Prosím o kontrolu z HJT

HommeR · Příspěvekod **HommeR** » 19 led 2011 20:07

Dlouhou dobu jsem počítač HJT neprojížděl tak asi bude potřeba, občas vypadává internet tebo je problém se sítí. Dstranil jsem taky ted hromadu spyware tak se potřebuju ujistit jestli to bude v pořádku.
Díky

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:01:50, on 19.1.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Seznam\Postak\Postak.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BOINC\boinctray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\BOINC\boincmgr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\AIMP2\AIMP2.exe
C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\QIP 2010\qip.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\Ondra\Plocha\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O1 - Hosts: ::1 localhost
O1 - Hosts: 174.142.32.114 l2authd.lineage2.com
O1 - Hosts: 94.125.180.96 nprotect.lineage2.com
O1 - Hosts: 195.43.95.102 asterios.tm
O1 - Hosts: 195.43.95.102 forum.asterios.tm
O1 - Hosts: 195.43.95.102 evilage.ru
O1 - Hosts: 195.43.95.102 www.evilage.ru
O1 - Hosts: 195.43.95.102 teon-pvp.com
O1 - Hosts: 195.43.95.102 www.teon-pvp.com
O1 - Hosts: 195.43.95.102 tirael.ru
O1 - Hosts: 195.43.95.102 www.tirael.ru
O1 - Hosts: 195.43.95.102 ph-club.ru
O1 - Hosts: 195.43.95.102 www.ph-club.ru
O1 - Hosts: 195.43.95.102 freeplay.su
O1 - Hosts: 195.43.95.102 www.freeplay.su
O1 - Hosts: 195.43.95.102 sunwars.ru
O1 - Hosts: 195.43.95.102 www.sunwars.ru
O1 - Hosts: 195.43.95.102 wonderage.org
O1 - Hosts: 195.43.95.102 www.wonderage.org
O1 - Hosts: 195.43.95.102 lineage-2.ru
O1 - Hosts: 195.43.95.102 www.lineage-2.ru
O1 - Hosts: 195.43.95.102 bsfg.ru
O1 - Hosts: 195.43.95.102 www.bsfg.ru
O1 - Hosts: 195.43.95.102 theabyss.ru
O1 - Hosts: 195.43.95.102 www.theabyss.ru
O1 - Hosts: 195.43.95.102 firepoint.ru
O1 - Hosts: 195.43.95.102 www.firepoint.ru
O1 - Hosts: 195.43.95.102 lineage-game.ru
O1 - Hosts: 195.43.95.102 www.lineage-game.ru
O1 - Hosts: 195.43.95.102 wowcircle.com
O1 - Hosts: 195.43.95.102 www.wowcircle.com
O1 - Hosts: 195.43.95.102 l2sexi.es
O1 - Hosts: 195.43.95.102 www.l2sexi.es
O1 - Hosts: 195.43.95.102 l2gang.com
O1 - Hosts: 195.43.95.102 www.l2gang.com
O1 - Hosts: 195.43.95.102 l2dubai.com
O1 - Hosts: 195.43.95.102 www.l2dubai.com
O1 - Hosts: 195.43.95.102 la2world.ru
O1 - Hosts: 195.43.95.102 www.la2world.ru
O1 - Hosts: 195.43.95.102 adenagate.com
O1 - Hosts: 195.43.95.102 www.adenagate.com
O1 - Hosts: 195.43.95.102 l2server.ru
O1 - Hosts: 195.43.95.102 www.l2server.ru
O1 - Hosts: 195.43.95.102 arion.lineage.ro
O1 - Hosts: 195.43.95.102 dex.lineage.ro
O1 - Hosts: 195.43.95.102 wrath.lineage.ro
O1 - Hosts: 195.43.95.102 lineage.ro
O1 - Hosts: 195.43.95.102 www.lineage.ro
O1 - Hosts: 195.43.95.102 adenagate.com
O1 - Hosts: 195.43.95.102 www.adenagate.com
O1 - Hosts: 195.43.95.102 uwow.biz
O1 - Hosts: 195.43.95.102 www.uwow.biz
O1 - Hosts: 195.43.95.102 isengard.ru
O1 - Hosts: 195.43.95.102 www.isengard.ru
O1 - Hosts: 195.43.95.102 aldoran.ru
O1 - Hosts: 195.43.95.102 www.aldoran.ru
O1 - Hosts: 195.43.95.102 arena-tg.ru
O1 - Hosts: 195.43.95.102 www.arena-tg.ru
O1 - Hosts: 195.43.95.102 backkor.ru
O1 - Hosts: 195.43.95.102 www.backkor.ru
O1 - Hosts: 195.43.95.102 l2.overworld.su
O1 - Hosts: 195.43.95.102 overworld.su
O1 - Hosts: 195.43.95.102 www.overworld.su
O1 - Hosts: 195.43.95.102 l2s-pvp.ru
O1 - Hosts: 195.43.95.102 www.l2s-pvp.ru
O1 - Hosts: 195.43.95.102 overworld.su
O1 - Hosts: 195.43.95.102 www.overworld.su
O1 - Hosts: 195.43.95.102 deiceland.org
O1 - Hosts: 195.43.95.102 www.deiceland.org
O1 - Hosts: 195.43.95.102 l2nano.ru
O1 - Hosts: 195.43.95.102 www.l2nano.ru
O1 - Hosts: 195.43.95.102 nanofree.ru
O1 - Hosts: 195.43.95.102 www.nanofree.ru
O1 - Hosts: 195.43.95.102 l2lea.ru
O1 - Hosts: 195.43.95.102 www.l2lea.ru
O1 - Hosts: 195.43.95.102 l2alpha.net
O1 - Hosts: 195.43.95.102 www.l2alpha.net
O1 - Hosts: 195.43.95.102 aion.211.ru
O1 - Hosts: 195.43.95.102 aion-free.ru
O1 - Hosts: 195.43.95.102 www.aion-free.ru
O1 - Hosts: 195.43.95.102 aionlegend.ru
O1 - Hosts: 195.43.95.102 www.aionlegend.ru
O1 - Hosts: 195.43.95.102 newaion.ru
O1 - Hosts: 195.43.95.102 www.newaion.ru
O1 - Hosts: 195.43.95.102 aionplanet.ws
O1 - Hosts: 195.43.95.102 www.aionplanet.ws
O1 - Hosts: 195.43.95.102 themega.ru
O1 - Hosts: 195.43.95.102 www.themega.ru
O1 - Hosts: 195.43.95.102 wow-nsk.org
O1 - Hosts: 195.43.95.102 www.wow-nsk.org
O1 - Hosts: 195.43.95.102 300murlocs.com
O1 - Hosts: 195.43.95.102 www.300murlocs.com
O1 - Hosts: 195.43.95.102 swow.net
O1 - Hosts: 195.43.95.102 www.swow.net
O1 - Hosts: 195.43.95.102 warkeeper.net
O1 - Hosts: 195.43.95.102 www.warkeeper.net
O1 - Hosts: 195.43.95.102 wow.ck.ua
O1 - Hosts: 195.43.95.102 wow.bortel.ru
O1 - Hosts: 195.43.95.102 la2good.com
O1 - Hosts: 195.43.95.102 www.la2good.com
O1 - Hosts: 195.43.95.102 la.kiev.ua
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\NetSoftware\IEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam\Postak\Postak.exe"
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [boinctray] "C:\Program Files\BOINC\boinctray.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [Cm106Sound] RunDll32 cm106.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-776561741-1767777339-725345543-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'boinc_master')
O4 - HKUS\S-1-5-21-776561741-1767777339-725345543-1008\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User 'boinc_master')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.14\AMVConverter\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.14\MediaManager\grab.html
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Statisktika ochrany webového provozu - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {65D72393-E210-4A2A-B8E0-10AC45986770} (GWebInstallControl Object) - http://pl.recruit.netmonitor.cz/WebInstaller.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/ ... leId=26688
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: wbsys.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: BOINC - Space Sciences Laboratory - C:\Program Files\BOINC\boinc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9861058d5cece) (gupdate1c9861058d5cece) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)

