Samovolný restart pc

Zpráva

ketez67 · #1 Příspěvek od **ketez67** » 07 led 2012 11:24

Dobrý den
již pátý den se snažím odstranit problém se samovolným restartem pc.
V nouzovém režimu pc naběhne i s prací v síti bez problému. Pokud se ovšem přihlásím normálním způsobem tak se pc restartuje.Před restartem na okamžik blikne modrá obrazovka s textem.Je to jen max 1s takže se nedá stihnou přečíst daný text.
Přikládám výpis , a za případné rady předem děkuji.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:30, on 7.1.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\DTS.exe
C:\WINDOWS\system32\AtService.exe
C:\WINDOWS\system32\FpLogonServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Programy\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Programy\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
D:\Genius\ioCentre\GMouseService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\Programy\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
d:\Programy\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
D:\Programy\ALWILS~1\Avast5\avastUI.exe
D:\Programy\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
D:\Programy\Internet Explorer\iexplore.exe
D:\Programy\Internet Explorer\iexplore.exe
D:\programy\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
D:\Programy\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jarka\Dokumenty\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\programy\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: RealoreStudios Toolbar - {03fee850-0101-4e9e-b6d4-6fc74d3db360} - D:\Programy\RealoreStudios\tbRea1.dll__BHODemonDisabled (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\programy\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - D:\programy\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: RealoreStudios Toolbar - {03fee850-0101-4e9e-b6d4-6fc74d3db360} - D:\Programy\RealoreStudios\tbRea1.dll (disabled by BHODemon)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\programy\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programy\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programy\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Programy\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - D:\programy\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\programy\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: RealoreStudios Toolbar - {03fee850-0101-4e9e-b6d4-6fc74d3db360} - D:\Programy\RealoreStudios\tbRea1.dll__BHODemonDisabled (file missing)
O4 - HKLM\..\Run: [avast5] D:\Programy\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programy\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Programy\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\Programy\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programy\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programy\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\programy\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\programy\ICQ7.2\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programy\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - D:\programy\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\programy\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\programy\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programy\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programy\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Programy\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Programy\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AD Monitor (ADMonitor) - Unknown owner - C:\WINDOWS\system32\ADMonitor.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\WINDOWS\system32\AtService.exe
O23 - Service: avast! Antivirus - AVAST Software - D:\Programy\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Data Transfer Service (dtsvc) - Unknown owner - C:\WINDOWS\system32\DTS.exe
O23 - Service: Fingerprint Server (FingerprintServer) - AuthenTec,Inc - C:\WINDOWS\system32\FpLogonServ.exe
O23 - Service: GeniusMouseService - Unknown owner - D:\Genius\ioCentre\GMouseService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle - D:\Programy\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

--
End of file - 8073 bytes

#2 Příspěvek od **Márty84** » 07 led 2012 13:40

Zdravim

Vidim, ze log je delany z normalniho rezimu, takze pc normalne najede a po nejake dobe se sam restartuje, je to tak? Jak dlouha je to priblizne doba? A je vzdy zhruba stejna, nebo se lisi?

Odinstalujte Spybot-S&D. Program je jiz delsi dobu jen stinem ze sve davne slavy

Najdete tento soubor C:\Documents and Settings\Jarka\Dokumenty\HijackThis.exe a spustte ho
Kliknete na Main menu a na Do a system scan only (pripadne rovnou na to druhe)
U techto radku dejte vlevo zatrzitko

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\programy\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: RealoreStudios Toolbar - {03fee850-0101-4e9e-b6d4-6fc74d3db360} - D:\Programy\RealoreStudios\tbRea1.dll__BHODemonDisabled (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\programy\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - D:\programy\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: RealoreStudios Toolbar - {03fee850-0101-4e9e-b6d4-6fc74d3db360} - D:\Programy\RealoreStudios\tbRea1.dll (disabled by BHODemon)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\programy\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programy\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - D:\programy\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\programy\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: RealoreStudios Toolbar - {03fee850-0101-4e9e-b6d4-6fc74d3db360} - D:\Programy\RealoreStudios\tbRea1.dll__BHODemonDisabled (file missing)

Kliknete na nápis Fix checked a restartujte pc

Dejte mi sem log z RSIT http://www.viry.cz/forum/viewtopic.php?f=30&t=82744 . Je podrobnejsi nez HJT a uz dlouhou dobu se zde pouziva jako zakladni skener

ketez67 · #3 Příspěvek od **ketez67** » 08 led 2012 13:38

PC se restartuje ,ale 1x z 10 pokusů naběhne.
Jaký program doporučujete místo Spybotu.

Zasílám log

Logfile of random's system information tool 1.09 (written by random/random)
Run by Jarka at 2012-01-08 13:31:44
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 33 GB (60%) free of 55 GB
Total RAM: 1407 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:32:16, on 8.1.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\DTS.exe
C:\WINDOWS\system32\AtService.exe
C:\WINDOWS\system32\FpLogonServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Programy\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Programy\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
D:\Genius\ioCentre\GMouseService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\Programy\Java\jre6\bin\jqs.exe
C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
d:\Programy\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Programy\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
D:\Programy\Internet Explorer\iexplore.exe
D:\programy\Alwil Software\Avast5\AvastUI.exe
C:\Documents and Settings\Jarka\Plocha\RSIT.exe
D:\Programy\trend micro\Jarka.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: (no name) - {03fee850-0101-4e9e-b6d4-6fc74d3db360} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programy\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Programy\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Programy\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\Programy\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programy\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programy\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\programy\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\programy\ICQ7.2\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programy\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - D:\programy\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programy\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programy\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Programy\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Programy\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AD Monitor (ADMonitor) - Unknown owner - C:\WINDOWS\system32\ADMonitor.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\WINDOWS\system32\AtService.exe
O23 - Service: avast! Antivirus - AVAST Software - D:\Programy\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Data Transfer Service (dtsvc) - Unknown owner - C:\WINDOWS\system32\DTS.exe
O23 - Service: Fingerprint Server (FingerprintServer) - AuthenTec,Inc - C:\WINDOWS\system32\FpLogonServ.exe
O23 - Service: GeniusMouseService - Unknown owner - D:\Genius\ioCentre\GMouseService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle - D:\Programy\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

--
End of file - 6118 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03fee850-0101-4e9e-b6d4-6fc74d3db360}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Programy\Java\jre6\bin\jp2ssv.dll [2010-07-20 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - D:\Programy\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-07-20 79648]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"=C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe [2008-11-04 435096]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-04-05 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=D:\Programy\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoResolveSearch"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\programy\ICQ7.2\ICQ.exe"="D:\programy\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"D:\programy\ICQ7.2\aolload.exe"="D:\programy\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"D:\programy\TeamViewer\Version4\TeamViewer.exe"="D:\programy\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"D:\programy\Skype\Phone\Skype.exe"="D:\programy\Skype\Phone\Skype.exe:*:Enabled:Skype"
"D:\programy\Microsoft Office\Office12\OUTLOOK.EXE"="D:\programy\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"D:\programy\Microsoft Office\Office12\GROOVE.EXE"="D:\programy\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"D:\programy\Microsoft Office\Office12\ONENOTE.EXE"="D:\programy\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"D:\programy\Digital Imaging\bin\hpqtra08.exe"="D:\programy\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"D:\programy\Digital Imaging\bin\hpqste08.exe"="D:\programy\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"D:\programy\Digital Imaging\bin\hpofxm08.exe"="D:\programy\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"D:\programy\Digital Imaging\bin\hposfx08.exe"="D:\programy\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"D:\programy\Digital Imaging\bin\hposid01.exe"="D:\programy\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"D:\programy\Digital Imaging\bin\hpqkygrp.exe"="D:\programy\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"D:\programy\Digital Imaging\bin\hpfcCopy.exe"="D:\programy\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe"
"D:\programy\Digital Imaging\bin\hpoews01.exe"="D:\programy\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"D:\programy\Digital Imaging\bin\hpiscnapp.exe"="D:\programy\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"D:\programy\Digital Imaging\bin\hpofxs08.exe"="D:\programy\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe"
"D:\programy\Digital Imaging\bin\hpqgplgtupl.exe"="D:\programy\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"D:\programy\Digital Imaging\bin\hpqgpc01.exe"="D:\programy\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"
"D:\programy\Digital Imaging\bin\hpqusgm.exe"="D:\programy\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe"
"D:\programy\Digital Imaging\bin\hpqusgh.exe"="D:\programy\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe"
"D:\programy\HP Software Update\hpwucli.exe"="D:\programy\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe"
"D:\programy\Digital Imaging\smart web printing\SmartWebPrintExe.exe"="D:\programy\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe"
"D:\programy\Microsoft Games\Zoo Tycoon 2\zt.exe"="D:\programy\Microsoft Games\Zoo Tycoon 2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\programy\ICQ7.2\ICQ.exe"="D:\programy\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"D:\programy\ICQ7.2\aolload.exe"="D:\programy\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"E:\setup\hpznui01.exe"="E:\setup\hpznui01.exe:*:Enabled:hpznui01.exe"
"D:\programy\Digital Imaging\bin\hpqtra08.exe"="D:\programy\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"D:\programy\Digital Imaging\bin\hpqste08.exe"="D:\programy\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"D:\programy\Digital Imaging\bin\hpofxm08.exe"="D:\programy\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"D:\programy\Digital Imaging\bin\hposfx08.exe"="D:\programy\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"D:\programy\Digital Imaging\bin\hposid01.exe"="D:\programy\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"D:\programy\Digital Imaging\bin\hpqkygrp.exe"="D:\programy\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"D:\programy\Digital Imaging\bin\hpfcCopy.exe"="D:\programy\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe"
"D:\programy\Digital Imaging\bin\hpoews01.exe"="D:\programy\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"D:\programy\Digital Imaging\bin\hpiscnapp.exe"="D:\programy\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"D:\programy\Digital Imaging\bin\hpofxs08.exe"="D:\programy\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe"
"D:\programy\Digital Imaging\bin\hpqgplgtupl.exe"="D:\programy\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"D:\programy\Digital Imaging\bin\hpqgpc01.exe"="D:\programy\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"
"D:\programy\Digital Imaging\bin\hpqusgm.exe"="D:\programy\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe"
"D:\programy\Digital Imaging\bin\hpqusgh.exe"="D:\programy\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe"
"D:\programy\HP Software Update\hpwucli.exe"="D:\programy\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe"
"D:\programy\Digital Imaging\smart web printing\SmartWebPrintExe.exe"="D:\programy\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"vidc.LEAD"=LCODCCMP.DLL
"MSVideo8"=VfWWDM32.dll

