 21:05 . 2010-01-24 22:56 -------- d-----w- c:\program files\Google
2010-04-14 20:02 . 2009-06-11 20:22 -------- d-----w- c:\program files\Acoustica Mixcraft 4
2010-04-14 19:10 . 2009-11-05 21:11 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-05 19:00 . 2004-08-18 12:00 74876 ----a-w- c:\windows\system32\perfc005.dat
2010-04-05 19:00 . 2004-08-18 12:00 403596 ----a-w- c:\windows\system32\perfh005.dat
2010-04-05 18:58 . 2009-05-10 21:20 -------- d-----w- c:\program files\uTorrent
2010-03-03 21:30 . 2009-10-28 11:16 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-20 19:26 . 2009-05-04 21:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-20 19:24 . 2009-09-10 17:16 -------- d-----w- c:\program files\Easy Editor 2005
2010-02-20 19:19 . 2009-06-03 18:02 -------- d-----w- c:\program files\Micropro
2010-02-20 19:02 . 2009-05-31 14:47 -------- d-----w- c:\program files\Zalohovani
2010-02-20 19:00 . 2009-05-04 21:05 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-20 19:00 . 2009-08-23 10:19 -------- d-----w- c:\program files\IK Multimedia
2010-02-20 18:31 . 2010-02-20 18:30 -------- d-----w- c:\program files\EasyPHP5.2.10
2010-02-20 17:30 . 2009-05-06 10:21 -------- d-----w- c:\program files\Spyware Terminator
2010-02-15 17:34 . 2010-02-15 17:34 4608 ----a-w- c:\windows\system32\bbchlp.dll
2010-02-15 17:34 . 2010-02-15 17:34 2944 ----a-w- c:\windows\system32\drivers\bbcap.sys
2010-02-15 17:34 . 2010-02-15 17:34 27776 ----a-w- c:\windows\system32\bbcap.dll
.

------- Sigcheck -------

[-] 2009-05-21 . 427E6DED3A2369D3432A683EB489EE14 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

[-] 2009-04-27 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yodm3D"="c:\documents and settings\Petr Ouda\Plocha\yodm3D\Yodm3D.exe" [2007-06-26 2058752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-30 344064]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-30 57344]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SpywareTerminator"="c:\progra~1\SPYWAR~1\SpywareTerminatorShield.exe" [2009-05-06 1783808]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Hlavnˇ panel ATI CATALYST.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-8-31 57344]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"h:\\mirranda\\MirandaPortable\\App\\miranda\\miranda32.exe"=
"g:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [14.4.2010 21:10 64288]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [27.4.2009 22:36 77312]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [5.5.2009 18:18 114768]
R1 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [15.2.2010 19:34 2944]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [6.5.2009 12:21 141312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5.5.2009 18:18 20560]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15.2.2010 19:46 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [4.2.2010 17:52 1265264]
S3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [26.8.2009 20:49 16640]
.
Obsah adresáře 'Naplánované úlohy'

2010-04-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 19:10]

2010-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 17:46]

2010-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 17:46]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
FF - ProfilePath - c:\documents and settings\Petr Ouda\Data aplikací\Mozilla\Firefox\Profiles\pdtg61vx.default\
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-20 00:59
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="CB062D3E92F49286BF31BC87E8A50C04E0E8E50EF43BD562FE2438512FEEDE88C0D1A4BC95F66B71E139686CEACC469479A483BA8643021ECB5EC7A12DE74EFA34FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D1407A2D97226D213B5559DB7CE019D40AA5CD0F0ECF858F37524206A0BB0E200F52A0897EE0617978C5FE0F9E0B487BE80E6D1817170E3E958F94717564A625261CF44329F98EFD70516FA0E35F7386F75F5BC5628DB77ADA229B2FED12722CE8424EE94C761D4E4B4C7442D19729D00D4ADF55EDE700BF7C67735CCA07D98B838BCE6BFFEB9D82C78FC485438BD85A42126D8AFF7ABC8678DAD13CD78CC6B36A9B3FDDCEE40C17B823F08245339F3F5307BAF02E74D12FB94968774A255F9515B267DB458560787D79B7560BD871EEEAE4C3D34385AF89C4805C1D7009BD2791E369E388EA358E6D3287AEF6011EE71993C3645051AC411ED4C61AF80E9BA7F1E0A11F87790169422F8F360B77F8441C4F4435A0119F1881E45FD5BAA4DAB9AD6C9F72D8F4CD67146A9AE5FD343B207D69E01BDF1A6AF9343CC22DB1A16D0651923E8B1E5C9E24014587143D98E7E4FCAEC02DAAED761279DC349D77B5A8ADE8949F1041E3D38A738A8F38100D8A4896E10C8C3A6849E1EC18E68999272EE67A1F00F48EEA209B32EBF6038155E110BE542D1AC5BC8B3339616648CB4FBC4C7ADD335C323B6B8D3494A59A6779CE70CA6BD07EDDF849E0B58C596C54C5709294DAFCAE29A7C635BAD7470309B587EA87CC24B85DEDD14291690CD79D72B6D9978C52B33C839568256F230DC0A9660E18514F21416B97BF534684B02E860558C745CA3E9B4F791628F7C925860A4CB1B34F9465F56C670416BC8C6DCA7A2595760BD79DA7A864B7CFD4A88F2CC10349ED0C004CD04F3413BC42CE72CCBE346B5ABB56382C778EC34149A75A016ACBD9674B65CED9AF57279A2144F36A5DA9BC49B960B80E1A0944F9D3332F81291C4950F31747125C43C7538058C65967D9087C9B791951E1C13FA38D78A38AC9B588D6306E3ABC51D090C0C08A745950C8AE321EF87AB6848ED45D5D3BE3EE866395987913A96327D797F7B29990AAB0628A4E39FF44ABFC6DFA2BA76018FD8D7DE34E53477CD322B607435F9CF087830397827A55523397E556A8111FB522716F33D3ED00F94A5AFC4753E8D2E3B2D15C172526A9808F9996F561AFB4B540D8CD67BA34F6CCDFAD3E1ED6CFD093F11817B86A2D51FEEBE05040843917C83DC6A1AD5FB9BEA82B9AB29B0EDE62BD77D06D1112AD54274D4739D02922F96F5F8A3049882245D5FF907BCF340E9D26AE0F765D0CB5CCBD622DBF8ABF4B890E2DC6D10F4465E0737698274CEB82CB1FEBE700C6641"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:ff,d5,71,d6,8b,6a,8d,6f,d5,33,93,fd
"LastWPAEventLogged"=hex:d9,07,0b,00,00,00,1d,00,0d,00,25,00,3b,00,ab,00
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(532)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-04-20 01:00:32
ComboFix-quarantined-files.txt 2010-04-19 23:00

