Problém s Security tool

Zpráva

Trepifajkslak · #1 Příspěvek od **Trepifajkslak** » 16 dub 2010 13:34

Ahoj , byl jsem poižádám at si založím nové vlákno - Mám problém s virem security tool , který se tváří jako antivir a nedovoluje nic spustit ... tady je log z Rsitu
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2010-04-16 14:31:42
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 59 GB (77%) free of 76 GB
Total RAM: 1789 MB (83% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d4027c7f-154a-4066-a1ad-4243d8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dbc80044-a445-435b-bc74-9c25c1c588a9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-06 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7e6f031-17ce-4c07-bc86-eabfe594f69c}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-06 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files\BS_Player\tbBS_0.dll [2010-02-19 2349080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files\BS_Player\tbBS_0.dll [2010-02-19 2349080]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"21783627"=C:\DOCUME~1\ALLUSE~1\DATAAP~1\21783627\21783627.exe [2010-04-14 997904]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"cdoosoft"=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\herss.exe [2010-04-15 126976]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
GT Connect.lnk - C:\Program Files\T-Mobile\GT Connect\GT Connect.exe
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe
WirelessSelector.lnk - C:\Program Files\FSC\Wireless Utility\WirelessSelector.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{BB4C402F-882A-4526-8C08-51278EA437C1}"=C:\WINDOWS\system32\e8main0.dll []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digiwet.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
shell\AutoRun\command - C:\wyskq6lt.exe
shell\open\command - C:\wyskq6lt.exe

======List of files/folders created in the last 1 months======

2010-04-16 14:31:42 ----D---- C:\rsit
2010-04-16 14:31:42 ----D---- C:\Program Files\trend micro
2010-04-15 17:09:52 ----D---- C:\Documents and Settings\Administrator\Data aplikací\uTorrent
2010-04-15 16:40:46 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Mozilla
2010-04-15 16:39:42 ----ASH---- C:\Documents and Settings\Administrator\Data aplikací\desktop.ini
2010-04-15 16:39:41 ----SD---- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
2010-04-15 16:39:41 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Macromedia
2010-04-15 16:39:08 ----A---- C:\WINDOWS\ntbtlog.txt
2010-04-15 16:16:28 ----D---- C:\WINDOWS.0
2010-04-15 15:11:43 ----A---- C:\WINDOWS\system32\wmpns.dll
2010-04-15 14:29:01 ----D---- C:\Program Files\MSN
2010-04-15 13:08:38 ----RSH---- C:\wyskq6lt.exe
2010-04-14 14:13:50 ----D---- C:\Documents and Settings\All Users\Data aplikací\21783627
2010-04-11 19:47:59 ----RSH---- C:\chxnxyx.exe
2010-04-10 19:47:33 ----D---- C:\Program Files\MSECache
2010-04-10 17:33:53 ----RSH---- C:\img8hi.exe
2010-04-08 14:46:48 ----RSH---- C:\ba.exe
2010-04-06 18:42:17 ----D---- C:\Program Files\uTorrent
2010-04-05 18:09:46 ----RSH---- C:\ysyjq1bs.exe
2010-04-02 09:15:39 ----RSH---- C:\pbyqfn.exe
2010-03-31 17:27:29 ----RSH---- C:\sdfqh.exe
2010-03-27 17:45:41 ----D---- C:\Program Files\Common Files\Skype
2010-03-27 17:44:36 ----RSH---- C:\mi9al8rs.exe
2010-03-26 15:15:36 ----RSH---- C:\affi8l.exe
2010-03-25 15:53:30 ----RSH---- C:\bbjl2g.exe

======List of files/folders modified in the last 1 months======

2010-04-16 14:31:42 ----RD---- C:\Program Files
2010-04-15 18:19:07 ----D---- C:\Program Files\Internet Explorer
2010-04-15 17:45:14 ----D---- C:\WINDOWS
2010-04-15 17:41:49 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-15 17:40:31 ----D---- C:\WINDOWS\Temp
2010-04-15 17:03:15 ----SHD---- C:\WINDOWS\Installer
2010-04-15 17:03:15 ----SHD---- C:\Config.Msi
2010-04-15 17:02:37 ----D---- C:\Documents and Settings
2010-04-15 16:53:42 ----AC---- C:\WINDOWS\OEWABLog.txt
2010-04-15 16:45:27 ----SHD---- C:\RECYCLER
2010-04-15 15:11:43 ----D---- C:\WINDOWS\system32
2010-04-15 14:55:30 ----HD---- C:\Program Files\InstallShield Installation Information
2010-04-15 14:43:27 ----D---- C:\Program Files\Google
2010-04-15 14:38:59 ----D---- C:\Program Files\Windows Media Player
2010-04-15 14:37:51 ----SHD---- C:\System Volume Information
2010-04-15 14:31:47 ----D---- C:\Program Files\Movie Maker
2010-04-15 14:31:24 ----D---- C:\Program Files\NetMeeting
2010-04-15 14:31:23 ----D---- C:\Program Files\Outlook Express
2010-04-15 14:31:22 ----D---- C:\Program Files\Common Files\System
2010-04-15 14:29:23 ----D---- C:\Program Files\Windows NT
2010-04-15 14:27:45 ----SH---- C:\boot.ini
2010-04-15 13:03:00 ----HD---- C:\WINDOWS\inf
2010-04-14 14:12:29 ----D---- C:\WINDOWS\system32\drivers
2010-04-14 14:05:57 ----D---- C:\Program Files\Mozilla Firefox
2010-04-10 19:47:52 ----RSD---- C:\WINDOWS\Fonts
2010-04-10 19:47:52 ----D---- C:\WINDOWS\WinSxS
2010-04-10 19:47:47 ----D---- C:\Program Files\Microsoft Office
2010-04-10 19:47:46 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-04-06 18:42:41 ----SD---- C:\WINDOWS\Tasks
2010-04-03 16:10:31 ----AC---- C:\WINDOWS\NeroDigital.ini
2010-03-28 19:22:19 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-27 17:45:41 ----D---- C:\Program Files\Common Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-06-21 547072]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 SiSGbeXP;SiS191/SiS190 Ethernet Device NDIS 5.1 Driver; C:\WINDOWS\system32\DRIVERS\SiSGbeXP.sys [2007-05-16 42368]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-05-10 208576]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 12d35ba0;12d35ba0; C:\WINDOWS\System32\drivers\12d35ba0.sys []
S1 51f5433d;51f5433d; C:\WINDOWS\System32\drivers\51f5433d.sys []
S1 54601fe3;54601fe3; C:\WINDOWS\System32\drivers\54601fe3.sys [2010-04-15 87168]
S1 9153d4d1;9153d4d1; C:\WINDOWS\System32\drivers\9153d4d1.sys []
S1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
S1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
S1 filedisk;filedisk; C:\WINDOWS\system32\drivers\filedisk.sys [2004-06-09 10556]
S1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2007-08-03 18688]
S2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
S2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
S2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
S2 zntport;NTPort Library Driver; \??\C:\WINDOWS\system32\drivers\zntport.sys []
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
S3 avpsys;AVPsys; \??\C:\WINDOWS\system32\drivers\cdaudio.sys []
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2009-06-29 13224]
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2009-06-29 13224]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2009-06-29 25512]
S3 GTPTSER;GT PT SER; C:\WINDOWS\system32\DRIVERS\gtptser.sys [2006-10-31 8064]
S3 GTUQBUS;GT UQ BUS; C:\WINDOWS\system32\DRIVERS\gtuqbus.sys [2006-10-31 36992]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-08-10 4603904]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 netrcacm;RCA USB Digital Cable Modem Driver; C:\WINDOWS\system32\DRIVERS\netrcacm.sys [2003-01-20 20648]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\WINDOWS\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\WINDOWS\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2007-08-03 321536]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-07 1029456]
S2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
S2 bonjour service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
S2 EventSystemdmserver;Systém událostí modelu COM+ EventSystemdmserver; C:\WINDOWS\system32\advpack.dll [2009-02-20 124928]
S2 GtFlashSwitch;GtFlashSwitch; C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe [2007-02-09 176128]
S2 gupdate1c98693303ccbd8;Google Update Service (gupdate1c98693303ccbd8); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-04 133104]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-06 152984]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-19 348344]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 flexnet licensing service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-09-21 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 idrivert;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

#2 Příspěvek od **Caroprd111** » 16 dub 2010 13:44

Zdravím

Vložte do PC všechny flash disky, které používáte.

Obrázek

Stáhněte na plochu UsbFix http://pagesperso-orange.fr/NosTools/Ch ... UsbFix.exe

Spusťte, poté zvolte jazyk E - Enter
Zvolte 2 - Enter (je možný restart PC)
Po dokončení na Vás vyskočí log, vložte mi ho sem, případně ho najdete v C:\UsbFix.txt

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe

Spusťte, poté do spodního políčka vložte následující skript.

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys 
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys 
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav 
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
CREATERESTOREPOINT

Označte položku Pro všechny uživatele.
Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Klikněte na tlačítko Prohledat
Po dokončení, sem vložte logy OTL.Txt a Extras.txt

Trepifajkslak · #3 Příspěvek od **Trepifajkslak** » 16 dub 2010 14:23

USB fix nejede , udělám vše jak mám , ale po dokončení vyskočí hláška o vypnutí systému za 4 s dojde k vypnutí systému a žádný log se neuloží

#4 Příspěvek od **Caroprd111** » 16 dub 2010 14:25

UsbFix vynechte a pokračujte s OTL.