--
End of file - 17160 bytes

Reklama

bledulka · Příspěvekod **bledulka** » 19 led 2011 20:15

Ahoj,
to co máš pod 01 v HJT sis tam dával sám?

Stahni CCleaner http://www.filehippo.com/download_cclea ... cbae6b492/
-nainstaluj (neinstaluj Yahoo toolbar)

-zvol záložku Čistič
-nechej v levém sloupečku zatrhnuté vše jak je a zmáčkni tlačítko analyzovat
-pak potvrď tlačítko Spustit Ccleaner
-tím se vyčistí počítač od dočasných soubborů, doporučuji pravidelně používat.

-vyber záložku registry
-klikni na tlačítko hledej problémy
-pak klikni na opravit vybrané problémy, potvrď, že chceš udělat zálohu a nech všechno opravit

Stahni Mbam http://download.cnet.com/3001-8022_4-10 ... l-10804572
-nainstaluj, aktualizuj
-udělej uplný sken a vlož sem log

HommeR · Příspěvekod **HommeR** » 19 led 2011 22:09

ty v 01 se tam musely hodit asi při instalaci nějakého herního klienta, ale toho už nepoužívám takže to tam asi nemá co dělat

Pročisštěno CCleanerem

log z MBAM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 5555

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

19.1.2011 22:09:08
mbam-log-2011-01-19 (22-09-08).txt

Typ kontroly: Úplný test (C:\|)
Testované objekty: 388286
Uplynulý čas: 1 hodin, 34 minut, 56 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 7
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 32

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_CLASSES_ROOT\CLSID\{500BCA15-57A7-4eaf-8143-8C619470B13D} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{E24211B3-A78A-C6A9-D317-70979ACE5058} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\XML.XML.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\XML.XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Monopod (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\documents and settings\Ondra\local settings\Temp\60058.exe (Worm.Palevo.PS) -> Quarantined and deleted successfully.
c:\documents and settings\Ondra\local settings\Temp\874.exe (Worm.Palevo.PS) -> Quarantined and deleted successfully.
c:\Games\Hry\L2 H\l2c_6.2_pro\l2net.exe (Rogue.Agent) -> Quarantined and deleted successfully.
c:\Ondra\Ostataní\kaspersky-key\kaspersky_trial_resette_v1.6.0.0_final\Resetter.exe (Trojan.Agent.CK) -> Not selected for removal.
c:\Ondra\instalátory & češtiny\screenshots.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Ondra\instalátory & češtiny\ventrilo-2.1.4.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Ondra\instalátory & češtiny\CoD\cod4-crack+keygen\keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
c:\Ondra\instalátory & češtiny\cyberlink powerdvd 8.0.1531 - final\CORE10k.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
c:\Ondra\instalátory & češtiny\cyberlink powerdvd 8.0.1531 - final\keygen.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
c:\Ondra\instalátory & češtiny\vso convert xto dvd 3.6.4.158+keygen\Keygen\keygen.exe (Riskware.Tool.CK) -> Quarantined and deleted successfully.
c:\Ondra\instalátory & češtiny\win nt 4.0 server\I386\INETSRV\KEYGEN.EXE (Riskware.Tool.CK) -> Quarantined and deleted successfully.
c:\Ondra\Mithral\administrator password hack [app][ingles][www.zonatorrent.com]\XP Pass\xp password manager.exe (Trojan.Orsam) -> Quarantined and deleted successfully.
c:\Ondra\Mithral\administrator password hack [app][ingles][www.zonatorrent.com]\XP Pass\xp_password_manager\xp password manager.exe (Trojan.Orsam) -> Quarantined and deleted successfully.
c:\Ondra\Mithral\H\nc.exe (Backdoor.NetCat) -> Quarantined and deleted successfully.
c:\Ondra\Mithral\H\setuprevelationv2.exe (HackTool.SnadBoy) -> Quarantined and deleted successfully.
c:\Ondra\Mithral\lamace+bf+wl\brutus\BrutusA2.exe (HackTool.Brutus) -> Quarantined and deleted successfully.
c:\Ondra\Mithral\lamace+bf+wl\brutus-aet2\BrutusA2.exe (HackTool.Brutus) -> Quarantined and deleted successfully.
c:\Ondra\Mithral\saminside\saminside.exe (PUP.SAMInside) -> Quarantined and deleted successfully.
c:\Ondra\torrent-download\stažené torrenty\guitar pro 6.0.1 r7840(bez změny mac adresy + fixed patch + cz návod)\crack-pavka77-gp6.0.1-7840\guitarpro6-patch-fixed.exe (Malware.Packer.Gen) -> Not selected for removal.
c:\Ondra\torrent-download\stažené torrenty\coreldrawgraphicssuitex4\coreldraw.graphics.suite.x4.sp2.v14.0.0.701.all.languages.fixed.keymaker.only-core\keygen.exe (Trojan.Dropper.PGen) -> Not selected for removal.
c:\program files\oxin's style!\3d sexvilla 2\Binaries\fc3dsexvilla.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\daemon tools\setupdtsb.exe (Adware.WhenU) -> Quarantined and deleted successfully.
c:\program files\guitar pro 6\guitarpro6-patch-fixed.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fadf672a-9a4a-415f-8f2d-b210d030ac7e}\RP858\A0156671.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fadf672a-9a4a-415f-8f2d-b210d030ac7e}\RP858\A0156676.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fadf672a-9a4a-415f-8f2d-b210d030ac7e}\RP858\A0156704.exe (Trojan.Logger) -> Quarantined and deleted successfully.
c:\documents and settings\Ondra\data aplikací\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\all users\data aplikací\microsoft\bits.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\all users\data aplikací\microsoft\ipdll.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Ondra\data aplikací\microsoft\profile.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\fjhdyfhsn.bat (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{7b02ef0b-a410-4938-8480-9ba26420a627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

bledulka · Příspěvekod **bledulka** » 19 led 2011 22:17

Parádně zavirováno :twisted:

a ani se tomu nedivím, když máš nelegální antivir a hromadu cracků.
Takže se domluvíme - bud vyměníš ten nelegální antivir a smažeš ty keygeny a cracky a dočistíme ten pc, nebo topic nechám zamknout a pokud si tyto nelegální věci necháš, příště Ti ani nikdo z mých kolegů zde nepomůže.