======List of files/folders created in the last 1 month======

2012-01-08 13:31:44 ----D---- D:\Programy\trend micro
2012-01-08 13:31:44 ----D---- C:\rsit
2012-01-08 13:18:08 ----A---- C:\WINDOWS\ntbtlog.txt
2012-01-07 12:52:38 ----SHD---- C:\RECYCLER
2012-01-07 12:45:20 ----A---- C:\ComboFix.txt
2012-01-07 12:32:46 ----A---- C:\Boot.bak
2012-01-07 12:32:39 ----RASHD---- C:\cmdcons
2012-01-07 11:49:05 ----A---- C:\WINDOWS\zip.exe
2012-01-07 11:49:05 ----A---- C:\WINDOWS\SWXCACLS.exe
2012-01-07 11:49:05 ----A---- C:\WINDOWS\SWSC.exe
2012-01-07 11:49:05 ----A---- C:\WINDOWS\SWREG.exe
2012-01-07 11:49:05 ----A---- C:\WINDOWS\sed.exe
2012-01-07 11:49:05 ----A---- C:\WINDOWS\PEV.exe
2012-01-07 11:49:05 ----A---- C:\WINDOWS\NIRCMD.exe
2012-01-07 11:49:05 ----A---- C:\WINDOWS\MBR.exe
2012-01-07 11:49:05 ----A---- C:\WINDOWS\grep.exe
2012-01-07 11:48:43 ----D---- C:\WINDOWS\ERDNT
2012-01-07 11:48:34 ----D---- C:\Qoobox
2012-01-07 11:40:45 ----A---- C:\TDSSKiller.2.6.25.0_07.01.2012_11.40.45_log.txt
2012-01-07 11:00:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-01-06 20:17:18 ----D---- C:\Documents and Settings\Jarka\Data aplikací\VS Revo Group
2012-01-06 13:02:20 ----SHD---- C:\WINDOWS\CSC
2012-01-04 14:34:37 ----D---- C:\WINDOWS\system32\LogFiles
2012-01-03 18:29:16 ----A---- C:\WINDOWS\system32\drivers\Cat.DB
2012-01-03 18:27:51 ----D---- C:\Program Files\Common Files\PC Tools
2011-12-14 21:31:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2639417$
2011-12-14 21:31:17 ----HDC---- C:\WINDOWS\$NtUninstallKB2624667$
2011-12-14 21:25:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2633952$
2011-12-14 21:25:48 ----HDC---- C:\WINDOWS\$NtUninstallKB2619339$
2011-12-14 21:25:10 ----HDC---- C:\WINDOWS\$NtUninstallKB2618451$
2011-12-14 21:24:50 ----D---- C:\Program Files\Common Files\ODBC
2011-12-14 21:24:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2620712$
2011-12-14 21:23:55 ----HDC---- C:\WINDOWS\$NtUninstallKB2633171$
2011-12-12 00:52:07 ----D---- C:\WINDOWS\system32\DRM

======List of files/folders modified in the last 1 month======

2012-01-08 13:31:53 ----D---- C:\WINDOWS\Prefetch
2012-01-08 13:30:27 ----D---- C:\WINDOWS\system32
2012-01-08 13:30:27 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-01-08 13:30:26 ----D---- C:\WINDOWS\Temp
2012-01-08 13:26:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2012-01-08 13:18:08 ----D---- C:\WINDOWS
2012-01-07 13:54:45 ----D---- C:\Documents and Settings\Jarka\Data aplikací\HPAppData
2012-01-07 12:42:04 ----A---- C:\WINDOWS\system.ini
2012-01-07 12:38:50 ----D---- C:\WINDOWS\system32\drivers
2012-01-07 12:38:50 ----D---- C:\WINDOWS\AppPatch
2012-01-07 12:32:46 ----RASH---- C:\boot.ini
2012-01-07 12:07:19 ----D---- C:\WINDOWS\system32\drivers\etc
2012-01-07 11:48:02 ----D---- C:\WINDOWS\system32\CatRoot2
2012-01-07 11:03:09 ----D---- C:\WINDOWS\SoftwareDistribution
2012-01-07 10:53:58 ----SHD---- C:\WINDOWS\Installer
2012-01-07 10:53:58 ----RD---- C:\WINDOWS\Web
2012-01-07 10:53:58 ----D---- C:\WINDOWS\SHELLNEW
2012-01-07 10:53:58 ----D---- C:\FILMY
2012-01-07 10:51:27 ----D---- C:\Documents and Settings\Jarka\Data aplikací\IObit
2012-01-06 20:23:36 ----D---- D:\Programy\Thoosje Vista Sidebar
2012-01-04 14:39:22 ----D---- C:\WINDOWS\security
2012-01-04 14:33:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-01-04 14:30:26 ----D---- C:\WINDOWS\system32\inetsrv
2012-01-04 11:11:09 ----D---- D:\Programy\CCleaner
2012-01-03 22:49:55 ----SHD---- C:\System Volume Information
2012-01-03 22:47:44 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2012-01-03 19:28:42 ----D---- C:\WINDOWS\WinSxS
2012-01-03 17:16:16 ----D---- D:\Programy\Malwarebytes' Anti-Malware
2011-12-17 08:30:47 ----D---- C:\WINDOWS\Debug
2011-12-17 07:33:51 ----D---- D:\Programy\IObit
2011-12-17 07:30:40 ----SD---- C:\WINDOWS\Tasks
2011-12-14 21:32:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2011-12-14 21:31:38 ----RSD---- C:\WINDOWS\assembly
2011-12-14 21:31:32 ----HD---- C:\WINDOWS\inf
2011-12-14 21:30:59 ----D---- D:\Programy\internet explorer
2011-12-14 21:30:40 ----D---- C:\WINDOWS\ie8updates
2011-12-14 21:30:33 ----HD---- C:\WINDOWS\$hf_mig$
2011-12-14 21:28:24 ----A---- C:\WINDOWS\system32\MRT.exe
2011-12-12 00:52:00 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-11-28 30808]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2010-09-20 43488]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-11-28 34392]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-11-28 435032]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-11-28 314456]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-11-28 52952]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2007-10-29 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-11-28 20568]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-11-28 111320]
R2 LBeepKE;Logitech Beep Suppression Driver; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2010-03-18 10448]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-04-18 13059]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-04-05 1035776]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver; C:\WINDOWS\System32\Drivers\ATSwpWDF.sys [2009-03-19 482176]
R3 b57w2k;Broadcom NetLink (TM) Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-10-26 142720]
R3 BCM43XX;Broadcom 802.11 ovladač síťového adaptéru; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-03-10 371712]
R3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camc6aud.sys [2005-04-06 38144]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camc6hal.sys [2005-04-06 349312]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2005-04-18 1038336]
R3 HSFHWATI;HSFHWATI; C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-04-18 200576]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2010-03-18 38864]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2010-03-18 37328]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2010-03-18 28624]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2008-09-25 31680]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-10-24 6784]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2007-05-02 290816]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-04-18 703488]
S3 Cap7134;Cap7134 Capture; C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2011-01-16 347072]
S3 catchme;catchme; \??\C:\DOCUME~1\Jarka\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cpuz132;cpuz132; \??\C:\DOCUME~1\Jarka\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys []
S3 gHidPnp;USB Device Enhanced Function Driver; C:\WINDOWS\System32\Drivers\gHidPnp.Sys [2009-11-02 20480]
S3 gMouUsb;USB Mouse Device Drv; C:\WINDOWS\system32\DRIVERS\gMouUsb.sys [2009-11-02 11520]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-01-05 51056]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-01-05 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-01-05 21488]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PhTVTune;Cap7134 TVTuner; C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2011-01-16 45760]
S3 Revoflt;Revoflt; C:\WINDOWS\system32\DRIVERS\revoflt.sys [2009-12-30 27064]
S3 SE27bus;Sony Ericsson Device 039 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE27bus.sys [2006-04-28 61600]
S3 SE27mdfl;Sony Ericsson Device 039 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys [2006-04-28 9360]
S3 SE27mdm;Sony Ericsson Device 039 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\SE27mdm.sys [2006-04-28 97184]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-04-05 364544]
R2 ATService;AuthenTec Fingerprint Service; C:\WINDOWS\system32\AtService.exe [2009-03-19 1680632]
R2 avast! Antivirus;avast! Antivirus; D:\Programy\Alwil Software\Avast5\AvastSvc.exe [2011-11-28 44768]
R2 BcmSqlStartupSvc;Služba spouštění serveru SQL Server aplikace Business Contact Manager; D:\Programy\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2009-02-23 30312]
R2 dtsvc;Data Transfer Service; C:\WINDOWS\system32\DTS.exe [2009-03-19 98304]
R2 FingerprintServer;Fingerprint Server; C:\WINDOWS\system32\FpLogonServ.exe [2009-03-19 118784]
R2 GeniusMouseService;GeniusMouseService; D:\Genius\ioCentre\GMouseService.exe [2010-03-11 12288]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 HPSLPSVC;HP Network Devices Support; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; D:\Programy\Java\jre6\bin\jqs.exe [2010-07-20 153376]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 SQLBrowser;SQL Server Browser; d:\Programy\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2010-12-10 238944]
R2 SQLWriter;SQL Server VSS Writer; d:\Programy\Microsoft SQL Server\90\Shared\sqlwriter.exe [2010-12-10 86880]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 ADMonitor;AD Monitor; C:\WINDOWS\system32\ADMonitor.exe [2009-03-19 106496]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2010-05-06 293456]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; D:\Programy\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); d:\Programy\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; d:\Programy\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2010-12-10 44384]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#4 Příspěvek od **Márty84** » 08 led 2012 13:56

Koukam, ze jste si hral na doktora a pouzil ComboFix

Ktery dobrak vam ho poradil?

ComboFix se pouziva az na pokyn radce, jelikoz spatne pouziti muze poslat system do vecnych lovist. Navic CF smaze vsechny stopy po pripadne infekci a log z RSIT je pak k nicemu

Najdete tyto dva logy a jejich obsah sem zkopirujte
C:\TDSSKiller.2.6.25.0_07.01.2012_11.40.45_log.txt
C:\ComboFix.txt