Trepifajkslak · #5 Příspěvek od **Trepifajkslak** » 16 dub 2010 14:56

otl :
OTL logfile created on: 16.4.2010 15:38:42 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Administrator\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 83,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 96,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 57,49 Gb Free Space | 77,15% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 992,22 Mb Total Space | 62,06 Mb Free Space | 6,25% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BUCHTA
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.03.07 11:26:29 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004.05.10 17:57:44 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe

========== Modules (SafeList) ==========

MOD - [2004.05.10 17:57:44 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2010.03.07 11:26:29 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Stop_Pending] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009.09.21 16:59:27 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (flexnet licensing service)
SRV - [2008.07.19 16:38:28 | 000,147,640 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2008.07.19 16:38:04 | 000,250,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2008.07.19 16:34:56 | 000,348,344 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2008.07.19 16:25:06 | 000,016,056 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2007.02.09 14:48:26 | 000,176,128 | ---- | M] (OptionNV) [Auto | Stopped] -- C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe -- (GtFlashSwitch)
SRV - [2006.10.30 04:34:02 | 000,122,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (idrivert)

========== Driver Services (SafeList) ==========

DRV - [2010.04.16 15:06:03 | 000,087,168 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\54601fe3.sys -- (54601fe3)
DRV - [2010.04.15 13:43:38 | 000,000,000 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\9153d4d1.sys -- (9153d4d1)
DRV - [2010.04.15 13:43:38 | 000,000,000 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\51f5433d.sys -- (51f5433d)
DRV - [2010.01.01 22:38:50 | 000,000,000 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\12d35ba0.sys -- (12d35ba0)
DRV - [2009.06.29 08:00:30 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2009.06.29 08:00:30 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2009.05.04 18:18:25 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008.08.14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs)
DRV - [2008.07.19 16:37:42 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008.07.19 16:37:21 | 000,094,416 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2008.07.19 16:35:18 | 000,078,416 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2008.07.19 16:33:42 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2008.07.19 16:32:36 | 000,042,912 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2008.07.19 16:32:15 | 000,026,944 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008.05.16 12:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV - [2008.05.16 12:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV - [2008.05.16 12:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008.05.16 12:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008.05.16 12:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV - [2008.05.16 12:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008.05.16 12:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2008.04.13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007.08.10 14:52:44 | 004,603,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.08.03 17:31:44 | 000,018,688 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2007.08.03 17:10:14 | 000,321,536 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2007.07.29 18:00:56 | 000,014,168 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\zntport.sys -- (zntport)
DRV - [2007.06.21 23:58:32 | 000,547,072 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2007.05.16 13:00:00 | 000,042,368 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SiSGbeXP.sys -- (SiSGbeXP)
DRV - [2007.05.10 20:00:04 | 000,208,576 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006.10.31 14:44:50 | 000,036,992 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtuqbus.sys -- (GTUQBUS)
DRV - [2006.10.31 14:44:48 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtptser.sys -- (GTPTSER)
DRV - [2004.06.09 16:14:40 | 000,010,556 | ---- | M] (Bo Brantén) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\filedisk.sys -- (filedisk)
DRV - [2003.01.20 13:50:36 | 000,020,648 | ---- | M] (Thomson Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netrcacm.sys -- (netrcacm)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-117609710-2049760794-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\mozilla firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.15 15:44:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\mozilla firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.03.26 16:20:24 | 000,000,000 | ---D | M]

[2010.04.15 16:41:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Extensions
[2010.04.15 16:41:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\8eb5zkgl.default\extensions
[2010.04.15 16:41:22 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.01.19 15:28:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.03.27 17:45:53 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2008.11.11 09:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010.03.26 16:20:17 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.03.26 16:20:17 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.03.26 16:20:17 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.03.26 16:20:17 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.03.26 16:20:17 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2009.10.15 18:39:44 | 000,002,566 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 29 more lines...
O2 - BHO: (Podpora odkazu pro Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Ask Toolbar) - {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O2 - BHO: (BS Player Toolbar) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (BS Player Toolbar) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [21783627] C:\Documents and Settings\All Users\Data aplikací\21783627\21783627.exe ()
O4 - HKU\.DEFAULT..\Run: [cdoosoft] C:\WINDOWS\TEMP\olhrwef.exe File not found
O4 - HKU\S-1-5-18..\Run: [cdoosoft] C:\WINDOWS\TEMP\olhrwef.exe File not found
O4 - HKU\S-1-5-21-117609710-2049760794-839522115-500..\Run: [cdoosoft] C:\Documents and Settings\Administrator\Local Settings\Temp\herss.exe ()
O4 - HKLM..\RunOnce: [UsbFix] C:\UsbFix\UsbFix.cmd ()
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\GT Connect.lnk = C:\Program Files\T-Mobile\GT Connect\GT Connect.exe (T-Mobile)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\WirelessSelector.lnk = C:\Program Files\FSC\Wireless Utility\WirelessSelector.exe (ITE Tech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-117609710-2049760794-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {8ad9c840-044e-11d1-b3e9-00805f499d93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {cafeefac-0016-0000-0014-abcdeffedcba} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {cafeefac-ffff-ffff-ffff-abcdeffedcba} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.46.172.36 213.46.172.37
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop BackupWallPaper:
O27 - HKLM IFEO\a2service.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ArcaCheck.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\arcavir.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ashDisp.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ashEnhcd.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ashServ.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ashUpd.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\aswUpdSv.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\autoruns.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avadmin.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avcenter.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avcls.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avconfig.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avconsol.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avgnt.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avgrssvc.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avguard.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\AvMonitor.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avp.com: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avp.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\AVP32.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avscan.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avz.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avz_se.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avz4.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\bdagent.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\bdinit.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\caav.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\caavguiscan.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\casecuritycenter.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\CCenter.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ccupdate.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\cfp.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\cfpupdat.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\cmdagent.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\drwadins.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\DRWEB32.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\drwebupw.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ekrn.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\FAMEH32.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\filemon.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\FPAVServer.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\fpscan.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\FPWin.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\fsav32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\fsgk32st.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\FSMA32.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\GFRing3.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\guardgui.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\guardxservice.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\guardxup.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\HijackThis.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KASMain.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KASTask.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KAV32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KAVDX.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KAVPF.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KAVPFW.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KAVStart.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KPFW32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KPFW32X.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Navapsvc.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Navapw32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\navigator.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\NAVNT.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\NAVSTUB.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\NAVW32.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\NAVWNT.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\niu.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\nod32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\nod32krn.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Nvcc.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\OllyDBG.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\outpost.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\preupd.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\procexp.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\pskdr.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\regedit.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\regmon.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\RegTool.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\scan32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\SfFnUp.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Vba32arkit.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\vba32ldr.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\vsserv.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Zanda.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\zapro.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Zlh.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\zonealarm.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\zoneband.dll: Debugger - ntsd -d (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {BB4C402F-882A-4526-8C08-51278EA437C1} - C:\WINDOWS\System32\e8main0.dll File not found
O29 - HKLM SecurityProviders - (digiwet.dll) - C:\WINDOWS\System32\digiwet.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.03.08 13:14:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.04.16 15:21:49 | 000,000,063 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010.04.16 15:21:54 | 000,000,063 | RHS- | M] () - E:\autorun.inf -- [ FAT ]
O33 - MountPoints2\C\Shell\AutoRun\command - "" = C:\wyskq6lt.exe -- [2010.04.15 13:05:00 | 000,126,976 | RHS- | M] ()
O33 - MountPoints2\C\Shell\open\Command - "" = C:\wyskq6lt.exe -- [2010.04.15 13:05:00 | 000,126,976 | RHS- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008.03.08 13:57:03 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.at3 - C:\WINDOWS\System32\atrac3.acm ()
Drivers32: msacm.atrac3 - C:\WINDOWS\System32\atrac3.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 30 Days ==========

[2010.04.16 15:28:41 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
[2010.04.16 15:13:03 | 000,000,000 | ---D | C] -- C:\UsbFix
[2010.04.16 14:59:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\MSN6
[2010.04.16 14:31:42 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.04.16 14:31:42 | 000,000,000 | ---D | C] -- C:\rsit
[2010.04.15 17:29:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Adobe
[2010.04.15 17:09:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Data aplikací\uTorrent
[2010.04.15 16:41:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dokumenty\Downloads
[2010.04.15 16:41:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google
[2010.04.15 16:40:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Mozilla
[2010.04.15 16:40:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla
[2010.04.15 16:39:41 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
[2010.04.15 16:39:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2010.04.15 16:39:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Data aplikací
[2010.04.15 16:39:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Nabídka Start
[2010.04.15 16:39:41 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2010.04.15 16:39:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Šablony
[2010.04.15 16:39:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010.04.15 16:39:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Okolní tiskárny
[2010.04.15 16:39:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Okolní síť
[2010.04.15 16:39:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2010.04.15 16:39:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Plocha
[2010.04.15 16:39:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Oblíbené položky
[2010.04.15 16:39:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Microsoft
[2010.04.15 16:39:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Data aplikací\Macromedia
[2010.04.15 16:39:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dokumenty
[2010.04.15 16:16:28 | 000,000,000 | ---D | C] -- C:\WINDOWS.0
[2010.04.15 14:29:01 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2010.04.14 14:13:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\21783627
[2010.04.10 19:47:33 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010.04.06 18:42:17 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010.03.27 17:45:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009.06.28 18:58:39 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Documents and Settings\All Users\Data aplikací\hpeBA.dll
[2009.02.16 12:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Apple
[2009.02.08 08:54:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Google
[2009.02.04 08:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Google
[2008.10.21 16:56:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[2008.10.21 16:55:07 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[2008.10.21 16:55:07 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Data aplikací\Microsoft
[2008.10.21 16:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