HommeR · Příspěvekod **HommeR** » 20 led 2011 07:51

OK. Antivir by ted ale měl být vpořádku. Odstraněno, dále log z MBAM a opět odstraněno.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 5555

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

20.1.2011 7:49:01
mbam-log-2011-01-20 (07-49-01).txt

Typ kontroly: Úplný test (C:\|)
Testované objekty: 388287
Uplynulý čas: 1 hodin, 23 minut, 0 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 4

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\Ondra\Ostataní\kaspersky-key\kaspersky_trial_resette_v1.6.0.0_final\Resetter.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
c:\Ondra\torrent-download\stažené torrenty\guitar pro 6.0.1 r7840(bez změny mac adresy + fixed patch + cz návod)\crack-pavka77-gp6.0.1-7840\guitarpro6-patch-fixed.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\Ondra\torrent-download\stažené torrenty\coreldrawgraphicssuitex4\coreldraw.graphics.suite.x4.sp2.v14.0.0.701.all.languages.fixed.keymaker.only-core\keygen.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fadf672a-9a4a-415f-8f2d-b210d030ac7e}\RP892\A0159450.exe (Adware.WhenU) -> Quarantined and deleted successfully.

bledulka · Příspěvekod **bledulka** » 20 led 2011 09:31

Nezlob se, ale ten antivir Ti nevěřím, po té co máš v pc tohle
c:\Ondra\Ostataní\kaspersky-key\kaspersky_trial_resette_v1.6.0.0_final\Resetter.exe
I když odstraníš crack, to nestačí, musíš vyměnit i antivir.

HommeR · Příspěvekod **HommeR** » 20 led 2011 19:14

Dobře, je tam ted Avast.

Příspěvekod **memphisto** » 20 led 2011 19:27

Cracknutý antivir :roll:

K čemu pak taková ochrana je? :lol:

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

HommeR · Příspěvekod **HommeR** » 20 led 2011 20:31

ComboFix 11-01-19.04 - Ondra 20.01.2011 20:01:50.1.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.3326.2496 [GMT 1:00]
Spuštěný z: c:\documents and settings\Ondra\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Kaspersky Anti-Virus *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Ondra\Data aplikací\.#
c:\program files\NetSoftware\IEHelper.dll
c:\windows\settings.reg
c:\windows\ST6UNST.000
c:\windows\system32\Data
c:\windows\system32\drivers\bbcgv.sys
c:\windows\system32\drivers\npf.sys
c:\windows\system32\drivers\uusjkw.sys
c:\windows\system32\Ijl11.dll
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\SCLabel.ocx
c:\windows\system32\twunk_32.exe
c:\windows\system32\vbpng1.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ABEL
-------\Legacy_NPF
-------\Service_Abel
-------\Service_NPF
-------\Service_ujqoqjwi
-------\Service_yfnfaaf

((((((((((((((((((((((((( Soubory vytvořené od 2010-12-20 do 2011-01-20 )))))))))))))))))))))))))))))))
.

2011-01-20 18:09 . 2011-01-13 08:41 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-20 18:09 . 2011-01-13 08:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-20 18:09 . 2011-01-13 08:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-20 18:09 . 2011-01-13 08:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-20 18:09 . 2011-01-13 08:40 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-20 18:09 . 2011-01-13 08:39 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-20 18:09 . 2011-01-13 08:37 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-20 18:09 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr
2011-01-20 18:09 . 2011-01-13 08:47 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-20 18:09 . 2011-01-20 18:09 -------- d-----w- c:\program files\Alwil Software
2011-01-20 18:09 . 2011-01-20 18:09 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2011-01-20 18:00 . 2011-01-20 18:00 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2011-01-19 19:27 . 2011-01-19 19:27 -------- d-----w- c:\documents and settings\Ondra\Data aplikací\Malwarebytes
2011-01-19 19:27 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-19 19:27 . 2011-01-19 19:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-01-19 19:27 . 2011-01-19 19:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-19 19:27 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-19 19:21 . 2011-01-19 19:21 -------- d-----w- c:\program files\CCleaner
2011-01-19 16:13 . 2011-01-19 16:13 -------- d-----w- c:\program files\Výukový program deskriptivní geometrie
2011-01-05 21:57 . 2011-01-05 21:57 4904 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-12-30 12:46 . 2004-07-15 23:20 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2010-12-30 12:46 . 2004-07-15 23:19 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2010-12-30 12:46 . 2004-07-15 23:18 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2010-12-30 12:46 . 2004-07-15 23:18 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2010-12-30 12:46 . 2010-12-30 12:46 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
2010-12-30 12:46 . 2004-07-15 23:20 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2010-12-30 12:46 . 2010-12-30 12:46 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2010-12-29 11:45 . 2010-12-29 11:45 -------- d-----w- c:\program files\Common Files\Skype
2010-12-29 11:38 . 2011-01-20 19:13 -------- d-----w- c:\documents and settings\Ondra\Data aplikací\skypePM
2010-12-26 11:22 . 2010-12-26 11:22 -------- d-----w- c:\documents and settings\Ondra\Data aplikací\QIP
2010-12-26 11:21 . 2010-12-26 11:23 -------- d-----w- C:\QIP Infium
2010-12-25 12:06 . 2008-05-20 16:18 221184 ----a-r- c:\windows\system\cm106eye.exe
2010-12-25 12:06 . 2008-10-14 09:48 278528 ----a-r- c:\windows\system32\CM106rm.exe
2010-12-25 12:06 . 2006-09-13 11:08 491520 ----a-r- c:\windows\system\cmau106.dll
2010-12-25 12:06 . 2004-04-14 09:28 315392 ----a-r- c:\windows\system\fltr106.dll
2010-12-25 12:06 . 2008-10-13 18:21 1506304 ----a-r- c:\windows\system32\drivers\CM106.sys
2010-12-25 12:06 . 2008-07-24 09:55 278528 ------r- c:\windows\Cmi106Uninstall.exe
2010-12-25 12:05 . 2010-12-25 12:05 -------- d-----w- c:\program files\Trust 5.1 Surround Headset