ketez67 · #5 Příspěvek od **ketez67** » 08 led 2012 15:45

To jsem zkoušel sám po pročítání diskuze

zde jsou logy

ComboFix 12-01-06.03 - Jarka 07.01.2012 12:34:54.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1407.854 [GMT 1:00]
Spuštěný z: c:\documents and settings\Jarka\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-12-07 do 2012-01-07 )))))))))))))))))))))))))))))))
.
.
2012-01-07 10:48 . 2012-01-07 10:48 -------- d-----w- c:\documents and settings\All Users\Oblíbené položky
2012-01-06 19:17 . 2012-01-06 19:17 -------- d-----w- c:\documents and settings\Jarka\Data aplikací\VS Revo Group
2012-01-04 13:34 . 2012-01-04 13:34 -------- d-----w- c:\windows\system32\LogFiles
2012-01-04 13:31 . 2007-10-29 12:00 113222 -c--a-w- c:\windows\system32\dllcache\zoneclim.dll
2012-01-04 13:31 . 2007-10-29 12:00 113222 ----a-w- d:\programy\MSN Gaming Zone\windows\zoneclim.dll
2012-01-04 13:31 . 2007-10-29 12:00 1040467 -c--a-w- c:\windows\system32\dllcache\cmnresm.dll
2012-01-04 13:31 . 2007-10-29 12:00 1040467 ----a-w- d:\programy\MSN Gaming Zone\windows\Cmnresm.dll
2012-01-04 13:31 . 2007-10-29 12:00 29760 -c--a-w- c:\windows\system32\dllcache\znetm.dll
2012-01-04 13:31 . 2007-10-29 12:00 29760 ----a-w- d:\programy\MSN Gaming Zone\windows\ZNetM.dll
2012-01-04 13:31 . 2007-10-29 12:00 217160 -c--a-w- c:\windows\system32\dllcache\cmnclim.dll
2012-01-04 13:31 . 2007-10-29 12:00 217160 ----a-w- d:\programy\MSN Gaming Zone\windows\Cmnclim.dll
2012-01-04 13:31 . 2007-10-29 12:00 36937 -c--a-w- c:\windows\system32\dllcache\zclientm.exe
2012-01-04 13:31 . 2007-10-29 12:00 36937 ----a-w- d:\programy\MSN Gaming Zone\windows\zClientm.exe
2012-01-03 21:46 . 2012-01-03 21:46 -------- d-----w- c:\documents and settings\Pater\Local Settings\Data aplikací\Threat Expert
2012-01-03 19:05 . 2012-01-03 19:05 -------- d-----w- c:\documents and settings\LocalService\Plocha
2012-01-03 17:48 . 2011-05-20 10:44 767952 ----a-w- c:\windows\BDTSupport.dll0135.old
2012-01-03 17:27 . 2012-01-03 21:49 -------- d-----w- c:\program files\Common Files\PC Tools
2012-01-03 16:11 . 2012-01-03 16:11 -------- d-----w- c:\documents and settings\Pater\Data aplikací\Malwarebytes
2011-12-17 06:30 . 2011-12-17 06:30 -------- d-----w- c:\documents and settings\Pater\Data aplikací\IObit
2011-12-11 23:52 . 2011-12-11 23:52 -------- d-----w- c:\windows\system32\DRM
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-03 18:20 . 2011-08-05 11:56 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 14:24 . 2010-09-25 06:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-28 18:01 . 2010-07-15 20:10 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2010-07-15 20:10 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-11-29 20:28 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2010-07-15 20:10 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2010-07-15 20:10 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2010-07-15 20:10 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2010-07-15 20:10 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-28 17:51 . 2010-07-15 20:10 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-28 17:51 . 2010-07-15 20:10 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-28 17:48 . 2010-07-15 20:10 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-11-23 14:40 . 2007-10-29 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:13 . 2007-10-29 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2007-10-29 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:13 . 2007-10-29 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2007-10-29 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2007-10-29 12:00 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:32 . 2007-10-29 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:50 . 2007-10-29 12:00 2194944 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 10:50 . 2004-08-17 15:45 2071552 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2007-10-29 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2010-07-15 18:57 692736 ----a-w- c:\windows\system32\inetcomm.dll
2009-11-17 21:14 . 2009-11-17 21:14 89088 ----a-w- d:\programy\atl71.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-07_11.07.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-29 12:00 . 2012-01-07 11:32 97116 c:\windows\system32\perfc009.dat
+ 2007-10-29 12:00 . 2012-01-07 11:32 501116 c:\windows\system32\perfh009.dat
+ 2007-10-29 12:00 . 2012-01-07 11:32 500478 c:\windows\system32\perfh005.dat
+ 2007-10-29 12:00 . 2012-01-07 11:32 109430 c:\windows\system32\perfc005.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- d:\programy\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="d:\programy\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ICQ"=~"d:\programy\ICQ7.2\ICQ.exe" silent loginmode=4
"MSMSGS"="d:\programy\Messenger\msmsgs.exe" /background
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="d:\programy\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"HP Component Manager"="d:\programy\HP\hpcoretech\hpcmpmgr.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"FingerPrintSoftware"="d:\programy\Lenovo Fingerprint Software\fpapp.exe" \s
"EvtMgr6"=d:\programy\Logitech\SetPointP\SetPoint.exe /launchGaming
"ioCentre"=d:\genius\ioCentre\gTaskBar.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\programy\\ICQ7.2\\ICQ.exe"=
"d:\\programy\\ICQ7.2\\aolload.exe"=
"d:\\programy\\TeamViewer\\Version4\\TeamViewer.exe"=
"d:\\programy\\Skype\\Phone\\Skype.exe"=
"d:\\programy\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\programy\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\programy\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\programy\\Digital Imaging\\bin\\hpqtra08.exe"=
"d:\\programy\\Digital Imaging\\bin\\hpqste08.exe"=
"d:\\programy\\Digital Imaging\\bin\\hpofxm08.exe"=
"d:\\programy\\Digital Imaging\\bin\\hposfx08.exe"=
"d:\\programy\\Digital Imaging\\bin\\hposid01.exe"=
"d:\\programy\\Digital Imaging\\bin\\hpqkygrp.exe"=
"d:\\programy\\Digital Imaging\\bin\\hpfcCopy.exe"=
"d:\\programy\\Digital Imaging\\bin\\hpoews01.exe"=
"d:\\programy\\Digital Imaging\\bin\\hpiscnapp.exe"=
"d:\\programy\\Digital Imaging\\bin\\hpofxs08.exe"=
"d:\\programy\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"d:\\programy\\Digital Imaging\\bin\\hpqgpc01.exe"=
"d:\\programy\\Digital Imaging\\bin\\hpqusgm.exe"=
"d:\\programy\\Digital Imaging\\bin\\hpqusgh.exe"=
"d:\\programy\\HP Software Update\\hpwucli.exe"=
"d:\\programy\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"d:\\programy\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [29.11.2011 21:28 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [15.7.2010 21:10 314456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15.7.2010 21:10 20568]
R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [19.3.2009 4:48 1680632]
R2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [19.3.2009 4:53 98304]
R2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [19.3.2009 4:55 118784]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [11.11.2010 13:00 10448]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [11.11.2010 13:20 482176]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [15.7.2010 20:54 200576]
S2 GeniusMouseService;GeniusMouseService;d:\genius\ioCentre\GMouseService.exe [11.11.2010 13:06 12288]
S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [19.3.2009 4:52 106496]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [11.11.2010 13:06 20480]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [11.11.2010 13:06 11520]
S3 PhTVTune;Cap7134 TVTuner;c:\windows\system32\drivers\PhTVTune.sys [16.1.2011 15:37 45760]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [25.12.2010 7:57 27064]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [29.10.2007 13:00 14336]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - 27063832
*Deregistered* - 27063832
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPService REG_MULTI_SZ HPSLPSVC
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WINRM REG_MULTI_SZ WINRM
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://home.sweetim.com
IE: E&xport to Microsoft Excel - d:\programy\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - d:\programy\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\*
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-07 12:41
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-448539723-1417001333-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(992)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2260)
c:\windows\system32\webcheck.dll
.
Celkový čas: 2012-01-07 12:45:18
ComboFix-quarantined-files.txt 2012-01-07 11:45
ComboFix2.txt 2012-01-07 11:11
.
Před spuštěním: Volných bajtů: 34 889 605 120
Po spuštění: Volných bajtů: 34 873 864 192
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - B1B4B5260723C6473AE57CBEB14EF0BE

