prosim o kontrolu logu

Zpráva

#31 Příspěvek od **Caroprd111** » 20 dub 2010 15:11

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe

Spusťte program, poté klikněte na Prohledat
Po dokončení, sem vložte logy OTL.Txt a Extras.txt

detroit · #32 Příspěvek od **detroit** » 20 dub 2010 15:21

Extras.txt:

OTL Extras logfile created on: 20.4.2010 16:16:22 - Run 1
OTL by OldTimer - Version 3.2.1.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 68,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 53,11 Gb Total Space | 7,61 Gb Free Space | 14,32% Space Free | Partition Type: NTFS
Drive D: | 34,68 Gb Total Space | 4,35 Gb Free Space | 12,56% Space Free | Partition Type: NTFS
Drive E: | 4,01 Gb Total Space | 3,98 Gb Free Space | 99,44% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: A
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\NuSphere\PhpED\php\php.exe" = C:\Program Files\NuSphere\PhpED\php\php.exe:*:Enabled:php4-cgi -- (The PHP Group)
"C:\Program Files\NuSphere\PhpED\php\php-cli.exe" = C:\Program Files\NuSphere\PhpED\php\php-cli.exe:*:Enabled:php4-cli -- (The PHP Group)
"C:\Program Files\NuSphere\PhpED\php5\php-cgi.exe" = C:\Program Files\NuSphere\PhpED\php5\php-cgi.exe:*:Enabled:php5-cgi -- (The PHP Group)
"C:\Program Files\NuSphere\PhpED\php5\php.exe" = C:\Program Files\NuSphere\PhpED\php5\php.exe:*:Enabled:php5-cli -- (The PHP Group)
"C:\Program Files\NuSphere\PhpED\php53\php-cgi.exe" = C:\Program Files\NuSphere\PhpED\php53\php-cgi.exe:*:Enabled:php53-cgi -- (The PHP Group)
"C:\Program Files\NuSphere\PhpED\php53\php.exe" = C:\Program Files\NuSphere\PhpED\php53\php.exe:*:Enabled:php53-cli -- (The PHP Group)
"C:\Program Files\NuSphere\PhpED\Srv.exe" = C:\Program Files\NuSphere\PhpED\Srv.exe:*:Enabled:NuSphere PhpED SRV web server -- (NuSphere Corp.)
"C:\Program Files\NuSphere\PhpED\debugger\DbgListener.exe" = C:\Program Files\NuSphere\PhpED\debugger\DbgListener.exe:*:Enabled:NuSphere PhpED Dbg Listener -- (NuSphere Corp., http://www.nusphere.com/)
"C:\Program Files\NuSphere\PhpED\phped.exe" = C:\Program Files\NuSphere\PhpED\phped.exe:*:Enabled:NuSphere PhpED Embedded browser -- (NuSphere Corp.)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05ADEEC8-BD58-43D9-A9E3-1F53B0DA117A}" = Opera 10.51
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{11A7769F-6706-3191-9A9A-6B4AB0F56419}" = Catalyst Control Center Localization Norwegian
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{169F0A86-B4E2-E0D0-9623-4982A9C48C93}" = CCC Help Chinese Traditional
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{177775EF-DF8B-D947-0B51-D14ED1F836C5}" = Catalyst Control Center Localization Czech
"{183C2621-49ED-C3F3-6FFF-4807079E1AC0}" = CCC Help Thai
"{189DC77B-7B5B-0547-276B-C026EF0C757C}" = ccc-core-preinstall
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1D8135C3-46FA-77E4-E645-405BD62DDAB9}" = Catalyst Control Center Localization Turkish
"{209DC8F3-20D6-56D1-3EDA-04792A59589D}" = CCC Help Greek
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 19
"{2A0AF7BE-CB9C-D902-676E-B3DAEECB6B2D}" = Catalyst Control Center Localization Korean
"{2B9A8E7E-CDE6-D723-3521-B6D4784FFBEA}" = Catalyst Control Center Localization Japanese
"{2D0A84FC-2178-131A-7563-705200BDFF20}" = CCC Help Polish
"{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager
"{2EE6086A-2926-66A7-2B60-42FB259D95B7}" = Catalyst Control Center Localization Russian
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{32A3A4F4-B792-11D6-A78A-00B0D0160140}" = Java(TM) SE Development Kit 6 Update 14
"{33B75044-54B4-5AB4-7A19-7B9D77BF2285}" = Catalyst Control Center Localization Greek
"{33BBE45C-6296-488A-B7D5-37E692E71B3F}" = TortoiseSVN 1.6.5.16974 (32 bit)
"{33E58EE4-0E59-0017-78D0-D56FD3594770}" = CCC Help Korean
"{342BE86B-31F5-6E7E-A1CB-87BA5272BC2C}" = Catalyst Control Center Localization Hungarian
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{36807E1C-C7F5-CCF7-3617-F41837DECAF7}" = CCC Help Danish
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{39C4C6DE-641B-483F-B875-2AEDF0FB85CA}_is1" = Rampant Logic Postscript Viewer 1.1
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A8B8170-7321-E5FC-0047-74F9F5D21B25}" = Catalyst Control Center Localization Thai
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F93B2BA-18EC-462B-9ACD-396599353EE1}" = Catalyst Control Center - Branding
"{4448ABF6-786D-4C3D-A49D-7BB237E6DD17}" = Foxit PDF IFilter
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AD49422-8B9B-4896-9C83-ED39E38B2D15}_is1" = ELIS 2009/2010
"{4D1E0AA2-3B34-6940-3663-0E255EFBBF63}" = CCC Help Portuguese
"{517459C1-A2C2-7641-AA71-4E7E98B5E8A9}" = CCC Help Spanish
"{521F72F4-FFE4-4959-AA88-EED06125211F}" = HP Notebook Accessories Product Tour
"{53B35D1A-B93A-C389-409B-EEBC68D82861}" = Catalyst Control Center Core Implementation
"{540EA3CE-1229-5702-929D-A67E6331AC39}" = CCC Help Norwegian
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{59046D29-2E6B-4224-BF0D-64F3E7A93F7B}" = LightScribe System Software 1.10.19.1
"{5A721E61-FBDE-9422-3C64-17D918C7196B}" = Catalyst Control Center Localization German
"{5F74F1E5-C4DF-7A18-3C11-A47382FFA660}" = CCC Help Swedish
"{611CB353-FEC0-1245-1859-B169344D1454}" = CCC Help Japanese
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{64AE6DA6-8B61-4DF7-AFC0-7134E4C458FA}" = BIOS Configuration for HP ProtectTools
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{69DAC00A-7665-4E9B-B441-093D40736429}" = HP BatteryCheck 2.10 A2
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77130095-2039-424F-A633-4FAF0261258A}" = Java Card Security for HP ProtectTools
"{77F38DEB-140F-0B24-52C4-6B385127CB1F}" = Catalyst Control Center Localization Finnish
"{79AAA8E0-B47C-EDAB-826E-C498AA4857CE}" = CCC Help Finnish
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = HP Integrated Module with Bluetooth wireless technology
"{89B65CDA-DC1B-C5B3-73DF-3CFF4A19A588}" = CCC Help German
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8C74846F-56C1-7CA1-14BF-B7A87F7A0CA7}" = Catalyst Control Center Localization Dutch