Před spuštěním: 2 440 843 264
Po spuštění: 2 418 839 552

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - A28C0F8CC6CB015BAA26F0CE908776E4

Příspěvekod **jaro3** » 20 dub 2010 11:28

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Firefox::
FF - ProfilePath - c:\documents and settings\Petr Ouda\Data aplikací\Mozilla\Firefox\Profiles\pdtg61vx.default\
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\system32\winlogon.exe
c:\windows\system32\sfcfiles.dll

Pokud už byl soubor testován-klikni na otestovat znovu.
Až skončí test všech antivirů, vlož sem pak odkazy na stránky s výsledky.

pitrsnoaco · Příspěvekod **pitrsnoaco** » 21 dub 2010 00:35

Takže nejřív log z Combofixu

ComboFix 10-04-18.04 - Petr Ouda 21.04.2010 0:04.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1024.478 [GMT 2:00]
Spuštěný z: c:\documents and settings\Petr Ouda\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Petr Ouda\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100420-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-03-20 do 2010-04-20 )))))))))))))))))))))))))))))))
.

2010-04-18 22:30 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-18 22:30 . 2010-04-18 22:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-18 22:30 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-14 21:14 . 2010-04-14 21:14 -------- d-----w- c:\program files\TrendMicro
2010-04-14 20:02 . 2010-04-14 19:10 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-04-14 19:10 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-04-14 19:08 . 2010-04-14 19:08 -------- d-----w- c:\program files\Lavasoft
2010-04-04 07:58 . 2010-04-04 07:58 -------- d-----w- c:\program files\TomTom DesktopSuite
2010-03-27 20:07 . 2010-03-27 20:07 -------- d-----w- c:\program files\Common Files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-17 21:05 . 2010-01-24 22:56 -------- d-----w- c:\program files\Google
2010-04-14 20:02 . 2009-06-11 20:22 -------- d-----w- c:\program files\Acoustica Mixcraft 4
2010-04-14 19:10 . 2009-11-05 21:11 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-05 19:00 . 2004-08-18 12:00 74876 ----a-w- c:\windows\system32\perfc005.dat
2010-04-05 19:00 . 2004-08-18 12:00 403596 ----a-w- c:\windows\system32\perfh005.dat
2010-04-05 18:58 . 2009-05-10 21:20 -------- d-----w- c:\program files\uTorrent
2010-03-03 21:30 . 2009-10-28 11:16 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-20 19:26 . 2009-05-04 21:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-20 19:24 . 2009-09-10 17:16 -------- d-----w- c:\program files\Easy Editor 2005
2010-02-20 19:19 . 2009-06-03 18:02 -------- d-----w- c:\program files\Micropro
2010-02-20 19:02 . 2009-05-31 14:47 -------- d-----w- c:\program files\Zalohovani
2010-02-20 19:00 . 2009-05-04 21:05 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-20 19:00 . 2009-08-23 10:19 -------- d-----w- c:\program files\IK Multimedia
2010-02-20 18:31 . 2010-02-20 18:30 -------- d-----w- c:\program files\EasyPHP5.2.10
2010-02-20 17:30 . 2009-05-06 10:21 -------- d-----w- c:\program files\Spyware Terminator
2010-02-15 17:34 . 2010-02-15 17:34 4608 ----a-w- c:\windows\system32\bbchlp.dll
2010-02-15 17:34 . 2010-02-15 17:34 2944 ----a-w- c:\windows\system32\drivers\bbcap.sys
2010-02-15 17:34 . 2010-02-15 17:34 27776 ----a-w- c:\windows\system32\bbcap.dll
.

------- Sigcheck -------

[-] 2009-05-21 . 427E6DED3A2369D3432A683EB489EE14 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

[-] 2009-04-27 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yodm3D"="c:\documents and settings\Petr Ouda\Plocha\yodm3D\Yodm3D.exe" [2007-06-26 2058752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-30 344064]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-30 57344]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-05-06 1783808]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Hlavnˇ panel ATI CATALYST.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-8-31 57344]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"h:\\mirranda\\MirandaPortable\\App\\miranda\\miranda32.exe"=
"g:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [14.4.2010 21:10 64288]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [27.4.2009 22:36 77312]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [5.5.2009 18:18 114768]
R1 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [15.2.2010 19:34 2944]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [6.5.2009 12:21 141312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5.5.2009 18:18 20560]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15.2.2010 19:46 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [4.2.2010 17:52 1265264]
S3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [26.8.2009 20:49 16640]
.
Obsah adresáře 'Naplánované úlohy'

2010-04-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 19:10]

2010-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 17:46]

