Personal Shield Pro - jak odstranit.

[ChosseCV]

Prosím mohl by mi někdo z adminů pomoci s odstraněním tohoto viru ?
Předem mnohokrát děkuji za čas strávený při řešení mého problému .

OS již jednou samovolně spadnul, jinak windows nechce nic spustit, jediné co funguje je exploler, jasně modrá plocha pozadí.

[Caroprd111]

Zdravím

Můžete sem vložit log z RSIT?

[ChosseCV]

RSIT se mi nechce spustit, vir ho asi blokuje, poraďte prosím jak dál.
Mám přepnout počítač do nouzového režimu ?

V nouzovém režimu jsem udělal log RSIT.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2011-07-19 18:16:07
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 23 GB (66%) free of 35 GB
Total RAM: 1014 MB (80% free)

HijackThis download failed

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\ut4jtdo4.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "jqs@sun.com:1.0, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.18"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321]
"Description"=RealMedia Plugin
"Path"=C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483]
"Description"=RealPlayer Version Plugin
"Path"=C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsIQTScriptablePlugin.xpt
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
npnul32.dll
NPOlp32.dll
nppdf32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\ut4jtdo4.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll [2009-01-27 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-08-04 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NWTRAY"=C:\WINDOWS\system32\NWTRAY.EXE [2002-03-12 28672]
"Zástupce stránky vlastností sběrnice High Definition Audio"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952]
"picon"=C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [2008-07-23 773144]
"NDPS"=C:\WINDOWS\system32\dpmw32.exe [2004-05-17 32859]
"McAfeeUpdaterUI"=C:\Program Files\McAfee\Common Framework\udaterui.exe [2009-09-22 136512]
"ShStatEXE"=C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2009-01-27 111952]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-04-05 94208]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-04-05 77824]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2005-04-05 114688]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"OLPSYNCH"=C:\Program Files\Offline Course Player\OlpSynch.exe [2009-08-21 42288]
""= []
"EpsonAPD4SV"=C:\Program Files\EPSON\EPSON Advanced Printer Driver 4\Tools\EAPSV\EAPSV.EXE [2010-04-08 210368]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"iK02300LePiB02300"=C:\Documents and Settings\All Users\Data aplikací\iK02300LePiB02300\iK02300LePiB02300 [2011-07-19 208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-04-05 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwv1_0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\gxohrixs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\gxohrixs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"CompatibleRUPSecurity"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\dpmw32.exe"="C:\WINDOWS\system32\dpmw32.exe:*:Enabled:NDPS RPM & Notification Listener"
"C:\Program Files\Microsoft Office 2007\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office 2007\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe"="C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\Program Files\wincmd\TOTALCMD.EXE"="C:\Program Files\wincmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.iac2"=C:\WINDOWS\System32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"vidc.DIVX"=DivX.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"midi6"=wdmaud.drv
"wave6"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave7"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave8"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer8"=wdmaud.drv
"wave9"=wdmaud.drv
"mixer9"=wdmaud.drv
"aux3"=wdmaud.drv
"aux2"=wdmaud.drv
"aux4"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-07-19 18:16:11 ----D---- C:\Program Files\trend micro
2011-07-19 18:16:07 ----D---- C:\rsit
2011-07-19 18:14:24 ----A---- C:\WINDOWS\ntbtlog.txt
2011-07-19 17:17:37 ----D---- C:\Documents and Settings\All Users\Data aplikací\iK02300LePiB02300
2011-07-19 07:17:17 ----A---- C:\WINDOWS\system32\drivers\gxohrixs.sys
2011-07-13 13:25:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2507938$
2011-07-13 13:22:18 ----HDC---- C:\WINDOWS\$NtUninstallKB2555917$
2011-06-30 01:04:43 ----HDC---- C:\WINDOWS\$NtUninstallKB2541763$
2011-06-26 16:25:38 ----A---- C:\WINDOWS\WINBASE.INI
2011-06-20 10:13:05 ----D---- C:\Program Files\Common Files\EPSON
2011-06-20 10:12:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\EPSON
2011-06-20 10:12:35 ----A---- C:\WINDOWS\system32\drivers\TMUSBXP.sys
2011-06-20 10:11:46 ----A---- C:\WINDOWS\system32\EAPTMT20LM.dll
2011-06-20 10:11:46 ----A---- C:\WINDOWS\system32\EAPTMLM.dll
2011-06-20 10:11:46 ----A---- C:\WINDOWS\system32\eaptmco.dll
2011-06-20 10:11:46 ----A---- C:\WINDOWS\system32\EAPRPLM.dll
2011-06-20 10:11:46 ----A---- C:\WINDOWS\system32\EAPPHPMUI.dll
2011-06-20 10:11:46 ----A---- C:\WINDOWS\system32\EAPPHPM.dll
2011-06-20 10:11:46 ----A---- C:\WINDOWS\system32\EAPDMLM.dll
2011-06-20 10:11:45 ----D---- C:\Program Files\EPSON