"{907E8FCC-ACB6-8F7D-9930-8C95F1DC7D87}" = ccc-utility
"{90A2E630-72EA-3309-6B02-9307C795345C}" = CCC Help Russian
"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9C41CC3E-CB42-451F-9444-BA75FB12C0AC}" = AT&T Communication Manager
"{A00E6A54-A3B5-7FCD-5DBA-4BFAB5B2DBD7}" = Catalyst Control Center Localization Italian
"{A21A1F07-8EE5-1DC3-74E5-73AF089B5722}" = Catalyst Control Center Localization Polish
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7050037-F0EA-4BAB-BCD5-FC05507D6147}" = Alt-Tab Task Switcher Powertoy for Windows XP
"{A843E814-9178-6F3F-E821-9094D33128F5}" = Catalyst Control Center Graphics Full New
"{A893EF27-F743-D48F-3971-ABD33A2A0902}" = CCC Help French
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AA0CBF76-BD8E-48C0-AE32-31684A629836}" = HP Broadband Wireless Modules
"{AA3D13A1-2373-6638-8398-FBDA07FAC464}" = CCC Help Turkish
"{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient 6.1 x86
"{AF0EC284-33B6-9100-E851-B64FDC070429}" = Catalyst Control Center Localization French
"{B1463859-54D3-03C0-2D87-04D15A4B5D06}" = Catalyst Control Center Localization Chinese Traditional
"{B15AC518-1C5D-D41F-37CA-768851B11FAB}" = Catalyst Control Center Localization Swedish
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC1584FD-B945-E401-7C34-929964DE9E24}" = CCC Help Chinese Standard
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C15F7F16-941E-414B-A676-40190CD621D5}" = Credential Manager for HP ProtectTools
"{C443C2F5-CBEC-1299-3A60-6C3C9965EF5A}" = CCC Help Czech
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C594294F-E38B-FB39-4C3B-E97EFCE3AC0D}" = Catalyst Control Center Localization Danish
"{C97636B2-42D2-C8C0-CDD8-4A323CF6BC5C}" = CCC Help Italian
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 Service Pack 1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDA1ADA3-BBB4-4250-B272-AC21C78C3968}" = HP PCMCIA Smart Card Reader
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF0F7BFE-61D8-E7B8-6F99-F5E149B89051}" = Catalyst Control Center Localization Portuguese
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom NetXtreme Ethernet Controller
"{D7BE4FF6-24E1-3E12-D6D0-C76F26F31327}" = Catalyst Control Center Graphics Light
"{DBB7F606-0C13-4182-AD7F-427A4773580E}" = VibrateGameDeviceDriver
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{DFDE44B2-4E88-9B2D-75B6-945635C665DF}" = Catalyst Control Center Localization Spanish
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E634B696-8333-8216-6415-86272864894F}" = ccc-core-static
"{E78A17B7-B3E7-045B-820D-5DCE2541DEBC}" = CCC Help English
"{E978DAC8-F978-B81D-0BA1-9A566A79A7A6}" = CCC Help Hungarian
"{E9A82610-AD0E-F189-1F41-95996BC15794}" = Catalyst Control Center Graphics Full Existing
"{EB36FA85-8004-D358-601C-542FE3A2A77C}" = CCC Help Dutch
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F6F6B40D-6477-87E2-3899-AF53366D84D2}" = Catalyst Control Center Localization Chinese Standard
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
"7-Zip" = 7-Zip 4.65
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"All-in-one Video Converter" = Magicbit All-in-one Video Converter
"ATI Display Driver" = ATI Display Driver
"Autopano Pro" = Autopano Pro
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Broadcom 802.11 Application" = Broadcom Wireless Utility
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"BSPlayerf" = BS.Player FREE
"Buzzer Control_is1" = Buzzer Control 1.03
"CL" = Clausal Language
"CmdOpen Shell Extension" = Open Command Prompt Shell Extension (x86-32)
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"COMODO Internet Security" = COMODO Internet Security
"CSELITE65_is1" = CSE HTML Validator Lite v6.52
"dBpoweramp FLAC Codec" = dBpoweramp FLAC Codec
"dBpoweramp m4a Codec" = dBpoweramp m4a Codec
"dBpoweramp Musepack Codec" = dBpoweramp Musepack Codec
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"dBpoweramp Ogg Vorbis Codec" = dBpoweramp Ogg Vorbis Codec
"dBpoweramp Windows Media Audio 10 Codec" = dBpoweramp Windows Media Audio 10 Codec
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.02
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Phantom" = Foxit Phantom
"Foxit Reader" = Foxit Reader
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"Governor of Poker1.0" = Governor of Poker
"HashCheck Shell Extension" = HashCheck Shell Extension (x86-32)
"Hattrick Organizer" = Hattrick Organizer (remove only)
"HijackThis" = HijackThis 2.0.2
"IETester" = IETester v0.4.2 (remove only)
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.1.0 (Full)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Silverlight" = Microsoft Silverlight
"MiKTeX 2.8" = MiKTeX 2.8
"Mozilla Embedded Browser_is1" = Mozilla Embedded Browser version 3.5
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MultipleIEs_is1" = MultipleIEs
"nbi-nb-base-6.7.1.0.0" = NetBeans IDE 6.7.1
"NuSphere PhpED_is1" = NuSphere PhpED version 5.9
"PHP Documentor_is1" = Php Documentor version 1.4.2 for NuSphere PhpED
"PHP_is1" = php-4.4.9 for NuSphere PhpED
"PHP5_is1" = php-5.2.11 for NuSphere PhpED
"PHP53_is1" = php-5.3.0 for NuSphere PhpED
"POLYSTYLE_is1" = Polystyle 2.0zo (trial) for NuSphere PhpED
"PremiumSoft Navicat 8.2 for MySQL_is1" = PremiumSoft Navicat 8.2 for MySQL
"PSPad editor_is1" = PSPad editor
"QuicktimeAlt_is1" = QuickTime Alternative 2.8.0
"Replay Media Catcher 3.01" = Replay Media Catcher 3.01
"ST6UNST #1" = Visustin v5
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TaskSwitchXP" = TaskSwitchXP
"TC UP" = Total Commander Ultima Prime 4.7.0.0
"The Game Of Life by Hasbro1.0" = The Game Of Life by Hasbro
"Uninstall_is1" = Uninstall 1.0.0.1
"Unlocker" = Unlocker 1.8.7
"VLC media player" = VLC media player 1.0.5
"WampServer 2_is1" = WampServer 2.0
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinHugs" = WinHugs
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"MLQTSource" = MediaLooks QuickTime Source 1.7.0.6 (DirectShow Filter)
"QIP Infium" = QIP Infium 2.0.9034
"QipGuard" = QIP Internet Guardian
"Spoon Sandbox Manager 3.14" = Spoon Sandbox Manager 3.14