11:40:45.0859 2604 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
11:40:46.0078 2604 ============================================================
11:40:46.0078 2604 Current date / time: 2012/01/07 11:40:46.0078
11:40:46.0078 2604 SystemInfo:
11:40:46.0078 2604
11:40:46.0078 2604 OS Version: 5.1.2600 ServicePack: 3.0
11:40:46.0078 2604 Product type: Workstation
11:40:46.0078 2604 ComputerName: PISKOT
11:40:46.0078 2604 UserName: Jarka
11:40:46.0078 2604 Windows directory: C:\WINDOWS
11:40:46.0078 2604 System windows directory: C:\WINDOWS
11:40:46.0078 2604 Processor architecture: Intel x86
11:40:46.0078 2604 Number of processors: 1
11:40:46.0078 2604 Page size: 0x1000
11:40:46.0078 2604 Boot type: Normal boot
11:40:46.0078 2604 ============================================================
11:40:47.0906 2604 Initialize success
11:41:01.0562 2348 ============================================================
11:41:01.0562 2348 Scan started
11:41:01.0562 2348 Mode: Manual;
11:41:01.0562 2348 ============================================================
11:41:01.0968 2348 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOWS\system32\drivers\Aavmker4.sys
11:41:01.0968 2348 Aavmker4 - ok
11:41:02.0015 2348 Abiosdsk - ok
11:41:02.0078 2348 abp480n5 - ok
11:41:02.0125 2348 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:41:02.0125 2348 ACPI - ok
11:41:02.0171 2348 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
11:41:02.0171 2348 ACPIEC - ok
11:41:02.0203 2348 adpu160m - ok
11:41:02.0281 2348 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:41:02.0281 2348 aec - ok
11:41:02.0343 2348 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:41:02.0359 2348 AFD - ok
11:41:02.0421 2348 AFS2K (c719341a1cf6afd4fa0808ae3d23d6a3) C:\WINDOWS\system32\drivers\AFS2K.sys
11:41:02.0421 2348 AFS2K - ok
11:41:02.0437 2348 Aha154x - ok
11:41:02.0468 2348 aic78u2 - ok
11:41:02.0500 2348 aic78xx - ok
11:41:02.0546 2348 AliIde - ok
11:41:02.0625 2348 AmdK8 (fcffa85cfd4bf7a4711012847048dca3) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
11:41:02.0625 2348 AmdK8 - ok
11:41:02.0671 2348 amsint - ok
11:41:02.0750 2348 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:41:02.0750 2348 Arp1394 - ok
11:41:02.0812 2348 asc - ok
11:41:02.0859 2348 asc3350p - ok
11:41:02.0906 2348 asc3550 - ok
11:41:03.0015 2348 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\WINDOWS\system32\drivers\aswFsBlk.sys
11:41:03.0015 2348 aswFsBlk - ok
11:41:03.0062 2348 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOWS\system32\drivers\aswMon2.sys
11:41:03.0062 2348 aswMon2 - ok
11:41:03.0093 2348 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINDOWS\system32\drivers\aswRdr.sys
11:41:03.0093 2348 aswRdr - ok
11:41:03.0171 2348 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOWS\system32\drivers\aswSnx.sys
11:41:03.0171 2348 aswSnx - ok
11:41:03.0234 2348 aswSP (010012597333da1f46c3243f33f8409e) C:\WINDOWS\system32\drivers\aswSP.sys
11:41:03.0234 2348 aswSP - ok
11:41:03.0281 2348 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOWS\system32\drivers\aswTdi.sys
11:41:03.0281 2348 aswTdi - ok
11:41:03.0359 2348 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:41:03.0359 2348 AsyncMac - ok
11:41:03.0406 2348 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:41:03.0406 2348 atapi - ok
11:41:03.0421 2348 Atdisk - ok
11:41:03.0546 2348 ati2mtag (e9ebf7dca6c5eb9c597035a10a5a6a1b) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
11:41:03.0562 2348 ati2mtag - ok
11:41:03.0625 2348 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:41:03.0625 2348 Atmarpc - ok
11:41:03.0750 2348 ATSwpWDF (40e3212da94acf9e120c30acebc6ea80) C:\WINDOWS\system32\Drivers\ATSwpWDF.sys
11:41:03.0750 2348 ATSwpWDF - ok
11:41:03.0828 2348 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:41:03.0843 2348 audstub - ok
11:41:03.0890 2348 b57w2k (c0acd392ece55784884cc208aafa06ce) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
11:41:03.0906 2348 b57w2k - ok
11:41:03.0984 2348 BCM43XX (e7debb46b9ef1f28932e533be4a3d1a9) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
11:41:03.0984 2348 BCM43XX - ok
11:41:04.0046 2348 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:41:04.0046 2348 Beep - ok
11:41:04.0109 2348 CAMCAUD (e06d3da2a2059dfdbffa5364eae3768f) C:\WINDOWS\system32\drivers\camc6aud.sys
11:41:04.0109 2348 CAMCAUD - ok
11:41:04.0171 2348 CAMCHALA (87e897e6e852766d0722b02f637d4881) C:\WINDOWS\system32\drivers\camc6hal.sys
11:41:04.0171 2348 CAMCHALA - ok
11:41:04.0234 2348 Cap7134 (d47a833e9304e00b0a63dcae346615ab) C:\WINDOWS\system32\DRIVERS\Cap7134.sys
11:41:04.0234 2348 Cap7134 - ok
11:41:04.0281 2348 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:41:04.0281 2348 cbidf2k - ok
11:41:04.0359 2348 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:41:04.0359 2348 CCDECODE - ok
11:41:04.0421 2348 cd20xrnt - ok
11:41:04.0515 2348 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:41:04.0515 2348 Cdaudio - ok
11:41:04.0593 2348 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:41:04.0593 2348 Cdfs - ok
11:41:04.0671 2348 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:41:04.0671 2348 Cdrom - ok
11:41:04.0703 2348 Changer - ok
11:41:04.0781 2348 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
11:41:04.0781 2348 CmBatt - ok
11:41:04.0812 2348 CmdIde - ok
11:41:04.0859 2348 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:41:04.0859 2348 Compbatt - ok
11:41:04.0921 2348 Cpqarray - ok
11:41:05.0078 2348 cpuz132 - ok
11:41:05.0140 2348 dac2w2k - ok
11:41:05.0203 2348 dac960nt - ok
11:41:05.0265 2348 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:41:05.0265 2348 Disk - ok
11:41:05.0359 2348 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
11:41:05.0375 2348 dmboot - ok
11:41:05.0453 2348 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
11:41:05.0453 2348 dmio - ok
11:41:05.0484 2348 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:41:05.0484 2348 dmload - ok
11:41:05.0531 2348 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:41:05.0531 2348 DMusic - ok
11:41:05.0578 2348 dpti2o - ok
11:41:05.0625 2348 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:41:05.0625 2348 drmkaud - ok
11:41:05.0703 2348 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:41:05.0718 2348 Fastfat - ok
11:41:05.0812 2348 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
11:41:05.0812 2348 Fdc - ok
11:41:05.0906 2348 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
11:41:05.0906 2348 Fips - ok
11:41:05.0953 2348 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
11:41:05.0968 2348 Flpydisk - ok
11:41:06.0062 2348 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:41:06.0062 2348 FltMgr - ok
11:41:06.0140 2348 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:41:06.0140 2348 Fs_Rec - ok
11:41:06.0187 2348 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:41:06.0203 2348 Ftdisk - ok
11:41:06.0265 2348 gHidPnp (d4692d4cbbde6a622a47f63d2ccc26c5) C:\WINDOWS\system32\Drivers\gHidPnp.Sys
11:41:06.0265 2348 gHidPnp - ok
11:41:06.0296 2348 gMouUsb (d7b70109e9589d5f3c3ccdd6ba76e0c1) C:\WINDOWS\system32\DRIVERS\gMouUsb.sys
11:41:06.0296 2348 gMouUsb - ok
11:41:06.0343 2348 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:41:06.0359 2348 Gpc - ok
11:41:06.0390 2348 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:41:06.0406 2348 HidUsb - ok
11:41:06.0421 2348 hpn - ok
11:41:06.0515 2348 HPZid412 (287a63bd8509bd78e7978823b38afa81) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
11:41:06.0515 2348 HPZid412 - ok
11:41:06.0562 2348 HPZipr12 (0b4fda2657c3e0315eaa57f9c6d4fd1f) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
11:41:06.0562 2348 HPZipr12 - ok
11:41:06.0609 2348 HPZius12 (29559db25258b60510a60c4e470fce32) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
11:41:06.0609 2348 HPZius12 - ok
11:41:06.0687 2348 HSFHWATI (110d8515670f8ebfc831bd02b7a8fc74) C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys
11:41:06.0703 2348 HSFHWATI - ok
11:41:06.0796 2348 HSF_DP (6fbefacc2a0379bf3b395b0ca0cadb17) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
11:41:06.0812 2348 HSF_DP - ok
11:41:06.0921 2348 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:41:06.0921 2348 HTTP - ok
11:41:06.0984 2348 i2omgmt - ok
11:41:07.0015 2348 i2omp - ok
11:41:07.0109 2348 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:41:07.0109 2348 i8042prt - ok
11:41:07.0156 2348 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:41:07.0156 2348 Imapi - ok
11:41:07.0234 2348 ini910u - ok
11:41:07.0281 2348 IntelIde - ok
11:41:07.0343 2348 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:41:07.0343 2348 Ip6Fw - ok
11:41:07.0437 2348 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:41:07.0437 2348 IpFilterDriver - ok
11:41:07.0484 2348 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:41:07.0484 2348 IpInIp - ok
11:41:07.0531 2348 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:41:07.0531 2348 IpNat - ok
11:41:07.0562 2348 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:41:07.0562 2348 IPSec - ok
11:41:07.0593 2348 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:41:07.0593 2348 IRENUM - ok
11:41:07.0671 2348 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:41:07.0671 2348 isapnp - ok
11:41:07.0718 2348 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:41:07.0734 2348 Kbdclass - ok
11:41:07.0781 2348 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:41:07.0781 2348 kmixer - ok
11:41:07.0843 2348 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:41:07.0843 2348 KSecDD - ok
11:41:07.0921 2348 LBeepKE (ca63fe81705ad660e482bef210bf2c73) C:\WINDOWS\system32\Drivers\LBeepKE.sys
11:41:07.0921 2348 LBeepKE - ok
11:41:07.0984 2348 lbrtfdc - ok
11:41:08.0078 2348 LHidFilt (b68309f25c5787385da842eb5b496958) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
11:41:08.0078 2348 LHidFilt - ok
11:41:08.0125 2348 LMouFilt (63d3b1d3cd267fcc186a0146b80d453b) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
11:41:08.0125 2348 LMouFilt - ok
11:41:08.0171 2348 LUsbFilt (0c62957912d4df1e4ba9795e6be3ed38) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
11:41:08.0171 2348 LUsbFilt - ok
11:41:08.0234 2348 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
11:41:08.0234 2348 mdmxsdk - ok
11:41:08.0296 2348 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:41:08.0296 2348 mnmdd - ok
11:41:08.0375 2348 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
11:41:08.0375 2348 Modem - ok
11:41:08.0421 2348 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:41:08.0421 2348 Mouclass - ok
11:41:08.0468 2348 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:41:08.0484 2348 mouhid - ok
11:41:08.0531 2348 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:41:08.0531 2348 MountMgr - ok
11:41:08.0562 2348 mraid35x - ok
11:41:08.0609 2348 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:41:08.0609 2348 MRxDAV - ok
11:41:08.0656 2348 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:41:08.0687 2348 MRxSmb - ok
11:41:08.0750 2348 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:41:08.0765 2348 Msfs - ok
11:41:08.0828 2348 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:41:08.0828 2348 MSKSSRV - ok
11:41:08.0921 2348 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:41:08.0921 2348 MSPCLOCK - ok
11:41:08.0984 2348 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:41:08.0984 2348 MSPQM - ok
11:41:09.0062 2348 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:41:09.0062 2348 mssmbios - ok
11:41:09.0140 2348 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
11:41:09.0140 2348 MSTEE - ok
11:41:09.0203 2348 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:41:09.0203 2348 Mup - ok
11:41:09.0250 2348 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:41:09.0250 2348 NABTSFEC - ok
11:41:09.0312 2348 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:41:09.0312 2348 NDIS - ok
11:41:09.0375 2348 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:41:09.0390 2348 NdisIP - ok
11:41:09.0437 2348 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:41:09.0437 2348 NdisTapi - ok
11:41:09.0500 2348 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:41:09.0500 2348 Ndisuio - ok
11:41:09.0515 2348 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:41:09.0531 2348 NdisWan - ok
11:41:09.0593 2348 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:41:09.0593 2348 NDProxy - ok
11:41:09.0687 2348 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:41:09.0687 2348 NetBIOS - ok
11:41:09.0734 2348 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:41:09.0734 2348 NetBT - ok
11:41:09.0828 2348 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:41:09.0828 2348 NIC1394 - ok
11:41:09.0906 2348 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:41:09.0921 2348 Npfs - ok
11:41:10.0031 2348 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:41:10.0046 2348 Ntfs - ok
11:41:10.0093 2348 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:41:10.0093 2348 Null - ok
11:41:10.0156 2348 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:41:10.0156 2348 NwlnkFlt - ok
11:41:10.0218 2348 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:41:10.0218 2348 NwlnkFwd - ok
11:41:10.0281 2348 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:41:10.0281 2348 ohci1394 - ok
11:41:10.0359 2348 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
11:41:10.0359 2348 Parport - ok
11:41:10.0390 2348 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:41:10.0390 2348 PartMgr - ok
11:41:10.0484 2348 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
11:41:10.0500 2348 ParVdm - ok
11:41:10.0562 2348 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
11:41:10.0578 2348 PCI - ok
11:41:10.0609 2348 PCIDump - ok
11:41:10.0656 2348 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:41:10.0656 2348 PCIIde - ok
11:41:10.0765 2348 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
11:41:10.0781 2348 Pcmcia - ok
11:41:10.0812 2348 PDCOMP - ok
11:41:10.0875 2348 PDFRAME - ok
11:41:10.0921 2348 PDRELI - ok
11:41:10.0953 2348 PDRFRAME - ok
11:41:10.0984 2348 perc2 - ok
11:41:11.0000 2348 perc2hib - ok
11:41:11.0046 2348 PhTVTune (e098a5899ab96bf3c3809e8c1a551f9c) C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
11:41:11.0046 2348 PhTVTune - ok
11:41:11.0125 2348 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:41:11.0125 2348 PptpMiniport - ok
11:41:11.0187 2348 Processor (7eb15dce4ec3a0220bd796a15c18186e) C:\WINDOWS\system32\DRIVERS\processr.sys
11:41:11.0187 2348 Processor - ok
11:41:11.0250 2348 psadd (271f3e304cf2a467188ef393c8fbd2b7) C:\WINDOWS\system32\DRIVERS\psadd.sys
11:41:11.0250 2348 psadd - ok
11:41:11.0265 2348 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:41:11.0265 2348 PSched - ok
11:41:11.0328 2348 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:41:11.0328 2348 Ptilink - ok
11:41:11.0359 2348 ql1080 - ok
11:41:11.0375 2348 Ql10wnt - ok
11:41:11.0406 2348 ql12160 - ok
11:41:11.0437 2348 ql1240 - ok
11:41:11.0468 2348 ql1280 - ok
11:41:11.0531 2348 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:41:11.0546 2348 RasAcd - ok
11:41:11.0593 2348 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:41:11.0593 2348 Rasl2tp - ok
11:41:11.0625 2348 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:41:11.0625 2348 RasPppoe - ok
11:41:11.0671 2348 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:41:11.0671 2348 Raspti - ok
11:41:11.0750 2348 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:41:11.0750 2348 Rdbss - ok
11:41:11.0781 2348 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:41:11.0781 2348 RDPCDD - ok
11:41:11.0859 2348 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:41:11.0875 2348 rdpdr - ok
11:41:11.0968 2348 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
11:41:11.0968 2348 RDPWD - ok
11:41:12.0046 2348 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:41:12.0046 2348 redbook - ok
11:41:12.0140 2348 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys
11:41:12.0140 2348 Revoflt - ok
11:41:12.0312 2348 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
11:41:12.0312 2348 sdbus - ok
11:41:12.0406 2348 SE27bus (59a9eb4073a39895af314780d0a032fa) C:\WINDOWS\system32\DRIVERS\SE27bus.sys
11:41:12.0421 2348 SE27bus - ok
11:41:12.0437 2348 SE27mdfl (d53e7e53107d1796825540129f8fe89f) C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys
11:41:12.0453 2348 SE27mdfl - ok
11:41:12.0484 2348 SE27mdm (2afa2f65a6e91da5b5070e734769827e) C:\WINDOWS\system32\DRIVERS\SE27mdm.sys
11:41:12.0484 2348 SE27mdm - ok
11:41:12.0546 2348 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:41:12.0546 2348 Secdrv - ok
11:41:12.0656 2348 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\drivers\Serial.sys
11:41:12.0656 2348 Serial - ok
11:41:12.0781 2348 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:41:12.0781 2348 Sfloppy - ok
11:41:12.0875 2348 Simbad - ok
11:41:12.0953 2348 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:41:12.0968 2348 SLIP - ok
11:41:13.0046 2348 Sparrow - ok
11:41:13.0140 2348 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:41:13.0156 2348 splitter - ok
11:41:13.0250 2348 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
11:41:13.0265 2348 sr - ok
11:41:13.0375 2348 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:41:13.0390 2348 Srv - ok
11:41:13.0484 2348 StillCam (06cda2a5a549bc455d004461e6bc5b33) C:\WINDOWS\system32\DRIVERS\serscan.sys
11:41:13.0484 2348 StillCam - ok
11:41:13.0578 2348 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:41:13.0578 2348 streamip - ok
11:41:13.0656 2348 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:41:13.0656 2348 swenum - ok
11:41:13.0750 2348 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:41:13.0750 2348 swmidi - ok
11:41:13.0843 2348 symc810 - ok
11:41:13.0890 2348 symc8xx - ok
11:41:13.0953 2348 sym_hi - ok
11:41:14.0000 2348 sym_u3 - ok
11:41:14.0093 2348 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:41:14.0093 2348 sysaudio - ok
11:41:14.0218 2348 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:41:14.0234 2348 Tcpip - ok
11:41:14.0296 2348 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:41:14.0312 2348 TDPIPE - ok
11:41:14.0406 2348 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:41:14.0406 2348 TDTCP - ok
11:41:14.0468 2348 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:41:14.0468 2348 TermDD - ok
11:41:14.0562 2348 tifm21 (78213f01ce781f93180bef5eb5b3ad81) C:\WINDOWS\system32\drivers\tifm21.sys
11:41:14.0562 2348 tifm21 - ok
11:41:14.0593 2348 TosIde - ok
11:41:14.0656 2348 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:41:14.0656 2348 Udfs - ok
11:41:14.0671 2348 ultra - ok
11:41:14.0734 2348 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:41:14.0750 2348 Update - ok
11:41:14.0828 2348 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:41:14.0828 2348 usbccgp - ok
11:41:14.0890 2348 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:41:14.0890 2348 usbehci - ok
11:41:14.0953 2348 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:41:14.0953 2348 usbhub - ok
11:41:15.0015 2348 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
11:41:15.0015 2348 usbohci - ok
11:41:15.0062 2348 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:41:15.0078 2348 usbprint - ok
11:41:15.0125 2348 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:41:15.0125 2348 usbscan - ok
11:41:15.0187 2348 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:41:15.0187 2348 USBSTOR - ok
11:41:15.0234 2348 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:41:15.0234 2348 VgaSave - ok
11:41:15.0265 2348 ViaIde - ok
11:41:15.0296 2348 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
11:41:15.0312 2348 VolSnap - ok
11:41:15.0406 2348 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:41:15.0421 2348 Wanarp - ok
11:41:15.0531 2348 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
11:41:15.0531 2348 Wdf01000 - ok
11:41:15.0578 2348 WDICA - ok
11:41:15.0718 2348 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:41:15.0718 2348 wdmaud - ok
11:41:15.0828 2348 winachsf (e61219e012e41f52755c04734eb49784) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
11:41:15.0843 2348 winachsf - ok
11:41:15.0968 2348 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
11:41:15.0968 2348 WmiAcpi - ok
11:41:16.0046 2348 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:41:16.0046 2348 WS2IFSL - ok
11:41:16.0109 2348 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:41:16.0125 2348 WSTCODEC - ok
11:41:16.0203 2348 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
11:41:16.0375 2348 \Device\Harddisk0\DR0 - ok
11:41:16.0390 2348 Boot (0x1200) (0db6266acce8c2594c8a438be5e6db30) \Device\Harddisk0\DR0\Partition0
11:41:16.0390 2348 \Device\Harddisk0\DR0\Partition0 - ok
11:41:16.0421 2348 Boot (0x1200) (1ff7c1e986ef91a9f1f2cc4d8b733148) \Device\Harddisk0\DR0\Partition1
11:41:16.0421 2348 \Device\Harddisk0\DR0\Partition1 - ok
11:41:16.0437 2348 ============================================================
11:41:16.0437 2348 Scan finished
11:41:16.0437 2348 ============================================================
11:41:16.0468 0584 Detected object count: 0
11:41:16.0468 0584 Actual detected object count: 0
11:41:57.0328 2208 Deinitialize success