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-08 11:24 . 2010-10-27 15:45 2516 --sha-w- c:\documents and settings\All Users\Data aplikací\KGyGaAvL.sys
2010-11-15 15:33 . 2010-08-31 10:33 53312 ----a-w- c:\windows\system32\drivers\pssdklbf.sys
2010-11-15 15:33 . 2010-08-31 10:33 36928 ----a-w- c:\windows\system32\drivers\pssdk40.sys
2010-10-27 15:45 . 2010-10-27 15:45 8 --sh--r- c:\documents and settings\All Users\Data aplikací\49AEA83F24.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-05-07 188416]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-01 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"nwiz"="nwiz.exe" [2008-05-03 1630208]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 16342528]
"SMail"="c:\program files\Seznam\Postak\Postak.exe" [2006-05-18 450560]
"P17Helper"="P17.dll" [2005-05-03 64512]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2008-09-19 58112]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BOINC Manager.lnk - c:\program files\BOINC\boincmgr.exe [2008-9-19 4190976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"
"Taskman"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-09-29 12:24 184320 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Abel"=2 (0x2)
"O&O Defrag"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"prfldsvc"=2 (0x2)
"PnkBstrB"=2 (0x2)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"NBService"=3 (0x3)
"NIHardwareService"=2 (0x2)
"mnmsrvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Games\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Games\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Games\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Games\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Games\\Empire Earth II\\EE2.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Games\\Rise of Nations\\thrones.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\IronWare Communication\\IW FTPort Client\\Cftp32.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\QIP 2010\\qip.exe"=
"c:\\Program Files\\DsNET Corp\\aTube Catcher 2.0\\yct.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\QIP Infium\\infium.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Games\\Settlers V\\bin\\settlershok.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25999:TCP"= 25999:TCP:cs.xfire.com
"4000:UDP"= 4000:UDP:cs.xfire.com
"6000:UDP"= 6000:UDP:IM
"1024:UDP"= 1024:UDP:cs.xfire.com

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17.5.2008 18:37 682232]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [20.1.2011 19:09 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20.1.2011 19:09 17744]
R2 BOINC;BOINC;c:\program files\BOINC\boinc.exe [19.9.2008 12:44 721664]
R2 Prvflder;Prvflder;c:\windows\system32\drivers\prvflder.sys [21.4.2006 8:22 70912]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [20.9.2009 17:56 10752]
R3 LycoFltr;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [8.11.2009 20:36 21888]
S2 gupdate1c9861058d5cece;Google Update Service (gupdate1c9861058d5cece);c:\program files\Google\Update\GoogleUpdate.exe [3.2.2009 16:01 133104]
S3 PsSdk40;PsSdk40;c:\windows\system32\drivers\pssdk40.sys [31.8.2010 11:33 36928]
S3 PsSdkLBF;PsSdkLBF;c:\windows\system32\drivers\pssdklbf.sys [31.8.2010 11:33 53312]
S3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM106.sys [25.12.2010 13:06 1506304]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 11:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2011-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 15:01]

2011-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 15:01]

2011-01-17 c:\windows\Tasks\HP DArC Task 2003-04-08 07:12ewlett-Packard72002003-04-08 10:45N37F2B0WKI3.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-04-08 10:45]

2011-01-20 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe [2008-05-17 03:03]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.14\AMVConverter\grab.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.14\MediaManager\grab.html
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
DPF: {65D72393-E210-4A2A-B8E0-10AC45986770} - hxxp://pl.recruit.netmonitor.cz/WebInstaller.dll
FF - ProfilePath - c:\documents and settings\Ondra\Data aplikací\Mozilla\Firefox\Profiles\k5gntfgr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=n ... t&hl=cs&q=
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: Url 2 Link: anandcsingh@gmail.com - %profile%\extensions\anandcsingh@gmail.com
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-Cm106Sound - cm106.cpl
Notify-WgaLogon - (no file)
AddRemove-FolderLock6 - c:\program files\Folder Lock\Uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-20 20:13
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

c:\windows\system32\sys_drv.dat 7028 bytes
c:\windows\system32\sys_drv_2.dat 6024 bytes
c:\windows\system32\WinFLdrv.sys 10752 bytes executable
c:\documents and settings\Ondra\Data aplikací\systemfl.$dk 990 bytes

sken byl úspešně dokončen
skryté soubory: 4

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="279BEAED70748FAE0C517D8965F89414E17E1369F023C53034ED148526C6752362351712EF82A6443A749C590F48F1FED8AE999DE2F83445DF26C994080E0C887A51DE68C4D4B0CB316071D5C5BA8E418F4A54492A22B4FA17F2A11DDD529CA483DAA9DCCB73B4546267A91B538FC3EB73AC565A9BB7988361D631FEAB2A8A6AC21D32DDD48AC8336F3CC24A76AE7F54A592824106FA42D57FBBE09C68CBCD92344888DF26EA1D00307B9108E0FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452A9C6AECB7A5D14078EDD5E5BE2F6E66737F9F78480D5AB460C04E8A48572418B6D93CE1BE33DAA081F2107108B2FA77680589E14050305F88C29AE32B56DF617E1A6B4D4B4A3F684DD35007DA9B342C6C612B546BF335E99071CD735A92DAD2FF6F96AE2B4F5173EB6869DF168B93CDA1B168ECB3AEBC1A3A501943D537D23BF0F8822535D64992D6406AE9769741557B0EA3A8D610940883392578D87FD1725AFE0CF650EF3903947B4CAC9B5EE4E525F2790A483B9EC2D221D5A1F7FA14F3383252E0D88FD10C4DF2B4B9C3986EED924782DDFD7005E6B8782199C5932932DD88B397373AE33A157944E5542ED826E9D1F6FC1743331109AB753E59549B050205EB276598616957630386B832915038F6D7901577D85DA3A450C0E1AD777C76FFA1FA4A8DA5C5D2E50AC0E16143CFEE3CCB387605E7E03E6CA8EDBB0A03C3702D4C84434D4A9A7905E169EF45A8DBEA3BBC7755328C33043F663CB07BDD73434723C4B316F2996D3D223B27E7FA3938146261B588101FE9B10DC0E2D18A6C889EC4AE8BAFC8842D23FC693F6571C40CE9301807D646501DAEF8F051AF00A7227F288FCCFA3F7B40E4636BE848E9B7C065C50DEB222A53C9283D248255CE6A455C7CF9A5159AD6E279DEAE4B520C6F4416ACFA64BDA7828F64B42A48E42A4450540BD0C87EA65E0659325EDF660C94A409F7CF881071A33E15E3E18745DAF2CC5C7B2CD9B7B59F3B30564F01CF2529068709BAD6F70CABD4FE36B56DE3D7BA9CEDB548E9BFD4E02A166713D5D5214CDC0E4B2CC96374C1C609A3248B6C6F8FE798F0DB4FA3C87DA603E5552D5CBC500F4188E185BCC68975BD2BD0748B2A362C387875810D2CF41C7A8DCE88582209655BC3CFE07F7E86E27F1FE65C489F6FD4F7FB6C5153274EBD2D31CE64EEAE275551511AA44D39ED0D0F2A963C3ADF26E62C5CE7DA71F48072183E86C79CFD2F48EF9A3F3A5D05CE28BE0B63B3DD29D4766BCC9B34B321F30F390DCC9304EB2E03AD74E699C2EFABF29DDE1570E7F7F8EE95A63516559D37A34635604845850F9B92EAFCE0585D5F2259FAAD7F910243D1FA89E734154C36E6A7D77D5E633F8729093AD"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1352)
c:\windows\system32\klogon.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll

- - - - - - - > 'explorer.exe'(3204)
c:\program files\Microsoft Private Folder 1.0\ShellExt.dll
c:\windows\system32\PFLib.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\tray.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\documents and settings\All Users\Data aplikací\BOINC\projects\setiathome.berkeley.edu\astropulse_5.05_windows_intelx86.exe
c:\documents and settings\All Users\Data aplikací\BOINC\projects\setiathome.berkeley.edu\astropulse_5.05_windows_intelx86.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\Rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\RunDll32.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-01-20 20:17:18 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-01-20 19:17

Před spuštěním: Volných bajtů: 109 357 875 200
Po spuštění: Volných bajtů: 109 561 925 632

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - B51BA0C9F77756577032EBD01F9F97D0

bledulka · Příspěvekod **bledulka** » 20 led 2011 21:40

Fuj

, aspon vidíš, co sis tam všechno těmi keygeny natahal....stádečko rootkitů :lol:

.
Když dáš Avast a nějaký dobrý firewall, třeba Zone alarm nebo Comodo a nebudeš stahovat nelegální programy, budeš mít pc čistoučké jak děckou prdýlku :lol:

občas vypadává internet tebo je problém se sítí.

Za to mohli ti rootkiti, když si pěkně komunikovali po síti :roll:

.

Otestuj na http://www.virustotal.com

c:\windows\system32\sys_drv.dat
c:\windows\system32\sys_drv_2.dat
c:\windows\system32\WinFLdrv.sys
c:\documents and settings\Ondra\Data aplikací\systemfl.$dk
c:\documents and settings\All Users\Data aplikací\49AEA83F24.sys

-Do okénka zkopíruj cestu k souboru , pokud napíše, že soubor byl už testován, dej otestovat znovu.
-Sem vlož link s výsledky.

Stáhni OTL
http://oldtimer.geekstogo.com/OTL.exe
-do spodního okénka vlož tento skript:

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c

-dej fajfku do čtverečku u řádku Pro všechny uživatele
-nech ostatní položky jak je nastaveno na screenu
- potvrď tlačítko Prohledat.
-provede se sken, log OTL.Txt sem vlož

HommeR · Příspěvekod **HommeR** » 20 led 2011 22:37

Ten rootkit funguje jak?

Ještě se vrátím k tomu z logu z HJT, ty položky v O1 (hosts), asi by tam taky neměly co dělat, stačí smazat ze souboru hosts, nebo fixnout?

Virustotal:
http://www.virustotal.com/file-scan/rep ... 1295557337
http://www.virustotal.com/file-scan/rep ... 1295557445
http://www.virustotal.com/file-scan/rep ... 1295557487
http://www.virustotal.com/file-scan/rep ... 1295557542
http://www.virustotal.com/file-scan/rep ... 1295557559

HommeR · Příspěvekod **HommeR** » 20 led 2011 22:38

OTL log:

OTL logfile created on: 20.1.2011 22:08:49 - Run 1
OTL by OldTimer - Version 3.2.20.3 Folder = C:\Documents and Settings\Ondra\Plocha
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 69,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 4989 4989 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465,75 Gb Total Space | 102,05 Gb Free Space | 21,91% Space Free | Partition Type: NTFS

Computer Name: OVCE | User Name: Ondra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2011.01.20 22:06:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ondra\Plocha\OTL.exe
PRC - [2011.01.20 20:29:11 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2011.01.20 20:29:07 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.01.13 09:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011.01.13 09:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010.10.14 09:29:08 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010.04.21 15:17:38 | 005,559,248 | ---- | M] (QIP) -- C:\Program Files\QIP 2010\qip.exe
PRC - [2009.06.25 04:58:46 | 000,479,232 | ---- | M] () -- C:\Documents and Settings\All Users\Data aplikací\BOINC\projects\setiathome.berkeley.edu\astropulse_5.05_windows_intelx86.exe
PRC - [2008.12.30 20:28:26 | 000,358,400 | ---- | M] (AIMP DevTeam) -- C:\Program Files\AIMP2\AIMP2.exe
PRC - [2008.12.01 20:59:58 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008.11.10 17:00:52 | 000,406,016 | ---- | M] (Space Sciences Laboratory) -- C:\Documents and Settings\All Users\Data aplikací\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe
PRC - [2008.09.19 12:44:22 | 000,058,112 | ---- | M] (Space Sciences Laboratory) -- C:\Program Files\BOINC\boinctray.exe
PRC - [2008.09.19 12:44:20 | 004,190,976 | ---- | M] (Space Sciences Laboratory) -- C:\Program Files\BOINC\boincmgr.exe
PRC - [2008.09.19 12:44:16 | 000,721,664 | ---- | M] (Space Sciences Laboratory) -- C:\Program Files\BOINC\boinc.exe
PRC - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007.06.13 14:23:39 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.05.18 13:36:14 | 000,450,560 | ---- | M] (Seznam.cz a.s.) -- C:\Program Files\Seznam\Postak\Postak.exe
PRC - [2003.05.07 20:56:22 | 000,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