======List of files/folders modified in the last 1 month======

2011-07-19 18:16:11 ----AD---- C:\Program Files
2011-07-19 18:14:24 ----AD---- C:\WINDOWS
2011-07-19 18:00:09 ----D---- C:\WINDOWS\Temp
2011-07-19 17:54:01 ----A---- C:\WINDOWS\system32\log.txt
2011-07-19 07:17:17 ----D---- C:\WINDOWS\system32\drivers
2011-07-16 05:57:58 ----AD---- C:\WINDOWS\system32
2011-07-15 23:33:35 ----D---- C:\Program Files\Mozilla Firefox
2011-07-13 15:08:38 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-13 13:25:27 ----HD---- C:\WINDOWS\inf
2011-07-13 13:25:26 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-07-13 13:23:22 ----A---- C:\WINDOWS\system32\MRT.exe
2011-07-13 13:23:17 ----SHD---- C:\WINDOWS\Installer
2011-07-13 13:23:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2011-07-13 13:22:28 ----A---- C:\WINDOWS\imsins.BAK
2011-07-13 13:19:07 ----HD---- C:\WINDOWS\$hf_mig$
2011-07-09 01:31:41 ----A---- C:\WINDOWS\wincmd.ini
2011-06-30 01:05:14 ----D---- C:\Program Files\Microsoft Office
2011-06-29 04:52:27 ----D---- C:\WINDOWS\system32\CatRoot
2011-06-23 01:17:04 ----D---- C:\WINDOWS\Help
2011-06-20 16:35:47 ----D---- C:\WINDOWS\Microsoft.NET
2011-06-20 16:35:40 ----RSD---- C:\WINDOWS\assembly
2011-06-20 15:31:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-06-20 15:31:26 ----D---- C:\WINDOWS\WinSxS
2011-06-20 10:15:00 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-06-20 10:13:05 ----AD---- C:\Program Files\Common Files
2011-06-20 10:11:45 ----HD---- C:\Program Files\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 atiide;atiide; C:\WINDOWS\system32\DRIVERS\atiide.sys [2006-09-13 3456]
R0 NCFilter;Novell UNC Path Filter - Filter; C:\WINDOWS\system32\DRIVERS\NCFilter.sys [2009-12-16 80000]
R0 NCRecognizer;Novell UNC Path Filter - Recognizer; C:\WINDOWS\system32\DRIVERS\NCRecognizer.sys [2009-12-16 90240]
R0 NCUncFilter;Novell UNC Path Filter - UNC Filter; C:\WINDOWS\system32\DRIVERS\NCUncFilter.sys [2009-12-16 14720]
R0 NICM;Novell InterService Communication Driver; C:\WINDOWS\System32\drivers\nicm.sys [2008-01-08 38603]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PBADRV;PBADRV; C:\WINDOWS\system32\DRIVERS\PBADRV.sys [2008-06-04 26608]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [2003-10-28 20016]
R0 viaagp1;VIA AGP Filter; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [2002-07-24 32128]
R0 viasraid;viasraid; C:\WINDOWS\System32\DRIVERS\viasraid.sys [2003-10-31 77312]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 TMUSB;EPSON USB Device Driver for TM/BA/EU Printers; C:\WINDOWS\system32\DRIVERS\TMUSBXP.SYS [2009-11-25 48384]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2002-08-27 91390]
S1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 41600]
S1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
S1 mfetdik;McAfee Inc.; C:\WINDOWS\system32\drivers\mfetdik.sys [2009-01-27 52168]
S1 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2008-04-14 31744]
S1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
S2 EPSON TM Parallel Port Driver;EPSON TM Parallel Port Driver; \??\C:\WINDOWS\system32\drivers\tmlpt.sys []
S2 gxohrixs;gxohrixs; C:\WINDOWS\system32\drivers\gxohrixs.sys [2011-07-19 96256]
S2 irda;Protokol IrDA; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192]
S2 NetwareWorkstation;Novell Client for Windows; C:\WINDOWS\System32\NetWare\nwfs.sys [2009-10-02 553728]
S2 NWSIPX32;Novell NetWare IPX/SPX Transport Interface; C:\WINDOWS\System32\NetWare\nwsipx32.sys [2008-08-04 58496]
S2 RESMGR;Novell NetWare Resource Manager; C:\WINDOWS\System32\NetWare\resmgr.sys [2008-07-21 29440]
S2 SRVLOC;Novell Service Location; C:\WINDOWS\System32\NetWare\srvloc.sys [2009-09-04 185344]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2002-08-27 71258]
S3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys []
S3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys []
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS []
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 b57w2k;Broadcom NetXtreme 57xx Gigabit Controller; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-06-06 161792]
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-05-17 44544]
S3 cpudrv;cpudrv; \??\C:\Program Files\SystemRequirementsLab\cpudrv.sys []
S3 Dot4;Ovladač MS IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys []
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K; C:\WINDOWS\system32\DRIVERS\e1k5132.sys []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [2004-01-09 42496]
S3 genmcmn;Genius NetScroll Optical Mouse Driver; C:\WINDOWS\System32\DRIVERS\gmfiltr.sys []
S3 GMSIPCI;GMSIPCI; \??\R:\INSTALL\GMSIPCI.SYS []
S3 HdAudAddService;Ovladač funkcí Microsoft UAA pro služby sběrnice High Definition Audio; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
S3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
S3 HECI;Intel(R) Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2008-07-23 40832]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-04-05 830684]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys []
S3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\System32\DRIVERS\irsir.sys [2001-08-17 18688]
S3 k57w2k;Broadcom NetLink (TM) Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\k57xp32.sys []
S3 mfeapfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeapfk.sys [2009-01-27 65000]
S3 mfeavfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-01-27 73512]
S3 mfebopk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-01-27 34408]
S3 mfehidk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-01-27 177864]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 NTACCESS;NTACCESS; \??\R:\NTACCESS.sys []
S3 NWDHCP;Novell DHCP Inform Client; C:\WINDOWS\System32\NetWare\nwdhcp.sys [2005-11-22 18353]
S3 NWDNS;Novell DNS Name Space Service Provider; C:\WINDOWS\System32\NetWare\nwdns.sys [2009-10-02 45824]
S3 NWHOST;Novell Host File Name Space Service Provider; C:\WINDOWS\System32\NetWare\NWHOST.sys [2005-10-12 9297]
S3 NWSAP;Novell SAP Name Space Provider; C:\WINDOWS\System32\NetWare\NWSAP.sys [2003-02-26 23232]
S3 NWSLP;Novell SLP Name Space Service Provider; C:\WINDOWS\System32\NetWare\nwslp.sys [2009-10-02 21888]
S3 NWSNS;Novell Simple Naming Services (NWSNS); C:\WINDOWS\System32\NetWare\NWSNS.sys [2005-10-12 6128]
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys [2004-04-13 70144]
S3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
S3 S3Psddr;S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2004-08-04 166912]
S3 S3SavageNB;S3SavageNB; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2004-08-04 166912]
S3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
S3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2004-09-17 732928]
S3 sermouse;Ovladač sériové myši; C:\WINDOWS\System32\DRIVERS\sermouse.sys [2001-10-24 17664]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\R:\NTGLM7X.sys []
S3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
S3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys []
S3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 viagfx;viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [2004-03-30 133632]
S3 VIAudio;VIA AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\viaudio.sys [2001-04-13 37248]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Filtr Compaq sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;Filtr ALI sběrnice AGP; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;Ovladač filtru AMD portu AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2008-07-21 324120]
S4 sisagp;Filtr SIS sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;Filtr VIA sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 EpsonPuras;Epson Puras Service; C:\Program Files\EPSON\EPuras\EPuras.exe [2010-07-01 438272]
S2 EpsonPurasLog;Epson Puras Log Service; C:\Program Files\EPSON\EPuras\EPurasLog.exe [2010-07-01 323584]
S2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-17 153376]
S2 LMS;Intel(R) Active Management Technology Local Management Service; C:\Program Files\Intel\AMT\LMS.exe [2008-07-23 174616]
S2 McAfeeFramework;McAfee Framework Service; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2009-09-22 103744]
S2 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [2009-01-27 144704]
S2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [2009-01-27 54608]
S2 Multi-user Cleanup Service;Multi-user Cleanup Service; C:\lotus\notes\ntmulti.exe [2005-03-28 57393]
S2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-06-15 71096]
S2 UNS;Intel(R) Active Management Technology User Notification Service; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2008-07-23 2054680]
S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 602SQL 8 FastCGI Client;602SQL 8 FastCGI Client; C:\Program Files\Software602\602SQL81\602FSVC8.EXE []
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 cusrvc;Client Update Service for Novell; C:\WINDOWS\System32\cusrvc.exe [2008-08-04 53339]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2006-10-26 335872]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Caroprd111]

V nouzovém režimu aplikujte CF podle návodu zde: http://www.bleepingcomputer.com/combofi ... t-combofix

[ChosseCV]

ComboFIX

ComboFix 11-07-19.02 - Administrator 19.07.2011 18:57:23.1.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1014.700 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\d.ini
c:\windows\IsUn0405.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-19 do 2011-07-19 )))))))))))))))))))))))))))))))
.
.
2011-07-19 16:16 . 2011-07-19 16:16 -------- d-----w- c:\program files\trend micro
2011-07-19 16:16 . 2011-07-19 16:16 -------- d-----w- C:\rsit
2011-07-19 15:17 . 2011-07-19 15:17 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-07-19 15:17 . 2011-07-19 15:17 -------- d-----w- c:\documents and settings\All Users\Data aplikací\iK02300LePiB02300
2011-07-19 05:17 . 2011-07-19 05:17 96256 ----a-w- c:\windows\system32\drivers\gxohrixs.sys
2011-07-11 18:46 . 2011-07-11 18:46 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Apple Computer
2011-07-11 18:46 . 2011-07-11 18:46 1409 ----a-w- c:\windows\QTFont.for
2011-07-06 17:04 . 2011-07-06 17:04 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2011-06-20 08:13 . 2011-06-20 08:13 -------- d-----w- c:\program files\Common Files\EPSON
2011-06-20 08:12 . 2011-06-20 08:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\EPSON
2011-06-20 08:12 . 2009-11-25 11:39 48384 ----a-w- c:\windows\system32\drivers\TMUSBXP.sys
2011-06-20 08:11 . 2010-06-28 08:56 15872 ----a-w- c:\windows\system32\eaptmco.dll
2011-06-20 08:11 . 2010-06-17 16:14 131072 ----a-w- c:\windows\system32\EAPTMT20LM.dll
2011-06-20 08:11 . 2010-06-17 16:14 413696 ----a-w- c:\windows\system32\EAPPHPMUI.dll
2011-06-20 08:11 . 2010-06-17 16:14 131072 ----a-w- c:\windows\system32\EAPTMLM.dll
2011-06-20 08:11 . 2010-06-17 16:14 172032 ----a-w- c:\windows\system32\EAPPHPM.dll
2011-06-20 08:11 . 2010-06-17 16:14 106496 ----a-w- c:\windows\system32\EAPRPLM.dll
2011-06-20 08:11 . 2010-06-17 16:14 106496 ----a-w- c:\windows\system32\EAPDMLM.dll
2011-06-20 08:11 . 2011-06-20 08:12 -------- d-----w- c:\program files\EPSON
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-06 11:35 . 2001-10-25 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:32 . 2004-06-07 12:19 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2001-10-25 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2001-10-25 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2001-10-25 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-26 11:07 . 2001-10-25 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-25 16:06 . 2005-10-21 14:49 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:06 . 2002-12-11 10:42 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:06 . 2002-12-11 10:39 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-17 22:44 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2001-10-25 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2000-05-20 11:10 . 2002-08-20 15:02 90112 ----a-w- c:\program files\Startup.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NWTRAY"="NWTRAY.EXE" [2002-03-12 28672]
"Zástupce stránky vlastností sběrnice High Definition Audio"="HDAShCut.exe" [2005-01-07 61952]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2008-07-23 773144]
"NDPS"="c:\windows\system32\dpmw32.exe" [2004-05-17 32859]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2009-09-22 136512]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-01-27 111952]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"OLPSYNCH"="c:\program files\Offline Course Player\OlpSynch.exe" [2009-08-21 42288]
"EpsonAPD4SV"="c:\program files\EPSON\EPSON Advanced Printer Driver 4\Tools\EAPSV\EAPSV.EXE" [2010-04-08 210368]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpmw32.exe"=
"c:\\Program Files\\Microsoft Office 2007\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\wincmd\\TOTALCMD.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [14.2.2007 16:41 3456]
R0 NCFilter;Novell UNC Path Filter - Filter;c:\windows\system32\drivers\NCFilter.sys [25.2.2010 12:28 80000]
R0 NCRecognizer;Novell UNC Path Filter - Recognizer;c:\windows\system32\drivers\NCRecognizer.sys [25.2.2010 12:28 90240]
R0 NCUncFilter;Novell UNC Path Filter - UNC Filter;c:\windows\system32\drivers\NCUncFilter.sys [25.2.2010 12:28 14720]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [5.8.2004 16:10 77312]
R2 EPSON TM Parallel Port Driver;EPSON TM Parallel Port Driver;c:\windows\system32\drivers\tmlpt.sys [1.7.2010 3:39 18696]
R2 EpsonPuras;Epson Puras Service;c:\program files\EPSON\EPuras\EPuras.exe [1.7.2010 3:39 438272]
R2 EpsonPurasLog;Epson Puras Log Service;c:\program files\EPSON\EPuras\EPurasLog.exe [1.7.2010 3:39 323584]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [18.3.2009 14:19 2054680]
R3 TMUSB;EPSON USB Device Driver for TM/BA/EU Printers;c:\windows\system32\drivers\TMUSBXP.sys [20.6.2011 10:12 48384]
S2 gxohrixs;gxohrixs;c:\windows\system32\drivers\gxohrixs.sys [19.7.2011 7:17 96256]
S3 602SQL 8 FastCGI Client;602SQL 8 FastCGI Client;c:\program files\Software602\602SQL81\602FSVC8.EXE --> c:\program files\Software602\602SQL81\602FSVC8.EXE [?]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18.12.2009 10:58 11336]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k5132.sys --> c:\windows\system32\DRIVERS\e1k5132.sys [?]
S3 k57w2k;Broadcom NetLink (TM) Gigabit Ethernet;c:\windows\system32\DRIVERS\k57xp32.sys --> c:\windows\system32\DRIVERS\k57xp32.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\r:\ntglm7x.sys --> r:\NTGLM7X.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = hxxp://www.vse.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: vse.cz\eis
Trusted Zone: vse.cz\eis
TCP: DhcpNameServer = 146.102.167.167 146.102.16.1 146.102.16.2
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\ut4jtdo4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-gxohrixs
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-19 19:12
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-516116760-4086881818-2451978738-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a3,da,dd,66,03,0e,71,43,a8,a9,42,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a3,da,dd,66,03,0e,71,43,a8,a9,42,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\NETWIN32.DLL
.
- - - - - - - > 'Explorer.exe'(1460)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\NETWIN32.DLL
c:\windows\system32\WindowsPowerShell\v1.0\pwrshsip.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\NWTRAY.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\lotus\notes\ntmulti.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\McAfee\Common Framework\McTray.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\wincmd\TOTALCMD.EXE
.
**************************************************************************
.
Celkový čas: 2011-07-19 19:13:58 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-19 17:13
.
Před spuštěním: Volných bajtů: 24 461 889 536
Po spuštění: Volných bajtů: 24 391 999 488
.
- - End Of File - - 8EE5A266847553BEDA59C1C14FBA4245