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 31.3.2010 13:16:05 | Computer Name = A | Source = Služba Vymenitelný ukladací priestor | ID = 262159
Description =

Error - 6.4.2010 12:08:11 | Computer Name = A | Source = Application Error | ID = 1000
Description = Zlyhanie aplikácie cfp.exe, verzia 3.14.63867.584, zlyhanie modulu
, verzia 0.0.0.0, adresa zlyhania 0x00000000.

Error - 7.4.2010 18:58:55 | Computer Name = A | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> (OS 10048)Zvycajne
je povolené len jedno použitie každej adresy (protokolu, sietovej adresy, portu)
soketu. : make_sock: could not bind to address 0.0.0.0:80 .

Error - 7.4.2010 18:58:55 | Computer Name = A | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> no listening
sockets available, shutting down .

Error - 7.4.2010 18:58:55 | Computer Name = A | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> Unable
to open logs .

Error - 7.4.2010 18:58:55 | Computer Name = A | Source = MySQL | ID = 100
Description = Do you already have another mysqld server running on port: 3306 ? For
more information, see Help and Support Center at http://www.mysql.com.

Error - 7.4.2010 18:58:55 | Computer Name = A | Source = MySQL | ID = 100
Description = Aborting For more information, see Help and Support Center at http://www.mysql.com.

Error - 14.4.2010 12:56:39 | Computer Name = A | Source = Application Error | ID = 1000
Description = Zlyhanie aplikácie apache.exe, verzia 2.2.13.0, zlyhanie modulu php5ts.dll,
verzia 5.3.0.0, adresa zlyhania 0x0006601c.

Error - 17.4.2010 11:29:18 | Computer Name = A | Source = Google Update | ID = 20
Description =

Error - 17.4.2010 12:57:55 | Computer Name = A | Source = crypt32 | ID = 131080
Description = Pri automatickej aktualizácii zlyhalo nacítanie poradového císla zoznamu
základných certifikátov nezávislých vydavatelov z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
s chybou: The server name or address could not be resolved

[ System Events ]
Error - 18.4.2010 11:35:04 | Computer Name = A | Source = Dhcp | ID = 1002
Description = Server DHCP 192.168.1.1 odmietol prenájom 158.195.202.196 adresy IP
pre
sietovú kartu so sietovou adresou 0017A4E4919E (server DHCP odoslal hlásenie DHCPNACK).

Error - 18.4.2010 11:35:27 | Computer Name = A | Source = Service Control Manager | ID = 7000
Description = Spustenie služby OracleDBConsoleorcl zlyhalo kvôli nasledujúcej chybe:
%%3

Error - 18.4.2010 11:35:27 | Computer Name = A | Source = Service Control Manager | ID = 7000
Description = Spustenie služby wscsvc zlyhalo kvôli nasledujúcej chybe: %%1083

Error - 19.4.2010 5:20:20 | Computer Name = A | Source = Dhcp | ID = 1002
Description = Server DHCP 192.168.1.1 odmietol prenájom 158.195.202.196 adresy IP
pre
sietovú kartu so sietovou adresou 0017A4E4919E (server DHCP odoslal hlásenie DHCPNACK).

Error - 19.4.2010 5:20:46 | Computer Name = A | Source = Service Control Manager | ID = 7000
Description = Spustenie služby OracleDBConsoleorcl zlyhalo kvôli nasledujúcej chybe:
%%3

Error - 19.4.2010 5:20:46 | Computer Name = A | Source = Service Control Manager | ID = 7000
Description = Spustenie služby wscsvc zlyhalo kvôli nasledujúcej chybe: %%1083

Error - 19.4.2010 15:25:02 | Computer Name = A | Source = Service Control Manager | ID = 7034
Description = Služba Broadcom Wireless LAN Tray Service sa neocakávane ukoncila.
Služba sa týmto spôsobom ukoncila už 1 krát.

Error - 19.4.2010 15:25:02 | Computer Name = A | Source = Service Control Manager | ID = 7034
Description = Služba Sony Ericsson OMSI download service sa neocakávane ukoncila.
Služba sa týmto spôsobom ukoncila už 1 krát.

Error - 20.4.2010 4:58:14 | Computer Name = A | Source = Service Control Manager | ID = 7000
Description = Spustenie služby OracleDBConsoleorcl zlyhalo kvôli nasledujúcej chybe:
%%3

Error - 20.4.2010 4:58:14 | Computer Name = A | Source = Service Control Manager | ID = 7000
Description = Spustenie služby wscsvc zlyhalo kvôli nasledujúcej chybe: %%1083

< End of report >

#33 Příspěvek od **Caroprd111** » 20 dub 2010 15:24

Ok, ještě log OTL.txt.

detroit · #34 Příspěvek od **detroit** » 20 dub 2010 15:27

OTL.txt (prva cast, vela znakov, tak som to rozdelil):