#6 Příspěvek od **Márty84** » 09 led 2012 11:03

Logy vypadaji v poradku

Podivejte se do slozky c:\windows\minidump , jestli tam nejsou nejake soubory. Kdyz ano, uploadnete je nekam (uschovna.cz a podobne) a dejte sem odkaz na stazeni.

Podivejte se na teploty pomoci programku SpeedFan http://www.stahuj.centrum.cz/utility_a_ ... /speedfan/

ketez67 · #7 Příspěvek od **ketez67** » 11 led 2012 17:34

Dobrý den
složka c:\windows\minidump -> nenalezena a teploty jsou v normálu

#8 Příspěvek od **Márty84** » 11 led 2012 21:12

Zdravim.
Stav je tedy stale stejny? To znamena, nouzovy rezim bezi v pohode, normalni najede jen malokdy, ale kdyz uz najede, drzi bez problemu az do vypnuti?

Zkuste pohledat v Prohlizeci udalosti, jestli tam nebude nejaka napoveda, co to zpusobuje http://support.microsoft.com/kb/308427/cs

ketez67 · #9 Příspěvek od **ketez67** » 01 úno 2012 14:45

Dobrý den
Omlovám se za pozdní odpověď, ale u tohoto pc nejsem denně.
V prohlížeči událostí jsou tyto chybové záznamy:

Aplikace -

1) Službě Centrum zabezpečení systému Windows se nepodařilo vytvořit dotazy na události na službu WMI v zájmu sledování antivirového programu a brány firewall třetí strany.

2) Nezdařilo se uvolnění řetězců čítače výkonu pro WmiApRpl (WmiApRpl). Kód chyby je v první hodnotě DWORD v datové oblasti.

Systém -

Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
aswSnx

K aplikaci a chybě č.1 jako antivir je použit avast a po každém pokusu o spuštění vyskočí hlášení, že windows antivir nenalezl. Nepomohla ani odinstalace a následná instalace antiviru.

#10 Příspěvek od **Márty84** » 03 úno 2012 10:53

Take zdravim

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe , ulozte na plochu a spustte.
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*loader* /s

Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte.

ketez67 · #11 Příspěvek od **ketez67** » 13 úno 2012 15:29

dobrý den zde jsou logy.

log OTL:

OTL logfile created on: 13.2.2012 14:36:45 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Jarka\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,37 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 60,33% Memory free
3,23 Gb Paging File | 2,85 Gb Available in Paging File | 88,43% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = D:\Programy
Drive C: | 53,71 Gb Total Space | 32,85 Gb Free Space | 61,15% Space Free | Partition Type: NTFS
Drive D: | 58,07 Gb Total Space | 2,30 Gb Free Space | 3,96% Space Free | Partition Type: NTFS

Computer Name: PISKOT | User Name: Jarka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.02.13 14:34:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jarka\Plocha\OTL.exe
PRC - [2012.01.10 13:11:50 | 001,576,960 | ---- | M] () -- C:\hwevid\hwevid.exe
PRC - [2011.11.28 19:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- D:\programy\Alwil Software\Avast5\AvastUI.exe
PRC - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- D:\programy\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010.03.11 11:33:12 | 000,012,288 | ---- | M] () -- D:\Genius\ioCentre\GMouseService.exe
PRC - [2009.03.19 04:55:36 | 000,118,784 | ---- | M] (AuthenTec,Inc) -- C:\WINDOWS\system32\FpLogonServ.exe
PRC - [2009.03.19 04:53:02 | 000,098,304 | ---- | M] () -- C:\WINDOWS\system32\DTS.exe
PRC - [2009.03.19 04:48:34 | 001,680,632 | ---- | M] (AuthenTec, Inc.) -- C:\WINDOWS\system32\AtService.exe
PRC - [2009.02.23 12:11:10 | 000,030,312 | ---- | M] (Microsoft Corporation) -- D:\programy\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008.04.14 04:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2012.02.12 21:20:01 | 001,691,648 | ---- | M] () -- D:\programy\Alwil Software\Avast5\defs\12021201\algo.dll
MOD - [2012.01.10 13:11:51 | 000,367,104 | ---- | M] () -- C:\hwevid\hwevid.dll
MOD - [2012.01.10 13:11:50 | 001,576,960 | ---- | M] () -- C:\hwevid\hwevid.exe
MOD - [2010.03.11 11:33:12 | 000,012,288 | ---- | M] () -- D:\Genius\ioCentre\GMouseService.exe
MOD - [2009.03.19 04:53:02 | 000,098,304 | ---- | M] () -- C:\WINDOWS\system32\DTS.exe
MOD - [2009.03.19 04:51:48 | 000,634,880 | ---- | M] () -- D:\programy\Lenovo Fingerprint Software\SharedResources.dll
MOD - [2004.12.27 11:46:04 | 000,311,296 | ---- | M] () -- D:\programy\WinRAR\rarlng.dll
MOD - [2004.12.26 19:34:38 | 000,121,344 | ---- | M] () -- D:\programy\WinRAR\RarExt.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- D:\Programy\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010.05.06 10:29:12 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010.03.11 11:33:12 | 000,012,288 | ---- | M] () [Auto | Running] -- D:\Genius\ioCentre\GMouseService.exe -- (GeniusMouseService)
SRV - [2009.11.18 04:16:42 | 000,253,568 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- D:\programy\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2009.11.18 04:16:42 | 000,137,344 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- D:\programy\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2009.11.18 03:04:44 | 000,699,520 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- D:\programy\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2009.03.19 04:55:36 | 000,118,784 | ---- | M] (AuthenTec,Inc) [Auto | Running] -- C:\WINDOWS\system32\FpLogonServ.exe -- (FingerprintServer)
SRV - [2009.03.19 04:53:02 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\DTS.exe -- (dtsvc)
SRV - [2009.03.19 04:52:56 | 000,106,496 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\ADMonitor.exe -- (ADMonitor)
SRV - [2009.03.19 04:48:34 | 001,680,632 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\WINDOWS\system32\AtService.exe -- (ATService)
SRV - [2009.02.23 12:11:10 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Programy\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008.11.04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 12:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

========== Driver Services (SafeList) ==========

DRV - [2011.11.28 18:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.11.28 18:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.11.28 18:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.11.28 18:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.11.28 18:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011.11.28 18:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011.11.28 18:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011.03.18 17:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2011.01.16 15:37:56 | 000,347,072 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Cap7134.sys -- (Cap7134)
DRV - [2011.01.16 15:37:56 | 000,045,760 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PhTVTune.sys -- (PhTVTune)
DRV - [2010.09.20 15:47:14 | 000,043,488 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2010.03.18 10:02:32 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2010.03.18 10:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010.03.18 10:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010.03.18 10:01:12 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2009.12.30 10:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009.11.02 17:47:58 | 000,011,520 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gMouUsb.sys -- (gMouUsb)
DRV - [2009.11.02 17:43:26 | 000,020,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gHidPnp.sys -- (gHidPnp)
DRV - [2009.03.19 21:09:40 | 000,482,176 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2008.09.25 00:49:52 | 000,031,680 | R--- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2007.05.02 03:52:00 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2006.07.01 22:42:58 | 000,043,008 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006.04.28 16:25:44 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm)
DRV - [2006.04.28 16:25:40 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl)
DRV - [2006.04.28 16:24:42 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM)
DRV - [2005.10.26 10:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) Broadcom NetLink (TM)
DRV - [2005.04.18 02:00:06 | 001,038,336 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2005.04.18 02:00:06 | 000,703,488 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005.04.18 02:00:06 | 000,200,576 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2005.04.06 14:51:12 | 000,349,312 | R--- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005.04.06 14:50:20 | 000,038,144 | R--- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005.04.05 22:58:48 | 001,035,776 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005.03.10 12:05:58 | 000,371,712 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [1996.04.03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-448539723-1417001333-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-448539723-1417001333-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {F3A60010-0E28-4503-B4AA-0E5F90275F77}:1.8.61