2010-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 17:46]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
FF - ProfilePath - c:\documents and settings\Petr Ouda\Data aplikací\Mozilla\Firefox\Profiles\pdtg61vx.default\
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-21 00:09
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="CB062D3E92F49286BF31BC87E8A50C04E0E8E50EF43BD562FE2438512FEEDE88C0D1A4BC95F66B71E139686CEACC469479A483BA8643021ECB5EC7A12DE74EFA34FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D1407A2D97226D213B5559DB7CE019D40AA5CD0F0ECF858F37524206A0BB0E200F52A0897EE0617978C5FE0F9E0B487BE80E6D1817170E3E958F94717564A625261CF44329F98EFD70516FA0E35F7386F75F5BC5628DB77ADA229B2FED12722CE8424EE94C761D4E4B4C7442D19729D00D4ADF55EDE700BF7C67735CCA07D98B838BCE6BFFEB9D82C78FC485438BD85A42126D8AFF7ABC8678DAD13CD78CC6B36A9B3FDDCEE40C17B823F08245339F3F5307BAF02E74D12FB94968774A255F9515B267DB458560787D79B7560BD871EEEAE4C3D34385AF89C4805C1D7009BD2791E369E388EA358E6D3287AEF6011EE71993C3645051AC411ED4C61AF80E9BA7F1E0A11F87790169422F8F360B77F8441C4F4435A0119F1881E45FD5BAA4DAB9AD6C9F72D8F4CD67146A9AE5FD343B207D69E01BDF1A6AF9343CC22DB1A16D0651923E8B1E5C9E24014587143D98E7E4FCAEC02DAAED761279DC349D77B5A8ADE8949F1041E3D38A738A8F38100D8A4896E10C8C3A6849E1EC18E68999272EE67A1F00F48EEA209B32EBF6038155E110BE542D1AC5BC8B3339616648CB4FBC4C7ADD335C323B6B8D3494A59A6779CE70CA6BD07EDDF849E0B58C596C54C5709294DAFCAE29A7C635BAD7470309B587EA87CC24B85DEDD14291690CD79D72B6D9978C52B33C839568256F230DC0A9660E18514F21416B97BF534684B02E860558C745CA3E9B4F791628F7C925860A4CB1B34F9465F56C670416BC8C6DCA7A2595760BD79DA7A864B7CFD4A88F2CC10349ED0C004CD04F3413BC42CE72CCBE346B5ABB56382C778EC34149A75A016ACBD9674B65CED9AF57279A2144F36A5DA9BC49B960B80E1A0944F9D3332F81291C4950F31747125C43C7538058C65967D9087C9B791951E1C13FA38D78A38AC9B588D6306E3ABC51D090C0C08A745950C8AE321EF87AB6848ED45D5D3BE3EE866395987913A96327D797F7B29990AAB0628A4E39FF44ABFC6DFA2BA76018FD8D7DE34E53477CD322B607435F9CF087830397827A55523397E556A8111FB522716F33D3ED00F94A5AFC4753E8D2E3B2D15C172526A9808F9996F561AFB4B540D8CD67BA34F6CCDFAD3E1ED6CFD093F11817B86A2D51FEEBE05040843917C83DC6A1AD5FB9BEA82B9AB29B0EDE62BD77D06D1112AD54274D4739D02922F96F5F8A3049882245D5FF907BCF340E9D26AE0F765D0CB5CCBD622DBF8ABF4B890E2DC6D10F4465E0737698274CEB82CB1FEBE700C6641"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:ff,d5,71,d6,8b,6a,8d,6f,d5,33,93,fd
"LastWPAEventLogged"=hex:d9,07,0b,00,00,00,1d,00,0d,00,25,00,3b,00,ab,00
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(532)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3460)
c:\documents and settings\Petr Ouda\Plocha\yodm3D\Yodm3D.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-04-21 00:10:20
ComboFix-quarantined-files.txt 2010-04-20 22:10
ComboFix2.txt 2010-04-19 23:00

Před spuštěním: 2 526 011 392
Po spuštění: 2 502 410 240

- - End Of File - - 026F312A7F8FF6EFA2D2CE9AD8227CE4

Nový log z Hjt:

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 0:12:02, on 21.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Petr Ouda\Plocha\yodm3D\Yodm3D.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\explorer.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKCU\..\Run: [Yodm3D] C:\Documents and Settings\Petr Ouda\Plocha\yodm3D\Yodm3D.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Hlavní panel ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

testování souboru sfcfiles.dll: http://www.virustotal.com/cs/analisis/7 ... 1271802153

wingolon.exe: http://www.virustotal.com/cs/analisis/b ... 1271802280

Co se týče toho souboru winlogon.exe asi před rokem jsem s nim trochu šachoval, tušim že jsem ho někde stáhnul a nahradil, protože jsem měl problémy s aktivací Win XP (přesáhlej počet aktivací, nebo něco takovýho), tak jsem to tůle vyšel takhle trochu nelegálně:-/

Na původní problém by to nemělo mít vliv, protože problém s přesměrováním myspace.com se objevil až cca před měsícem.

Jinak dík moc za ochotu a věnovanej čas;-)

Příspěvekod **jaro3** » 21 dub 2010 09:03

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG či Avast, následně T-Cleaner smaž a zapni si AVG či Avast.

Stáhni si File Lister

a ulož si ho na plochu.Rozbal si ho na plochu.Otevři adresář File Lister, pravým klikni na soubor FileLister.vbe a vyber otevřít .
Spustí se program, nic není ale vidět.
Když program skončí, vytvoří se log, který se nachází v C:\Files.txt
A v adresáři File Lister. Zkopíruj sem prosím celý jeho obsah.

Aktualizuj javu:
Java SE Runtime Environment 6u19
Vyber OS ( předpokládám Windows), dej zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u19-windows-i586-p.exe
Ostatní javy odeber v přidat/odebrat programy.