OTL logfile created on: 20.4.2010 16:16:22 - Run 1
OTL by OldTimer - Version 3.2.1.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 68,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 53,11 Gb Total Space | 7,61 Gb Free Space | 14,32% Space Free | Partition Type: NTFS
Drive D: | 34,68 Gb Total Space | 4,35 Gb Free Space | 12,56% Space Free | Partition Type: NTFS
Drive E: | 4,01 Gb Total Space | 3,98 Gb Free Space | 99,44% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: A
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.04.20 16:15:53 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010.04.19 19:09:42 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.04.04 16:22:21 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.03.18 11:24:01 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PRC - [2010.03.12 14:20:58 | 005,739,472 | ---- | M] (QIP) -- C:\Program Files\QIP Infium\infium.exe
PRC - [2010.03.12 14:20:56 | 000,184,272 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\QipGuard\QipGuard.exe
PRC - [2010.03.02 10:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.25 01:01:11 | 001,265,664 | ---- | M] (Eugene Roshal & FAR Group) -- C:\Documents and Settings\Owner\Desktop\Far20b1420.x86.20100225\Far.exe
PRC - [2010.02.24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.01.29 13:07:33 | 001,800,464 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2010.01.29 13:07:32 | 000,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2010.01.14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.10.27 00:58:37 | 009,258,440 | ---- | M] (Foxit Software) -- C:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe
PRC - [2009.09.24 15:41:58 | 000,434,176 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
PRC - [2009.08.20 12:44:38 | 000,615,688 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2009.07.13 00:49:50 | 001,885,184 | ---- | M] (Webteh) -- C:\Program Files\Webteh\BSplayer\bsplayer.exe
PRC - [2009.04.30 13:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2009.04.20 20:17:01 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.08.26 19:02:24 | 000,014,336 | ---- | M] (Agere Systems) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2007.05.09 22:33:52 | 000,106,904 | ---- | M] (Alexander Avdonin) -- C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
PRC - [2007.05.04 01:51:44 | 000,182,576 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe
PRC - [2007.05.04 01:51:42 | 000,095,024 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2007.05.04 01:51:06 | 000,293,168 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2007.03.07 13:19:00 | 000,066,048 | R--- | M] (Bioscrypt Inc.) -- C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
PRC - [2007.01.09 22:52:32 | 000,145,184 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2007.01.05 23:36:48 | 000,872,448 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2006.12.04 23:13:16 | 000,292,384 | R--- | M] (Sierra Wireless Inc.) -- C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
PRC - [2005.04.27 21:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2003.01.16 11:32:40 | 000,049,152 | ---- | M] (Ruling Tec Pte Ltd) -- C:\Program Files\VibrateGameDeviceDriver\rfpicon.exe
PRC - [2000.01.01 02:00:00 | 001,034,384 | ---- | M] (Code Systems Corporation) -- C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe

========== Modules (SafeList) ==========

MOD - [2010.04.20 16:15:53 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2009.04.20 20:16:40 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5705_x-ww_36cfed49\comctl32.dll
MOD - [2008.12.09 12:13:02 | 000,035,328 | ---- | M] (BST) -- C:\Program Files\Webteh\BSplayer\mmkeybsupp.dll
MOD - [2007.02.26 11:49:00 | 000,070,144 | R--- | M] (Bioscrypt Inc.) -- C:\WINDOWS\system32\APSHook.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (OracleDBConsoleorcl)
SRV - [2010.04.19 19:09:42 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.02.24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.01.29 13:07:32 | 000,723,632 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2009.11.23 10:41:26 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.10.20 20:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009.06.17 12:18:42 | 006,582,912 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)
SRV - [2009.04.30 13:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2008.12.10 02:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- C:\Program Files\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)
SRV - [2008.08.26 19:02:24 | 000,014,336 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008.07.30 01:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.05.13 22:39:24 | 000,085,504 | R--- | M] (Bioscrypt Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2007.06.08 16:06:42 | 000,172,131 | R--- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\WINDOWS\system32\flcdlock.exe -- (FLCDLOCK)
SRV - [2007.05.04 01:51:44 | 000,182,576 | ---- | M] (ActivIdentity) [Auto | Running] -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)
SRV - [2006.12.04 23:13:16 | 000,292,384 | R--- | M] (Sierra Wireless Inc.) [Auto | Running] -- C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe -- (SWIHPWMI)
SRV - [2006.06.22 13:14:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
SRV - [2005.04.27 21:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)

========== Driver Services (SafeList) ==========

DRV - [2010.03.01 09:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.02.01 20:09:58 | 000,134,344 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2010.01.29 13:07:38 | 000,087,104 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2010.01.29 13:07:38 | 000,025,160 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2009.10.20 20:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009.07.15 23:30:43 | 001,391,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcmwl5.sys -- (BCM43XX)
DRV - [2009.05.11 11:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.20 20:31:58 | 000,009,096 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\amdide1.sys -- (amdide1)
DRV - [2009.03.19 18:40:10 | 000,009,216 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008.11.21 21:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.11.04 03:45:46 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV - [2008.11.04 03:45:46 | 000,108,200 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV - [2008.11.04 03:45:46 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2008.11.04 03:45:44 | 000,114,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2008.11.04 03:45:44 | 000,086,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV - [2008.11.04 03:45:44 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV - [2008.11.04 03:45:44 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2008.08.14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs)
DRV - [2008.04.14 14:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008.03.28 01:14:00 | 000,224,672 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2008.02.05 20:38:22 | 000,281,600 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2008.01.09 13:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2007.12.18 18:46:24 | 002,849,280 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007.11.07 19:15:44 | 000,012,928 | ---- | M] (Padix Co., Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DynCal.sys -- (DynCal)
DRV - [2007.09.25 16:37:50 | 000,020,520 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2007.09.25 16:37:48 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2007.07.17 08:24:00 | 000,035,072 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HP24X.sys -- (HP24X)
DRV - [2007.06.19 00:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007.06.08 15:49:46 | 000,030,008 | R--- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\damdrv.sys -- (DAMDrv)
DRV - [2007.05.26 12:39:24 | 000,024,304 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2007.04.24 11:33:46 | 000,100,488 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125mgmt.sys -- (s125mgmt) Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM)
DRV - [2007.04.24 11:33:46 | 000,098,696 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125obex.sys -- (s125obex)
DRV - [2007.04.24 11:33:44 | 000,108,680 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125mdm.sys -- (s125mdm)
DRV - [2007.04.24 11:33:42 | 000,015,112 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125mdfl.sys -- (s125mdfl)
DRV - [2007.04.24 11:33:34 | 000,083,336 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125bus.sys -- (s125bus) Sony Ericsson Device 125 driver (WDM)
DRV - [2007.02.27 09:21:00 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007.02.14 21:21:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007.02.14 21:21:00 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2007.02.14 21:20:58 | 000,868,298 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007.02.14 21:20:58 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007.02.14 21:20:58 | 000,047,907 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2007.02.14 21:20:58 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007.02.14 21:20:56 | 000,530,861 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006.07.02 05:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006.01.13 15:00:52 | 000,015,872 | ---- | M] (Flint Incorporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\vd_filedisk.sys -- (VD_FileDisk)
DRV - [2002.09.16 17:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PQNTDRV.sys -- (PQNTDrv)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..browser.search.selectedEngine: "IMDB"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.3
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.13
FF - prefs.js..extensions.enabledItems: {9d1f059c-cada-4111-9696-41a62d64e3ba}:0.5.1.2
FF - prefs.js..extensions.enabledItems: {582195F5-92E7-40a0-A127-DB71295901D7}:0.6
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {99999999-73df-4e76-b66c-87d3db104b03}:1.3.5
FF - prefs.js..extensions.enabledItems: {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}:0.8.6.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.63
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: secureLogin@blueimp.net:0.9.3
FF - prefs.js..extensions.enabledItems: smartbookmarksbar@remy.juteau:1.4.3
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.foxtrick.prefs.module.YouthSkillHideUnknown.HideMaximalKeyWord.enabled: false
FF - prefs.js..keyword.URL: "http://search.qip.ru/search?from=FF&query="

FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.06 16:24:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.13 00:24:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.04 16:22:35 | 000,000,000 | ---D | M]

[2009.07.15 23:09:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010.04.19 20:03:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dbxdfnrh.default\extensions
[2010.04.05 12:16:24 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dbxdfnrh.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2009.07.17 15:05:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dbxdfnrh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.01.28 15:15:06 | 000,000,000 | ---D | M] (Html Validator) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dbxdfnrh.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
[2010.04.05 12:16:26 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dbxdfnrh.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010.01.28 15:14:27 | 000,000,000 | ---D | M] (Gmail Manager) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dbxdfnrh.default\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}
[2010.04.17 11:41:16 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dbxdfnrh.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.02.24 13:34:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dbxdfnrh.default\extensions\{99999999-73df-4e76-b66c-87d3db104b03}
[2010.04.05 12:16:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dbxdfnrh.default\extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba}
[2010.04.16 08:56:27 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dbxdfnrh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.01.08 10:57:27 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dbxdfnrh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.03.13 18:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dbxdfnrh.default\extensions\firebug@software.joehewitt.com
[2009.11.11 09:37:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dbxdfnrh.default\extensions\firefox@tvunetworks.com
[2010.01.09 13:14:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dbxdfnrh.default\extensions\foxybb@dameisel
[2009.07.16 06:36:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dbxdfnrh.default\extensions\secureLogin@blueimp.net
[2009.07.16 11:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dbxdfnrh.default\extensions\smartbookmarksbar@remy.juteau
[2009.07.16 11:38:28 | 000,001,512 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dbxdfnrh.default\searchplugins\imdb.xml
[2010.04.14 16:52:19 | 000,004,859 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dbxdfnrh.default\searchplugins\isohunt---bt-search.xml
[2010.03.31 13:59:33 | 000,002,062 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dbxdfnrh.default\searchplugins\qip-search.xml
[2009.07.16 11:39:16 | 000,001,699 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dbxdfnrh.default\searchplugins\sfd.xml
[2010.04.19 20:03:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.10.27 00:57:23 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010.03.12 18:37:20 | 000,001,583 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\atlas-sk.xml
[2010.03.12 18:37:20 | 000,001,380 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\azet-sk.xml
[2010.03.12 18:37:20 | 000,001,479 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\dunaj-sk.xml
[2010.03.12 18:37:20 | 000,001,473 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slovnik-sk.xml
[2010.03.12 18:37:20 | 000,001,104 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-sk.xml
[2010.03.12 18:37:20 | 000,000,830 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\zoznam-sk.xml

detroit · #35 Příspěvek od **detroit** » 20 dub 2010 15:27

OTL.txt (2.cast):