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Programy\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Programy\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Programy\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: D:\programy\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: D:\programy\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.12.07 22:10:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: D:\programy\Mozilla Thunderbird\components [2011.09.26 14:45:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: D:\programy\Mozilla Thunderbird\plugins

[2010.07.15 21:55:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jarka\Data aplikací\Mozilla\Extensions
[2010.07.15 21:55:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jarka\Data aplikací\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\JARKA\DATA APLIKACĂ\THUNDERBIRD\PROFILES\HM2GTQIB.DEFAULT\EXTENSIONS\TBTESTPILOT@LABS.MOZILLA.COM.XPI

O1 HOSTS File: ([2012.01.07 12:07:19 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {03fee850-0101-4e9e-b6d4-6fc74d3db360} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\programy\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\programy\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] D:\Programy\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [hwevid] C:\hwevid\akt.exe ()
O4 - HKU\S-1-5-21-448539723-1417001333-839522115-1003..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-448539723-1417001333-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-448539723-1417001333-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-448539723-1417001333-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-448539723-1417001333-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-448539723-1417001333-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\programy\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\programy\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - Reg Error: Key error. File not found
O15 - HKLM\..Trusted Domains: mojebanka.cz ([*] https in Trusted sites)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} D:\Programy\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43E3D853-54EF-48F4-956A-03D05FA2E3A3}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - D:\programy\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - File not found
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - File not found
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - File not found
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - File not found
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - File not found
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Jarka\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jarka\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (schannel.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.07.15 20:00:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

CREATERESTOREPOINT
Error creating restore point.

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: midi - wdmaud.drv File not found
Drivers32: midimapper - midimap.dll File not found
Drivers32: mixer - wdmaud.drv File not found
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - imaadp32.acm File not found
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - msadp32.acm File not found
Drivers32: msacm.msaudio1 - msaud32.acm File not found
Drivers32: msacm.msg711 - msg711.acm File not found
Drivers32: msacm.msg723 - msg723.acm File not found
Drivers32: msacm.msgsm610 - msgsm32.acm File not found
Drivers32: msacm.sl_anet - sl_anet.acm File not found
Drivers32: msacm.trspch - tssoft32.acm File not found
Drivers32: MSVideo8 - VfWWDM32.dll File not found
Drivers32: vidc.cvid - iccvid.dll File not found
Drivers32: VIDC.I420 - msh263.drv File not found
Drivers32: vidc.iv31 - ir32_32.dll File not found
Drivers32: vidc.iv32 - ir32_32.dll File not found
Drivers32: vidc.iv41 - ir41_32.ax File not found
Drivers32: vidc.iv50 - ir50_32.dll File not found
Drivers32: VIDC.IYUV - iyuv_32.dll File not found
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.M261 - msh261.drv File not found
Drivers32: vidc.M263 - msh263.drv File not found
Drivers32: vidc.mrle - msrle32.dll File not found
Drivers32: vidc.msvc - msvidc32.dll File not found
Drivers32: VIDC.UYVY - msyuv.dll File not found
Drivers32: VIDC.YUY2 - msyuv.dll File not found
Drivers32: VIDC.YVU9 - tsbyuv.dll File not found
Drivers32: VIDC.YVYU - msyuv.dll File not found
Drivers32: wave - wdmaud.drv File not found
Drivers32: wavemapper - msacm32.drv File not found
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2012.02.13 14:34:21 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jarka\Plocha\OTL.exe
[2012.02.13 11:41:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jarka\Recent
[2012.02.09 14:37:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jarka\Dokumenty\MIKES
[2012.02.09 13:05:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jarka\Dokumenty\FORMULÁŘE BANKA
[2012.01.18 13:28:38 | 000,000,000 | ---D | C] -- D:\Programy\Adobe
[2009.11.17 22:14:12 | 000,089,088 | ---- | C] (Microsoft Corporation) -- D:\Programy\atl71.dll

========== Files - Modified Within 30 Days ==========

[2012.02.13 14:38:23 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012.02.13 14:34:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jarka\Plocha\OTL.exe
[2012.02.13 10:40:07 | 000,013,702 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.02.13 10:37:56 | 000,001,024 | ---- | M] () -- C:\.rnd
[2012.02.13 10:37:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.02.08 20:45:33 | 000,649,610 | ---- | M] () -- C:\Documents and Settings\Jarka\Dokumenty\O2_1188_PL_Telesales_bezorz.pdf
[2012.02.08 20:07:38 | 000,138,687 | ---- | M] () -- C:\Documents and Settings\Jarka\Dokumenty\ZF_2012295.pdf
[2012.02.05 06:08:16 | 000,112,128 | ---- | M] () -- C:\Documents and Settings\Jarka\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.01 13:59:51 | 000,280,626 | ---- | M] () -- C:\Documents and Settings\Jarka\Dokumenty\Faktura vydaná-002.pdf
[2012.01.30 12:20:16 | 000,533,772 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2012.01.30 12:20:16 | 000,530,796 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.01.30 12:20:16 | 000,128,148 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2012.01.30 12:20:16 | 000,113,510 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.01.25 06:28:07 | 000,067,298 | ---- | M] () -- C:\Documents and Settings\Jarka\Dokumenty\Přiznání DPH IV.2011.PDF
[2012.01.24 22:11:07 | 000,230,767 | ---- | M] () -- C:\Documents and Settings\Jarka\Dokumenty\faktura účetní program.PDF
[2012.01.24 22:04:38 | 000,041,199 | ---- | M] () -- C:\Documents and Settings\Jarka\Dokumenty\vodafone 12.pdf
[2012.01.24 22:03:55 | 000,040,286 | ---- | M] () -- C:\Documents and Settings\Jarka\Dokumenty\vodafone 11.pdf
[2012.01.24 22:03:30 | 000,041,238 | ---- | M] () -- C:\Documents and Settings\Jarka\Dokumenty\vodafone 10.pdf
[2012.01.24 22:03:05 | 000,040,408 | ---- | M] () -- C:\Documents and Settings\Jarka\Dokumenty\vodafone 09.pdf
[2012.01.24 22:02:43 | 000,039,863 | ---- | M] () -- C:\Documents and Settings\Jarka\Dokumenty\vodafone 08.pdf
[2012.01.24 22:02:07 | 000,042,574 | ---- | M] () -- C:\Documents and Settings\Jarka\Dokumenty\vodafone 07.pdf
[2012.01.24 22:01:39 | 000,039,064 | ---- | M] () -- C:\Documents and Settings\Jarka\Dokumenty\vodafone 06.pdf

========== Files Created - No Company Name ==========

[2012.02.13 14:38:23 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012.02.13 10:37:52 | 000,001,024 | ---- | C] () -- C:\.rnd
[2012.02.08 20:45:32 | 000,649,610 | ---- | C] () -- C:\Documents and Settings\Jarka\Dokumenty\O2_1188_PL_Telesales_bezorz.pdf
[2012.02.08 20:07:36 | 000,138,687 | ---- | C] () -- C:\Documents and Settings\Jarka\Dokumenty\ZF_2012295.pdf
[2012.02.01 13:59:48 | 000,280,626 | ---- | C] () -- C:\Documents and Settings\Jarka\Dokumenty\Faktura vydaná-002.pdf
[2012.01.25 06:28:05 | 000,067,298 | ---- | C] () -- C:\Documents and Settings\Jarka\Dokumenty\Přiznání DPH IV.2011.PDF
[2012.01.24 22:11:07 | 000,230,767 | ---- | C] () -- C:\Documents and Settings\Jarka\Dokumenty\faktura účetní program.PDF
[2012.01.24 22:04:38 | 000,041,199 | ---- | C] () -- C:\Documents and Settings\Jarka\Dokumenty\vodafone 12.pdf
[2012.01.24 22:03:55 | 000,040,286 | ---- | C] () -- C:\Documents and Settings\Jarka\Dokumenty\vodafone 11.pdf
[2012.01.24 22:03:30 | 000,041,238 | ---- | C] () -- C:\Documents and Settings\Jarka\Dokumenty\vodafone 10.pdf
[2012.01.24 22:03:05 | 000,040,408 | ---- | C] () -- C:\Documents and Settings\Jarka\Dokumenty\vodafone 09.pdf
[2012.01.24 22:02:43 | 000,039,863 | ---- | C] () -- C:\Documents and Settings\Jarka\Dokumenty\vodafone 08.pdf
[2012.01.24 22:02:07 | 000,042,574 | ---- | C] () -- C:\Documents and Settings\Jarka\Dokumenty\vodafone 07.pdf
[2012.01.24 22:01:39 | 000,039,064 | ---- | C] () -- C:\Documents and Settings\Jarka\Dokumenty\vodafone 06.pdf
[2012.01.18 13:29:08 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Adobe Reader 9.lnk
[2012.01.07 11:49:05 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.01.07 11:49:05 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.01.07 11:49:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.01.07 11:49:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.01.07 11:49:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.01.03 18:48:45 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll0135.old
[2011.07.21 04:38:15 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\mejlovani.dll
[2010.12.07 21:50:38 | 000,228,469 | ---- | C] () -- C:\WINDOWS\hpoins47.dat
[2010.12.07 21:50:38 | 000,000,601 | ---- | C] () -- C:\WINDOWS\hpomdl47.dat
[2010.11.11 13:06:22 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\gHidPnp.sys
[2010.11.11 13:06:22 | 000,011,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\gMouUsb.sys
[2010.10.25 14:38:12 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.09.27 17:04:48 | 000,000,059 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\user.ini
[2010.09.27 15:33:58 | 000,000,064 | -H-- | C] () -- C:\Documents and Settings\Jarka\Data aplikací\c1972b1a7030edbaa8a0231998d2d434906484f2
[2010.09.27 15:33:58 | 000,000,064 | -H-- | C] () -- C:\Documents and Settings\All Users\Data aplikací\c1972b1a7030edbaa8a0231998d2d434906484f2
[2010.09.20 16:01:05 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\Jarka\Local Settings\Data aplikací\fusioncache.dat
[2010.09.20 15:40:57 | 000,038,871 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat
[2010.09.20 15:40:57 | 000,029,227 | ---- | C] () -- C:\WINDOWS\hpoins03.dat
[2010.08.25 13:01:54 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.08.13 11:11:24 | 000,565,248 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2010.07.28 09:28:25 | 000,388,072 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2010.07.15 22:12:04 | 000,112,128 | ---- | C] () -- C:\Documents and Settings\Jarka\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.15 21:55:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.07.15 21:44:04 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.07.15 21:42:36 | 000,271,784 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.07.15 20:50:39 | 000,081,342 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010.07.15 20:03:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010.07.15 19:56:35 | 000,021,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009.03.19 04:53:02 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\DTS.exe
[2009.03.19 04:52:56 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\ADMonitor.exe
[2007.10.29 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2007.10.29 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2007.10.29 13:00:00 | 000,533,772 | ---- | C] () -- C:\WINDOWS\System32\perfh005.dat
[2007.10.29 13:00:00 | 000,530,796 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2007.10.29 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2007.10.29 13:00:00 | 000,269,162 | ---- | C] () -- C:\WINDOWS\System32\perfi005.dat
[2007.10.29 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2007.10.29 13:00:00 | 000,128,148 | ---- | C] () -- C:\WINDOWS\System32\perfc005.dat
[2007.10.29 13:00:00 | 000,113,510 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2007.10.29 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2007.10.29 13:00:00 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\perfd005.dat
[2007.10.29 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2007.10.29 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2007.10.29 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2007.10.29 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2007.10.29 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005.10.14 10:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 10:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 10:56:50 | 000,778,240 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2005.10.14 10:56:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 10:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 10:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 10:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 10:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 10:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.10.14 10:56:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2005.10.14 10:56:48 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\MMAVILNG.exe
[2004.12.31 11:46:40 | 000,005,381 | ---- | C] () -- C:\WINDOWS\AVerTV.ini
[1996.04.03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2011.01.26 19:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AdventureChronicles1
[2011.08.20 19:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AlawarWrapper
[2010.07.15 21:10:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2012.01.11 17:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
[2011.06.17 18:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AWEM
[2010.08.31 15:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\FarmFrenzy3_America
[2011.06.19 08:23:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\FarmFrenzy3_Madagascar
[2010.08.17 10:15:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2010.11.08 06:59:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\IObit
[2011.07.21 04:40:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\KASTNER software
[2010.11.10 20:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Drivers HeadQuarters
[2010.10.18 19:32:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Playrix Entertainment
[2012.01.08 20:33:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
[2012.01.03 22:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2010.11.10 20:37:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\UAB
[2010.09.26 17:07:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Youdagames
[2012.01.10 13:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jarka\Data aplikací\BONZAK
[2010.11.11 11:51:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jarka\Data aplikací\CachedFiles
[2010.08.05 12:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jarka\Data aplikací\Desktopicon
[2011.03.21 17:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jarka\Data aplikací\ERS G-Studio
[2011.06.18 21:08:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jarka\Data aplikací\FriendsGamesNetwork
[2010.07.18 11:21:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jarka\Data aplikací\GetRightToGo
[2011.06.17 18:12:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jarka\Data aplikací\ICQ
[2012.01.07 10:51:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jarka\Data aplikací\IObit
[2010.09.27 15:33:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jarka\Data aplikací\iSpring Solutions
[2011.07.21 04:40:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jarka\Data aplikací\Kastner software
[2010.11.11 13:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jarka\Data aplikací\Leadertech
[2010.08.26 16:11:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jarka\Data aplikací\Spyware Terminator
[2010.11.08 12:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jarka\Data aplikací\TeamViewer
[2010.07.15 21:55:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jarka\Data aplikací\Thunderbird
[2010.09.25 08:50:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jarka\Data aplikací\Uniblue
[2011.01.11 20:36:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jarka\Data aplikací\VitySoft
[2012.01.06 20:17:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jarka\Data aplikací\VS Revo Group
[2010.09.26 17:07:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jarka\Data aplikací\Youdagames
[2011.12.17 07:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pater\Data aplikací\IObit
[2010.12.25 08:03:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pater\Data aplikací\VS Revo Group