[Caroprd111]

Pokud nemáte, přesuňte Combofix na plochu

• Otevřete si Poznámkový blok a zkopírujte do něj text z bílého okénka.

Kód: Vybrat vše

File::
c:\windows\system32\drivers\gxohrixs.sys

Driver::
gxohrix

RegLock::
[HKEY_USERS\S-1-5-21-516116760-4086881818-2451978738-500\Software\Microsoft\Internet Explorer\User Preferences]

• Uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
• Po uložení uchopte vámi vytvořený skript levým myšítkem a přesuňte ho nad ikonu Combofixu, kde ho upustíte:
  
  
• Po aplikaci na Vás vypadne další log,vložte ho sem

Může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

[ChosseCV]

0 ; ComboFix 11-07-19.03 - Administrator 19.07.2011 19:54:35.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1014.538 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: McAfee VirusScan Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
* Vytvořen nový Bod Obnovení
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-19 do 2011-07-19 )))))))))))))))))))))))))))))))
.
.
2011-07-19 16:16 . 2011-07-19 16:16 -------- d-----w- c:\program files\trend micro
2011-07-19 16:16 . 2011-07-19 16:16 -------- d-----w- C:\rsit
2011-07-19 15:17 . 2011-07-19 15:17 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-07-19 15:17 . 2011-07-19 15:17 -------- d-----w- c:\documents and settings\All Users\Data aplikací\iK02300LePiB02300
2011-07-19 05:17 . 2011-07-19 05:17 96256 ----a-w- c:\windows\system32\drivers\gxohrixs.sys
2011-07-11 18:46 . 2011-07-11 18:46 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Apple Computer
2011-07-11 18:46 . 2011-07-11 18:46 1409 ----a-w- c:\windows\QTFont.for
2011-07-06 17:04 . 2011-07-06 17:04 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2011-06-20 08:13 . 2011-06-20 08:13 -------- d-----w- c:\program files\Common Files\EPSON
2011-06-20 08:12 . 2011-06-20 08:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\EPSON
2011-06-20 08:12 . 2009-11-25 11:39 48384 ----a-w- c:\windows\system32\drivers\TMUSBXP.sys
2011-06-20 08:11 . 2010-06-28 08:56 15872 ----a-w- c:\windows\system32\eaptmco.dll
2011-06-20 08:11 . 2010-06-17 16:14 131072 ----a-w- c:\windows\system32\EAPTMT20LM.dll
2011-06-20 08:11 . 2010-06-17 16:14 413696 ----a-w- c:\windows\system32\EAPPHPMUI.dll
2011-06-20 08:11 . 2010-06-17 16:14 131072 ----a-w- c:\windows\system32\EAPTMLM.dll
2011-06-20 08:11 . 2010-06-17 16:14 172032 ----a-w- c:\windows\system32\EAPPHPM.dll
2011-06-20 08:11 . 2010-06-17 16:14 106496 ----a-w- c:\windows\system32\EAPRPLM.dll
2011-06-20 08:11 . 2010-06-17 16:14 106496 ----a-w- c:\windows\system32\EAPDMLM.dll
2011-06-20 08:11 . 2011-06-20 08:12 -------- d-----w- c:\program files\EPSON
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-06 11:35 . 2001-10-25 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:32 . 2004-06-07 12:19 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2001-10-25 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2001-10-25 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2001-10-25 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-26 11:07 . 2001-10-25 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-25 16:06 . 2005-10-21 14:49 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:06 . 2002-12-11 10:42 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:06 . 2002-12-11 10:39 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-17 22:44 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2001-10-25 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2000-05-20 11:10 . 2002-08-20 15:02 90112 ----a-w- c:\program files\Startup.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-19_17.08.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-19 18:01 . 2011-07-19 18:01 53248 c:\windows\temp\catchme.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NWTRAY"="NWTRAY.EXE" [2002-03-12 28672]
"Zástupce stránky vlastností sběrnice High Definition Audio"="HDAShCut.exe" [2005-01-07 61952]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2008-07-23 773144]
"NDPS"="c:\windows\system32\dpmw32.exe" [2004-05-17 32859]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2009-09-22 136512]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-01-27 111952]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"OLPSYNCH"="c:\program files\Offline Course Player\OlpSynch.exe" [2009-08-21 42288]
"EpsonAPD4SV"="c:\program files\EPSON\EPSON Advanced Printer Driver 4\Tools\EAPSV\EAPSV.EXE" [2010-04-08 210368]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpmw32.exe"=
"c:\\Program Files\\Microsoft Office 2007\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\wincmd\\TOTALCMD.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [14.2.2007 16:41 3456]
R0 NCFilter;Novell UNC Path Filter - Filter;c:\windows\system32\drivers\NCFilter.sys [25.2.2010 12:28 80000]
R0 NCRecognizer;Novell UNC Path Filter - Recognizer;c:\windows\system32\drivers\NCRecognizer.sys [25.2.2010 12:28 90240]
R0 NCUncFilter;Novell UNC Path Filter - UNC Filter;c:\windows\system32\drivers\NCUncFilter.sys [25.2.2010 12:28 14720]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [5.8.2004 16:10 77312]
R2 EPSON TM Parallel Port Driver;EPSON TM Parallel Port Driver;c:\windows\system32\drivers\tmlpt.sys [1.7.2010 3:39 18696]
R2 EpsonPuras;Epson Puras Service;c:\program files\EPSON\EPuras\EPuras.exe [1.7.2010 3:39 438272]
R2 EpsonPurasLog;Epson Puras Log Service;c:\program files\EPSON\EPuras\EPurasLog.exe [1.7.2010 3:39 323584]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [18.3.2009 14:19 2054680]
R3 TMUSB;EPSON USB Device Driver for TM/BA/EU Printers;c:\windows\system32\drivers\TMUSBXP.sys [20.6.2011 10:12 48384]
S2 gxohrixs;gxohrixs;c:\windows\system32\drivers\gxohrixs.sys [19.7.2011 7:17 96256]
S3 602SQL 8 FastCGI Client;602SQL 8 FastCGI Client;c:\program files\Software602\602SQL81\602FSVC8.EXE --> c:\program files\Software602\602SQL81\602FSVC8.EXE [?]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18.12.2009 10:58 11336]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k5132.sys --> c:\windows\system32\DRIVERS\e1k5132.sys [?]
S3 k57w2k;Broadcom NetLink (TM) Gigabit Ethernet;c:\windows\system32\DRIVERS\k57xp32.sys --> c:\windows\system32\DRIVERS\k57xp32.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\r:\ntglm7x.sys --> r:\NTGLM7X.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [25.10.2001 14:00 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = hxxp://www.vse.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: vse.cz\eis
Trusted Zone: vse.cz\eis
TCP: DhcpNameServer = 146.102.167.167 146.102.16.1 146.102.16.2
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\ut4jtdo4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-19 20:01
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\NETWIN32.DLL
.
- - - - - - - > 'Explorer.exe'(1364)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2011-07-19 20:02:25
ComboFix-quarantined-files.txt 2011-07-19 18:02
ComboFix2.txt 2011-07-19 17:13
.
Před spuštěním: Volných bajtů: 24 370 978 816
Po spuštění: Volných bajtů: 24 447 922 176
.
- - End Of File - - 2EACA4115F1B0C3639C7A0B5374A5ED7

Tak přikládám log z ComboFixu

[Caroprd111]

Zdravím

Stáhněte OTL http://oldtimer.geekstogo.com/OTL.exe na plochu

• Spusťte, poté do spodního políčka vložte následující skript.