O1 HOSTS File: ([2010.04.17 19:06:19 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (NuSphere ToolBar) - {0F62D223-9206-4EA3-9EA8-D0F3C7C82ACA} - C:\Program Files\NuSphere\PhpED\NuSphereIEBar.dll ()
O4 - HKLM..\Run: [accrdsub] c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AT&T Communication Manager] c:\Program Files\AT&T\Communication Manager\ATTCM.exe (ATT)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Cognizance Corporation)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [RTBatteryMeter] C:\Program Files\VibrateGameDeviceDriver\rfpicon.exe (Ruling Tec Pte Ltd)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKCU..\Run: [QIP Internet Guardian] C:\Documents and Settings\Owner\Application Data\QipGuard\QipGuard.exe ()
O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - HKCU..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (Alexander Avdonin)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\8011.lnk = C:\DOCUME~1\Owner\LOCALS~1\Temp\mvNat.exe File not found
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Spoon Sandbox Manager 3.14.lnk = C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe (Code Systems Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 18
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: NuSphere PhpED :: Debug this page - C:\Program Files\NuSphere\PhpED\NuSphereIEBar.dll ()
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : Nastavenia rozšírenia &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftup ... 1506473359 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 1506464718 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_19)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 158.195.4.3 158.195.2.6
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ackpbsc: DllName - c:\WINDOWS\system32\ackpbsc.dll - C:\WINDOWS\system32\ackpbsc.dll (ActivIdentity)
O20 - Winlogon\Notify\acunlock: DllName - c:\Program Files\ActivIdentity\ActivClient\acunlock.dll - c:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\DeviceNP: DllName - DeviceNP.dll - C:\WINDOWS\System32\DeviceNP.dll (Hewlett-Packard Limited)
O20 - Winlogon\Notify\OneCard: DllName - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Bioscrypt Inc.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.07.16 04:04:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.04.20 16:15:52 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010.04.20 16:07:31 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.04.19 00:00:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Invazia- Blato nad zlato
[2010.04.18 21:32:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\INVAZIA - Raperi od hranic... Bez hranic
[2010.04.17 19:57:55 | 000,882,672 | ---- | C] (Duplex Secure Ltd.) -- C:\Documents and Settings\Owner\Desktop\SPTDinst-v169-x86.exe
[2010.04.17 18:51:40 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.04.17 18:42:05 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\wscntfy.exe
[2010.04.17 17:27:21 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2010.04.17 17:27:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2010.04.17 17:27:19 | 000,000,000 | ---D | C] -- C:\Program Files\windows nt
[2010.04.17 17:27:19 | 000,000,000 | ---D | C] -- C:\Program Files\outlook express
[2010.04.17 17:27:18 | 000,000,000 | ---D | C] -- C:\Program Files\netmeeting
[2010.04.17 17:27:18 | 000,000,000 | ---D | C] -- C:\Program Files\msn gaming zone
[2010.04.17 17:27:18 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2010.04.17 17:27:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2010.04.17 17:07:16 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.04.17 17:07:16 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.04.17 17:07:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.04.17 17:07:15 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.04.17 17:07:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.04.17 17:02:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.04.17 16:04:24 | 000,000,000 | ---D | C] -- C:\rsit
[2010.04.17 14:19:49 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wintrust.dll
[2010.04.17 14:19:39 | 002,190,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010.04.17 14:19:39 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010.04.17 14:19:38 | 002,024,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010.04.17 14:19:37 | 002,066,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2010.04.17 14:19:29 | 000,226,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip6.sys
[2010.04.17 14:19:29 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\6to4svc.dll
[2010.04.17 14:19:24 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vbscript.dll
[2010.04.17 14:19:15 | 000,457,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010.04.17 14:19:08 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010.04.17 14:19:07 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2010.04.17 14:19:07 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2010.04.17 14:19:07 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2010.04.17 14:19:07 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010.04.17 14:18:37 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010.04.17 14:18:25 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2010.04.17 14:18:19 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iyuv_32.dll
[2010.04.17 14:18:19 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msvidc32.dll
[2010.04.17 14:18:19 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrle32.dll
[2010.04.17 14:18:19 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsbyuv.dll
[2010.04.17 14:18:10 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msyuv.dll
[2010.04.17 14:18:04 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csrsrv.dll
[2010.04.17 14:17:58 | 000,474,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shlwapi.dll
[2010.04.17 14:17:41 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010.04.17 14:17:37 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oakley.dll
[2010.04.17 14:17:31 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\raschap.dll
[2010.04.17 14:17:26 | 000,354,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winhttp.dll
[2010.04.17 14:17:19 | 000,265,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\http.sys
[2010.04.17 14:17:19 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\strmfilt.dll
[2010.04.17 14:17:19 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpapi.dll
[2010.04.17 14:17:13 | 001,447,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2010.04.17 14:17:13 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2010.04.17 14:16:59 | 001,435,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.dll
[2010.04.17 14:16:48 | 000,247,326 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\strmdll.dll
[2010.04.17 14:16:43 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msasn1.dll
[2010.04.17 14:16:11 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll
[2010.04.17 14:14:59 | 000,015,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2010.04.17 14:14:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010.04.17 02:31:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Invazia - Medzi Casom (2010)
[2010.04.13 17:31:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\temp
[2010.04.12 19:08:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\ReUpGang_Cracksploitation_Vol2
[2010.04.12 14:23:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Far20b1420.x86.20100225
[2010.04.12 14:22:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Documentation
[2010.04.12 13:29:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Masta_Ace_And_Edo_G-Arts_And_Entertainment-2009
[2010.04.11 01:01:51 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.04.11 01:01:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.04.11 01:01:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.04.11 01:01:51 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010.04.08 20:57:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\cat
[2010.04.07 19:49:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\1. rocnik
[2010.04.02 20:26:23 | 000,000,000 | ---D | C] -- C:\Program Files\Buzzer Control
[2010.04.02 20:24:59 | 001,237,487 | ---- | C] (gardier ) -- C:\Documents and Settings\Owner\Desktop\BuzzerControl_setup_1.03.exe
[2010.03.31 19:15:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010.03.31 18:40:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Avira
[2010.03.31 14:15:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Seiz - Minifunxtape (2008)
[2010.03.31 13:59:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\QipGuard
[2010.03.22 20:18:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\catalog
[2009.11.28 11:49:14 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Documents and Settings\All Users\Application Data\hpe8.dll
[2009.08.14 12:09:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009.08.14 12:04:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009.07.17 12:19:14 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009.07.16 15:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2009.07.16 04:05:39 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009.07.16 04:05:36 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009.07.16 04:03:56 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.04.20 16:17:25 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{5C46FB11-4F45-431C-BE9F-36C6B3934444}.job
[2010.04.20 16:15:53 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010.04.20 15:50:00 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1770027372-1801674531-1003UA.job
[2010.04.20 15:29:00 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.04.20 12:59:42 | 000,245,248 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.20 12:43:51 | 000,007,327 | ---- | M] () -- C:\Documents and Settings\Owner\.recently-used.xbel
[2010.04.20 12:23:04 | 000,028,428 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Dieta_a_rodina_960x100.swf
[2010.04.20 12:23:04 | 000,001,032 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Dieta_a_rodina_960x100.html
[2010.04.20 12:23:02 | 000,029,115 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\fwdfwdrebannerynaforbaby.zip
[2010.04.20 11:02:43 | 000,441,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.04.20 11:02:43 | 000,071,462 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.04.20 11:02:42 | 000,521,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.04.20 11:01:13 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.04.20 10:57:38 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.20 10:57:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.20 10:57:23 | 2549,403,648 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.20 01:31:52 | 008,126,464 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010.04.20 01:31:52 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010.04.19 21:33:07 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.04.19 00:49:12 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\noname1.css
[2010.04.18 21:37:49 | 000,017,528 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gdf.pdf
[2010.04.18 21:37:49 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\FOXIT_PDF
[2010.04.18 10:50:03 | 000,001,040 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1770027372-1801674531-1003Core.job
[2010.04.17 20:12:16 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010.04.17 20:10:46 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\mbr.exe
[2010.04.17 20:05:42 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\defogger_reenable
[2010.04.17 20:05:13 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2010.04.17 19:57:56 | 000,882,672 | ---- | M] (Duplex Secure Ltd.) -- C:\Documents and Settings\Owner\Desktop\SPTDinst-v169-x86.exe
[2010.04.17 19:06:19 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.04.17 18:51:49 | 000,000,293 | RHS- | M] () -- C:\boot.ini
[2010.04.17 18:41:44 | 000,007,120 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\wscntfy.zip
[2010.04.17 18:28:36 | 000,079,324 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\BuzzerBeater - BK Pendechos @ Roshtar BC - 17. 4. 2010 Ligový zápas_1271521714494.png
[2010.04.17 16:47:09 | 003,916,775 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010.04.17 16:04:04 | 000,781,909 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\RSIT.exe
[2010.04.17 14:42:52 | 002,122,056 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.04.17 14:15:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.04.17 12:12:13 | 003,819,559 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Luzer_-_stebu_sa_to_neda.mp3
[2010.04.17 11:56:11 | 000,141,668 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\BuzzerBeater - BK Pendechos @ Roshtar BC - 17. 4. 2010 Ligový zápas_1271498167473.png
[2010.04.17 02:31:08 | 007,921,479 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Invazia_-_Ataker.mp3
[2010.04.17 02:28:47 | 063,041,440 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Invazia - Medzi Casom (2010) up by djmirente.rar
[2010.04.17 02:23:29 | 004,647,706 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Daimonion_-_Sloboda.mp3
[2010.04.16 21:44:27 | 000,043,997 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Supernatural - 05x18 - Point of No Return.NoTV.Addic7ed.com.srt
[2010.04.16 16:35:09 | 000,002,269 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\index.html
[2010.04.16 10:39:18 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\winscp.rnd