Stáhni si OTL
na plochu. Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Výstup klikni na minimální výstup.Pod Běžné registry změň na Vše. Zatrhni Kontrola na havěť “LOP“ a Kontrola na havěť “ Purity“ . Klikni na Prohledat. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.

pitrsnoaco · Příspěvekod **pitrsnoaco** » 23 dub 2010 14:45

+++++++++++++++++++++++++++
+ File Lister Version 1.1.4 +
+ +
+ By bamajim / SpywareHammer.com +
+++++++++++++++++++++++++++

Report ran on --->>> 23.4.2010 13:59:51

====== Running Processes ======

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Petr Ouda\Plocha\yodm3D\Yodm3D.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe

====== BHO's ======
BHO: (NO NAME) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

====== System Keys (some whitelisted items will not be shown)======

Winlogon\Userinit = C:\WINDOWS\system32\userinit.exe,
Winlogon\Shell = Explorer.exe

====== HKLM\~\Run Keys ======

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

[ATIPTA] = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
[ATICCC] = "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
[avast!] = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
[SpywareTerminator] = "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
[Smapp] = C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

====== HKCU\~\Run Keys ======

[Yodm3D] = C:\Documents and Settings\Petr Ouda\Plocha\yodm3D\Yodm3D.exe

====== DNS Info (List may be empty) ======

NV Hostname = pocitac
DataBasePath = %SystemRoot%\System32\drivers\etc
ForwardBroadcasts = 0
IPEnableRouter = 0
Hostname = pocitac
UseDomainNameDevolution = 1
DeadGWDetectDefault = 1
DontAddDefaultGatewayDefault = 0
DhcpNameServer = 192.168.2.254
DhcpDomain = smcrouterOudovi

====== Folders and Files from "%\" and "%\Windows" Created Last 60 Days ======

20.4.2010 0:50:48 8145570 C:\cmdcons
20.4.2010 0:50:48 867840 C:\cmdcons\SYSTEM32
23.4.2010 13:37:43 211829 C:\RECYCLER
23.4.2010 13:37:43 211829 C:\RECYCLER\S-1-5-21-1960408961-220523388-1801674531-1004
19.4.2010 0:17:14 1381 32 C:\aaw7boot.log
20.4.2010 0:50:51 211 32 C:\Boot.bak
20.4.2010 0:50:48 261312 32 C:\cmldr
19.4.2010 0:31:27 103 32 C:\mbam-error.txt
14.4.2010 22:02:02 15880 32 C:\WINDOWS\system32\lsdelete.exe

====== "\Administrator & All Users\Startup" Last 60 Days======

====== "\Program Files" Last 60 Days======

14.4.2010 21:08:00 91580454 C:\Program Files\Lavasoft
19.4.2010 0:30:31 3996530 C:\Program Files\Malwarebytes' Anti-Malware
4.4.2010 9:58:44 0 C:\Program Files\TomTom DesktopSuite
14.4.2010 23:14:39 702631 C:\Program Files\TrendMicro

======"Drivers" Modified Last 60 Days======

19.4.2010 0:30:31 20824 32 C:\WINDOWS\system32\drivers\mbam.sys
19.4.2010 0:30:32 38224 32 C:\WINDOWS\system32\drivers\mbamswissarmy.sys
5.11.2009 23:11:17 95024 32 C:\WINDOWS\system32\drivers\SBREDrv.sys

====== Files Deleted under "%Temp%" ======

4 Files deleted

======"All Users\Application Data" Last 60 Days======

====== HKLM\~\ShellServiceObjectDelayLoad======

PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll

CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - %Systemroot%\system32\webcheck.dll

SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - %systemroot%\system32\stobject.dll

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

====== HKLM\~\SharedTaskScheduler======

Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - %SystemRoot%\system32\browseui.dll

Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll

======HKLM\~\msconfig\startupreg======

HKLM\Software\microsoft\shared tools\msconfig\startupreg\

====== Services ( Services that are Whitelisted are not shown) ======

aswFsBlk (aswFsBlk)- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys - Auto/Running
aswSP (avast! Self Protection)- C:\WINDOWS\system32\drivers\aswSP.sys - System/Running
bbcap (bbcap)- C:\WINDOWS\system32\DRIVERS\bbcap.sys - System/Running
Lbd (Lbd)- C:\WINDOWS\system32\DRIVERS\Lbd.sys - Boot/Running
Pcouffin (Low level access layer for CD devices)- C:\WINDOWS\system32\Drivers\Pcouffin.sys - Manual/Running
smwdm (smwdm)- C:\WINDOWS\system32\drivers\smwdm.sys - Manual/Running
sp_rsdrv2 (Spyware Terminator Driver 2)- \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys - System/Running
uagp35 (Filtr Microsoft AGPv3.5)- C:\WINDOWS\system32\DRIVERS\uagp35.sys - Boot/Stopped
viasraid (viasraid)- C:\WINDOWS\system32\DRIVERS\viasraid.sys - Boot/Running
vulfnths (VIA USB Host Controller Lower Filter)- C:\WINDOWS\system32\Drivers\vulfnth.sys - Manual/Running
vulfntrs (VIA USB Roothub Lower Filter)- C:\WINDOWS\system32\Drivers\vulfntr.sys - Manual/Running
WpdUsb (WpdUsb)- C:\WINDOWS\system32\DRIVERS\wpdusb.sys - Manual/Stopped
WsAudioDevice_383 (WsAudioDevice_383)- C:\WINDOWS\system32\drivers\WsAudioDevice_383.sys - Manual/Stopped

====== Uninstall List ======

A file named 'UNI.txt' was created and saved to
FileListers default location. Post the results if requested.