========== Modules (SafeList) ==========

MOD - [2011.01.20 22:06:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ondra\Plocha\OTL.exe
MOD - [2011.01.13 09:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2007.11.06 13:20:12 | 000,495,432 | ---- | M] () -- C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll
MOD - [2007.07.11 13:06:58 | 000,028,740 | ---- | M] (Stardock.Net, Inc) -- C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll
MOD - [2006.08.25 16:51:20 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011.01.13 09:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009.04.08 01:40:52 | 001,377,536 | ---- | M] (O&O Software GmbH) [Disabled | Stopped] -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag)
SRV - [2008.12.17 20:33:54 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.09.19 12:44:16 | 000,721,664 | ---- | M] (Space Sciences Laboratory) [Auto | Running] -- C:\Program Files\BOINC\boinc.exe -- (BOINC)
SRV - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2006.04.21 21:06:14 | 000,069,632 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe -- (prfldsvc)
SRV - [2003.05.14 20:45:04 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011.01.13 09:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.01.13 09:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.01.13 09:40:04 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011.01.13 09:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.01.13 09:37:11 | 000,029,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011.01.13 09:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.11.15 16:33:24 | 000,053,312 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pssdklbf.sys -- (PsSdkLBF)
DRV - [2010.11.15 16:33:21 | 000,036,928 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pssdk40.sys -- (PsSdk40)
DRV - [2010.06.18 12:55:58 | 000,023,217 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Games\Lineage II - IL - Coexistens\system\npkcrypt.sys -- (npkcrypt)
DRV - [2010.06.18 12:55:58 | 000,015,472 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Games\Lineage II - IL - Coexistens\system\npkcusb.sys -- (npkcusb)
DRV - [2009.09.20 17:56:58 | 000,180,224 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\WinVd32.sys -- (WinVd32)
DRV - [2009.09.20 17:56:57 | 000,010,752 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\system32\WinFLdrv.sys -- (WinFLdrv)
DRV - [2009.02.16 18:58:31 | 000,033,808 | ---- | M] (Kaspersky Lab) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg)
DRV - [2009.02.16 18:58:30 | 000,213,520 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (klif)
DRV - [2008.11.02 09:44:10 | 000,056,572 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008.10.13 19:21:24 | 001,506,304 | R--- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CM106.sys -- (USBMULCD)
DRV - [2008.05.17 18:37:18 | 000,682,232 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.05.03 04:46:00 | 006,554,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008.04.16 14:23:44 | 000,112,144 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2008.03.25 20:07:10 | 000,024,592 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2007.09.27 21:12:36 | 000,021,888 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Lycosa.sys -- (LycoFltr)
DRV - [2007.05.10 11:28:00 | 004,419,584 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtkhdaud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006.11.02 07:01:00 | 000,250,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006.09.05 23:56:44 | 000,044,224 | R--- | M] (BVRP Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bvrpmpr5.sys -- (BVRPMPR5)
DRV - [2006.04.21 08:22:24 | 000,070,912 | ---- | M] (Windows (R) 2000 DDK provider) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\prvflder.sys -- (Prvflder)
DRV - [2006.03.02 13:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2006.03.02 13:00:00 | 000,012,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2005.10.21 07:25:32 | 000,013,396 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtictwl.sys -- (MagicTune)
DRV - [2005.07.07 09:14:30 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2005.03.03 18:53:57 | 000,048,640 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005.02.23 16:59:54 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005.01.10 11:15:30 | 000,106,496 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005.01.10 11:15:24 | 000,138,752 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2005.01.07 16:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004.12.03 11:20:41 | 000,020,544 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2004.08.03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Ovladač zvukové karty USB (WDM)
DRV - [2004.08.03 23:00:14 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\Changer.sys -- (Changer)
DRV - [2004.08.03 22:59:34 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2004.05.13 14:00:04 | 000,111,808 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004.05.13 12:19:36 | 000,079,488 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2003.12.01 16:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003.09.06 13:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-776561741-1767777339-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-776561741-1767777339-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-776561741-1767777339-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-776561741-1767777339-725345543-1004\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Value error. File not found
IE - HKU\S-1-5-21-776561741-1767777339-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-776561741-1767777339-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: anandcsingh@gmail.com:0.6
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=navclient&hl=cs&q="
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.01.20 20:29:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.20 20:29:19 | 000,000,000 | ---D | M]

[2010.07.09 20:11:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ondra\Data aplikací\Mozilla\Extensions
[2011.01.19 04:29:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ondra\Data aplikací\Mozilla\Firefox\Profiles\k5gntfgr.default\extensions
[2010.12.13 16:23:56 | 000,000,000 | ---D | M] ("Garmin Communicator") -- C:\Documents and Settings\Ondra\Data aplikací\Mozilla\Firefox\Profiles\k5gntfgr.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010.09.12 16:38:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ondra\Data aplikací\Mozilla\Firefox\Profiles\k5gntfgr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.09.12 16:38:15 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Ondra\Data aplikací\Mozilla\Firefox\Profiles\k5gntfgr.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010.12.25 10:10:43 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Ondra\Data aplikací\Mozilla\Firefox\Profiles\k5gntfgr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.12.25 10:10:41 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Ondra\Data aplikací\Mozilla\Firefox\Profiles\k5gntfgr.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010.07.09 20:16:40 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Ondra\Data aplikací\Mozilla\Firefox\Profiles\k5gntfgr.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.12.13 16:23:55 | 000,000,000 | ---D | M] (Url 2 Link) -- C:\Documents and Settings\Ondra\Data aplikací\Mozilla\Firefox\Profiles\k5gntfgr.default\extensions\anandcsingh@gmail.com
[2010.07.09 20:11:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ONDRA\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\K5GNTFGR.DEFAULT\EXTENSIONS\{195A3098-0BD5-4E90-AE22-BA1C540AFD1E}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ONDRA\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\K5GNTFGR.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ONDRA\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\K5GNTFGR.DEFAULT\EXTENSIONS\{3112CA9C-DE6D-4884-A869-9855DE68056C}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ONDRA\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\K5GNTFGR.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ONDRA\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\K5GNTFGR.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ONDRA\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\K5GNTFGR.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ONDRA\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\K5GNTFGR.DEFAULT\EXTENSIONS\ANANDCSINGH@GMAIL.COM
[2009.01.06 15:29:03 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.01.20 20:29:14 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2011.01.20 20:29:14 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2011.01.20 20:29:14 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2011.01.20 20:29:14 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2011.01.20 20:29:14 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2011.01.20 20:10:49 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - Reg Error: Value error. File not found
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (WebTransBHO Class) - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (IEHlprObj Class) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (WebTranslator) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll ()
O3 - HKU\S-1-5-21-776561741-1767777339-725345543-1004\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-776561741-1767777339-725345543-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-776561741-1767777339-725345543-1004\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [SMail] C:\Program Files\Seznam\Postak\Postak.exe (Seznam.cz a.s.)
O4 - HKU\S-1-5-21-776561741-1767777339-725345543-1004..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKU\S-1-5-21-776561741-1767777339-725345543-1004..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe (Methlabs)
O4 - HKU\S-1-5-21-776561741-1767777339-725345543-1004..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-776561741-1767777339-725345543-1008..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-776561741-1767777339-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-776561741-1767777339-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-776561741-1767777339-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-776561741-1767777339-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-776561741-1767777339-725345543-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-776561741-1767777339-725345543-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: WikiKomentáře Google... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll ()
O9 - Extra 'Tools' menuitem : &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll ()
O9 - Extra 'Tools' menuitem : Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll ()
O9 - Extra 'Tools' menuitem : Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/200 ... oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {65D72393-E210-4A2A-B8E0-10AC45986770} http://pl.recruit.netmonitor.cz/WebInstaller.dll (GWebInstallControl Object)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.com/content/DriverDow ... eqlab2.cab (System Requirements Lab Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl.sun.com/webapps/download/ ... leId=26688 (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4 ... s-i586.cab (Java Plug-in 1.4.1)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/fl ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O20 - Winlogon\Notify\WBSrv: DllName - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll - C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll (Stardock Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Ondra\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ondra\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.05.17 12:42:39 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\divxa32.acm (Kristal StudioDFileDescription)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\WINDOWS\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\WINDOWS\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.FMVC - C:\WINDOWS\System32\fmcodec.DLL (Fox Magic Software)
Drivers32: VIDC.HFYU - C:\WINDOWS\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.i263 - C:\WINDOWS\System32\I263_32.drv (Intel Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP70 - C:\WINDOWS\System32\vp7vfw.dll (On2.com)
Drivers32: VIDC.X264 - C:\WINDOWS\System32\x264vfw.dll ()
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (58560405907177472)