[2010.04.15 13:57:49 | 000,000,598 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010.04.14 21:53:19 | 000,109,536 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\1271274844051.pdf
[2010.04.12 21:08:55 | 000,304,650 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\latex.pdf
[2010.04.12 16:19:31 | 000,205,150 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\transfer.ps.gz
[2010.04.12 14:22:38 | 003,302,648 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Far20b1420.x86.20100225.7z
[2010.04.12 14:11:48 | 000,047,135 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\1 - start.rar
[2010.04.12 11:00:33 | 000,117,563 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\1271062861641.pdf
[2010.04.12 00:04:16 | 000,135,000 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\11038859-1001-Movies-You-Must-See-Before-You-Die.pdf
[2010.04.11 01:01:28 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010.04.11 01:01:28 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.04.11 01:01:28 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.04.11 01:01:28 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.04.11 01:01:28 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010.04.10 11:02:03 | 000,001,511 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vuze.lnk
[2010.04.09 12:03:45 | 000,371,461 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\adresar_skol.csv
[2010.04.08 23:35:19 | 009,216,962 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Barrington Levy feat_ Snoop Dogg _ Mims Watch Dem (Murderer).mp3
[2010.04.08 20:43:55 | 000,156,564 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\e-ubytovanie- Podanie žiadosti o ubytovanie_1270752232756.png
[2010.04.07 20:24:44 | 000,012,888 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\obrazok.gif
[2010.04.06 22:57:44 | 000,001,107 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\transparent2.gif
[2010.04.06 22:52:09 | 000,006,836 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\transgif-sample.gif
[2010.04.06 22:52:02 | 000,006,773 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\logopv.jpg
[2010.04.02 20:25:14 | 001,237,487 | ---- | M] (gardier ) -- C:\Documents and Settings\Owner\Desktop\BuzzerControl_setup_1.03.exe
[2010.03.31 17:53:29 | 042,281,152 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\avira_antivir_personal_en.exe
[2010.03.31 16:36:47 | 054,265,823 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\eReMeN - Volaj to jak chceš (2009) .rar
[2010.03.31 14:17:34 | 156,607,328 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\OOo_3.2.0_Win32Intel_install_wJRE_en-US.exe
[2010.03.29 12:21:14 | 001,290,714 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\temp.pdf
[2010.03.29 12:21:14 | 001,290,714 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\sample.pdf
[2010.03.26 15:51:55 | 000,002,319 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\confirm_button.png
[2010.03.26 11:20:59 | 001,071,290 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\100325213230.rar
[2010.03.26 11:20:24 | 014,110,856 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\100325213230.sql
[2010.03.26 10:27:10 | 000,001,657 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dataSynchFloraDovolenka.npd
[2010.03.26 01:07:34 | 000,001,476 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dovolenka-test.npd
[2010.03.24 22:04:45 | 000,008,927 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\foto_043004.jpg
[2010.03.23 14:16:57 | 000,021,744 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\1044.jpg
[2010.03.23 12:14:56 | 000,000,061 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\vgroup.xml
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.04.20 12:43:51 | 000,007,327 | ---- | C] () -- C:\Documents and Settings\Owner\.recently-used.xbel
[2010.04.20 12:23:13 | 000,028,428 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Dieta_a_rodina_960x100.swf
[2010.04.20 12:23:13 | 000,001,032 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Dieta_a_rodina_960x100.html
[2010.04.20 12:23:01 | 000,029,115 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\fwdfwdrebannerynaforbaby.zip
[2010.04.19 00:16:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\noname1.css
[2010.04.17 20:13:16 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.exe
[2010.04.17 20:12:15 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010.04.17 20:10:45 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\mbr.exe
[2010.04.17 20:05:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable
[2010.04.17 20:05:12 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2010.04.17 18:51:49 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2010.04.17 18:51:45 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010.04.17 18:41:43 | 000,007,120 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\wscntfy.zip
[2010.04.17 18:28:36 | 000,079,324 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\BuzzerBeater - BK Pendechos @ Roshtar BC - 17. 4. 2010 Ligový zápas_1271521714494.png
[2010.04.17 17:07:16 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.04.17 17:07:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.04.17 17:07:16 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.04.17 17:07:16 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.04.17 17:07:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.04.17 16:47:08 | 003,916,775 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010.04.17 16:04:03 | 000,781,909 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\RSIT.exe
[2010.04.17 12:07:18 | 003,819,559 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Luzer_-_stebu_sa_to_neda.mp3
[2010.04.17 11:56:10 | 000,141,668 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\BuzzerBeater - BK Pendechos @ Roshtar BC - 17. 4. 2010 Ligový zápas_1271498167473.png
[2010.04.17 02:27:12 | 063,041,440 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Invazia - Medzi Casom (2010) up by djmirente.rar
[2010.04.17 02:23:15 | 004,647,706 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Daimonion_-_Sloboda.mp3
[2010.04.17 02:21:13 | 007,921,479 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Invazia_-_Ataker.mp3
[2010.04.16 21:44:26 | 000,043,997 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Supernatural - 05x18 - Point of No Return.NoTV.Addic7ed.com.srt
[2010.04.16 16:02:39 | 000,017,528 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gdf.pdf
[2010.04.16 10:39:15 | 000,221,883 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\slovbateri.inc.1
[2010.04.15 16:43:29 | 000,002,269 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\index.html
[2010.04.14 21:53:18 | 000,109,536 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\1271274844051.pdf
[2010.04.12 21:09:26 | 000,304,650 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\latex.pdf
[2010.04.12 16:19:37 | 000,879,830 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\transfer.ps
[2010.04.12 16:19:30 | 000,205,150 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\transfer.ps.gz
[2010.04.12 14:22:37 | 003,302,648 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Far20b1420.x86.20100225.7z
[2010.04.12 14:11:47 | 000,047,135 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\1 - start.rar
[2010.04.12 11:00:32 | 000,117,563 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\1271062861641.pdf
[2010.04.12 00:04:15 | 000,135,000 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\11038859-1001-Movies-You-Must-See-Before-You-Die.pdf
[2010.04.10 11:02:03 | 000,001,511 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Vuze.lnk
[2010.04.09 12:03:45 | 000,371,461 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\adresar_skol.csv
[2010.04.08 23:33:28 | 009,216,962 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Barrington Levy feat_ Snoop Dogg _ Mims Watch Dem (Murderer).mp3
[2010.04.08 20:43:54 | 000,156,564 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\e-ubytovanie- Podanie žiadosti o ubytovanie_1270752232756.png
[2010.04.06 22:57:44 | 000,001,107 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\transparent2.gif
[2010.04.06 22:52:09 | 000,006,836 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\transgif-sample.gif
[2010.04.06 22:52:01 | 000,006,773 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\logopv.jpg
[2010.04.06 22:31:56 | 000,012,888 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\obrazok.gif
[2010.03.31 17:44:41 | 042,281,152 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\avira_antivir_personal_en.exe
[2010.03.31 16:19:06 | 054,265,823 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\eReMeN - Volaj to jak chceš (2009) .rar
[2010.03.31 14:16:50 | 156,607,328 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\OOo_3.2.0_Win32Intel_install_wJRE_en-US.exe
[2010.03.29 12:22:25 | 001,290,714 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\sample.pdf
[2010.03.29 12:21:29 | 001,290,714 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\temp.pdf
[2010.03.26 15:51:55 | 000,002,319 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\confirm_button.png
[2010.03.26 11:43:06 | 000,001,657 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dataSynchFloraDovolenka.npd
[2010.03.26 11:43:06 | 000,001,476 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dovolenka-test.npd
[2010.03.26 11:43:04 | 000,000,061 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\vgroup.xml
[2010.03.26 11:24:08 | 014,110,856 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\100325213230.sql
[2010.03.26 11:21:55 | 001,071,290 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\100325213230.rar
[2010.03.24 22:04:45 | 000,008,927 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\foto_043004.jpg
[2010.03.23 14:16:57 | 000,021,744 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\1044.jpg
[2010.03.19 00:30:18 | 000,005,521 | ---- | C] () -- C:\Documents and Settings\Owner\search.png
[2010.03.06 23:26:17 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\PUTTY.RND
[2010.03.02 22:47:29 | 000,000,103 | ---- | C] () -- C:\WINDOWS\pro.INI
[2010.02.26 14:42:17 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\6eccrad1cq9167tty
[2010.01.18 16:51:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\.cvspass
[2010.01.08 01:32:40 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009.12.10 23:44:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\FnF4.txt
[2009.10.27 00:01:50 | 000,003,654 | ---- | C] () -- C:\WINDOWS\iexplore.ini
[2009.10.27 00:00:22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\globhist.htm
[2009.10.27 00:00:22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\favorite.htm
[2009.10.20 20:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009.10.13 23:17:18 | 001,589,248 | ---- | C] () -- C:\WINDOWS\System32\libmysql_d.dll
[2009.09.24 23:01:22 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009.09.15 22:20:46 | 000,000,146 | ---- | C] () -- C:\Documents and Settings\Owner\.appletviewer
[2009.07.29 10:39:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\.javafx_eula_accepted
[2009.07.17 14:45:22 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2009.07.17 10:51:28 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Owner\ho.dir
[2009.07.16 14:10:43 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\winscp.rnd
[2009.07.16 12:04:55 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009.07.16 12:04:54 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009.07.16 12:03:51 | 000,029,132 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009.07.16 04:46:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\QSwitch.txt
[2009.07.16 04:46:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DSwitch.txt
[2009.07.16 04:46:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\AtStart.txt
[2009.07.16 04:18:47 | 000,245,248 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.07.16 04:15:04 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009.07.16 04:15:02 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2009.07.16 04:15:01 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009.07.16 04:15:01 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.07.16 04:15:01 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.07.16 04:15:00 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.07.16 04:15:00 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009.07.16 04:10:49 | 000,094,248 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009.07.16 04:05:54 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Owner\ntuser.ini
[2009.07.16 04:05:53 | 000,007,287 | ---- | C] () -- C:\Documents and Settings\Owner\ASPNETSetup.log
[2009.07.16 04:05:52 | 008,126,464 | -H-- | C] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2009.07.16 04:05:52 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Owner\NTUSER.DAT.LOG
[2009.04.20 20:25:16 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll
[2007.06.08 16:05:38 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\flcdlmsg.dll
[2007.02.06 22:20:00 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007.02.06 21:55:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005.02.17 18:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005.02.17 18:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001.11.14 19:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1998.05.07 10:10:00 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\ODMA32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1DEE6B65
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6017A808
< End of report >