======== Other Info ========

TOTAL PHYSICAL RAM: 1073 MB

Boot Info

[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

OS Type: Microsoft Windows XP Home Edition
Build: 5.1.2600
Service Pack: 3.0

====== Files with Hidden Attributes======

A file named 'Hidden.txt' was created and saved to
FileListers default location. Post the results if requested.

==End of Report==

OTL Extras logfile created on: 23.4.2010 14:35:14 - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\Petr Ouda\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1 024,00 Mb Total Physical Memory | 462,00 Mb Available Physical Memory | 45,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14,65 Gb Total Space | 3,27 Gb Free Space | 22,33% Space Free | Partition Type: NTFS
Drive D: | 76,32 Gb Total Space | 15,18 Gb Free Space | 19,89% Space Free | Partition Type: NTFS
Drive E: | 59,87 Gb Total Space | 59,81 Gb Free Space | 99,89% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 21,05 Gb Total Space | 7,75 Gb Free Space | 36,80% Space Free | Partition Type: NTFS
Drive H: | 128,00 Gb Total Space | 95,95 Gb Free Space | 74,96% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: POCITAC
Current User Name: Petr Ouda
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"H:\mirranda\MirandaPortable\App\miranda\miranda32.exe" = H:\mirranda\MirandaPortable\App\miranda\miranda32.exe:*:Enabled:Miranda IM -- ( )
"G:\Program Files\QIP\qip.exe" = G:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager -- (The Author of QIP)
"C:\Program Files\QIP\qip.exe" = C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager -- (The Author of QIP)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\totalcmd\TOTALCMD.EXE" = C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows -- (C. Ghisler & Co.)
"C:\Program Files\Java\jre1.6.0_01\bin\javaw.exe" = C:\Program Files\Java\jre1.6.0_01\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{04D8BFCA-5A75-45E1-9F74-A7E4405EAE28}" = ATI Catalyst Control Center
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = Ovládací panel ATI
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HydraVision
"{44A27085-0616-4181-A0C3-81C7ECA17F73}" = CorelDRAW Graphics Suite X4
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{7CDA2B02-E0A4-4EB5-8533-050D535BA43A}" = Media Converter for Philips
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{885A63EA-382B-4DD4-A755-14809B8557D6}" = Macromedia Flash Player 8
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8A6AD979-8170-49ED-8529-14174317B281}" = SA60xx Device Manager
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90120000-0020-0405-0000-0000000FF1CE}" = Sada Compatibility Pack pro systém Office 2007
"{90280405-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional s aplikací FrontPage
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{9FC8D8F8-AF3A-4488-98AF-51C6DEC732F2}" = c3100_Help
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio Basic
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{EB8C9964-09AC-48bf-8B98-027609C78251}" = C3100
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FFFE7261-2318-4227-B827-E9E05E16DFE5}" = CorelDRAW Graphics Suite X4 - Lang CZ
"Absolute Fretboard Trainer" = Absolute Fretboard Trainer
"Acoustica Effects Pack" = Acoustica Effects Pack
"Acoustica Mixcraft 4.1" = Acoustica Mixcraft 4.1
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = Softarová utilita ATI - Odinstalovat
"ASIO4ALL" = ASIO4ALL
"ATI Display Driver" = ATI Display Driver
"Auralia 2.1 Sampler" = Auralia 2.1 Sampler
"avast!" = avast! Antivirus
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"BigEars-1.0_is1" = BigEars version 1.0
"BSPlayer1" = BSPlayer
"CCleaner" = CCleaner (remove only)
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
"Foxit Reader" = Foxit Reader
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"jetAudio 7.1.x Czech Language Pack" = jetAudio 7.1.x Czech Language Pack
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PSPad editor_is1" = PSPad editor
"Spyware Terminator_is1" = Spyware Terminator
"SWI-Prolog" = SWI-Prolog (remove only)
"Totalcmd" = Total Commander (Remove or Repair)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"QIP 2005" = QIP 2005 8095
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 13.6.2009 14:42:16 | Computer Name = POCITAC | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: Aavm: CreateEventsAndMapping mutex timeout
- server DOWN???, (null).

Error - 21.12.2009 15:04:02 | Computer Name = POCITAC | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: Aavm: CreateEventsAndMapping mutex timeout
- server DOWN???, (null).

Error - 15.2.2010 12:17:30 | Computer Name = POCITAC | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of K:\VLP\BR Praha 10-09.xls failed, 0000001E.

[ Application Events ]
Error - 12.9.2009 19:54:30 | Computer Name = POCITAC | Source = MsiInstaller | ID = 11500
Description = Product: O&O Defrag Professional -- Error 1500.Another installation
is in progress. You must complete that installation before continuing this one.

Error - 3.10.2009 7:39:59 | Computer Name = POCITAC | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace qip.exe, verze 8.0.9.0, zablokovaný modul hungapp,
verze 0.0.0.0, adresa bloku 0x00000000.

Error - 4.10.2009 14:59:35 | Computer Name = POCITAC | Source = MsiInstaller | ID = 11704
Description = Produkt: HP Update - Chyba 1704. Instalace produktu Microsoft .NET
Framework 3.0 Service Pack 1 je pozastavena. Chcete-li pokračovat, je nutné vrátit
zpět změny provedené při instalaci. Chcete tyto změny vrátit zpět?

Error - 11.10.2009 12:07:23 | Computer Name = POCITAC | Source = Application Error | ID = 1000
Description = Chybující aplikace setup_wm.exe, verze 11.0.5721.5146, chybující modul
wmp.dll, verze 9.0.0.4503, adresa chyby 0x00044839.

Error - 11.10.2009 12:07:27 | Computer Name = POCITAC | Source = Application Error | ID = 1000
Description = Chybující aplikace drwtsn32.exe, verze 5.1.2600.0, chybující modul
dbghelp.dll, verze 5.1.2600.5512, adresa chyby 0x0001295d.