Trepifajkslak · #6 Příspěvek od **Trepifajkslak** » 16 dub 2010 14:57

zbytek otl :
========== Files - Modified Within 30 Days ==========

[2010.04.16 15:36:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.16 15:35:37 | 000,786,432 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010.04.16 15:35:37 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010.04.16 15:35:36 | 002,205,456 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\IconCache.db
[2010.04.16 15:22:15 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nmdfgds2.dll
[2010.04.16 15:22:15 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\e8main1.dll
[2010.04.16 15:22:15 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\afmain1.dll
[2010.04.16 15:21:49 | 000,000,063 | RHS- | M] () -- C:\autorun.inf
[2010.04.16 15:06:03 | 000,087,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\54601fe3.sys
[2010.04.16 15:05:56 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.04.16 15:05:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.15 16:48:47 | 000,052,904 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
[2010.04.15 14:27:45 | 000,000,308 | -HS- | M] () -- C:\boot.ini
[2010.04.15 13:43:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\9153d4d1.sys
[2010.04.15 13:43:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\51f5433d.sys
[2010.04.15 13:40:43 | 000,000,054 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2010.04.15 13:40:43 | 000,000,039 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2010.04.15 13:05:00 | 000,126,976 | RHS- | M] () -- C:\wyskq6lt.exe
[2010.04.15 13:01:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\bsoljvtf.sys
[2010.04.14 19:01:07 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010.04.14 18:20:00 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.04.12 18:14:12 | 000,117,760 | RHS- | M] () -- C:\chxnxyx.exe
[2010.04.11 10:26:44 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010.04.10 21:43:12 | 001,515,704 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.04.10 17:33:21 | 000,116,224 | RHS- | M] () -- C:\img8hi.exe
[2010.04.09 21:25:51 | 000,117,248 | RHS- | M] () -- C:\ba.exe
[2010.04.06 18:31:17 | 000,117,248 | RHS- | M] () -- C:\ysyjq1bs.exe
[2010.04.05 18:08:07 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.04.03 21:52:51 | 000,116,224 | RHS- | M] () -- C:\pbyqfn.exe
[2010.04.03 16:10:31 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.04.02 09:20:28 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Google Chrome.lnk
[2010.03.31 17:27:02 | 000,115,712 | RHS- | M] () -- C:\sdfqh.exe
[2010.03.31 14:48:48 | 000,112,128 | RHS- | M] () -- C:\mi9al8rs.exe
[2010.03.28 19:22:19 | 001,017,012 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.03.28 19:22:19 | 000,430,830 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.03.28 19:22:19 | 000,427,848 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.03.28 19:22:19 | 000,078,084 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.03.28 19:22:19 | 000,067,554 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.03.26 23:47:19 | 000,132,608 | RHS- | M] () -- C:\affi8l.exe
[2010.03.25 15:53:03 | 000,124,416 | RHS- | M] () -- C:\bbjl2g.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.04.16 15:12:55 | 001,777,625 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\UsbFix.exe
[2010.04.16 14:31:14 | 000,781,909 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\RSIT.exe
[2010.04.15 16:47:56 | 000,000,081 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\FASTWiz.log
[2010.04.15 16:39:44 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010.04.15 16:39:40 | 000,786,432 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010.04.15 16:39:40 | 000,090,112 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT.LOG
[2010.04.15 13:08:38 | 000,126,976 | RHS- | C] () -- C:\wyskq6lt.exe
[2010.04.14 14:12:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\bsoljvtf.sys
[2010.04.11 19:47:59 | 000,117,760 | RHS- | C] () -- C:\chxnxyx.exe
[2010.04.10 17:33:53 | 000,116,224 | RHS- | C] () -- C:\img8hi.exe
[2010.04.08 14:46:48 | 000,117,248 | RHS- | C] () -- C:\ba.exe
[2010.04.06 18:42:41 | 000,000,236 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010.04.05 18:09:46 | 000,117,248 | RHS- | C] () -- C:\ysyjq1bs.exe
[2010.04.02 09:15:39 | 000,116,224 | RHS- | C] () -- C:\pbyqfn.exe
[2010.03.31 17:27:29 | 000,115,712 | RHS- | C] () -- C:\sdfqh.exe
[2010.03.27 17:44:36 | 000,112,128 | RHS- | C] () -- C:\mi9al8rs.exe
[2010.03.26 15:15:36 | 000,132,608 | RHS- | C] () -- C:\affi8l.exe
[2010.03.25 15:53:30 | 000,124,416 | RHS- | C] () -- C:\bbjl2g.exe
[2009.11.22 12:06:06 | 000,000,314 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2009.10.31 15:20:50 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\SoundOut_H264.dll
[2009.10.31 15:20:50 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.09.20 08:37:49 | 000,087,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\54601fe3.sys
[2009.09.18 21:03:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\12d35ba0.sys
[2009.07.28 13:47:55 | 000,019,125 | ---- | C] () -- C:\WINDOWS\System32\msdx92.dll
[2009.07.02 17:50:49 | 000,105,984 | RHS- | C] () -- C:\WINDOWS\System32\nmdfgds3.dll
[2009.06.24 18:35:34 | 000,105,984 | RHS- | C] () -- C:\WINDOWS\System32\nmdfgds1.dll
[2009.06.20 09:00:34 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\2401ccb2.sys
[2009.05.31 07:28:11 | 000,105,984 | RHS- | C] () -- C:\WINDOWS\System32\nmdfgds0.dll
[2009.05.25 16:17:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\51f5433d.sys
[2009.05.19 07:28:12 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\digiwet.dll
[2009.05.18 14:49:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\9153d4d1.sys
[2009.02.11 09:31:42 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009.02.08 19:19:48 | 000,499,392 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2009.01.23 08:04:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nmdfgds2.dll
[2008.11.04 22:50:01 | 000,092,983 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2008.11.04 22:49:39 | 000,128,511 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2008.10.25 14:42:48 | 000,000,601 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2008.10.24 22:52:30 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008.10.21 16:34:29 | 000,085,504 | RHS- | C] () -- C:\WINDOWS\System32\ckvo1.dll
[2008.10.19 17:29:15 | 000,085,504 | RHS- | C] () -- C:\WINDOWS\System32\ckvo0.dll
[2008.03.12 12:03:15 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.03.11 20:27:12 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.06.28 16:54:10 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007.06.28 16:52:18 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006.08.16 16:13:34 | 001,382,280 | ---- | C] () -- C:\WINDOWS\System32\fftw3.dll
[2006.03.02 14:00:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\e8main1.dll
[2006.03.02 14:00:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\afmain1.dll
[2003.04.09 16:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010.04.15 17:09:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\uTorrent
[2010.04.15 17:03:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\21783627
[2008.10.21 16:56:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Avg7
[2008.03.12 12:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2009.06.21 13:22:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\GoldWave
[2009.01.19 15:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2009.06.21 14:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\NCH Swift Sound
[2009.07.28 13:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Software4u
[2009.02.13 17:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Sony
[2009.03.03 19:39:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\{83C91755-2546-441D-AC40-9A6B4B860800}
[2009.10.04 06:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\avidemux
[2009.10.04 07:10:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\BSplayer
[2009.10.04 06:42:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\BSplayer Pro
[2009.09.22 18:26:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\Desktopicon
[2009.06.17 07:40:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\Echo Software
[2009.11.22 14:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\FileZilla
[2009.09.22 16:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\GrabPro
[2009.12.30 12:40:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\ICQ
[2009.06.21 14:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\NCH Swift Sound
[2009.09.22 16:33:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\Orbit
[2009.07.28 13:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\Software4u
[2009.06.16 18:41:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\Sony
[2009.02.12 17:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\Sony Setup
[2009.09.29 16:53:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\Styler
[2009.02.27 19:41:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\ubi.com
[2010.04.15 14:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\uTorrent
[2009.09.06 12:23:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\Video Converter for Any Flv Player
[2009.09.29 17:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\ViStart
[2010.02.09 17:34:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Data aplikací\Zoner
[2010.04.11 10:26:44 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010.04.14 19:01:07 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 05:22:17 | 000,015,360 | ---- | M] (Microsoft Corporation)
"cdoosoft" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\herss.exe -- [2010.04.15 13:05:00 | 000,126,976 | RHS- | M] ()

< c:\windows\*.* /U >
[6 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >
[2009.11.05 16:01:02 | 000,114,602 | RHS- | M] () -- C:\1a1dndah.exe
[2009.12.06 17:26:07 | 000,115,347 | RHS- | M] () -- C:\2id9.exe
[2009.09.19 18:45:20 | 000,117,220 | RHS- | M] () -- C:\2o1ajagt.exe
[2009.11.13 08:36:07 | 000,115,016 | RHS- | M] () -- C:\6ruaqx.exe
[2009.09.29 20:36:45 | 000,116,840 | RHS- | M] () -- C:\9jyhdim8.exe
[2010.03.26 23:47:19 | 000,132,608 | RHS- | M] () -- C:\affi8l.exe
[2009.10.24 07:40:27 | 000,114,191 | RHS- | M] () -- C:\b00ijwpu.exe
[2010.04.09 21:25:51 | 000,117,248 | RHS- | M] () -- C:\ba.exe
[2010.03.25 15:53:03 | 000,124,416 | RHS- | M] () -- C:\bbjl2g.exe
[2009.09.23 18:36:16 | 000,112,471 | RHS- | M] () -- C:\bycfht.exe
[2010.04.12 18:14:12 | 000,117,760 | RHS- | M] () -- C:\chxnxyx.exe
[2009.10.25 18:15:05 | 000,114,244 | RHS- | M] () -- C:\eexyv.exe
[2010.03.05 22:03:54 | 000,124,416 | RHS- | M] () -- C:\fk.exe
[2009.11.10 15:36:31 | 000,112,695 | RHS- | M] () -- C:\g12g.exe
[2009.10.27 17:00:12 | 000,115,072 | RHS- | M] () -- C:\hjvjte.exe
[2010.04.10 17:33:21 | 000,116,224 | RHS- | M] () -- C:\img8hi.exe
[2009.12.28 16:11:15 | 000,108,032 | RHS- | M] () -- C:\imghyva6.exe
[2009.11.08 17:15:56 | 000,114,924 | RHS- | M] () -- C:\l61yyp.exe
[2009.12.01 17:06:20 | 000,115,905 | RHS- | M] () -- C:\mbdm.exe
[2009.12.04 15:14:01 | 000,113,792 | RHS- | M] () -- C:\mbvd.exe
[2010.03.31 14:48:48 | 000,112,128 | RHS- | M] () -- C:\mi9al8rs.exe
[2010.01.08 18:44:46 | 000,120,320 | RHS- | M] () -- C:\mltox.exe
[2009.09.27 15:41:42 | 000,116,665 | RHS- | M] () -- C:\mranjm.exe
[2009.12.20 20:39:13 | 000,120,315 | RHS- | M] () -- C:\nx.exe
[2010.04.03 21:52:51 | 000,116,224 | RHS- | M] () -- C:\pbyqfn.exe
[2009.03.18 16:51:40 | 000,110,053 | RHS- | M] () -- C:\q0dhfjf.exe
[2009.11.30 17:10:09 | 000,115,856 | RHS- | M] () -- C:\q3kku.exe
[2009.11.22 08:31:21 | 000,116,030 | RHS- | M] () -- C:\q93fi6kf.exe
[2009.09.13 17:54:17 | 000,115,485 | RHS- | M] () -- C:\qcoageh.exe
[2009.09.17 07:13:05 | 000,116,163 | RHS- | M] () -- C:\qcod.exe
[2010.01.22 22:17:05 | 000,096,768 | RHS- | M] () -- C:\qkm.exe
[2009.09.29 07:06:17 | 000,117,960 | RHS- | M] () -- C:\rg9g9bgq.exe
[2009.07.31 07:37:57 | 000,107,843 | RHS- | M] () -- C:\rx.exe
[2009.06.26 17:25:23 | 000,107,599 | RHS- | M] () -- C:\s.exe
[2010.02.28 17:49:47 | 000,097,792 | RHS- | M] () -- C:\s1.exe
[2009.10.15 14:14:09 | 000,115,522 | RHS- | M] () -- C:\s3ek.exe
[2010.03.31 17:27:02 | 000,115,712 | RHS- | M] () -- C:\sdfqh.exe
[2009.10.17 17:02:00 | 000,114,387 | RHS- | M] () -- C:\se12ydam.exe
[2009.06.09 06:56:10 | 000,101,528 | RHS- | M] () -- C:\sm.exe
[2009.10.05 07:09:08 | 000,117,453 | RHS- | M] () -- C:\sp1jensi.exe
[2009.11.04 18:33:49 | 000,114,304 | RHS- | M] () -- C:\srgo.exe
[2009.10.03 05:54:38 | 000,118,853 | RHS- | M] () -- C:\t2hjo0.exe
[2009.12.17 19:47:24 | 000,119,649 | RHS- | M] () -- C:\t8g.exe
[2010.02.21 16:14:15 | 000,096,768 | RHS- | M] () -- C:\tgt.exe
[2009.07.27 17:33:32 | 000,108,548 | RHS- | M] () -- C:\u0riu2.exe
[2009.12.24 07:11:34 | 000,114,414 | RHS- | M] () -- C:\u16sqrqn.exe
[2009.08.03 08:03:44 | 000,107,841 | RHS- | M] () -- C:\ukfbi3aw.exe
[2009.10.30 11:55:25 | 000,112,905 | RHS- | M] () -- C:\uqgvf.exe
[2009.11.06 18:08:14 | 000,115,973 | RHS- | M] () -- C:\v1cbvsmq.exe
[2009.10.17 07:00:42 | 000,115,618 | RHS- | M] () -- C:\vb0hsoay.exe
[2009.11.10 08:37:58 | 000,114,778 | RHS- | M] () -- C:\vk0w.exe
[2009.10.10 06:44:21 | 000,116,526 | RHS- | M] () -- C:\vlvtdflx.exe
[2009.09.25 16:17:12 | 000,111,956 | RHS- | M] () -- C:\w9uxx92.exe
[2009.11.26 16:18:43 | 000,114,819 | RHS- | M] () -- C:\wfx062.exe
[2009.09.18 18:47:03 | 000,116,114 | RHS- | M] () -- C:\wrsf.exe
[2010.02.09 15:08:09 | 000,091,648 | RHS- | M] () -- C:\ws.exe
[2009.11.23 18:51:31 | 000,113,508 | RHS- | M] () -- C:\wu1n.exe
[2010.04.15 13:05:00 | 000,126,976 | RHS- | M] () -- C:\wyskq6lt.exe
[2009.07.05 07:43:56 | 000,107,299 | RHS- | M] () -- C:\xerp8nj.exe
[2009.12.07 18:20:42 | 000,118,048 | RHS- | M] () -- C:\xmor.exe
[2010.01.28 19:31:46 | 000,100,864 | RHS- | M] () -- C:\y.exe
[2010.03.15 20:08:07 | 000,119,808 | RHS- | M] () -- C:\y6cqb2is.exe
[2009.06.23 12:59:36 | 000,105,255 | RHS- | M] () -- C:\y6yol.exe
[2009.10.13 15:44:00 | 000,114,400 | RHS- | M] () -- C:\ycvvj.exe
[2009.04.28 18:26:56 | 000,105,774 | RHS- | M] () -- C:\ymxf2.exe
[2009.05.10 20:48:18 | 000,108,772 | RHS- | M] () -- C:\ysep1.exe
[2010.04.06 18:31:17 | 000,117,248 | RHS- | M] () -- C:\ysyjq1bs.exe
[2009.12.18 19:30:56 | 000,120,299 | RHS- | M] () -- C:\yu3.exe