Kód: Vybrat vše

 netsvcs
drivers32
savembr:0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

/md5start
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
hal.dll
logevent.dll
netlogon.dll
ntelogon.dll
scecli.dll
sceclt.dll
ws2_32.dll
autochk.exe
csrss.exe
explorer.exe
lsass.exe
services.exe
smss.exe
spoolsv.exe
svchost.exe
userinit.exe
winlogon.exe
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
cdrom.sys 
Changer.sys
fastfat.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys 
JakNDis.sys
KR10N.sys
mv61xx.sys
ndis.sys
ntfs.sys
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys 
nvrd32.sys 
nvstor.sys
nvstor32.sys
symmpi.sys
tcpip.sys
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
/md5stop

C:\windows\system32\spool\prtprocs|dll;true;true;true /FP
%systemroot%\system32\drivers\*.sys /5
%systemroot%\system32\drivers\*.sys /X 
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.* /5
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\config\*.sav 
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\*.* /U /s
%systemroot%\*. /mp /s
%ALLUSERSPROFILE%\Data Aplikací\*.*
%ALLUSERSPROFILE%\Data Aplikací\*.exe /s
%ALLUSERSPROFILE%\Dáta aplikácií\*.*
%ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s
%APPDATA%\*.
%APPDATA%\*.*
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe


HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5 

• Označte položku Pro všechny uživatele.
• Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
• Klikněte na tlačítko Prohledat
• Po dokončení, sem vložte logy OTL.Txt a Extras.txt

[ChosseCV]

Zdravíčko, tak bych rád pokračoval jestli je to možné.
Při použití OLT podle návodu jak jste napsal mi windows při prohledávání spadne, tudíž nejsem logy schopen vytvořit.

Jinak se počítač chová v pořádku.

[Caroprd111]

Zkuste to v nouzovém režimu.

[ChosseCV]

V nouzovém režimu vše zdárně proběhlo . Díky

Extras :
OTL Extras logfile created on: 20.7.2011 13:16:36 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Administrator\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1014,07 Mb Total Physical Memory | 811,84 Mb Available Physical Memory | 80,06% Memory free
2,35 Gb Paging File | 2,26 Gb Available in Paging File | 96,11% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34,45 Gb Total Space | 22,76 Gb Free Space | 66,06% Space Free | Partition Type: NTFS
Drive D: | 40,04 Gb Total Space | 39,90 Gb Free Space | 99,65% Space Free | Partition Type: FAT32

Computer Name: ck141h05 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office 2007\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office 2007\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Vzdálená správa systému Windows

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dpmw32.exe" = C:\WINDOWS\system32\dpmw32.exe:*:Enabled:NDPS RPM & Notification Listener -- (Novell, Inc.)
"C:\Program Files\Microsoft Office 2007\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office 2007\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Program Files\wincmd\TOTALCMD.EXE" = C:\Program Files\wincmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit -- (Ghisler Software GmbH)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{11FF6AF6-0141-4EF8-829A-989459A1E5D8}" = EPSON Advanced Printer Driver 4
"{21F5098D-0C9E-4637-AD49-F037F6275990}" = NMAS Client (3.1.0.8)
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{29D52AA0-F621-4ED8-8F65-A1BEA7B112E3}" = 602SQL 8.1
"{350C97C4-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise
"{3BC1AB78-2D98-4906-84B5-4230B5420DCC}" = Offline Course Player
"{406D8422-A87B-4733-BCDE-ECDAFE821170}" = iFIS
"{438E0D78-E86D-47FB-BD63-26864A5F2E8F}" = SwiftFile 2.0.3
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{4BB82AD9-0CF6-4E14-BD75-C1AB657C2914}" = EPSON APD4 Point and Print Support
"{546C143E-68DC-314D-97BC-1E454E3BA429}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CSY
"{5E65E94D-69F2-4850-9E93-6459C53A0F50}" = Microsoft .NET Framework 1.1 Czech Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8B1F8092-9D84-459B-88EA-0BE882AC915E}" = UPEK TouchChip Fingerprint Reader
"{90120000-0010-0405-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Czech) 12
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_ENTERPRISE_{294B4278-CF7B-40B9-86A1-2D3FF0C2C524}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_ENTERPRISE_{10EC59E5-9BCE-4884-BB1A-E28627220232}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{9ABD2DE4-D228-45AA-BD12-AE913DA604F6}" =
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_ENTERPRISE_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0405-0000-0000000FF1CE}" = Doplněk Microsoft Save as PDF or XPS pro aplikace sady Microsoft Office 2007
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9E06B564-A3FA-47da-B6F8-8B6448A289B9}" = Lotus Notes 6.5.4 cs
"{A202D6C0-AFBD-4B70-9C0F-B19D05F772A8}" = IFIS_kb
"{A2C9CD1B-2551-3AED-B244-6698FB929FA6}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CSY
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8DD74DC-14C4-4BA0-8DF7-D84524D0B0D2}" = ST Microelectronics TPM Driver Installer
"{AC76BA86-7AD7-1029-7B44-A94000000001}" = Adobe Reader 9.4.5 - Czech
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom Gigabit Integrated Controller
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{E008BEB1-AB63-46C1-BD3D-08D3A1F8E26D}" = McAfee Agent
"{F02DBC5D-33E3-45E9-B0F8-B7745229ED1C}" = NICI (Shared) U.S./Worldwide (128 bit) (2.6.8-2)
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"{FB8148DD-C575-4B0A-9F6C-0CFC46937930}" = Opera 10.10
"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom Gigabit Integrated Controller
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = Rozšíření HighMAT průvodce zápisem na disk CD systému Microsoft Windows XP
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"{FFFF6D5C-E2F1-4B40-BC89-8923312E89EB}}_is1" = ACE Mega CoDecS Pack
"35858E766EFC35B58A45C301DD358D503119A8FA" = Windows Driver Package - STMicroelectronics (stmtpm) System (05/24/2007 1.00.04.15)
"9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Balíček ovladače systému Windows - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CCleaner" = CCleaner
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HECI" = Intel(R) Management Engine Interface
"ie8" = Windows Internet Explorer 8
"IrfanView" = IrfanView (remove only)
"MESOL" = Intel® Active Management Technology
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"Novell Client for Windows" = Novell Client for Windows
"QuicktimeAlt_is1" = QuickTime Alternative 1.69
"RealAlt_is1" = Real Alternative 1.48
"RichFX Player" = RichFX Player
"Totalcmd" = Total Commander (Remove or Repair)
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR 4.01 beta 1 (32-bit)

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 19.7.2011 11:48:54 | Computer Name = ck141h05 | Source = Service Control Manager | ID = 7034
Description = Služba Epson Puras Service byla neočekávaně ukončena. Tento stav nastal
již 468krát.

Error - 19.7.2011 11:48:55 | Computer Name = ck141h05 | Source = Service Control Manager | ID = 7034
Description = Služba Epson Puras Log Service byla neočekávaně ukončena. Tento stav
nastal již 580krát.

Error - 19.7.2011 11:48:55 | Computer Name = ck141h05 | Source = Service Control Manager | ID = 7034
Description = Služba Epson Puras Service byla neočekávaně ukončena. Tento stav nastal
již 469krát.

Error - 19.7.2011 11:48:56 | Computer Name = ck141h05 | Source = Service Control Manager | ID = 7009
Description = Vypršel časový limit (30000 milisekund) čekání na připojení služby
Epson Puras Log Service.

Error - 19.7.2011 11:48:56 | Computer Name = ck141h05 | Source = Service Control Manager | ID = 7000
Description = Služba Epson Puras Log Service neuspěla při spuštění v důsledku následující
chyby: %%1053

Error - 19.7.2011 11:48:56 | Computer Name = ck141h05 | Source = Service Control Manager | ID = 7001
Description = Služba Epson Puras Service závisí na službě Epson Puras Log Service,
která neuspěla při spuštění v důsledku následující chyby: %%1053

Error - 19.7.2011 11:48:56 | Computer Name = ck141h05 | Source = Service Control Manager | ID = 7034
Description = Služba Epson Puras Log Service byla neočekávaně ukončena. Tento stav
nastal již 581krát.