Error - 11.10.2009 12:09:50 | Computer Name = POCITAC | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace setup_wm.exe, verze 11.0.5721.5146, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 22.10.2009 15:21:53 | Computer Name = POCITAC | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace firefox.exe, verze 1.9.0.3526, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 22.10.2009 15:25:02 | Computer Name = POCITAC | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace firefox.exe, verze 1.9.0.3526, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 28.10.2009 20:01:29 | Computer Name = POCITAC | Source = Application Error | ID = 1000
Description = Chybující aplikace pspad.exe, verze 4.5.4.2356, chybující modul unknown,
verze 0.0.0.0, adresa chyby 0x3349244b.

Error - 31.10.2009 11:53:59 | Computer Name = POCITAC | Source = MsiInstaller | ID = 10005
Description = Product: Adobe Setup -- Please install Adobe Setup using Setup.exe

[ System Events ]
Error - 14.4.2010 13:03:08 | Computer Name = POCITAC | Source = MRxSmb | ID = 8003
Description = Hlavní prohledávač přijal oznámení serveru od počítače MARIA, který
se považuje za hlavní prohledávač domény pro přenos NetBT_Tcpip_{06FF06F9-EC42-422E-B48.
Hlavní
prohledávač bude ukončen nebo bude vyvolána volba.

Error - 16.4.2010 11:19:21 | Computer Name = POCITAC | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk3\D.

Error - 16.4.2010 12:23:47 | Computer Name = POCITAC | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk3\D.

Error - 16.4.2010 17:57:38 | Computer Name = POCITAC | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk3\D.

Error - 17.4.2010 3:58:43 | Computer Name = POCITAC | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk3\D.

Error - 18.4.2010 3:07:17 | Computer Name = POCITAC | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk3\D.

Error - 19.4.2010 7:35:09 | Computer Name = POCITAC | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk3\D.

Error - 19.4.2010 18:44:53 | Computer Name = POCITAC | Source = sr | ID = 1
Description = Filtr nástroje Obnovení systému zjistil neočekávanou chybu 0xC0000001
při zpracování souboru na svazku HarddiskVolume1. Sledování svazku bylo ukončeno.

Error - 19.4.2010 18:45:00 | Computer Name = POCITAC | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: uagp35

Error - 19.4.2010 18:51:16 | Computer Name = POCITAC | Source = Service Control Manager | ID = 7034
Description = Služba Spyware Terminator Realtime Shield Service byla neočekávaně
ukončena. Tento stav nastal již 1krát.

< End of report >

pitrsnoaco · Příspěvekod **pitrsnoaco** » 23 dub 2010 14:46

A ještě OTL

OTL logfile created on: 23.4.2010 14:35:14 - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\Petr Ouda\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1 024,00 Mb Total Physical Memory | 462,00 Mb Available Physical Memory | 45,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14,65 Gb Total Space | 3,27 Gb Free Space | 22,33% Space Free | Partition Type: NTFS
Drive D: | 76,32 Gb Total Space | 15,18 Gb Free Space | 19,89% Space Free | Partition Type: NTFS
Drive E: | 59,87 Gb Total Space | 59,81 Gb Free Space | 99,89% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 21,05 Gb Total Space | 7,75 Gb Free Space | 36,80% Space Free | Partition Type: NTFS
Drive H: | 128,00 Gb Total Space | 95,95 Gb Free Space | 74,96% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: POCITAC
Current User Name: Petr Ouda
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Petr Ouda\Plocha\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe (Crawler.com)
PRC - C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Documents and Settings\Petr Ouda\Plocha\yodm3D\Yodm3D.exe (Christian SALMON)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Petr Ouda\Plocha\OTL.exe (OldTimer Tools)
MOD - C:\Documents and Settings\Petr Ouda\Plocha\yodm3D\Yodm3d.dll (Christian Salmon)

========== Win32 Services (SafeList) ==========

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (sp_rssrv) -- C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)

========== Driver Services (SafeList) ==========

DRV - (bbcap) -- C:\WINDOWS\system32\drivers\bbcap.sys (Windows (R) 2000 DDK provider)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (sp_rsdrv2) -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ()
DRV - (viasraid) -- C:\WINDOWS\system32\DRIVERS\viasraid.sys (VIA Technologies inc,.ltd)
DRV - (WsAudioDevice_383) -- C:\WINDOWS\system32\drivers\WsAudioDevice_383.sys (Wondershare)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (viaagp1) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (EL90XBC) -- C:\WINDOWS\system32\drivers\el90xbc5.sys (3Com Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "seznam.cz"
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.0.3
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.9

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.02 07:53:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.02 07:53:00 | 000,000,000 | ---D | M]