========== Files/Folders - Created Within 7 Days ==========

[2011.01.20 22:06:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ondra\Plocha\OTL.exe
[2011.01.20 19:58:35 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011.01.20 19:56:20 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011.01.20 19:56:20 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011.01.20 19:56:20 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011.01.20 19:56:20 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011.01.20 19:56:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011.01.20 19:55:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.01.20 19:09:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\avast! Free Antivirus
[2011.01.20 19:09:53 | 000,294,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011.01.20 19:09:53 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011.01.20 19:09:51 | 000,047,440 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011.01.20 19:09:51 | 000,023,632 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011.01.20 19:09:49 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011.01.20 19:09:49 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011.01.20 19:09:49 | 000,029,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011.01.20 19:09:37 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011.01.20 19:09:36 | 000,188,216 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011.01.20 19:09:30 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2011.01.20 19:09:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2011.01.20 19:00:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\MFAData
[2011.01.19 20:27:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ondra\Data aplikací\Malwarebytes
[2011.01.19 20:27:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.01.19 20:27:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes' Anti-Malware
[2011.01.19 20:27:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2011.01.19 20:27:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.01.19 20:27:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.01.19 20:24:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ondra\Recent
[2011.01.19 20:21:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ondra\Nabídka Start\Programy\CCleaner
[2011.01.19 20:21:22 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.01.19 19:57:59 | 000,396,288 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Ondra\Plocha\hijackthis.exe
[2011.01.19 17:13:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Výukový program deskriptivní geometrie
[2011.01.19 17:13:40 | 000,000,000 | ---D | C] -- C:\Program Files\Výukový program deskriptivní geometrie
[2008.09.19 19:33:03 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Ondra\Data aplikací\pcouffin.sys
[2008.05.18 12:35:23 | 000,065,536 | R--- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2011.01.20 22:06:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ondra\Plocha\OTL.exe
[2011.01.20 21:34:00 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.01.20 21:27:02 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily.job
[2011.01.20 20:12:32 | 000,000,257 | ---- | M] () -- C:\WINDOWS\system.ini
[2011.01.20 20:11:37 | 000,177,421 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011.01.20 20:10:49 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011.01.20 20:09:39 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.01.20 20:09:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2011.01.20 20:09:26 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.01.20 20:09:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.01.20 20:09:19 | 000,104,714 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor
[2011.01.20 20:08:25 | 008,691,232 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2011.01.20 20:08:25 | 001,835,040 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2011.01.20 20:08:25 | 000,070,028 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2011.01.20 20:08:25 | 000,008,400 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2011.01.20 20:08:13 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Ondra\ntuser.ini
[2011.01.20 20:08:12 | 016,515,072 | ---- | M] () -- C:\Documents and Settings\Ondra\ntuser.dat
[2011.01.20 19:58:45 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011.01.20 19:52:28 | 004,158,604 | R--- | M] () -- C:\Documents and Settings\Ondra\Plocha\ComboFix.exe
[2011.01.20 19:09:54 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\avast! Free Antivirus.lnk
[2011.01.20 19:09:50 | 000,002,553 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011.01.20 19:08:55 | 049,962,600 | ---- | M] () -- C:\Documents and Settings\Ondra\Plocha\setup_av_free_cze.exe
[2011.01.19 20:21:25 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Ondra\Plocha\CCleaner.lnk
[2011.01.19 19:57:59 | 000,396,288 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Ondra\Plocha\hijackthis.exe
[2011.01.19 17:13:41 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\Ondra\Plocha\Výukový program deskriptivní geometrie.lnk
[2011.01.18 15:27:08 | 001,784,904 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.01.17 21:28:07 | 000,000,320 | ---- | M] () -- C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#7200#CN37F2B0WKI3.job
[2011.01.16 08:47:45 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.01.20 19:58:45 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011.01.20 19:58:40 | 000,261,312 | RHS- | C] () -- C:\cmldr
[2011.01.20 19:56:20 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011.01.20 19:56:20 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011.01.20 19:56:20 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011.01.20 19:56:20 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011.01.20 19:56:20 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011.01.20 19:52:07 | 004,158,604 | R--- | C] () -- C:\Documents and Settings\Ondra\Plocha\ComboFix.exe
[2011.01.20 19:09:54 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\avast! Free Antivirus.lnk
[2011.01.20 19:07:44 | 049,962,600 | ---- | C] () -- C:\Documents and Settings\Ondra\Plocha\setup_av_free_cze.exe
[2011.01.19 20:21:24 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\Ondra\Plocha\CCleaner.lnk
[2011.01.19 17:13:41 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\Ondra\Plocha\Výukový program deskriptivní geometrie.lnk
[2010.12.25 13:06:47 | 000,000,125 | ---- | C] () -- C:\WINDOWS\Cm106.ini.cfl
[2010.12.25 13:06:13 | 000,001,249 | R--- | C] () -- C:\WINDOWS\Cm106.ini.cfg
[2010.12.25 13:05:52 | 000,001,206 | R--- | C] () -- C:\WINDOWS\cm106.ini
[2010.12.18 00:04:21 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010.11.07 11:29:29 | 000,000,856 | ---- | C] () -- C:\WINDOWS\l2fish.ini
[2010.10.27 16:45:44 | 000,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\KGyGaAvL.sys
[2010.10.27 16:45:44 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\49AEA83F24.sys
[2010.08.31 11:34:02 | 000,005,682 | ---- | C] () -- C:\WINDOWS\l2control.ini
[2010.03.18 14:40:58 | 000,000,110 | ---- | C] () -- C:\WINDOWS\GMouse.ini
[2010.02.20 08:52:52 | 000,000,197 | ---- | C] () -- C:\WINDOWS\ppdrv.ini
[2010.02.13 10:00:50 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\LocalService\Data aplikací\sgcpom.dat
[2009.09.22 20:08:37 | 000,000,073 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009.09.22 20:04:39 | 000,000,459 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2009.09.20 17:56:58 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\WinVd32.sys
[2009.08.12 08:21:50 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\Ondra\Data aplikací\vso_ts_preview.xml
[2009.05.28 18:46:05 | 000,000,024 | ---- | C] () -- C:\WINDOWS\LogonStudio.ini
[2009.05.28 18:45:22 | 000,187,392 | ---- | C] () -- C:\WINDOWS\System32\JPGUtils.dll
[2009.03.21 08:44:46 | 000,000,884 | ---- | C] () -- C:\WINDOWS\ARCHPR.INI
[2009.01.31 20:08:44 | 000,002,686 | ---- | C] () -- C:\WINDOWS\TRNCOM.INI