Error - 19.7.2011 11:48:56 | Computer Name = ck141h05 | Source = Service Control Manager | ID = 7034
Description = Služba Epson Puras Service byla neočekávaně ukončena. Tento stav nastal
již 470krát.

Error - 19.7.2011 11:48:57 | Computer Name = ck141h05 | Source = Service Control Manager | ID = 7034
Description = Služba Epson Puras Log Service byla neočekávaně ukončena. Tento stav
nastal již 582krát.

Error - 19.7.2011 11:48:58 | Computer Name = ck141h05 | Source = Service Control Manager | ID = 7034
Description = Služba Epson Puras Service byla neočekávaně ukončena. Tento stav nastal
již 471krát.


< End of report >

[ChosseCV]

OLT :
OTL logfile created on: 20.7.2011 13:16:36 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Administrator\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1014,07 Mb Total Physical Memory | 811,84 Mb Available Physical Memory | 80,06% Memory free
2,35 Gb Paging File | 2,26 Gb Available in Paging File | 96,11% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34,45 Gb Total Space | 22,76 Gb Free Space | 66,06% Space Free | Partition Type: NTFS
Drive D: | 40,04 Gb Total Space | 39,90 Gb Free Space | 99,65% Space Free | Partition Type: FAT32

Computer Name: ck141h05 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.07.20 11:02:30 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
PRC - [2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011.07.20 11:02:30 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
MOD - [2010.08.23 18:12:33 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (602SQL 8 FastCGI Client)
SRV - [2010.07.01 03:32:43 | 000,438,272 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\Program Files\EPSON\EPuras\EPuras.exe -- (EpsonPuras)
SRV - [2010.07.01 03:31:53 | 000,323,584 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\Program Files\EPSON\EPuras\EPurasLog.exe -- (EpsonPurasLog)
SRV - [2009.09.22 17:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Unknown | Stopped] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2009.01.27 20:50:00 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Stopped] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2009.01.27 20:50:00 | 000,054,608 | ---- | M] (McAfee, Inc.) [Unknown | Stopped] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2008.08.04 16:59:00 | 000,053,339 | ---- | M] (Novell, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\cusrvc.exe -- (cusrvc)
SRV - [2008.07.23 10:56:14 | 002,054,680 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2008.07.23 10:56:12 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel(R)
SRV - [2008.06.15 15:34:20 | 000,071,096 | ---- | M] () [Auto | Stopped] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2005.03.28 22:49:00 | 000,057,393 | ---- | M] (IBM Corp) [Auto | Stopped] -- C:\Lotus\Notes\ntmulti.exe -- (Multi-user Cleanup Service)


========== Driver Services (SafeList) ==========

DRV - [2011.07.19 07:17:18 | 000,096,256 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\gxohrixs.sys -- (gxohrixs)
DRV - [2010.07.01 02:23:08 | 000,018,696 | ---- | M] (SEIKO EPSON CORPORATION) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmlpt.sys -- (EPSON TM Parallel Port Driver)
DRV - [2009.12.18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009.12.16 09:57:06 | 000,090,240 | ---- | M] () [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\NCRecognizer.sys -- (NCRecognizer)
DRV - [2009.12.16 09:57:06 | 000,080,000 | ---- | M] () [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\NCFilter.sys -- (NCFilter)
DRV - [2009.12.16 09:57:06 | 000,014,720 | ---- | M] () [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\NCUncFilter.sys -- (NCUncFilter)
DRV - [2009.11.25 13:39:12 | 000,048,384 | ---- | M] (SEIKO EPSON CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TMUSBXP.sys -- (TMUSB)
DRV - [2009.10.02 10:14:32 | 000,553,728 | ---- | M] (Novell, Inc.) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\NetWare\NWFS.SYS -- (NetwareWorkstation)
DRV - [2009.10.02 10:14:32 | 000,045,824 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\NetWare\NWDNS.SYS -- (NWDNS)
DRV - [2009.10.02 10:14:32 | 000,021,888 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\NetWare\NWSLP.SYS -- (NWSLP)
DRV - [2009.09.04 12:03:02 | 000,185,344 | ---- | M] (Novell, Inc.) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\NetWare\SRVLOC.SYS -- (SRVLOC)
DRV - [2009.01.27 20:50:00 | 000,177,864 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009.01.27 20:50:00 | 000,073,512 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009.01.27 20:50:00 | 000,065,000 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2009.01.27 20:50:00 | 000,052,168 | ---- | M] (McAfee, Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009.01.27 20:50:00 | 000,034,408 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2008.08.04 18:06:32 | 000,058,496 | ---- | M] (Novell, Inc.) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\NetWare\nwsipx32.sys -- (NWSIPX32)
DRV - [2008.07.23 10:42:30 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2008.07.21 14:47:04 | 000,029,440 | ---- | M] (Novell, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\NetWare\resmgr.sys -- (RESMGR)
DRV - [2008.06.04 14:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys -- (PBADRV)
DRV - [2008.04.13 20:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008.01.08 11:27:32 | 000,038,603 | ---- | M] (Novell, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\nicm.sys -- (NICM)
DRV - [2007.06.06 12:51:04 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006.09.13 20:01:48 | 000,003,456 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atiide.sys -- (atiide)
DRV - [2006.05.17 12:03:24 | 000,044,544 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005.11.22 11:51:22 | 000,018,353 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\NetWare\nwdhcp.sys -- (NWDHCP)
DRV - [2005.10.12 14:12:18 | 000,009,297 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\NetWare\nwhost.sys -- (NWHOST)
DRV - [2005.10.12 14:11:32 | 000,006,128 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\NetWare\nwsns.sys -- (NWSNS) Novell Simple Naming Services (NWSNS)
DRV - [2005.01.07 18:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004.09.17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2004.09.17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004.08.04 08:29:52 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3SavageNB)
DRV - [2004.08.04 08:29:52 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)
DRV - [2004.04.13 21:14:12 | 000,070,144 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2003.10.31 11:22:38 | 000,077,312 | ---- | M] (VIA Technologies inc,.ltd) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viasraid.sys -- (viasraid)
DRV - [2003.02.26 15:51:18 | 000,023,232 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\NetWare\nwsap.sys -- (NWSAP)
DRV - [2002.10.04 10:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2002.07.24 04:30:00 | 000,032,128 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2001.08.17 23:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001.08.17 22:52:24 | 000,038,144 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\hpt3xx.sys -- (hpt3xx)
DRV - [2001.08.17 21:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
DRV - [2001.04.13 04:00:00 | 000,037,248 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\viaudio.sys -- (VIAudio) VIA AC'97 Audio Controller (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-516116760-4086881818-2451978738-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-516116760-4086881818-2451978738-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.22 10:26:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.22 10:26:57 | 000,000,000 | ---D | M]