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2009.05.27 06:55:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Macromedia
[2010.04.15 17:09:52 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
[2010.04.15 16:41:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla
[2010.04.15 17:09:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\uTorrent

< %APPDATA%\*.exe /s >

< MD5 for: AGP440.SYS >
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.10.25 14:15:23 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.10.25 14:15:23 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2002.09.20 19:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS.0\Driver Cache\i386\sp1.cab:atapi.sys
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.10.25 14:15:23 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.10.25 14:15:23 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002.08.29 02:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS.0\system32\drivers\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006.03.02 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: CRYPTSVC.DLL >
[2002.09.20 19:03:40 | 000,053,248 | ---- | M] (Microsoft Corporation) MD5=031E7FF41B13B658CAE7D6C98086F76A -- C:\WINDOWS.0\system32\cryptsvc.dll
[2002.09.20 19:03:40 | 000,053,248 | ---- | M] (Microsoft Corporation) MD5=031E7FF41B13B658CAE7D6C98086F76A -- C:\WINDOWS.0\system32\dllcache\cryptsvc.dll
[2006.03.02 14:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2006.03.02 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2002.09.20 19:03:50 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=E8508E7F865490D8AE71D00C8DF4D227 -- C:\WINDOWS.0\system32\dllcache\eventlog.dll
[2002.09.20 19:03:50 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=E8508E7F865490D8AE71D00C8DF4D227 -- C:\WINDOWS.0\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2002.09.20 19:05:24 | 001,004,544 | ---- | M] (Microsoft Corporation) MD5=11D80755545CFB5EB9659EE88440EAE2 -- C:\WINDOWS.0\explorer.exe
[2002.09.20 19:05:24 | 001,004,544 | ---- | M] (Microsoft Corporation) MD5=11D80755545CFB5EB9659EE88440EAE2 -- C:\WINDOWS.0\system32\dllcache\explorer.exe
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2006.03.02 14:00:00 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007.06.13 15:11:59 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=9B32416BD5988C97B6397CE0B02CAF97 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007.06.13 15:23:39 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=ED7B460B142A32097B8A8F6ECC941815 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: HAL.DLL >
[2002.09.20 19:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS.0\Driver Cache\i386\sp1.cab:hal.dll
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.10.25 14:15:23 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.10.25 14:15:23 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2008.04.13 20:31:28 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=6F61D3287A6A15A08A9433222C09D17F -- C:\WINDOWS\system32\HAL.DLL
[2002.08.29 02:05:04 | 000,127,872 | ---- | M] (Microsoft Corporation) MD5=E8D2B5D5186A9B93D7019D7A74D77A1E -- C:\WINDOWS.0\system32\hal.dll
[2006.03.02 14:00:00 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll

< MD5 for: CHANGER.SYS >
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008.10.25 14:15:23 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2008.10.25 14:15:23 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys

< MD5 for: LSASS.EXE >
[2002.09.20 19:05:32 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=32F7074BAC9A5F899CCA9C046C9FA6EB -- C:\WINDOWS.0\system32\dllcache\lsass.exe
[2002.09.20 19:05:32 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=32F7074BAC9A5F899CCA9C046C9FA6EB -- C:\WINDOWS.0\system32\lsass.exe
[2006.03.02 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2002.08.29 03:09:26 | 000,167,552 | ---- | M] (Microsoft Corporation) MD5=3B350E5A2A5E951453F3993275A4523A -- C:\WINDOWS.0\system32\dllcache\ndis.sys
[2002.08.29 03:09:26 | 000,167,552 | ---- | M] (Microsoft Corporation) MD5=3B350E5A2A5E951453F3993275A4523A -- C:\WINDOWS.0\system32\drivers\ndis.sys
[2006.03.02 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2006.03.02 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll
[2002.09.20 19:04:34 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=CF03E300B5CEEFFEFBE6F67532BD0EF1 -- C:\WINDOWS.0\system32\dllcache\netlogon.dll
[2002.09.20 19:04:34 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=CF03E300B5CEEFFEFBE6F67532BD0EF1 -- C:\WINDOWS.0\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2006.03.02 14:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll
[2002.09.20 19:04:42 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B2666CAB5E8C8A741D63F18D551A47FB -- C:\WINDOWS.0\system32\dllcache\scecli.dll
[2002.09.20 19:04:42 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B2666CAB5E8C8A741D63F18D551A47FB -- C:\WINDOWS.0\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2006.03.02 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2002.09.20 19:05:44 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=7763D73255AD4046FA999D42EAF22C26 -- C:\WINDOWS.0\system32\dllcache\smss.exe
[2002.09.20 19:05:44 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=7763D73255AD4046FA999D42EAF22C26 -- C:\WINDOWS.0\system32\smss.exe
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2001.10.25 14:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=329945887A0C684C38A4845330BC9100 -- C:\WINDOWS.0\system32\dllcache\svchost.exe
[2001.10.25 14:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=329945887A0C684C38A4845330BC9100 -- C:\WINDOWS.0\system32\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2006.03.02 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2006.04.20 13:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
[2002.08.29 02:58:12 | 000,332,928 | ---- | M] (Microsoft Corporation) MD5=244A2F9816BC9B593957281EF577D976 -- C:\WINDOWS.0\system32\dllcache\tcpip.sys
[2002.08.29 02:58:12 | 000,332,928 | ---- | M] (Microsoft Corporation) MD5=244A2F9816BC9B593957281EF577D976 -- C:\WINDOWS.0\system32\drivers\tcpip.sys
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2007.10.30 18:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2007.10.30 19:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2006.03.02 14:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006.04.20 14:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2006.03.02 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2002.09.20 19:05:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B26871B5CE92F9D95AE6E62119799EB9 -- C:\WINDOWS.0\system32\dllcache\userinit.exe
[2002.09.20 19:05:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B26871B5CE92F9D95AE6E62119799EB9 -- C:\WINDOWS.0\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006.03.02 14:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe
[2002.09.20 19:05:50 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=FF8857D1AF59071F172C0FAD0FD33E87 -- C:\WINDOWS.0\system32\dllcache\winlogon.exe
[2002.09.20 19:05:50 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=FF8857D1AF59071F172C0FAD0FD33E87 -- C:\WINDOWS.0\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2006.03.02 14:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2001.10.25 14:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=748494B94A871A828C64D1D5C738D2B7 -- C:\WINDOWS.0\system32\dllcache\ws2_32.dll
[2001.10.25 14:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=748494B94A871A828C64D1D5C738D2B7 -- C:\WINDOWS.0\system32\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008.03.08 14:01:42 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008.03.08 14:01:42 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008.03.08 14:01:42 | 000,446,464 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< End of report >