========== Purity Check ==========

========== Custom Scans ==========

< >

< >

< MD5 for: AGP440.SYS >
[2007.10.29 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010.07.16 06:01:00 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010.07.16 06:01:00 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2007.10.29 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010.07.16 06:01:00 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010.07.16 06:01:00 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Documents and Settings\Jarka\Dokumenty\DriverGenius\Backup\Driver Backup 11-11-2010-112123\PCI Standardní dvoukanálový řadič IDE\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Documents and Settings\Jarka\Dokumenty\DriverGenius\Backup\Driver Backup 11-11-2010-112123\Primární kanál IDE\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Documents and Settings\Jarka\Dokumenty\DriverGenius\Backup\Driver Backup 11-11-2010-112123\Sekundární kanál IDE\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2007.10.29 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.04.14 04:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\cmdcons\autochk.exe
[2008.04.14 04:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008.04.14 04:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe
[2007.10.29 13:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe

< MD5 for: CDROM.SYS >
[2007.10.29 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2010.07.16 06:01:00 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2010.07.16 06:01:00 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\Documents and Settings\Jarka\Dokumenty\DriverGenius\Backup\Driver Backup 11-11-2010-112123\Jednotka CD-ROM\cdrom.sys
[2008.04.13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2007.10.29 13:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2007.10.29 13:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 04:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2008.04.14 04:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 04:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 04:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 04:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2007.10.29 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 04:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 04:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 04:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007.10.29 13:00:00 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: HAL.DLL >
[2007.10.29 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2010.07.16 06:01:00 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2010.07.16 06:01:00 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 19:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2008.04.13 19:31:28 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=6F61D3287A6A15A08A9433222C09D17F -- C:\WINDOWS\system32\HAL.DLL
[2007.10.29 13:00:00 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll

< MD5 for: CHANGER.SYS >
[2007.10.29 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2010.07.16 06:01:00 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2010.07.16 06:01:00 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.13 19:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys

< MD5 for: ISAPNP.SYS >
[2010.07.16 06:01:00 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2010.07.16 06:01:00 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2007.10.29 13:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
[2008.04.14 03:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\Documents and Settings\Jarka\Dokumenty\DriverGenius\Backup\Driver Backup 11-11-2010-112123\Most mezi sběrnicemi PCI a ISA\isapnp.sys
[2008.04.14 03:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 03:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2007.10.29 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 04:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ERDNT\cache\lsass.exe
[2008.04.14 04:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 04:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008.04.13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2007.10.29 13:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.02.06 19:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 19:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2007.10.29 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 04:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 04:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2007.10.29 13:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 04:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 04:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2007.10.29 13:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2004.08.17 15:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2008.04.14 04:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 04:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 04:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008.04.14 04:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 04:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2007.10.29 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.06.20 11:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008.06.20 11:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2008.04.13 20:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.13 20:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2007.10.29 13:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 04:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 04:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2007.10.29 13:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2007.10.29 13:00:00 | 000,506,880 | ---- | M] (Microsoft Corporation) MD5=A80F5FF04F7969D831843BC1017913F1 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 04:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 04:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2007.10.29 13:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008.04.14 04:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2008.04.14 04:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 04:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< >

< %systemroot%*.* /U /s >
[17 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[2 C:\WINDOWS\twain_32\*.tmp files -> C:\WINDOWS\twain_32\*.tmp -> ]
[2 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\*.tmp files -> C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2011.07.25 18:27:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jarka\Data aplikací\Adobe
[2012.01.10 13:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jarka\Data aplikací\BONZAK
[2010.11.11 11:51:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jarka\Data aplikací\CachedFiles
[2010.08.05 12:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jarka\Data aplikací\Desktopicon
[2011.03.21 17:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jarka\Data aplikací\ERS G-Studio
[2011.06.18 21:08:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jarka\Data aplikací\FriendsGamesNetwork
[2010.07.18 11:21:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jarka\Data aplikací\GetRightToGo
[2010.09.20 16:11:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jarka\Data aplikací\HP
[2012.01.07 13:54:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jarka\Data aplikací\HPAppData
[2011.06.17 18:12:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jarka\Data aplikací\ICQ
[2010.07.15 20:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jarka\Data aplikací\Identities
[2010.11.11 13:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jarka\Data aplikací\InstallShield
[2012.01.07 10:51:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jarka\Data aplikací\IObit
[2010.09.27 15:33:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jarka\Data aplikací\iSpring Solutions
[2011.07.21 04:40:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jarka\Data aplikací\Kastner software
[2010.11.11 13:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jarka\Data aplikací\Leadertech
[2010.11.11 12:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jarka\Data aplikací\Logishrd
[2010.11.11 13:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jarka\Data aplikací\Logitech
[2010.07.17 06:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jarka\Data aplikací\Macromedia
[2010.09.25 07:06:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jarka\Data aplikací\Malwarebytes
[2011.11.08 20:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jarka\Data aplikací\Media Player Classic
[2011.07.21 04:41:52 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Jarka\Data aplikací\Microsoft
[2010.09.27 20:38:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jarka\Data aplikací\Microsoft Games
[2010.08.17 10:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jarka\Data aplikací\Mozilla
[2011.11.16 00:55:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jarka\Data aplikací\Skype
[2011.11.16 00:52:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jarka\Data aplikací\skypePM
[2010.08.26 16:11:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jarka\Data aplikací\Spyware Terminator
[2010.07.20 16:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jarka\Data aplikací\Sun
[2010.09.24 18:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jarka\Data aplikací\SunRay Games
[2010.11.08 12:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jarka\Data aplikací\TeamViewer
[2010.07.15 21:55:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jarka\Data aplikací\Thunderbird
[2010.09.25 08:50:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jarka\Data aplikací\Uniblue
[2011.01.11 20:36:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jarka\Data aplikací\VitySoft
[2012.01.06 20:17:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jarka\Data aplikací\VS Revo Group
[2010.09.26 17:07:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jarka\Data aplikací\Youdagames

< %APPDATA%\*.exe /s >
[2010.11.11 13:01:34 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\Jarka\Data aplikací\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010.07.15 21:41:40 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2010.07.15 21:41:40 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2010.07.15 21:41:40 | 000,475,136 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2012.02.13 10:40:07 | 000,013,702 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"DWQueuedReporting" = "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t -- [2008.11.04 00:44:24 | 000,435,096 | ---- | M] (Microsoft Corporation)
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 04:22:17 | 000,015,360 | ---- | M] (Microsoft Corporation)

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >

< >

< type c:\boot.ini >> test.txt /c >
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2012.02.13 14:38:23 | 000,000,512 | ---- | M] () MD5=61236315C26CD870CCB1A043376E2562 -- C:\PhysicalMBR.bin

< >

< *crack* /s >

< *keygen* /s >

< *loader* /s >
[2010.12.08 19:53:00 | 015,108,347 | ---- | M] () -- \Documents and Settings\Jarka\Dokumenty\Stažení\JDownloaderSetup.zip
[2011.08.10 11:00:00 | 000,058,854 | ---- | M] () -- \Documents and Settings\Pater\Plocha\Novicorp_WinToFlash_0.7.0018_beta\Skins\Default\images\Main window - Windows XP emergency bootloader - Loader logo.bmp
[2011.08.10 11:00:00 | 000,058,854 | ---- | M] () -- \Documents and Settings\Pater\Plocha\Novicorp_WinToFlash_0.7.0018_beta\Skins\Default\images\Main window - Windows XP recovery console - Loader logo.bmp
[2003.09.04 08:28:12 | 000,015,227 | ---- | M] () -- \Program Files\Common Files\HP\Memories Disc\2.0\pcexp\COMMON\VIEW\INCLUDE\LOADER.JS
[2006.10.26 13:40:34 | 000,057,344 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VS7DEBUG\coloader.dll
[2006.10.26 13:40:34 | 000,005,120 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VS7DEBUG\coloader.tlb
[2007.10.29 13:00:00 | 000,035,840 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\dmloader.dll
[2010.11.09 12:54:22 | 000,082,784 | ---- | M] () -- \WINDOWS\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll
[2010.07.18 11:14:20 | 000,014,184 | ---- | M] () -- \WINDOWS\assembly\GAC_32\ILoader\2.0.5201.0__31bf3856ad364e35\ILoader.dll
[2010.07.18 11:14:20 | 000,047,976 | ---- | M] () -- \WINDOWS\assembly\GAC_32\Loader\2.0.5201.0__31bf3856ad364e35\Loader.dll
[2011.10.14 09:31:17 | 000,021,504 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\ILoader\9a43ac08540d728daccfe3d6d9a61ac3\ILoader.ni.dll
[2008.04.14 04:21:39 | 000,035,840 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\dmloader.dll
[2008.04.13 19:31:47 | 000,230,912 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.exe
[2008.04.13 19:31:48 | 000,278,528 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.ntd
[2008.04.14 04:21:39 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dmloader.dll