[2008.06.30 14:27:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Extensions
[2011.07.19 07:18:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\ut4jtdo4.default\extensions
[2010.08.17 16:26:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\ut4jtdo4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.07.19 07:18:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.08.17 12:15:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DATA APLIKACĂ­\MOZILLA\FIREFOX\PROFILES\UT4JTDO4.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}
[2010.08.10 14:03:29 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009.08.21 04:00:04 | 000,061,440 | ---- | M] (Element K Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOlp32.dll
[2011.06.21 20:10:01 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2011.06.21 20:10:01 | 000,001,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mall-cz.xml
[2011.06.21 20:10:01 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2011.06.21 20:10:01 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2011.06.21 20:10:01 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2011.07.19 19:08:28 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
O4 - HKLM..\Run: [EpsonAPD4SV] C:\Program Files\EPSON\EPSON Advanced Printer Driver 4\Tools\EAPSV\EAPSV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe (Novell, Inc.)
O4 - HKLM..\Run: [NWTRAY] C:\WINDOWS\System32\nwtray.exe (Novell, Inc.)
O4 - HKLM..\Run: [OLPSYNCH] C:\Program Files\Offline Course Player\OlpSynch.exe ()
O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [Zástupce stránky vlastností sběrnice High Definition Audio] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: CompatibleRUPSecurity = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-516116760-4086881818-2451978738-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-516116760-4086881818-2451978738-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-516116760-4086881818-2451978738-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-516116760-4086881818-2451978738-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office 2007\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 2007\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 2007\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office 2007\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\NetWare\nwws2nds.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\NetWare\nwws2sap.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\system32\NetWare\nwws2slp.dll (Novell, Inc.)
O15 - HKLM\..Trusted Domains: vse.cz ([eis] https in Trusted sites)
O15 - HKU\S-1-5-21-516116760-4086881818-2451978738-500\..Trusted Domains: vse.cz ([eis] https in Důvěryhodné servery)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftup ... 1442429843 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 1442418984 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/aut ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/C ... 3067708333 (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdat ... /opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/products/plugin/aut ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 146.102.167.167 146.102.16.1 146.102.16.2
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (NWGINA.DLL) - C:\WINDOWS\System32\nwgina.dll (Novell, Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.04.04 10:59:48 | 000,000,111 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: Ip6FwHlp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2011.07.20 11:02:26 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
[2011.07.19 22:50:47 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011.07.19 19:05:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011.07.19 18:55:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011.07.19 18:55:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011.07.19 18:55:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011.07.19 18:55:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011.07.19 18:49:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011.07.19 18:49:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.07.19 18:49:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Dokumenty\Filmy
[2011.07.19 18:49:05 | 000,000,000 | R--D | C] -- D:\Dokumenty\Filmy
[2011.07.19 18:16:11 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011.07.19 18:16:07 | 000,000,000 | ---D | C] -- C:\rsit
[2011.07.19 17:17:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\iK02300LePiB02300
[2011.07.13 13:23:53 | 000,000,000 | ---D | C] -- D:\Dokumenty\Přijaté soubory
[2011.07.11 20:46:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Apple Computer
[2011.07.06 19:04:00 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IECompatCache
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.07.20 13:17:22 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011.07.20 13:15:08 | 000,000,592 | -H-- | M] () -- C:\Documents and Settings\All Users\Data aplikací\common.data
[2011.07.20 13:14:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.07.20 12:57:44 | 000,004,197 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2011.07.20 12:12:04 | 000,000,208 | ---- | M] () -- C:\WINDOWS\66417CCD
[2011.07.20 11:02:30 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
[2011.07.20 09:51:50 | 057,655,296 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\APD_407EWM.exe
[2011.07.19 19:08:28 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011.07.19 17:53:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.07.19 07:17:18 | 000,096,256 | ---- | M] () -- C:\WINDOWS\System32\drivers\gxohrixs.sys
[2011.07.13 13:28:47 | 000,216,856 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.07.13 13:22:28 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.07.11 20:46:14 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2011.07.11 20:46:13 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011.07.04 05:41:59 | 000,076,283 | -H-- | M] () -- C:\treeinfo.wc
[2011.06.26 16:25:38 | 000,000,019 | ---- | M] () -- C:\WINDOWS\WINBASE.INI
[2011.06.26 08:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2011.06.20 15:31:40 | 000,441,112 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.06.20 15:31:40 | 000,437,490 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2011.06.20 15:31:40 | 000,082,890 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2011.06.20 15:31:40 | 000,071,430 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.07.20 13:17:22 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011.07.20 12:12:04 | 000,000,208 | ---- | C] () -- C:\WINDOWS\66417CCD
[2011.07.20 09:51:43 | 057,655,296 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\APD_407EWM.exe
[2011.07.19 18:55:21 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011.07.19 18:55:21 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011.07.19 18:55:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011.07.19 18:55:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011.07.19 18:55:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011.07.19 07:17:17 | 000,096,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\gxohrixs.sys
[2011.07.19 07:17:17 | 000,000,592 | -H-- | C] () -- C:\Documents and Settings\All Users\Data aplikací\common.data
[2011.07.11 20:46:14 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2011.07.11 20:46:13 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2011.07.04 05:41:59 | 000,076,283 | -H-- | C] () -- C:\treeinfo.wc
[2011.06.26 16:25:38 | 000,000,019 | ---- | C] () -- C:\WINDOWS\WINBASE.INI
[2011.05.09 13:48:06 | 000,000,875 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2010.08.17 17:43:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2010.08.17 17:09:35 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\fusioncache.dat
[2010.08.17 16:28:01 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010.08.17 16:27:40 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.08.10 14:05:36 | 000,041,472 | ---- | C] () -- C:\WINDOWS\System32\TAL12832.dll
[2010.08.10 14:05:36 | 000,034,816 | ---- | C] () -- C:\WINDOWS\System32\TALC9332.dll
[2010.08.10 14:05:36 | 000,034,304 | ---- | C] () -- C:\WINDOWS\System32\TALC3932.DLL
[2010.08.10 14:05:36 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\TALEAN32.DLL
[2010.08.10 14:05:36 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\TALUPC32.dll
[2010.08.10 14:05:36 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\TALITF32.dll
[2010.08.10 14:05:36 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\TALCBR32.dll
[2010.08.10 14:05:36 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\TALZIP32.dll
[2010.02.25 12:28:36 | 000,090,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\NCRecognizer.sys
[2010.02.25 12:28:34 | 000,080,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\NCFilter.sys
[2010.02.25 12:28:34 | 000,014,720 | ---- | C] () -- C:\WINDOWS\System32\drivers\NCUncFilter.sys
[2009.03.18 14:20:51 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2009.03.02 19:00:16 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4957.dll
[2008.06.30 12:46:38 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4837.dll
[2008.05.26 15:06:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2007.12.13 13:23:53 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4670.dll
[2007.08.16 15:25:39 | 000,459,664 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2007.08.16 15:25:39 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4704.dll
[2007.02.14 17:01:12 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007.02.13 18:45:40 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2007.02.13 18:45:39 | 000,152,064 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2007.02.13 18:45:37 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006.06.30 13:58:44 | 000,176,128 | R--- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2006.06.30 13:58:44 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2006.04.06 18:41:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005.11.22 16:12:28 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll
[2005.11.22 16:12:26 | 000,262,227 | ---- | C] () -- C:\WINDOWS\System32\nwshlxnt.dll
[2005.11.22 16:12:26 | 000,065,619 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2005.11.22 16:12:26 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\lgncon32.dll
[2005.11.22 16:12:26 | 000,015,898 | ---- | C] () -- C:\WINDOWS\System32\vlmsup.exe
[2005.11.22 16:12:26 | 000,001,724 | ---- | C] () -- C:\WINDOWS\System32\vipx.exe
[2005.11.22 16:12:24 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\dplgnw32.dll
[2005.11.22 16:12:18 | 000,002,757 | ---- | C] () -- C:\WINDOWS\System32\rdrstats.ini
[2005.11.22 16:12:14 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\prtwin32.dll
[2005.11.22 16:12:14 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\nwpsrv32.dll
[2005.11.22 16:12:12 | 000,225,356 | ---- | C] () -- C:\WINDOWS\System32\lgnwnt32.dll
[2004.11.18 18:21:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2004.08.06 15:23:06 | 000,000,139 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2004.08.06 15:20:24 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\WinSys.exe
[2004.08.06 15:20:24 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\msiuins.exe
[2004.08.06 15:20:23 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\memtest.dll
[2004.08.06 15:20:22 | 000,036,076 | R--- | C] () -- C:\WINDOWS\System32\drivers\vgauti.sys
[2004.08.06 15:20:22 | 000,036,076 | R--- | C] () -- C:\WINDOWS\System32\drivers\msicpl.sys
[2004.04.02 14:01:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\HPB1320V.DLL
[2004.02.09 18:21:38 | 000,000,319 | ---- | C] () -- C:\WINDOWS\System32\HPB1320V.DAT
[2003.12.18 12:49:32 | 000,000,204 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2003.12.18 09:43:58 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\GAMSWrap.dll
[2003.12.18 09:43:58 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\unclient.exe
[2003.09.30 11:47:47 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2003.09.30 11:47:47 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2003.09.30 11:47:47 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2003.09.30 11:47:46 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2003.09.30 11:47:46 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2003.09.02 16:31:07 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003.02.13 09:42:43 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003.02.13 09:21:13 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\shpshftr.dll
[2003.01.23 14:36:42 | 000,000,372 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003.01.23 09:26:07 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003.01.13 13:27:21 | 000,000,030 | ---- | C] () -- C:\WINDOWS\TextSpy.ini
[2002.12.11 14:23:28 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2002.12.11 14:23:11 | 000,016,735 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2002.12.11 14:02:30 | 000,000,011 | ---- | C] () -- C:\WINDOWS\NetWare.INI
[2002.12.11 13:50:41 | 000,000,022 | ---- | C] () -- C:\WINDOWS\lotus.ini
[2002.12.11 12:38:03 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002.12.11 10:58:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Data aplikací\sversion.ini
[2002.12.11 10:55:49 | 000,069,632 | ---- | C] () -- C:\WINDOWS\uinst001.exe
[2002.12.11 10:49:23 | 000,000,494 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002.12.11 10:49:23 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2002.12.11 10:49:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2002.12.10 20:03:51 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2002.08.20 17:03:52 | 000,004,413 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002.08.20 17:02:53 | 000,090,112 | ---- | C] () -- C:\Program Files\Startup.exe
[2002.08.20 17:02:41 | 000,216,856 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002.08.20 16:58:35 | 000,004,197 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2002.08.20 15:23:42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2002.08.20 15:14:03 | 000,021,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002.08.12 13:35:14 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\wmpolhlp.dll
[2002.08.12 13:35:14 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\wmprtnt.dll
[2002.05.10 20:14:36 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2001.10.28 17:42:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2001.10.25 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.10.25 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001.10.25 14:00:00 | 000,441,112 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001.10.25 14:00:00 | 000,437,490 | ---- | C] () -- C:\WINDOWS\System32\perfh005.dat
[2001.10.25 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001.10.25 14:00:00 | 000,269,162 | ---- | C] () -- C:\WINDOWS\System32\perfi005.dat
[2001.10.25 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001.10.25 14:00:00 | 000,082,890 | ---- | C] () -- C:\WINDOWS\System32\perfc005.dat
[2001.10.25 14:00:00 | 000,071,430 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001.10.25 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001.10.25 14:00:00 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\perfd005.dat
[2001.10.25 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001.10.25 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.10.25 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001.10.23 11:36:04 | 000,012,112 | ---- | C] () -- C:\WINDOWS\System32\wmntapi.dll
[2001.07.31 10:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[1999.01.23 01:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2008.06.30 12:49:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Canneverbe_Limited
[2007.02.14 12:11:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\OfficeUpdate12
[2004.08.04 13:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Opera
[2011.06.20 10:14:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\EPSON
[2011.07.19 17:17:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\iK02300LePiB02300
[2007.02.14 12:11:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Data aplikací\OfficeUpdate12
[2004.08.04 13:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Data aplikací\Opera