Trepifajkslak · #7 Příspěvek od **Trepifajkslak** » 16 dub 2010 14:58

a Extras :
OTL Extras logfile created on: 16.4.2010 15:38:42 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Administrator\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 83,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 96,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 57,49 Gb Free Space | 77,15% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 992,22 Mb Total Space | 62,06 Mb Free Space | 6,25% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BUCHTA
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-117609710-2049760794-839522115-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"19696:TCP" = 19696:TCP:*:Enabled:BitComet 19696 TCP
"19696:UDP" = 19696:UDP:*:Enabled:BitComet 19696 UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ -- (ICQ, LLC.)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003CD4FD-DB3E-4D12-9A34-8C00FA8A680F}" = WirelessControl
"{00adfb20-ae75-46f4-ad2c-f48b15ac3100}" = Adobe Color NA Recommended Settings CS4
"{03deead2-f3b7-45bf-9006-a25d015f00d2}" = Adobe Flash Player 10 Plugin
"{04af207d-9a77-465a-8b76-991f6ab66245}" = Adobe Help Viewer CS3
"{05308c4e-7285-4066-bae3-6b50da6ed755}" = Adobe Update Manager CS4
"{054efa56-2ac1-48f4-a883-0ab89874b972}" = Adobe Extension Manager CS4
"{08b32819-6eef-4057-aeda-5ab681a36a23}" = Adobe Bridge Start Meeting
"{098727e1-775a-4450-b573-3f441f1ca243}" = kuler
"{0d6013ab-a0c7-41dc-973c-e93129c9a29f}" = Adobe Color JA Extra Settings CS4
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0f723fc1-7606-4867-866c-ce80ad292daf}" = Adobe CSI CS4
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{1618734a-3957-4add-8199-f973763109a8}" = Adobe Anchor Service CS4
"{16e16f01-2e2d-4248-a42f-76261c147b6c}" = Adobe Drive CS4
"{16e6d2c1-7c90-4309-8ec4-d2212690aaa4}" = AdobeColorCommonSetRGB
"{184ce391-7e0e-4c63-9935-d7a10edfd3c6}" = Adobe WinSoft Linguistics Plugin
"{18d10072035c4515918f7e37eafaacfc}" = AutoUpdate
"{197a3012-8c85-4fd3-ab66-9ec7e13db92e}" = Adobe AIR
"{2168245a-b5ad-40d8-a641-48e3e070b5b6}" = Adobe Flash CS4 STI-en
"{26a24ae4-039d-4ca4-87b4-2f83216014ff}" = Java(TM) 6 Update 14
"{29e5ea97-5f74-4a57-b8b2-d4f169117183}" = Adobe Stock Photos CS3
"{2bd5c305-1b27-4d41-b690-7a61172d2feb}" = Macromedia Flash 8
"{2eaf7e61-068e-11df-953c-005056806466}" = Google Earth
"{2ffe93f0-bb72-4e52-8761-354d1aaa9387}" = Sony Ericsson PC Suite 5.009.00
"{32a3a4f4-b792-11d6-a78a-00b0d0160140}" = Java(TM) SE Development Kit 6 Update 14
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35d94f92-1d3a-43c5-8605-ea268b1a7bd9}" = PDF Settings CS4
"{39f6e2b4-cfe8-c30a-66e8-489651f0f34c}" = Adobe Media Player
"{3a4e8896-c2e7-4084-a4a4-b8fd1894e739}" = Adobe XMP Panels CS4
"{3a6829ef-0791-4fdd-9382-c690dd0821b9}" = Adobe Flash Player 10 ActiveX
"{3da8df9a-044e-46c4-8531-dedbb0ee37ff}" = Adobe WinSoft Linguistics Plugin
"{3fc7cbbc4c1e11dca1a752ea55d89593}" = DivX Version Checker
"{43509e18-076e-40fe-af38-ca5ed400a5a9}" = Pixel Bender Toolkit
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{4943eff5-229f-435d-bea9-be3caea783a7}" = Adobe Service Manager Extension
"{54793aa1-5001-42f4-abb6-c364617c6078}" = Adobe Linguistics CS3
"{5546cdb5-2ce2-498b-b059-5b3bf81fc41f}" = Macromedia Extension Manager
"{5570c7f0-43d0-4916-8a9e-aedd52fa86f4}" = Adobe Color EU Extra Settings CS4
"{5ee7d259-d137-4438-9a5f-42f432ec0421}" = VC80CRTRedist - 8.0.50727.4053
"{60db5894-b5a1-4b62-b0f3-669a22c0ee5d}" = Adobe Dynamiclink Support
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{67f0e67a-8e93-4c2c-b29d-47c48262738a}" = Adobe Device Central CS4
"{6abe0bee-d572-4fe8-b434-9e72a289431b}" = Adobe Fonts All
"{6ff5dd7a-fe28-4439-b8cf-1e9af4ea0a61}" = Adobe Asset Services CS3
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73b5d990-04ea-4751-b10f-5534770b91f2}" = Adobe Color EU Recommended Settings
"{74746AC2-D12C-4FD1-BBD4-6E5A1267D71D}" = GT Connect
"{793d1d88-6141-43de-be58-59bce31b4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7b63b2922b174135afc0e1377dd81ec2}" = DivX Codec
"{7CC7C026-F81D-4405-9639-B157B7480D73}" = Generic Wireless LAN Driver
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{802771a9-a856-4a41-acf7-1450e523c923}" = Adobe XMP Panels CS3
"{820d3f45-f6ee-4aaf-81ef-ce21ff21d230}" = Adobe Type Support CS4
"{83877db1-8b77-45bc-ab43-2bac22e093e0}" = Adobe Bridge CS4
"{842b4b72-9e8f-4962-b3c1-1c422a5c4434}" = Suite Shared Configuration CS4
"{86d4b82a-abed-442a-be86-96357b70f4fe}" = Ask Toolbar
"{885a63ea-382b-4dd4-a755-14809b8557d6}" = Macromedia Flash Player 8
"{89f4137d-6c26-4a84-bdb8-2e5a4bb71e00}" = Microsoft Silverlight
"{8bf2c401-02ce-424d-bc26-6c4f9fb446b6}" = Macromedia Flash 8 Video Encoder
"{8d2ba474-f406-4710-9ae4-d4f22d21f0dd}" = Adobe Device Central CS3
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90176341-0a8b-4ccc-a78d-f862228a6b95}" = Adobe Anchor Service CS3
"{91b1f0b7-1ba1-4cad-ba4b-c0a62889b851}" = Adobe Cybershop CS4
"{926c96fb-9d0a-4504-8000-c6d3a4a3118e}" = Java DB 10.4.2.1
"{931ab7ea-3656-4bb7-864d-022b09e3dd67}" = Adobe Linguistics CS4
"{94d398eb-d2fd-4fd1-b8c4-592635e8a191}" = Adobe CMaps CS4
"{95120000-00af-0409-0000-0000000ff1ce}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{981029e0-7fc9-4cf3-ab39-6f133621921a}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9c9824d9-9000-4373-a6a5-d0e5d4831394}" = Adobe Bridge CS3
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-A81200000003}" = Adobe Reader 8 - Czech
"{b29ad377-cc12-490a-a480-1452337c618d}" = Connect
"{b3bf6689-a81d-40d8-9a86-4ac4acd9fc1c}" = Adobe Camera Raw 4.0
"{b7050cbdb2504b34bc2a9ca0a692cc29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{bb4e33ec-8181-4685-96f7-8554293dec6a}" = Adobe Output Module
"{BC4CA8FA-41D2-4B81-8680-E9B7573D6500}" = PlayStation(R)Network Downloader
"{c2d69781-f392-4118-a5a7-c7e9c38dbfc2}" = Adobe ExtendScript Toolkit 2
"{c52e3ec1-048c-45e1-8d53-10b0c6509683}" = Adobe Default Language CS4
"{cc75ab5c-2110-4a7f-af52-708680d22fe8}" = Photoshop Camera Raw
"{ce67dbbb-2ed0-4f35-b482-0cfe4cfc1570}" = Adobe Setup
"{d0dff92a-492e-4c40-b862-a74a173c25c5}" = Adobe Version Cue CS3 Client
"{d103c4ba-f905-437a-8049-db24763bbe36}" = Skype™ 4.2
"{D34D82E0-4600-407B-9478-8506C1DD1029}" = Nero 7 Essentials
"{DB457913-028D-460E-BB4C-D9A6369752CA}" = TouchPad HotKey Utility
"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver
"{deb90b8e-0dcb-48ce-b90e-8842a2bd643e}" = Adobe Media Encoder CS4
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{e5fced12-3e77-4c0e-a305-5aeb38a52a70}" = AdobeColorCommonSetCMYK
"{E61CAE2E-6D6E-43C1-941B-17A69BC144C5}" = 602XML Filler
"{e69ae897-9e0b-485c-8552-7841f48d42d8}" = Adobe Update Manager CS3
"{eed50c97-c79e-4149-bd82-7c5a22437708}" = Adobe Setup
"{f0e64e2e-3a60-40d8-a55d-92f6831875da}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f6e99614-f042-4459-82b7-8b38b2601356}" = Adobe Flash CS4
"{f8ef2b3f-c345-4f20-8fe4-791a20333cd5}" = Adobe ExtendScript Toolkit CS4
"{f93c84a6-0dc6-42af-89fa-776f7c377353}" = Adobe PDF Library Files CS4
"{ff29a7e2-ff40-4d07-b7e4-2093de59e10a}" = Adobe Color NA Extra Settings
"7-Zip" = 7-Zip 4.60 beta
"Ad-Aware" = Ad-Aware
"adobe air" = Adobe AIR
"adobe flash player activex" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"adobe_a68eec966ce913ddaa63251dc82ed31" = Adobe Flash CS4 Professional
"adobe_e21d2df5563f0bf421cf2cc5ec26c42" = Adobe Illustrator CS3
"any flv player_is1" = Any Flv Player 2.2.2
"atrac3" = Sony ATRAC3 Audio Codec (remove only)
"avast!" = avast! Antivirus
"bs_player toolbar" = BS_Player Toolbar
"bsplayerf" = BS.Player FREE
"com.adobe.amp.4875e02d9fb21ee389f73b8d1702b320485df8ce.1" = Adobe Media Player
"contexteditor_is1" = ConTEXT
"divxland media subtitler" = DivXLand Media Subtitler
"Extra Photo SlideShow Free_is1" = Extra Photo SlideShow Free 4.22
"formatfactory" = FormatFactory 1.90
"game maker 7.0" = Game Maker 7.0
"gimpshop" = GIMPshop 2.2.8
"google chrome" = Google Chrome
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"mozilla firefox (3.6)" = Mozilla Firefox (3.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"plato media player_is1" = Plato Media Player 1.0.6
"psp brew_is1" = PSP Brew 0.91
"SiS VGA Driver" = SiS VGA Utilities
"starwars: the battle of endor v2.1_is1" = STARWARS: The Battle of Endor version 2.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The KMPlayer" = The KMPlayer (remove only)
"Totalcmd" = Total Commander (Remove or Repair)
"update service" = Update Service
"wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"xvid" = XviD MPEG-4 Video Codec
"xvid_is1" = Xvid 1.2.1 final uninstall
"xvid4psp" = XviD4PSP
"zonerphotostudio12_en_is1" = Zoner Photo Studio 12

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 13.2.2010 10:54:32 | Computer Name = BUCHTA | Source = avast! | ID = 33554522
Description = Nastala interní chyba v modulu aswar scan function failed!, funkce
A0000111.

Error - 13.2.2010 11:14:59 | Computer Name = BUCHTA | Source = avast! | ID = 33554522
Description = Chyba v aswChestC: chestAddFile Error 1753.

Error - 13.2.2010 11:15:16 | Computer Name = BUCHTA | Source = avast! | ID = 33554522
Description = Chyba v aswChestC: chestAddFile Error 1753.

[ Application Events ]
Error - 10.4.2010 0:53:31 | Computer Name = BUCHTA | Source = Application Error | ID = 1000
Description = Chybující aplikace services.exe, verze 5.1.2600.5755, chybující modul
services.exe, verze 5.1.2600.5755, adresa chyby 0x000097b0.

Error - 11.4.2010 13:44:44 | Computer Name = BUCHTA | Source = Application Error | ID = 1000
Description = Chybující aplikace , verze 0.0.0.0, chybující modul unknown, verze
0.0.0.0, adresa chyby 0x00000000.

Error - 15.4.2010 11:03:05 | Computer Name = BUCHTA | Source = .NET Runtime | ID = 0
Description =

Error - 16.4.2010 8:59:30 | Computer Name = BUCHTA | Source = EventSystem | ID = 4609
Description = Systém událostí modelu COM+ zjistil při vnitřním zpracovávání chybný
návratový kód. Hodnota HRESULT byla 8007043C z řádku 44 v d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.Obraťte
se na služby odborné pomoci společnosti Microsoft a informujte je o této chyb

[ System Events ]
Error - 16.4.2010 9:22:00 | Computer Name = BUCHTA | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby netman
s argumenty za účelem spuštění serveru: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 16.4.2010 9:22:24 | Computer Name = BUCHTA | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby EventSystem
s argumenty za účelem spuštění serveru: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 16.4.2010 9:24:30 | Computer Name = BUCHTA | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: Aavmker4 aswSP filedisk Fips intelppm

Error - 16.4.2010 9:25:02 | Computer Name = BUCHTA | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby EventSystem
s argumenty za účelem spuštění serveru: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 16.4.2010 9:28:35 | Computer Name = BUCHTA | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby StiSvc
s argumenty za účelem spuštění serveru: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 16.4.2010 9:29:06 | Computer Name = BUCHTA | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby StiSvc
s argumenty za účelem spuštění serveru: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 16.4.2010 9:35:37 | Computer Name = BUCHTA | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby EventSystem
s argumenty za účelem spuštění serveru: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 16.4.2010 9:37:01 | Computer Name = BUCHTA | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: Aavmker4 aswSP filedisk Fips intelppm

Error - 16.4.2010 9:37:21 | Computer Name = BUCHTA | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby EventSystem
s argumenty za účelem spuštění serveru: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 16.4.2010 9:38:16 | Computer Name = BUCHTA | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby StiSvc
s argumenty za účelem spuštění serveru: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

< End of report >

#8 Příspěvek od **Caroprd111** » 16 dub 2010 15:31

Spusťte OTL a do spodního okna vložte následující skript.