[2008.12.02 21:06:21 | 000,013,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\mtictwl.sys
[2008.09.30 16:43:28 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Ondra\Data aplikací\inst.exe
[2008.09.27 10:54:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WB.ini
[2008.09.19 19:33:04 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\Ondra\Data aplikací\ezpinst.exe
[2008.09.19 19:33:03 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Ondra\Data aplikací\pcouffin.cat
[2008.09.19 19:33:03 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Ondra\Data aplikací\pcouffin.inf
[2008.09.17 06:04:09 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\Ondra\Local Settings\Data aplikací\fusioncache.dat
[2008.09.16 18:51:25 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2008.08.01 17:27:12 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\msvocwordm.dll
[2008.06.10 19:58:19 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008.06.10 19:58:16 | 002,121,235 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2008.06.10 19:58:15 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.06.10 19:58:15 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008.06.10 19:58:15 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008.06.10 19:58:14 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.06.10 19:58:14 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008.06.09 06:02:12 | 000,009,846 | ---- | C] () -- C:\WINDOWS\System32\mswoncorem.dll
[2008.06.06 19:16:52 | 000,000,072 | ---- | C] () -- C:\WINDOWS\MediaManager.INI
[2008.05.20 13:08:05 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.05.18 12:35:24 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2008.05.18 12:35:23 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2008.05.18 08:41:07 | 000,137,928 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008.05.18 08:41:06 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Ondra\Data aplikací\PnkBstrK.sys
[2008.05.17 19:44:35 | 001,012,262 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008.05.17 19:44:34 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.05.17 19:44:10 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\desktop.ini
[2008.05.17 18:37:18 | 000,682,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008.05.17 12:45:16 | 000,170,096 | ---- | C] () -- C:\Documents and Settings\Ondra\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
[2008.05.17 12:43:00 | 003,174,488 | -H-- | C] () -- C:\Documents and Settings\Ondra\Local Settings\Data aplikací\IconCache.db
[2008.05.17 12:37:48 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008.05.17 12:37:48 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008.05.17 12:37:48 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008.05.17 12:37:48 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008.05.17 12:37:48 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008.05.17 12:24:23 | 000,216,064 | ---- | C] () -- C:\Documents and Settings\Ondra\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.05.17 12:03:55 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\Ondra\Data aplikací\desktop.ini
[2008.05.17 11:58:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2008.05.17 11:55:39 | 000,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2008.05.17 11:55:39 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2008.05.17 11:54:48 | 000,026,364 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2008.05.17 11:54:47 | 000,003,680 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2008.03.07 03:49:56 | 000,007,237 | ---- | C] () -- C:\WINDOWS\cadx2.ini
[2006.03.02 13:00:00 | 001,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini
[2006.03.02 13:00:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll
[2006.03.02 13:00:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll
[2006.03.02 13:00:00 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll
[2006.03.02 13:00:00 | 000,253,440 | ---- | C] () -- C:\WINDOWS\System32\compatUI.dll
[2006.03.02 13:00:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll
[2006.03.02 13:00:00 | 000,186,368 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll
[2006.03.02 13:00:00 | 000,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll
[2006.03.02 13:00:00 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll
[2006.03.02 13:00:00 | 000,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini
[2006.03.02 13:00:00 | 000,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys
[2006.03.02 13:00:00 | 000,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys
[2006.03.02 13:00:00 | 000,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys
[2006.03.02 13:00:00 | 000,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys
[2006.03.02 13:00:00 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys
[2006.03.02 13:00:00 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys
[2006.03.02 13:00:00 | 000,033,904 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys
[2006.03.02 13:00:00 | 000,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys
[2006.03.02 13:00:00 | 000,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys
[2006.03.02 13:00:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys
[2006.03.02 13:00:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys
[2006.03.02 13:00:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\NSREG.DLL
[2006.03.02 13:00:00 | 000,027,898 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys
[2006.03.02 13:00:00 | 000,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys
[2006.03.02 13:00:00 | 000,015,983 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini
[2006.03.02 13:00:00 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll
[2006.03.02 13:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll
[2006.03.02 13:00:00 | 000,013,546 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini
[2006.03.02 13:00:00 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll
[2006.03.02 13:00:00 | 000,009,035 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys
[2006.03.02 13:00:00 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini
[2006.03.02 13:00:00 | 000,004,880 | ---- | C] () -- C:\WINDOWS\System32\himem.sys
[2006.03.02 13:00:00 | 000,003,010 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini
[2006.03.02 13:00:00 | 000,002,932 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini
[2006.03.02 13:00:00 | 000,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini
[2006.03.02 13:00:00 | 000,001,256 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini
[2006.03.02 13:00:00 | 000,000,624 | ---- | C] () -- C:\WINDOWS\win.ini
[2006.03.02 13:00:00 | 000,000,359 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini
[2006.03.02 13:00:00 | 000,000,257 | ---- | C] () -- C:\WINDOWS\system.ini
[2005.07.07 10:26:56 | 000,005,627 | R--- | C] () -- C:\WINDOWS\System32\Ludap17.ini
[2005.03.08 07:17:08 | 000,000,039 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005.02.05 20:46:00 | 000,004,608 | ---- | C] () -- C:\WINDOWS\fgexec.dll
[2004.08.28 15:00:59 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\MPEGCreator.dll
[2004.08.11 12:41:08 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\WMVCreator.dll
[2004.08.11 12:03:13 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\AVICreator.dll
[2004.05.20 16:50:14 | 001,537,536 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-hi.dll
[2003.08.07 20:01:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2001.10.24 13:25:00 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll
[2001.01.12 10:49:38 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll

Prosím o kontrolu z HJT

Prosím o kontrolu z HJT

Re: Prosím o kontrolu z HJT

Re: Prosím o kontrolu z HJT

Re: Prosím o kontrolu z HJT

Re: Prosím o kontrolu z HJT

Re: Prosím o kontrolu z HJT

Re: Prosím o kontrolu z HJT

Re: Prosím o kontrolu z HJT

Re: Prosím o kontrolu z HJT

Re: Prosím o kontrolu z HJT

Re: Prosím o kontrolu z HJT

Re: Prosím o kontrolu z HJT

Kdo je online