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 05:22:17 | 000,015,360 | ---- | M] (Microsoft Corporation)

< >


< MD5 for: AGP440.SYS >
[2006.04.06 18:51:17 | 022,286,602 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.06.30 13:25:16 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2006.04.06 18:51:17 | 022,286,602 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008.06.30 13:25:16 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 21:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\AGP440.SYS
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 21:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008.04.13 21:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS
[2004.08.04 08:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0047\DriverFiles\i386\AGP440.SYS
[2004.08.04 08:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0048\DriverFiles\i386\AGP440.SYS
[2004.08.04 08:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0121\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2002.12.11 12:49:44 | 012,110,692 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2006.04.06 18:51:17 | 022,286,602 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.06.30 13:25:16 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2002.12.11 12:49:44 | 012,110,692 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:atapi.sys
[2006.04.06 18:51:17 | 022,286,602 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008.06.30 13:25:16 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002.08.29 10:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys
[2002.08.29 09:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys
[2002.08.29 09:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0032\DriverFiles\i386\atapi.sys
[2008.04.13 21:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 21:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008.04.13 21:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 07:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0056\DriverFiles\i386\atapi.sys
[2004.08.04 07:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0057\DriverFiles\i386\atapi.sys
[2004.08.04 08:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0070\DriverFiles\i386\atapi.sys
[2004.08.04 08:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0071\DriverFiles\i386\atapi.sys
[2004.08.04 08:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0082\DriverFiles\i386\atapi.sys
[2004.08.04 07:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0083\DriverFiles\i386\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.04.14 05:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008.04.14 05:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe

< MD5 for: CDROM.SYS >
[2002.12.11 12:49:44 | 012,110,692 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:cdrom.sys
[2006.04.06 18:51:17 | 022,286,602 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.06.30 13:25:16 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2002.12.11 12:49:44 | 012,110,692 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:cdrom.sys
[2006.04.06 18:51:17 | 022,286,602 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:cdrom.sys
[2008.06.30 13:25:16 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: CSRSS.EXE >
[2008.04.14 05:22:17 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=628CE66E3FD35BFC7969DBAC245DC069 -- C:\WINDOWS\ServicePackFiles\i386\csrss.exe
[2008.04.14 05:22:17 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=628CE66E3FD35BFC7969DBAC245DC069 -- C:\WINDOWS\system32\csrss.exe

< MD5 for: EVENTLOG.DLL >
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

< MD5 for: FASTFAT.SYS >
[2008.04.13 21:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) MD5=38D332A6D56AF32635675F132548343E -- C:\WINDOWS\ServicePackFiles\i386\fastfat.sys
[2008.04.13 21:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) MD5=38D332A6D56AF32635675F132548343E -- C:\WINDOWS\system32\drivers\fastfat.sys

< MD5 for: HAL.DLL >
[2002.12.11 12:49:44 | 012,110,692 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:hal.dll
[2006.04.06 18:51:17 | 022,286,602 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.06.30 13:25:16 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2002.12.11 12:49:44 | 012,110,692 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:hal.dll
[2006.04.06 18:51:17 | 022,286,602 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:hal.dll
[2008.06.30 13:25:16 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 20:31:28 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\HAL.DLL
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll

< MD5 for: CHANGER.SYS >
[2006.04.06 18:51:17 | 022,286,602 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008.06.30 13:25:16 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2006.04.06 18:51:17 | 022,286,602 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:Changer.sys
[2008.06.30 13:25:16 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys

< MD5 for: IASTOR.SYS >
[2005.10.12 12:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\_install\sata\iastor.sys
[2008.07.21 01:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\_install\ich\IaStor.sys
[2008.07.21 01:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\WINDOWS\system32\drivers\iaStor.sys
[2007.03.21 12:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\_install\sata2\IaStor.sys

< MD5 for: ISAPNP.SYS >
[2008.06.30 13:25:16 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.06.30 13:25:16 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2001.10.24 12:44:12 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\isapnp.sys
[2001.10.24 11:44:12 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\isapnp.sys
[2001.10.24 11:44:12 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\ReinstallBackups\0021\DriverFiles\i386\isapnp.sys
[2001.10.24 11:44:12 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\ReinstallBackups\0028\DriverFiles\i386\isapnp.sys
[2001.10.24 11:44:12 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\ReinstallBackups\0052\DriverFiles\i386\isapnp.sys
[2001.10.24 12:44:12 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\ReinstallBackups\0067\DriverFiles\i386\isapnp.sys
[2001.10.24 12:44:12 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\ReinstallBackups\0079\DriverFiles\i386\isapnp.sys
[2001.10.24 12:44:12 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\ReinstallBackups\0102\DriverFiles\i386\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 05:27:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\dllcache\isapnp.sys
[2008.04.14 05:27:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys
[2008.04.14 05:27:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\ReinstallBackups\0130\DriverFiles\i386\isapnp.sys

< MD5 for: LSASS.EXE >
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ERDNT\cache\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NTFS.SYS >
[2008.04.13 21:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ERDNT\cache\ntfs.sys
[2008.04.13 21:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
[2008.04.13 21:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys

< MD5 for: NVATA.SYS >
[2006.10.18 16:31:38 | 000,105,472 | ---- | M] (NVIDIA Corporation) MD5=EF9941593B2E9B436F64A87DDB570D1A -- C:\_install\sata\nvata.sys
[2006.10.18 16:31:38 | 000,105,472 | ---- | M] (NVIDIA Corporation) MD5=EF9941593B2E9B436F64A87DDB570D1A -- C:\WINDOWS\system32\drivers\nvata.sys

< MD5 for: SCECLI.DLL >
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SERVICES.EXE >
[2009.02.09 13:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=9EF697AF07BB8DD82C3B02CA953A95B7 -- C:\WINDOWS\ERDNT\cache\services.exe
[2009.02.09 13:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=9EF697AF07BB8DD82C3B02CA953A95B7 -- C:\WINDOWS\system32\dllcache\services.exe
[2009.02.09 13:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=9EF697AF07BB8DD82C3B02CA953A95B7 -- C:\WINDOWS\system32\services.exe
[2008.04.14 05:22:45 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=F0D2AE69035092BF22DAD6B50FAB85C2 -- C:\WINDOWS\ServicePackFiles\i386\services.exe

< MD5 for: SMSS.EXE >
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SPOOLSV.EXE >
[2010.08.17 15:19:36 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=258DD5D4283FD9F9A7166BE9AE45CE73 -- C:\WINDOWS\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[2010.08.17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\ERDNT\cache\spoolsv.exe
[2010.08.17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\dllcache\spoolsv.exe
[2010.08.17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\spoolsv.exe
[2008.04.14 05:22:48 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=CB1090BCA0E7B40D0B5B4E4D66531809 -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: VIASRAID.SYS >
[2003.10.31 11:22:38 | 000,077,312 | ---- | M] (VIA Technologies inc,.ltd) MD5=EBE101C01D80A42868F57B327BE1B564 -- C:\WINDOWS\system32\drivers\viasraid.sys

< MD5 for: WINLOGON.EXE >
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< >

< C:\windows\system32\spool\prtprocs|dll;true;true;true /FP >
[2008.07.06 14:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2004.04.15 19:43:08 | 000,061,952 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\HPZPP041.DLL
[2006.10.26 19:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2006.10.26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008.07.06 14:06:10 | 000,147,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\x64\filterpipelineprintproc.dll

< %systemroot%\system32\drivers\*.sys /5 >
[2011.07.19 07:17:18 | 000,096,256 | ---- | M] () -- C:\WINDOWS\system32\drivers\gxohrixs.sys