Kód: Vybrat vše

:OTL
DRV - [2010.04.16 15:06:03 | 000,087,168 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\54601fe3.sys -- (54601fe3)
DRV - [2010.04.15 13:43:38 | 000,000,000 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\9153d4d1.sys -- (9153d4d1)
DRV - [2010.04.15 13:43:38 | 000,000,000 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\51f5433d.sys -- (51f5433d)
DRV - [2010.01.01 22:38:50 | 000,000,000 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\12d35ba0.sys -- (12d35ba0)
O2 - BHO: (Ask Toolbar) - {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O4 - HKLM..\Run: [21783627] C:\Documents and Settings\All Users\Data aplikací\21783627\21783627.exe ()
O4 - HKU\.DEFAULT..\Run: [cdoosoft] C:\WINDOWS\TEMP\olhrwef.exe File not found
O4 - HKU\S-1-5-18..\Run: [cdoosoft] C:\WINDOWS\TEMP\olhrwef.exe File not found
O4 - HKU\S-1-5-21-117609710-2049760794-839522115-500..\Run: [cdoosoft] C:\Documents and Settings\Administrator\Local Settings\Temp\herss.exe ()
O4 - HKLM..\RunOnce: [UsbFix] C:\UsbFix\UsbFix.cmd ()
O27 - HKLM IFEO\a2service.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ArcaCheck.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\arcavir.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ashDisp.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ashEnhcd.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ashServ.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ashUpd.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\aswUpdSv.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\autoruns.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avadmin.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avcenter.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avcls.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avconfig.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avconsol.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avgnt.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avgrssvc.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avguard.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\AvMonitor.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avp.com: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avp.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\AVP32.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avscan.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avz.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avz_se.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avz4.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\bdagent.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\bdinit.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\caav.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\caavguiscan.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\casecuritycenter.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\CCenter.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ccupdate.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\cfp.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\cfpupdat.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\cmdagent.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\drwadins.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\DRWEB32.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\drwebupw.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ekrn.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\FAMEH32.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\filemon.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\FPAVServer.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\fpscan.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\FPWin.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\fsav32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\fsgk32st.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\FSMA32.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\GFRing3.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\guardgui.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\guardxservice.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\guardxup.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\HijackThis.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KASMain.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KASTask.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KAV32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KAVDX.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KAVPF.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KAVPFW.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KAVStart.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KPFW32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KPFW32X.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Navapsvc.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Navapw32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\navigator.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\NAVNT.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\NAVSTUB.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\NAVW32.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\NAVWNT.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\niu.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\nod32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\nod32krn.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Nvcc.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\OllyDBG.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\outpost.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\preupd.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\procexp.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\pskdr.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\regedit.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\regmon.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\RegTool.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\scan32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\SfFnUp.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Vba32arkit.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\vba32ldr.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\vsserv.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Zanda.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\zapro.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Zlh.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\zonealarm.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\zoneband.dll: Debugger - ntsd -d (Microsoft Corporation)
O33 - MountPoints2\C\Shell\AutoRun\command - "" = C:\wyskq6lt.exe -- [2010.04.15 13:05:00 | 000,126,976 | RHS- | M] ()
O33 - MountPoints2\C\Shell\open\Command - "" = C:\wyskq6lt.exe -- [2010.04.15 13:05:00 | 000,126,976 | RHS- | M] ()
O28 - HKLM ShellExecuteHooks: {BB4C402F-882A-4526-8C08-51278EA437C1} - C:\WINDOWS\System32\e8main0.dll File not found
[2010.04.14 14:13:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\21783627
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2010.04.16 15:22:15 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nmdfgds2.dll
[2010.04.16 15:22:15 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\e8main1.dll
[2010.04.16 15:22:15 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\afmain1.dll
[2010.04.16 15:06:03 | 000,087,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\54601fe3.sys
[2010.04.15 13:43:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\9153d4d1.sys
[2010.04.15 13:43:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\51f5433d.sys
[2010.04.15 13:01:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\bsoljvtf.sys
[2010.04.14 19:01:07 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2009.07.02 17:50:49 | 000,105,984 | RHS- | C] () -- C:\WINDOWS\System32\nmdfgds3.dll
[2009.06.24 18:35:34 | 000,105,984 | RHS- | C] () -- C:\WINDOWS\System32\nmdfgds1.dll
[2009.06.20 09:00:34 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\2401ccb2.sys
[2009.05.31 07:28:11 | 000,105,984 | RHS- | C] () -- C:\WINDOWS\System32\nmdfgds0.dll
[2009.05.25 16:17:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\51f5433d.sys
[2009.05.19 07:28:12 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\digiwet.dll
[2009.05.18 14:49:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\9153d4d1.sys
[2009.01.23 08:04:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nmdfgds2.dll
[2008.10.21 16:34:29 | 000,085,504 | RHS- | C] () -- C:\WINDOWS\System32\ckvo1.dll
[2008.10.19 17:29:15 | 000,085,504 | RHS- | C] () -- C:\WINDOWS\System32\ckvo0.dll
[2006.03.02 14:00:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\e8main1.dll
[2006.03.02 14:00:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\afmain1.dll
[2010.04.15 17:03:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\21783627
[2009.03.03 19:39:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\{83C91755-2546-441D-AC40-9A6B4B860800}
[2009.11.05 16:01:02 | 000,114,602 | RHS- | M] () -- C:\1a1dndah.exe
[2009.12.06 17:26:07 | 000,115,347 | RHS- | M] () -- C:\2id9.exe
[2009.09.19 18:45:20 | 000,117,220 | RHS- | M] () -- C:\2o1ajagt.exe
[2009.11.13 08:36:07 | 000,115,016 | RHS- | M] () -- C:\6ruaqx.exe
[2009.09.29 20:36:45 | 000,116,840 | RHS- | M] () -- C:\9jyhdim8.exe
[2010.03.26 23:47:19 | 000,132,608 | RHS- | M] () -- C:\affi8l.exe
[2009.10.24 07:40:27 | 000,114,191 | RHS- | M] () -- C:\b00ijwpu.exe
[2010.04.09 21:25:51 | 000,117,248 | RHS- | M] () -- C:\ba.exe
[2010.03.25 15:53:03 | 000,124,416 | RHS- | M] () -- C:\bbjl2g.exe
[2009.09.23 18:36:16 | 000,112,471 | RHS- | M] () -- C:\bycfht.exe
[2010.04.12 18:14:12 | 000,117,760 | RHS- | M] () -- C:\chxnxyx.exe
[2009.10.25 18:15:05 | 000,114,244 | RHS- | M] () -- C:\eexyv.exe
[2010.03.05 22:03:54 | 000,124,416 | RHS- | M] () -- C:\fk.exe
[2009.11.10 15:36:31 | 000,112,695 | RHS- | M] () -- C:\g12g.exe
[2009.10.27 17:00:12 | 000,115,072 | RHS- | M] () -- C:\hjvjte.exe
[2010.04.10 17:33:21 | 000,116,224 | RHS- | M] () -- C:\img8hi.exe
[2009.12.28 16:11:15 | 000,108,032 | RHS- | M] () -- C:\imghyva6.exe
[2009.11.08 17:15:56 | 000,114,924 | RHS- | M] () -- C:\l61yyp.exe
[2009.12.01 17:06:20 | 000,115,905 | RHS- | M] () -- C:\mbdm.exe
[2009.12.04 15:14:01 | 000,113,792 | RHS- | M] () -- C:\mbvd.exe
[2010.03.31 14:48:48 | 000,112,128 | RHS- | M] () -- C:\mi9al8rs.exe
[2010.01.08 18:44:46 | 000,120,320 | RHS- | M] () -- C:\mltox.exe
[2009.09.27 15:41:42 | 000,116,665 | RHS- | M] () -- C:\mranjm.exe
[2009.12.20 20:39:13 | 000,120,315 | RHS- | M] () -- C:\nx.exe
[2010.04.03 21:52:51 | 000,116,224 | RHS- | M] () -- C:\pbyqfn.exe
[2009.03.18 16:51:40 | 000,110,053 | RHS- | M] () -- C:\q0dhfjf.exe
[2009.11.30 17:10:09 | 000,115,856 | RHS- | M] () -- C:\q3kku.exe
[2009.11.22 08:31:21 | 000,116,030 | RHS- | M] () -- C:\q93fi6kf.exe
[2009.09.13 17:54:17 | 000,115,485 | RHS- | M] () -- C:\qcoageh.exe
[2009.09.17 07:13:05 | 000,116,163 | RHS- | M] () -- C:\qcod.exe
[2010.01.22 22:17:05 | 000,096,768 | RHS- | M] () -- C:\qkm.exe
[2009.09.29 07:06:17 | 000,117,960 | RHS- | M] () -- C:\rg9g9bgq.exe
[2009.07.31 07:37:57 | 000,107,843 | RHS- | M] () -- C:\rx.exe
[2009.06.26 17:25:23 | 000,107,599 | RHS- | M] () -- C:\s.exe
[2010.02.28 17:49:47 | 000,097,792 | RHS- | M] () -- C:\s1.exe
[2009.10.15 14:14:09 | 000,115,522 | RHS- | M] () -- C:\s3ek.exe
[2010.03.31 17:27:02 | 000,115,712 | RHS- | M] () -- C:\sdfqh.exe
[2009.10.17 17:02:00 | 000,114,387 | RHS- | M] () -- C:\se12ydam.exe
[2009.06.09 06:56:10 | 000,101,528 | RHS- | M] () -- C:\sm.exe
[2009.10.05 07:09:08 | 000,117,453 | RHS- | M] () -- C:\sp1jensi.exe
[2009.11.04 18:33:49 | 000,114,304 | RHS- | M] () -- C:\srgo.exe
[2009.10.03 05:54:38 | 000,118,853 | RHS- | M] () -- C:\t2hjo0.exe
[2009.12.17 19:47:24 | 000,119,649 | RHS- | M] () -- C:\t8g.exe
[2010.02.21 16:14:15 | 000,096,768 | RHS- | M] () -- C:\tgt.exe
[2009.07.27 17:33:32 | 000,108,548 | RHS- | M] () -- C:\u0riu2.exe
[2009.12.24 07:11:34 | 000,114,414 | RHS- | M] () -- C:\u16sqrqn.exe
[2009.08.03 08:03:44 | 000,107,841 | RHS- | M] () -- C:\ukfbi3aw.exe
[2009.10.30 11:55:25 | 000,112,905 | RHS- | M] () -- C:\uqgvf.exe
[2009.11.06 18:08:14 | 000,115,973 | RHS- | M] () -- C:\v1cbvsmq.exe
[2009.10.17 07:00:42 | 000,115,618 | RHS- | M] () -- C:\vb0hsoay.exe
[2009.11.10 08:37:58 | 000,114,778 | RHS- | M] () -- C:\vk0w.exe
[2009.10.10 06:44:21 | 000,116,526 | RHS- | M] () -- C:\vlvtdflx.exe
[2009.09.25 16:17:12 | 000,111,956 | RHS- | M] () -- C:\w9uxx92.exe
[2009.11.26 16:18:43 | 000,114,819 | RHS- | M] () -- C:\wfx062.exe
[2009.09.18 18:47:03 | 000,116,114 | RHS- | M] () -- C:\wrsf.exe
[2010.02.09 15:08:09 | 000,091,648 | RHS- | M] () -- C:\ws.exe
[2009.11.23 18:51:31 | 000,113,508 | RHS- | M] () -- C:\wu1n.exe
[2010.04.15 13:05:00 | 000,126,976 | RHS- | M] () -- C:\wyskq6lt.exe
[2009.07.05 07:43:56 | 000,107,299 | RHS- | M] () -- C:\xerp8nj.exe
[2009.12.07 18:20:42 | 000,118,048 | RHS- | M] () -- C:\xmor.exe
[2010.01.28 19:31:46 | 000,100,864 | RHS- | M] () -- C:\y.exe
[2010.03.15 20:08:07 | 000,119,808 | RHS- | M] () -- C:\y6cqb2is.exe
[2009.06.23 12:59:36 | 000,105,255 | RHS- | M] () -- C:\y6yol.exe
[2009.10.13 15:44:00 | 000,114,400 | RHS- | M] () -- C:\ycvvj.exe
[2009.04.28 18:26:56 | 000,105,774 | RHS- | M] () -- C:\ymxf2.exe
[2009.05.10 20:48:18 | 000,108,772 | RHS- | M] () -- C:\ysep1.exe
[2010.04.06 18:31:17 | 000,117,248 | RHS- | M] () -- C:\ysyjq1bs.exe
[2009.12.18 19:30:56 | 000,120,299 | RHS- | M] () -- C:\yu3.exe