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 85 bytes -> C:\Documents and Settings\All Users\Plocha:$SS_DESCRIPTOR_PVX2VCGFMVF9VFNYTK1RVLNJCMNS45LBX89LH9KVVVVTVVJVPJVE
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:430C6D84
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:DA18D4E3
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:592D7272

< End of report >

ketez67 · #12 Příspěvek od **ketez67** » 13 úno 2012 15:30

Log Extras :

OTL Extras logfile created on: 13.2.2012 14:36:45 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Jarka\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,37 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 60,33% Memory free
3,23 Gb Paging File | 2,85 Gb Available in Paging File | 88,43% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = D:\Programy
Drive C: | 53,71 Gb Total Space | 32,85 Gb Free Space | 61,15% Space Free | Partition Type: NTFS
Drive D: | 58,07 Gb Total Space | 2,30 Gb Free Space | 3,96% Space Free | Partition Type: NTFS

Computer Name: PISKOT | User Name: Jarka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.reg [@ = regfile] -- regedit.exe "%1"

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"5985:TCP" = 5985:TCP:*:Disabled:Vzdálená správa systému Windows

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"D:\programy\ICQ7.2\ICQ.exe" = D:\programy\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"D:\programy\ICQ7.2\aolload.exe" = D:\programy\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"E:\setup\hpznui01.exe" = E:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"D:\programy\Digital Imaging\bin\hpqtra08.exe" = D:\programy\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"D:\programy\Digital Imaging\bin\hpqste08.exe" = D:\programy\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"D:\programy\Digital Imaging\bin\hpofxm08.exe" = D:\programy\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"D:\programy\Digital Imaging\bin\hposfx08.exe" = D:\programy\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"D:\programy\Digital Imaging\bin\hposid01.exe" = D:\programy\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"D:\programy\Digital Imaging\bin\hpqkygrp.exe" = D:\programy\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard Co.)
"D:\programy\Digital Imaging\bin\hpfcCopy.exe" = D:\programy\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"D:\programy\Digital Imaging\bin\hpoews01.exe" = D:\programy\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"D:\programy\Digital Imaging\bin\hpiscnapp.exe" = D:\programy\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"D:\programy\Digital Imaging\bin\hpofxs08.exe" = D:\programy\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"D:\programy\Digital Imaging\bin\hpqgplgtupl.exe" = D:\programy\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"D:\programy\Digital Imaging\bin\hpqgpc01.exe" = D:\programy\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"D:\programy\Digital Imaging\bin\hpqusgm.exe" = D:\programy\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"D:\programy\Digital Imaging\bin\hpqusgh.exe" = D:\programy\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"D:\programy\HP Software Update\hpwucli.exe" = D:\programy\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"D:\programy\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = D:\programy\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\programy\ICQ7.2\ICQ.exe" = D:\programy\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"D:\programy\ICQ7.2\aolload.exe" = D:\programy\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"D:\programy\TeamViewer\Version4\TeamViewer.exe" = D:\programy\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- (TeamViewer GmbH)
"D:\programy\Digital Imaging\bin\hpqtra08.exe" = D:\programy\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"D:\programy\Digital Imaging\bin\hpqste08.exe" = D:\programy\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"D:\programy\Digital Imaging\bin\hpofxm08.exe" = D:\programy\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"D:\programy\Digital Imaging\bin\hposfx08.exe" = D:\programy\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"D:\programy\Digital Imaging\bin\hposid01.exe" = D:\programy\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"D:\programy\Digital Imaging\bin\hpqkygrp.exe" = D:\programy\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard Co.)
"D:\programy\Digital Imaging\bin\hpfcCopy.exe" = D:\programy\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"D:\programy\Digital Imaging\bin\hpoews01.exe" = D:\programy\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"D:\programy\Digital Imaging\bin\hpiscnapp.exe" = D:\programy\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"D:\programy\Digital Imaging\bin\hpofxs08.exe" = D:\programy\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"D:\programy\Digital Imaging\bin\hpqgplgtupl.exe" = D:\programy\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"D:\programy\Digital Imaging\bin\hpqgpc01.exe" = D:\programy\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"D:\programy\Digital Imaging\bin\hpqusgm.exe" = D:\programy\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"D:\programy\Digital Imaging\bin\hpqusgh.exe" = D:\programy\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"D:\programy\HP Software Update\hpwucli.exe" = D:\programy\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"D:\programy\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = D:\programy\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"D:\programy\Microsoft Games\Zoo Tycoon 2\zt.exe" = D:\programy\Microsoft Games\Zoo Tycoon 2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{014E482A-0C27-47E3-BA82-307E9DCA2F47}" = HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7
"{05D08C4D-58A2-438B-A419-EE994E64E15D}" = B110
"{08ED8855-4C2E-429B-A878-F129E1F624FA}" = SweetIM for Messenger 3.2
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0FABD3D7-3036-4e78-B29D-58957ADB0A12}" = HP PSC & OfficeJet 3.5
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{176B7642-72A8-49D0-8EC4-26D59D8E21B2}" = Klient Správy přístupových práv v systému Windows s aktualizací Service Pack 2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7473D9-6C0B-4F5A-8FA4-AB8AD78CBE54}" = DocProc
"{24C8FBF7-26C6-48ca-834B-A4E5C09E362F}" = AiO_Scan
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}" = SkinsHP1
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{300D9EF4-2721-4cb4-A6C3-FB2337CFEA2D}" = AIOMinimal
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3D8994A3-02A8-45B5-B955-53E608BC69ED}" = Lenovo Fingerprint Software
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{415B8A4E-0EA2-4C69-975C-EEE07B837FD7}" = Unload
"{432282b5-d708-431a-9ada-abbbbac3f205}" = Business Contact Manager pro aplikaci Outlook 2007 SP2
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{48242276-DB89-42e8-9678-BD4280D7B99A}" = Copy
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}" = PrintScreen
"{5E65E94D-69F2-4850-9E93-6459C53A0F50}" = Microsoft .NET Framework 1.1 Czech Language Pack
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{63F2408D-A675-4d97-A256-70EACB6B9B4A}" = AiOSoftware
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.7
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{7AD35FDD-A268-44b7-9A8E-4677020CC90B}" = 1300Tour
"{7F947BFE-C2DF-4779-9909-5BEE746BD0C4}" = Microsoft .NET Framework 2.0 Language Pack - CSY
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DF56C91-281F-4C15-B954-F45FDC919568}" = TV
"{8E4B1BE8-DCF3-4B90-A726-B28107442623}" = SolutionCenter
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0010-0405-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Czech) 12
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{980606BB-A475-4a85-A665-6E30DB2F28B3}" = 1300Trb
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B03C535-3AEA-4ef2-B326-0A01A2207034}" = CreativeProjects
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A15ED800-19FF-11D5-AF7F-0050BA1191E9}" = InterVideo FilterSDK
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A2B4621B-CEB9-4E44-95FD-3500D4DB3727}" = ioCentre
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A6CC2CA2-2779-4F10-88BF-A3C9EB874C24}" = SweetIM Toolbar for Internet Explorer 3.9
"{A71822CD-7F77-46a3-B761-D6BA35245E95}" = 1300
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Součásti připojení sady Microsoft Office Small Business
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1029-7B44-A95000000001}" = Adobe Reader 9.5.0 - Czech
"{AF226123-1A6F-4ec1-8DEF-E35E7A0D0127}" = Fax
"{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom NetXtreme Ethernet Controller
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BBFB2E59-B0DB-42C8-8F4D-CF4E85471667}" = Toolbox
"{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = TIPCI
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB83F10A-D02A-4aba-8843-ACAB50D48216}" = 1300_Help
"{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}" = QuickProjects
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}" = Overland
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E76DD888-8027-4AAB-9B72-8524943F26BB}_is1" = BONZÁK 1.3
"{E8BFBD0A-8002-4dc9-869C-E495FA9DCE7A}" = PhotoGallery
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Klient Správy přístupových práv v systému Windows SP2, zpětná kompatibilita
"{F80BD4BC-06B8-488E-A62E-C4755013DD71}" = Network
"{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FF102450-55AA-4AE1-ACE4-E271E2470C83}" = hpmdtab
"2HCS Fakturace 3_is1" = 2HCS Fakturace v. 3.7.173
"A4680BD43717441189C52EBF2C4FD6B182EE1101" = Balíček ovladače systému Windows - AuthenTec Inc. (ATSwpWDF) Biometric (10/02/2008 8.1.2.37)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Free Antivirus
"Business Contact Manager" = Business Contact Manager pro aplikaci Outlook 2007 SP2
"CCleaner" = CCleaner
"CNXT_AUDIO" = Conexant AC-Link Audio
"CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_308x103C" = SoftV.90 Data Fax Modem with SmartCP
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Farm Frenzy 3: Madagascar" = Farm Frenzy 3: Madagascar
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photo & Imaging" = HP Image Zone 3.5
"hp psc 1300 series_Driver" = hp psc 1300 series
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{8DF56C91-281F-4C15-B954-F45FDC919568}" = AVerTV
"InstallShield_{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware verze 1.60.0.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - CSY" = Microsoft .NET Framework 2.0 Language Pack - CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Thunderbird 9.0.1 (x86 cs)" = Mozilla Thunderbird 9.0.1 (x86 cs)
"RealoreStudios Toolbar" = RealoreStudios Toolbar
"Revo Uninstaller" = Revo Uninstaller 1.89
"Shop for HP Supplies" = Shop for HP Supplies
"SP6" = Logitech SetPoint 6.15
"SpeedFan" = SpeedFan (remove only)
"TeamViewer 4" = TeamViewer 4
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager
"Zoo Tycoon 2" = Zoo Tycoon 2

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 5.2.2012 0:35:58 | Computer Name = PISKOT | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: aswSnx

Error - 6.2.2012 14:43:03 | Computer Name = PISKOT | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: aswSnx

Error - 8.2.2012 15:04:50 | Computer Name = PISKOT | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: aswSnx

Error - 9.2.2012 6:14:26 | Computer Name = PISKOT | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: aswSnx

Error - 10.2.2012 1:24:55 | Computer Name = PISKOT | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: aswSnx

Error - 10.2.2012 1:36:52 | Computer Name = PISKOT | Source = Service Control Manager | ID = 7022
Description = Služba avast! Antivirus přestala během spouštění reagovat.

Error - 10.2.2012 1:36:52 | Computer Name = PISKOT | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: aswSnx

Error - 10.2.2012 15:08:42 | Computer Name = PISKOT | Source = Service Control Manager | ID = 7022
Description = Služba avast! Antivirus přestala během spouštění reagovat.

Error - 10.2.2012 15:08:42 | Computer Name = PISKOT | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: aswSnx

Error - 13.2.2012 5:39:37 | Computer Name = PISKOT | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: aswSnx

< End of report >

#13 Příspěvek od **Márty84** » 13 úno 2012 20:13

Otestujte na virustotalu, pripadne jotti http://forum.viry.cz/viewtopic.php?t=5846 tyto dva soubory

C:\hwevid\hwevid.dll
C:\hwevid\hwevid.exe

VIRY.CZ

Samovolný restart pc

Samovolný restart pc

Re: Samovolný restart pc

Re: Samovolný restart pc

Re: Samovolný restart pc

Re: Samovolný restart pc

Re: Samovolný restart pc

Re: Samovolný restart pc

Re: Samovolný restart pc

Re: Samovolný restart pc

Re: Samovolný restart pc

Re: Samovolný restart pc

Re: Samovolný restart pc

Re: Samovolný restart pc