< %systemroot%\system32\drivers\*.sys /X >
[2007.02.14 16:50:38 | 000,000,005 | ---- | M] () -- C:\WINDOWS\system32\drivers\1028_DELL_OPT_320.MRK
[2008.04.14 05:21:36 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008.04.14 05:21:36 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008.04.14 05:21:36 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008.04.14 05:21:36 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008.04.14 05:21:36 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008.04.14 05:21:36 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008.04.14 05:21:36 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2004.07.17 20:36:22 | 000,064,352 | ---- | M] () -- C:\WINDOWS\system32\drivers\ativmc20.cod
[2008.04.14 05:21:37 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008.04.14 05:21:37 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008.04.14 05:21:37 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008.04.14 05:21:37 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008.04.14 05:21:37 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008.04.14 05:21:38 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2004.07.18 07:55:22 | 000,129,045 | ---- | M] () -- C:\WINDOWS\system32\drivers\cxthsfs2.cty
[2007.02.14 16:50:38 | 000,000,005 | ---- | M] () -- C:\WINDOWS\system32\drivers\DELL_OPT_320.MRK
[2001.10.25 14:00:00 | 003,440,660 | ---- | M] () -- C:\WINDOWS\system32\drivers\gm.dls
[2001.10.25 14:00:00 | 000,000,646 | ---- | M] () -- C:\WINDOWS\system32\drivers\gmreadme.txt
[2002.04.16 06:11:42 | 000,067,866 | ---- | M] () -- C:\WINDOWS\system32\drivers\netwlan5.img
[2008.04.14 05:21:55 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008.04.14 05:22:04 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2011.07.19 07:17:18 | 000,096,256 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\gxohrixs.sys

< %systemroot%\system32\*.* /5 >
[2011.07.20 13:06:23 | 000,000,018 | ---- | M] () -- C:\WINDOWS\system32\log.txt
[2011.07.19 17:53:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\config\*.sav >
[2002.08.20 17:01:43 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2002.08.20 17:01:43 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2002.08.20 17:01:43 | 000,389,120 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\*.* /U /s >
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[16 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[3 C:\WINDOWS\system32\config\systemprofile\Data aplikací\Microsoft\Office\Shortcut Bar\*.tmp files -> C:\WINDOWS\system32\config\systemprofile\Data aplikací\Microsoft\Office\Shortcut Bar\*.tmp -> ]
[2 C:\WINDOWS\temp\*.tmp files -> C:\WINDOWS\temp\*.tmp -> ]

< %systemroot%\*. /mp /s >

< %ALLUSERSPROFILE%\Data Aplikací\*.* >
[2011.07.20 13:15:08 | 000,000,592 | -H-- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\common.data
[2002.08.20 17:03:20 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\desktop.ini

< %ALLUSERSPROFILE%\Data Aplikací\*.exe /s >
[2011.07.19 17:17:37 | 000,389,632 | ---- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\iK02300LePiB02300\iK02300LePiB02300.exe
[2010.08.02 11:20:47 | 000,095,568 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\All Users\Data Aplikací\McAfee\Common Framework\Current\VIRUSCAN8600\Install\0000\setupvse.exe
[2010.08.02 11:20:47 | 000,106,496 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\All Users\Data Aplikací\McAfee\Common Framework\Current\VIRUSCAN8600\Install\0000\UnInst.exe
[2010.08.02 11:20:47 | 000,114,176 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\All Users\Data Aplikací\McAfee\Common Framework\Current\VIRUSCAN8600\Install\0000\UnInstX64.exe
[2010.08.02 11:21:00 | 002,585,872 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Data Aplikací\McAfee\Common Framework\Current\VIRUSCAN8600\Install\0000\WindowsInstaller-KB893803-v2-x86.exe

< %ALLUSERSPROFILE%\Dáta aplikácií\*.* >

< %ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s >

< %APPDATA%\*. >
[2010.02.24 19:14:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Adobe
[2008.06.30 14:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\AdobeUM
[2010.08.17 15:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\ATI
[2008.06.30 12:49:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Canneverbe_Limited
[2003.02.13 10:34:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Help
[2002.08.20 15:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Identities
[2008.05.26 15:53:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\InstallShield
[2004.08.06 11:20:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Macromedia
[2010.08.02 11:16:19 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
[2002.12.11 10:43:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft Web Folders
[2002.12.11 14:23:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla
[2007.02.14 12:11:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\OfficeUpdate12
[2004.08.04 13:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Opera
[2004.08.09 14:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Real
[2004.08.04 13:38:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Sun
[2004.08.04 13:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Talkback
[2011.05.18 21:34:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\WinRAR

< %APPDATA%\*.* >
[2002.08.20 17:03:20 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\desktop.ini
[2006.04.04 14:02:36 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\sversion.ini

< %APPDATA%\*.exe /s >
[2007.02.13 18:20:46 | 021,277,080 | ---- | M] ( ) -- C:\Documents and Settings\Administrator\Data aplikací\Adobe\Acrobat\7.0\Updater\AdbeRdr709_en_US.exe
[2008.06.30 14:25:27 | 019,900,192 | ---- | M] ( ) -- C:\Documents and Settings\Administrator\Data aplikací\Adobe\Acrobat\7.0\Updater\AdbeRdr710_en_US.exe
[2009.03.18 14:22:28 | 000,365,322 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{8B1F8092-9D84-459B-88EA-0BE882AC915E}\ARPPRODUCTICON.exe
[2009.03.18 14:18:00 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{A8DD74DC-14C4-4BA0-8DF7-D84524D0B0D2}\ARPPRODUCTICON.exe
[2009.03.18 14:22:17 | 000,365,322 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{AF7E4468-E364-4991-BC2A-6E8293E1055B}\ARPPRODUCTICON.exe

< %SYSTEMDRIVE%\*.exe >

< >

< >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-07-13 11:25:28

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS /s >
"StateIndex" = 0
"FilesNotToBackupFilterCorrected" = 1

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
GINADLL REG_SZ NWGINA.DLL

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
BOOTEXECUTE REG_MULTI_SZ autocheck autochk *\0\0

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER

< >

< type c:\boot.ini >> test.txt /c >
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2011.07.20 13:17:22 | 000,000,512 | ---- | M] () MD5=FAA60099B1E89F9E8C21C4EA1E7DC99E -- C:\PhysicalMBR.bin

< >

< End of report >

[Caroprd111]

Znovu spusťte OTL a do spodního bílého okna vložte následující skript. Poté klikněte na Opravit, PC se restartuje, výsledný log vložte sem.

Kód: Vybrat vše

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]

:OTL
SRV - File not found [On_Demand | Stopped] -- -- (602SQL 8 FastCGI Client)
DRV - [2011.07.19 07:17:18 | 000,096,256 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\gxohrixs.sys -- (gxohrixs)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
O15 - HKLM\..Trusted Domains: vse.cz ([eis] https in Trusted sites)
O15 - HKU\S-1-5-21-516116760-4086881818-2451978738-500\..Trusted Domains: vse.cz ([eis] https in Důvěryhodné servery)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/C ... 3067708333 (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

[ChosseCV]

All processes killed
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 127209 bytes
->Temporary Internet Files folder emptied: 3272701 bytes
->FireFox cache emptied: 50236486 bytes
->Opera cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 37449491 bytes
->Temporary Internet Files folder emptied: 98572 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2504 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 105198303 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 252624 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 188,00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

Restore points cleared and new OTL Restore Point set!
========== OTL ==========
Service 602SQL 8 FastCGI Client stopped successfully!
Service 602SQL 8 FastCGI Client deleted successfully!
Service gxohrixs stopped successfully!
Service gxohrixs deleted successfully!
File move failed. C:\WINDOWS\system32\drivers\gxohrixs.sys scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\vse.cz\eis\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-516116760-4086881818-2451978738-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\vse.cz\eis\ deleted successfully.
Starting removal of ActiveX control {9F1C11AA-197B-4942-BA54-47A8489BB47F}
C:\WINDOWS\Downloaded Program Files\iuctl.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.

OTL by OldTimer - Version 3.2.26.1 log created on 07202011_145340

Files\Folders moved on Reboot...
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WGQ97VCL\afr[1].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WGQ97VCL\afr[2].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WGQ97VCL\viewtopic[1].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GB9939RG\afr[3].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File move failed. C:\WINDOWS\system32\drivers\gxohrixs.sys scheduled to be moved on reboot.

Registry entries deleted on Reboot...

[Mc_Murphy]

Kolega Caroprd111 mě požádal o kratičký zástup v této věci (měl naspěch ), takže:

Stáhni Avenger z tohoto odkazu a ulož nejlépe na Plochu.

• Dvojklikem ho spusť. Při spuštění budeš upozorněn, že to, co děláš, provádíš na vlastní riziko, klikni na [OK].
• Do spodní oblasti Input script here: zkopíruj následující script:

Kód: Vybrat vše

Files to delete:
C:\WINDOWS\System32\drivers\gxohrixs.sys

Drivers to delete:
gxohrixs

• Dole zaškrtni obě volby Scan for rootkits i Automatically disable any rootkits found a klikni na [Execute].
• V dalším okně potvrď spuštění scriptu a následný restart počítače.
• Po restartu vyčkej, až Avenger vytvoří a otevře log, jehož obsah mi sem zkopíruj.
• Pokud se stane, že se log neotevře nebo jej "omylem" zavřeš, najdeš jej v umístění C:\avenger.txt