:Reg
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll,schannel.dll,digest.dll,msnsspc.dll"

:Commands
[EMPTYTEMP] 
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[RESETHOSTS] 
[CREATERESTOREPOINT]

Poté klikněte na Opravit, PC se restartuje, log vložte sem.

Obrázek

Tohle otestujte na http://www.virustotal.com/cs/
C:\Documents and Settings\All Users\Data aplikací\hpeBA.dll

(Soubor nehledejte, jenom vložíte tučně označenou cestu, v případě hlášky "Soubor již byl testován" dejte otestovat znovu. Výsledek analýzy sem v podobě odkazu vložte.)

Obrázek

Doporučuji odinstalovat Ad-Aware.

Trepifajkslak · #9 Příspěvek od **Trepifajkslak** » 16 dub 2010 15:47

tak opraveno v OTL ,ale zase žádný log

bohužel otestovat to asi nepůjde , jelikož nevím proč ,ale když mám v notebooku sitovej kablik tak se na nouzovy režím nespustí (jen se sekne na černé obrazovce kde je nápis nouzový režim a nic víc

) když sitak odpojim naběhne normál nouzový ,ale jinak ne ... když sítak zapojím píše stále že sitový kabel byl odpojen ntakže na net se z notebooku nedostanu , cele jsem to dělal tak že jsem progrtamy stahoval na starším pc a pak přes flashku dával do ntb

#10 Příspěvek od **Caroprd111** » 16 dub 2010 15:51

Podívejte se do složky C:\_OTL\MovedFiles

Trepifajkslak · #11 Příspěvek od **Trepifajkslak** » 16 dub 2010 15:53

a jeje , teď když chci v nouzáku otevřít c - tak se mi nechce otevřít ,ale mám si vybrat program ve kterém ho otevřít

?!

#12 Příspěvek od **Caroprd111** » 16 dub 2010 15:59

Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary
Vložte do PC všechny flash disky, které používáte.
Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrazí stránka s licenčními podmínkami, pokračujte stisknutím tlačítka "Ano"
Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna
Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.
Během skenování může být počítač restartován.

Trepifajkslak · #13 Příspěvek od **Trepifajkslak** » 16 dub 2010 16:43

tak tady je log - (už mi jde net i v nouzovém režimu

) ComboFix 10-04-15.05 - Administrator 16.04.2010 17:27:53.1.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1789.1374 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\2.bat
C:\8.bat
C:\autorun.inf
C:\d9c.bat
c:\documents and settings\Buchtaob\Plocha\Security Tool.lnk
C:\hkn6k.bat
C:\i.com
C:\j60osk9.cmd
C:\q9.cmd
C:\qphdin.com
C:\qwtb.com
C:\rbj9jn1n.bat
c:\recycler\S-1-5-21-343818398-838170752-725345543-1004
C:\rwj0.cmd
C:\sv8c2bjw.bat
C:\u.com
C:\ucivd6xi.bat
C:\uhoxajc.cmd
C:\ukvr.bat
C:\uo10sn.cmd
C:\upw.bat
C:\ur0.com
C:\uvsqfgwd.cmd
C:\uxkl0apt.bat
C:\vwewav8.com
C:\w2.com
C:\w98.com
c:\windows\AhnRpta.exe
c:\windows\system32\_000126_.tmp.dll
c:\windows\system32\2696302344.dat
c:\windows\system32\28463
c:\windows\system32\28463\CDHH.001
c:\windows\system32\28463\CDHH.002
c:\windows\system32\28463\CDHH.005
c:\windows\system32\28463\CDHH.006
c:\windows\system32\advpack.dllc.exe
c:\windows\system32\drivers\gasfkyidompjov.sys
c:\windows\system32\gasfkycmtfrhku.dll
c:\windows\system32\gasfkymoqbrfph.dat
c:\windows\system32\gasfkynbmqevxj.dll
c:\windows\system32\gasfkyqvupkdbs.dll
c:\windows\system32\gasfkyrjomlqxo.dll
c:\windows\system32\gasfkytappyyrj.dll
c:\windows\system32\gasfkyyeerdlyr.dat
c:\windows\system32\olhrwef.exe
c:\windows\wiaservim.log
C:\xdglur.bat
C:\xh319r9b.bat
C:\xsia.bat
C:\y.bat
C:\yh.cmd
C:\yhh.bat

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gasfkytuiqaqbb
-------\Legacy_gasfkytuiqaqbb
-------\Legacy_eventsystemdmserver
-------\Legacy_KAVSYS
-------\Service_avpsys
-------\Service_EventSystemdmserver

((((((((((((((((((((((((( Soubory vytvořené od 2010-03-16 do 2010-04-16 )))))))))))))))))))))))))))))))
.

2010-04-16 14:40 . 2010-04-16 14:40 -------- d-----w- C:\_OTL
2010-04-16 13:13 . 2010-04-16 13:20 -------- d-----w- C:\UsbFix
2010-04-16 12:31 . 2010-04-16 12:31 -------- d-----w- C:\rsit
2010-04-16 12:31 . 2010-04-16 12:31 -------- d-----w- c:\program files\trend micro
2010-04-15 14:20 . 2010-04-16 15:16 -------- d--h--w- c:\documents and settings\Default User.WINDOWS.0
2010-04-15 14:20 . 2010-04-15 12:32 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0
2010-04-15 14:16 . 2010-04-15 14:01 -------- d-----w- C:\WINDOWS.0
2010-04-15 13:11 . 2006-03-02 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-04-15 12:37 . 2010-04-15 12:37 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Data aplikací
2010-04-15 12:37 . 2010-04-15 12:37 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY
2010-04-15 12:37 . 2010-04-15 12:37 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY
2010-04-15 12:37 . 2010-04-15 12:37 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Data aplikací
2010-04-15 12:32 . 2010-04-15 12:33 -------- d-sh--w- c:\documents and settings\All Users.WINDOWS.0\DRM
2010-04-10 17:47 . 2010-04-10 17:47 -------- d-----w- c:\program files\MSECache
2010-04-06 16:42 . 2010-04-06 16:42 -------- d-----w- c:\program files\uTorrent
2010-03-27 15:45 . 2010-03-27 15:45 -------- d-----w- c:\program files\Common Files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-15 12:55 . 2008-03-08 11:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-15 12:43 . 2009-02-04 06:37 -------- d-----w- c:\program files\Google
2010-04-15 11:40 . 2010-01-30 20:12 54 ----a-w- c:\windows\system32\rp_stats.dat
2010-04-15 11:40 . 2010-01-30 20:12 39 ----a-w- c:\windows\system32\rp_rules.dat
2010-03-28 17:22 . 2006-03-02 12:00 78084 ----a-w- c:\windows\system32\perfc005.dat
2010-03-28 17:22 . 2006-03-02 12:00 427848 ----a-w- c:\windows\system32\perfh005.dat
2010-03-07 09:26 . 2009-03-03 18:11 15688 ----a-w- c:\windows\system32\lsdelete.exe
2010-03-06 15:00 . 2010-03-06 15:00 -------- d-----w- c:\program files\Sun
2010-03-06 15:00 . 2009-04-09 14:26 410984 ----a-w- c:\windows\system32\deploytk.dll
2010-03-06 15:00 . 2009-04-09 14:25 -------- d-----w- c:\program files\Java
2010-03-06 14:57 . 2010-03-06 14:50 23069119 ----a-w- C:\android-sdk_r04-windows.zip
2010-02-19 13:02 . 2009-10-04 04:42 -------- d-----w- c:\program files\BS_Player
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2010-02-19 13:02 2349080 ----a-w- c:\program files\BS_Player\tbBS_0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_0.dll" [2010-02-19 2349080]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
GT Connect.lnk - c:\program files\T-Mobile\GT Connect\GT Connect.exe [2007-5-31 557056]
Utility Tray.lnk - c:\windows\system32\sistray.exe [2008-11-4 262144]
WirelessSelector.lnk - c:\program files\FSC\Wireless Utility\WirelessSelector.exe [2008-3-8 650752]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list]
"19696:TCP"= 19696:TCP:BitComet 19696 TCP
"19696:UDP"= 19696:UDP:BitComet 19696 UDP

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3.3.2009 19:19 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.1.2009 23:34 1029456]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [21.10.2008 17:03 78416]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21.10.2008 17:03 20560]
S2 GtFlashSwitch;GtFlashSwitch;c:\program files\Common Files\GtFlashSwitch\GtFlashSwitch.exe [9.2.2007 14:48 176128]
S2 gupdate1c98693303ccbd8;Google Update Service (gupdate1c98693303ccbd8);c:\program files\Google\Update\GoogleUpdate.exe [4.2.2009 8:38 133104]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [29.6.2009 8:00 13224]
S3 GTUQBUS;GT UQ BUS;c:\windows\system32\drivers\gtuqbus.sys [31.10.2006 14:44 36992]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [28.6.2009 18:58 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [28.6.2009 18:58 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [28.6.2009 18:58 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [28.6.2009 18:58 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [28.6.2009 18:58 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [28.6.2009 18:58 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [28.6.2009 18:58 115752]
.
Obsah adresáře 'Naplánované úlohy'