[2009.05.05 17:56:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr Ouda\Data aplikací\Mozilla\Extensions
[2009.05.05 17:56:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Petr Ouda\Data aplikací\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010.04.22 21:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr Ouda\Data aplikací\Mozilla\Firefox\Profiles\pdtg61vx.default\extensions
[2009.09.13 01:37:09 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Petr Ouda\Data aplikací\Mozilla\Firefox\Profiles\pdtg61vx.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009.12.01 01:52:21 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Petr Ouda\Data aplikací\Mozilla\Firefox\Profiles\pdtg61vx.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010.04.22 21:41:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.04.02 07:53:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010.03.28 20:14:00 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.04.02 07:52:53 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010.04.02 07:52:53 | 000,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007.04.10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2009.05.05 18:52:06 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2009.02.06 12:44:28 | 001,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2010.04.02 07:52:56 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2010.02.16 23:00:57 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2010.02.16 23:00:57 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2010.02.16 23:00:57 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2010.02.16 23:00:57 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2010.02.16 23:00:57 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010.02.16 23:00:57 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2010.02.16 23:00:57 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2007.07.26 12:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
[2010.02.20 23:38:30 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010.02.20 23:38:30 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.02.20 23:38:30 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.02.20 23:38:30 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.02.20 23:38:30 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.02.20 23:38:30 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2004.08.18 14:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKCU\..\Toolbar\WebBrowser: (&Odkazy) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKCU..\Run: [Yodm3D] C:\Documents and Settings\Petr Ouda\Plocha\yodm3D\Yodm3D.exe (Christian SALMON)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Hlavní panel ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Proces mezipaměti kategorií součástí - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Petr Ouda\Plocha\yodm3D\desktopwallpaper0.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Petr Ouda\Plocha\yodm3D\desktopwallpaper0.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.02.19 22:03:45 | 000,000,000 | ---- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.04.23 14:33:15 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Petr Ouda\Plocha\OTL.exe
[2010.04.23 14:04:25 | 000,921,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Petr Ouda\Plocha\jre-6u19-windows-i586-iftw-rv.exe.bak
[2010.04.23 14:04:25 | 000,921,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Petr Ouda\Plocha\jre-6u19-windows-i586-iftw-rv.exe
[2010.04.23 14:03:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Petr Ouda\.SunDownloadManager
[2010.04.23 13:59:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Petr Ouda\Plocha\FileLister
[2010.04.23 13:51:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Petr Ouda\Recent
[2010.04.23 13:37:43 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.04.20 00:50:48 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.04.19 00:30:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Petr Ouda\Data aplikací\Malwarebytes
[2010.04.19 00:30:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.19 00:30:31 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.19 00:30:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.04.19 00:30:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2010.04.19 00:30:04 | 003,942,048 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Petr Ouda\Plocha\mbam-setup.exe
[2010.04.19 00:28:44 | 003,371,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Petr Ouda\Plocha\mbam-setup_1.37_EN.exe
[2010.04.14 23:14:39 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010.04.14 21:10:44 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010.04.14 21:08:16 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Data aplikací\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010.04.14 21:08:00 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010.04.14 20:18:27 | 097,364,760 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\Petr Ouda\Plocha\Ad-AwareInstaller.exe
[2010.04.04 09:58:44 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom DesktopSuite
[2010.03.27 22:07:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.04.23 14:33:15 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Petr Ouda\Plocha\OTL.exe
[2010.04.23 14:12:30 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010.04.23 14:11:35 | 000,000,031 | ---- | M] () -- C:\WINDOWS\System32\bbcap.err
[2010.04.23 14:11:06 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.04.23 14:10:58 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.23 14:10:31 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.04.23 14:10:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.23 14:10:23 | 1073,307,648 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.23 14:09:20 | 005,767,168 | -H-- | M] () -- C:\Documents and Settings\Petr Ouda\NTUSER.DAT
[2010.04.23 14:09:20 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Petr Ouda\ntuser.ini
[2010.04.23 14:06:21 | 000,921,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Petr Ouda\Plocha\jre-6u19-windows-i586-iftw-rv.exe
[2010.04.23 14:04:26 | 000,921,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Petr Ouda\Plocha\jre-6u19-windows-i586-iftw-rv.exe.bak
[2010.04.23 14:03:28 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Petr Ouda\Plocha\jre-6u19-windows-i586.exe
[2010.04.23 14:03:13 | 000,001,190 | ---- | M] () -- C:\Documents and Settings\Petr Ouda\Plocha\jre-6u19-windows-i586.exe.sdm
[2010.04.23 14:01:00 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.04.23 13:58:47 | 000,020,359 | ---- | M] () -- C:\Documents and Settings\Petr Ouda\Plocha\FileLister.zip
[2010.04.23 13:46:50 | 000,003,419 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010.04.23 13:10:13 | 000,000,569 | ---- | M] () -- C:\WINDOWS\wcx_ftp.ini
[2010.04.21 17:03:45 | 000,486,912 | ---- | M] () -- C:\Documents and Settings\Petr Ouda\Plocha\CVTemplate_en_GB2.doc
[2010.04.21 00:11:24 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\Petr Ouda\Plocha\HiJackThis.lnk
[2010.04.21 00:09:16 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.04.20 23:41:40 | 000,002,559 | ---- | M] () -- C:\Documents and Settings\Petr Ouda\Plocha\Microsoft Word.lnk
[2010.04.20 00:50:51 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010.04.19 00:30:35 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.04.19 00:30:06 | 003,942,048 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Petr Ouda\Plocha\mbam-setup.exe
[2010.04.19 00:28:44 | 003,371,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Petr Ouda\Plocha\mbam-setup_1.37_EN.exe
[2010.04.18 23:20:59 | 000,002,828 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\KGyGaAvL.sys
[2010.04.17 23:05:48 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Google Earth.lnk
[2010.04.14 23:32:18 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Petr Ouda\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.14 23:14:20 | 001,401,344 | ---- | M] () -- C:\Documents and Settings\Petr Ouda\Plocha\HijackThis.msi
[2010.04.14 21:10:37 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010.04.14 21:10:35 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010.04.14 21:08:15 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Ad-Aware.lnk
[2010.04.14 20:22:55 | 097,364,760 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Petr Ouda\Plocha\Ad-AwareInstaller.exe
[2010.04.10 23:38:27 | 000,000,034 | ---- | M] () -- C:\Documents and Settings\Petr Ouda\Data aplikací\AVSDVDPlayer.m3u
[2010.04.10 22:40:08 | 000,002,138 | ---- | M] () -- C:\Documents and Settings\Petr Ouda\Plocha\photographs_and_memories.gp3
[2010.04.10 22:37:43 | 007,721,624 | ---- | M] () -- C:\Documents and Settings\Petr Ouda\Plocha\12-mat_kearney-city_of_black_and_white.mp3
[2010.04.05 21:00:02 | 000,960,876 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.04.05 21:00:02 | 000,406,328 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.04.05 21:00:02 | 000,403,596 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.04.05 21:00:02 | 000,074,876 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.04.05 21:00:02 | 000,063,528 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.04.02 08:35:21 | 005,403,648 | ---- | M] () -- C:\Documents and Settings\Petr Ouda\Plocha\Kopie - 301408_02d.xls
[2010.04.02 08:31:22 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Petr Ouda\Plocha\Kopie - 30040902.xls
[2010.03.30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.03.30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.03.26 12:02:38 | 000,102,675 | ---- | M] () -- C:\Documents and Settings\Petr Ouda\Plocha\domaci_pojeti.htm
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.04.23 14:03:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Petr Ouda\Plocha\jre-6u19-windows-i586.exe
[2010.04.23 14:03:13 | 000,001,190 | ---- | C] () -- C:\Documents and Settings\Petr Ouda\Plocha\jre-6u19-windows-i586.exe.sdm
[2010.04.23 13:58:47 | 000,020,359 | ---- | C] () -- C:\Documents and Settings\Petr Ouda\Plocha\FileLister.zip
[2010.04.20 22:23:21 | 000,486,912 | ---- | C] () -- C:\Documents and Settings\Petr Ouda\Plocha\CVTemplate_en_GB2.doc
[2010.04.20 00:50:51 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010.04.20 00:50:48 | 000,261,312 | ---- | C] () -- C:\cmldr
[2010.04.19 00:30:35 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.04.17 23:05:48 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Google Earth.lnk
[2010.04.14 23:14:39 | 000,002,443 | ---- | C] () -- C:\Documents and Settings\Petr Ouda\Plocha\HiJackThis.lnk
[2010.04.14 23:14:19 | 001,401,344 | ---- | C] () -- C:\Documents and Settings\Petr Ouda\Plocha\HijackThis.msi
[2010.04.14 22:02:02 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010.04.14 21:08:15 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Ad-Aware.lnk
[2010.04.10 22:40:07 | 000,002,138 | ---- | C] () -- C:\Documents and Settings\Petr Ouda\Plocha\photographs_and_memories.gp3
[2010.04.10 22:30:40 | 007,721,624 | ---- | C] () -- C:\Documents and Settings\Petr Ouda\Plocha\12-mat_kearney-city_of_black_and_white.mp3
[2010.04.02 08:35:21 | 005,403,648 | ---- | C] () -- C:\Documents and Settings\Petr Ouda\Plocha\Kopie - 301408_02d.xls
[2010.04.02 08:31:22 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Petr Ouda\Plocha\Kopie - 30040902.xls
[2010.03.26 12:02:38 | 000,102,675 | ---- | C] () -- C:\Documents and Settings\Petr Ouda\Plocha\domaci_pojeti.htm
[2010.02.16 22:54:45 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010.02.16 22:54:45 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010.02.04 17:12:05 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009.09.12 17:37:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2009.08.26 20:28:00 | 000,000,224 | ---- | C] () -- C:\WINDOWS\mixstrings.ini
[2009.08.22 23:50:39 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\msvcsv60.dll
[2009.06.14 22:14:38 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.06.14 17:18:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OODCNT.INI
[2009.06.02 23:16:02 | 000,000,569 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2009.06.02 23:14:33 | 000,003,419 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2009.05.15 15:03:23 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2009.05.07 23:37:50 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2009.05.06 12:21:28 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2009.05.05 12:30:59 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.05.04 23:08:48 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005.10.14 11:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 11:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 11:56:50 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 11:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 11:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 11:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 11:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 11:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2001.07.07 03:00:00 | 000,003,165 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI

========== LOP Check ==========

[2009.11.06 11:00:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Ableton
[2009.06.11 22:23:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Acoustica
[2010.02.15 19:34:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Blueberry
[2010.04.20 08:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
[2010.02.16 22:55:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2009.05.05 19:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\WinZip
[2010.04.14 21:08:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2009.11.06 11:00:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr Ouda\Data aplikací\Ableton
[2009.06.11 22:23:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr Ouda\Data aplikací\Acoustica
[2010.02.15 19:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr Ouda\Data aplikací\Blueberry
[2009.05.06 11:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr Ouda\Data aplikací\COWON
[2009.08.10 22:45:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr Ouda\Data aplikací\Dev-Cpp
[2010.02.28 18:46:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr Ouda\Data aplikací\eBookPro6
[2009.05.05 18:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr Ouda\Data aplikací\Foxit
[2009.05.07 23:36:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr Ouda\Data aplikací\GetRightToGo
[2010.04.13 20:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr Ouda\Data aplikací\Image Zone Express
[2010.04.20 08:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr Ouda\Data aplikací\Spyware Terminator
[2009.10.06 23:24:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr Ouda\Data aplikací\SWI-Prolog
[2010.03.26 23:32:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr Ouda\Data aplikací\uTorrent
[2010.04.23 14:12:30 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========

< End of report >

automatické nechtěné přesměrování Vyřešeno

automatické nechtěné přesměrování Vyřešeno

Re: automatické nechtěné přesměrování

Re: automatické nechtěné přesměrování

Re: automatické nechtěné přesměrování

Re: automatické nechtěné přesměrování

Re: automatické nechtěné přesměrování

Re: automatické nechtěné přesměrování

Re: automatické nechtěné přesměrování

Re: automatické nechtěné přesměrování

Re: automatické nechtěné přesměrování

Re: automatické nechtěné přesměrování

Re: automatické nechtěné přesměrování

Kdo je online