2010-04-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 09:26]

2010-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 06:38]

2010-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 06:38]
.
.
------- Doplňkový sken -------
.
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\8eb5zkgl.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-Ad-Aware - c:\documents and settings\All Users\Data aplikací\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
AddRemove-adobe_e21d2df5563f0bf421cf2cc5ec26c42 - c:\program files\Common Files\Adobe\Installers\e21d2df5563f0bf421cf2cc5ec26c42\Setup.exe
AddRemove-{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} - c:\documents and settings\All Users\Data aplikací\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-16 17:36
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(660)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(572)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Celkový čas: 2010-04-16 17:41:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-16 15:41

Před spuštěním: Volných bajtů: 62 358 593 536
Po spuštění: Volných bajtů: 62 252 331 008

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.0
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.0="Microsoft Windows XP Home Edition" /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 5B832A512EDFA0231CB9FF5C3C8480F5

Trepifajkslak · #14 Příspěvek od **Trepifajkslak** » 16 dub 2010 16:45

a tady ještě ten předešlý otl :
All processes killed
========== OTL ==========
Service 54601fe3 stopped successfully!
Service 54601fe3 deleted successfully!
C:\WINDOWS\system32\drivers\54601fe3.sys moved successfully.
Service 9153d4d1 stopped successfully!
Service 9153d4d1 deleted successfully!
C:\WINDOWS\system32\drivers\9153d4d1.sys moved successfully.
Service 51f5433d stopped successfully!
Service 51f5433d deleted successfully!
C:\WINDOWS\system32\drivers\51f5433d.sys moved successfully.
Service 12d35ba0 stopped successfully!
Service 12d35ba0 deleted successfully!
C:\WINDOWS\system32\drivers\12d35ba0.sys moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d4027c7f-154a-4066-a1ad-4243d8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d4027c7f-154a-4066-a1ad-4243d8127440}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\21783627 deleted successfully.
C:\Documents and Settings\All Users\Data aplikací\21783627\21783627.exe moved successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\cdoosoft deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\cdoosoft not found.
Registry value HKEY_USERS\S-1-5-21-117609710-2049760794-839522115-500\Software\Microsoft\Windows\CurrentVersion\Run\\cdoosoft deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\herss.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\UsbFix deleted successfully.
C:\UsbFix\UsbFix.cmd moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a2service.exe\ deleted successfully.
C:\WINDOWS\System32\ntsd.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArcaCheck.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arcavir.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashEnhcd.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcls.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP32.EXE\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avscan.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz_se.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz4.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdinit.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caav.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caavguiscan.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\casecuritycenter.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccupdate.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwadins.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRWEB32.EXE\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FAMEH32.EXE\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filemon.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVServer.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fpscan.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPWin.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav32.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsgk32st.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSMA32.EXE\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFRing3.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxservice.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxup.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPF.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVNT.EXE\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSTUB.EXE\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVW32.EXE\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVWNT.EXE\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\niu.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcc.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OllyDBG.EXE\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\preupd.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pskdr.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regmon.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegTool.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SfFnUp.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Vba32arkit.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vba32ldr.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zanda.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zlh.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zoneband.dll\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\ deleted successfully.
C:\wyskq6lt.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\ not found.
File C:\wyskq6lt.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{BB4C402F-882A-4526-8C08-51278EA437C1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB4C402F-882A-4526-8C08-51278EA437C1}\ deleted successfully.
C:\Documents and Settings\All Users\Data aplikací\21783627 folder moved successfully.
C:\WINDOWS\002731_.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\SET21.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET1C.tmp deleted successfully.
C:\WINDOWS\System32\SET63.tmp deleted successfully.
C:\WINDOWS\System32\SET68.tmp deleted successfully.
C:\WINDOWS\System32\SET6F.tmp deleted successfully.
C:\WINDOWS\system32\nmdfgds2.dll moved successfully.
C:\WINDOWS\system32\e8main1.dll moved successfully.
C:\WINDOWS\system32\afmain1.dll moved successfully.
File C:\WINDOWS\System32\drivers\54601fe3.sys not found.
File C:\WINDOWS\System32\drivers\9153d4d1.sys not found.
File C:\WINDOWS\System32\drivers\51f5433d.sys not found.
C:\WINDOWS\system32\drivers\bsoljvtf.sys moved successfully.
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job moved successfully.
C:\WINDOWS\system32\nmdfgds3.dll moved successfully.
C:\WINDOWS\system32\nmdfgds1.dll moved successfully.
C:\WINDOWS\system32\drivers\2401ccb2.sys moved successfully.
C:\WINDOWS\system32\nmdfgds0.dll moved successfully.
File C:\WINDOWS\System32\drivers\51f5433d.sys not found.
C:\WINDOWS\system32\digiwet.dll moved successfully.
File C:\WINDOWS\System32\drivers\9153d4d1.sys not found.
File C:\WINDOWS\System32\nmdfgds2.dll not found.
C:\WINDOWS\system32\ckvo1.dll moved successfully.
C:\WINDOWS\system32\ckvo0.dll moved successfully.
File C:\WINDOWS\System32\e8main1.dll not found.
File C:\WINDOWS\System32\afmain1.dll not found.
Folder C:\Documents and Settings\All Users\Data aplikací\21783627\ not found.
C:\Documents and Settings\All Users\Data aplikací\{83C91755-2546-441D-AC40-9A6B4B860800} folder moved successfully.
C:\1a1dndah.exe moved successfully.
C:\2id9.exe moved successfully.
C:\2o1ajagt.exe moved successfully.
C:\6ruaqx.exe moved successfully.
C:\9jyhdim8.exe moved successfully.
C:\affi8l.exe moved successfully.
C:\b00ijwpu.exe moved successfully.
C:\ba.exe moved successfully.
C:\bbjl2g.exe moved successfully.
C:\bycfht.exe moved successfully.
C:\chxnxyx.exe moved successfully.
C:\eexyv.exe moved successfully.
C:\fk.exe moved successfully.
C:\g12g.exe moved successfully.
C:\hjvjte.exe moved successfully.
C:\img8hi.exe moved successfully.
C:\imghyva6.exe moved successfully.
C:\l61yyp.exe moved successfully.
C:\mbdm.exe moved successfully.
C:\mbvd.exe moved successfully.
C:\mi9al8rs.exe moved successfully.
C:\mltox.exe moved successfully.
C:\mranjm.exe moved successfully.
C:\nx.exe moved successfully.
C:\pbyqfn.exe moved successfully.
C:\q0dhfjf.exe moved successfully.
C:\q3kku.exe moved successfully.
C:\q93fi6kf.exe moved successfully.
C:\qcoageh.exe moved successfully.
C:\qcod.exe moved successfully.
C:\qkm.exe moved successfully.
C:\rg9g9bgq.exe moved successfully.
C:\rx.exe moved successfully.
C:\s.exe moved successfully.
C:\s1.exe moved successfully.
C:\s3ek.exe moved successfully.
C:\sdfqh.exe moved successfully.
C:\se12ydam.exe moved successfully.
C:\sm.exe moved successfully.
C:\sp1jensi.exe moved successfully.
C:\srgo.exe moved successfully.
C:\t2hjo0.exe moved successfully.
C:\t8g.exe moved successfully.
C:\tgt.exe moved successfully.
C:\u0riu2.exe moved successfully.
C:\u16sqrqn.exe moved successfully.
C:\ukfbi3aw.exe moved successfully.
C:\uqgvf.exe moved successfully.
C:\v1cbvsmq.exe moved successfully.
C:\vb0hsoay.exe moved successfully.
C:\vk0w.exe moved successfully.
C:\vlvtdflx.exe moved successfully.
C:\w9uxx92.exe moved successfully.
C:\wfx062.exe moved successfully.
C:\wrsf.exe moved successfully.
C:\ws.exe moved successfully.
C:\wu1n.exe moved successfully.
File C:\wyskq6lt.exe not found.
C:\xerp8nj.exe moved successfully.
C:\xmor.exe moved successfully.
C:\y.exe moved successfully.
C:\y6cqb2is.exe moved successfully.
C:\y6yol.exe moved successfully.
C:\ycvvj.exe moved successfully.
C:\ymxf2.exe moved successfully.
C:\ysep1.exe moved successfully.
C:\ysyjq1bs.exe moved successfully.
C:\yu3.exe moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\\"SecurityProviders"|"msapsspc.dll,schannel.dll,digest.dll,msnsspc.dll" /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 85662 bytes
->Temporary Internet Files folder emptied: 157475 bytes
->FireFox cache emptied: 2766618 bytes
->Google Chrome cache emptied: 856432 bytes
->Flash cache emptied: 41 bytes

User: All Users

User: All Users.WINDOWS.0

User: Buchtaob
->Temp folder emptied: 643 bytes
->Temporary Internet Files folder emptied: 112094 bytes
->Flash cache emptied: 41 bytes

User: Buchy
->Temp folder emptied: 3 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Google Chrome cache emptied: 856432 bytes
->Flash cache emptied: 41 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes

User: Default User.WINDOWS.0
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 140992 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Monika
->Temp folder emptied: 307305968 bytes
->Temporary Internet Files folder emptied: 41385813 bytes
->Java cache emptied: 69689174 bytes
->FireFox cache emptied: 142417183 bytes
->Google Chrome cache emptied: 95620827 bytes
->Flash cache emptied: 265111 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 422699 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: Pepek
->Temp folder emptied: 2954641 bytes
->Temporary Internet Files folder emptied: 1156139 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 23858233 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 658,00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: All Users.WINDOWS.0

User: Buchtaob
->Flash cache emptied: 0 bytes

User: Buchy
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Default User.WINDOWS.0

User: LocalService

User: LocalService.NT AUTHORITY

User: Monika
->Flash cache emptied: 0 bytes

User: NetworkService

User: NetworkService.NT AUTHORITY

User: Pepek

Total Flash Files Cleaned = 0,00 mb

Restore points cleared and new OTL Restore Point set!
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

OTL by OldTimer - Version 3.2.1.1 log created on 04162010_164059

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#15 Příspěvek od **Caroprd111** » 16 dub 2010 16:48

Funguje Vám PC v normálním režimu

Pokud funguje, tak následující krok proveďte v normálním režimu.

Obrázek

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe

Spusťte program, poté klikněte na Prohledat
Po dokončení, sem vložte log OTL.Txt

VIRY.CZ

Problém s Security tool

Problém s Security tool

Re: Problém s Security tool

Re: Problém s Security tool

Re: Problém s Security tool

Re: Problém s Security tool

Re: Problém s Security tool

Re: Problém s Security tool

Re: Problém s Security tool

Re: Problém s Security tool

Re: Problém s Security tool

Re: Problém s Security tool

Re: Problém s Security tool

Re: Problém s Security tool

Re: Problém s Security tool

Re: Problém s Security tool