#36 Příspěvek od **Caroprd111** » 20 dub 2010 15:50

Spusťte OTL a do spodního okna vložte následující skript.

Kód: Vybrat vše

:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..extensions.foxtrick.prefs.module.YouthSkillHideUnknown.HideMaximalKeyWord.enabled: false
FF - prefs.js..keyword.URL: "http://search.qip.ru/search?from=FF&query="
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\8011.lnk = C:\DOCUME~1\Owner\LOCALS~1\Temp\mvNat.exe File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2010.02.26 14:42:17 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\6eccrad1cq9167tty
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1DEE6B65
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6017A808

:Commands
[PURITY] 
[EMPTYTEMP] 
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[CREATERESTOREPOINT]

Poté klikněte na Opravit, PC se restartuje, log vložte sem.

Obrázek

Tohle otestujte na http://www.virustotal.com/cs/
C:\WINDOWS\System32\pthreadVC.dll
C:\WINDOWS\System32\rmc_rtspdl.dll

(Soubor nehledejte, jenom vložíte tučně označenou cestu, v případě hlášky "Soubor již byl testován" dejte otestovat znovu. Výsledek analýzy sem v podobě odkazu vložte.)

detroit · #37 Příspěvek od **detroit** » 20 dub 2010 16:05

log po restarte:

All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Prefs.js: "QIP Search" removed from browser.search.defaultenginename
Prefs.js: false removed from extensions.foxtrick.prefs.module.YouthSkillHideUnknown.HideMaximalKeyWord.enabled
Prefs.js: "http://search.qip.ru/search?from=FF&query=" removed from keyword.URL
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\8011.lnk moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\Documents and Settings\Owner\Application Data\6eccrad1cq9167tty moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1DEE6B65 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6017A808 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Custom Settings

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Owner
->Temp folder emptied: 2226984 bytes
->Temporary Internet Files folder emptied: 5325045 bytes
->Java cache emptied: 29811583 bytes
->FireFox cache emptied: 294462190 bytes
->Google Chrome cache emptied: 12491012 bytes
->Opera cache emptied: 33722873 bytes
->Flash cache emptied: 364135 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 361,00 mb

[EMPTYFLASH]

User: All Users

User: Custom Settings

User: Default User

User: LocalService

User: NetworkService

User: Owner
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

Restore points cleared and new OTL Restore Point set!
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

OTL by OldTimer - Version 3.2.1.3 log created on 04202010_165327

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\dbxdfnrh.default\Google Gears for Firefox\mail.google.com\http_80\WebCache-MAIN_IMAGES-david.kovac72@gmail.com-GoogleMail[9]#localserver\aim_left_anchor_bubble_bot[2357].gif not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\dbxdfnrh.default\Google Gears for Firefox\mail.google.com\http_80\WebCache-MAIN_IMAGES-david.kovac72@gmail.com-GoogleMail[9]#localserver\aim_left_anchor_bubble_top[2358].gif not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\dbxdfnrh.default\Google Gears for Firefox\mail.google.com\http_80\WebCache-MAIN_IMAGES-david.kovac72@gmail.com-GoogleMail[9]#localserver\aim_no_anchor_bubble_bot[2359].gif not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\dbxdfnrh.default\Google Gears for Firefox\mail.google.com\http_80\WebCache-MAIN_IMAGES-david.kovac72@gmail.com-GoogleMail[9]#localserver\aim_no_anchor_bubble_top[2360].gif not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\dbxdfnrh.default\Google Gears for Firefox\mail.google.com\http_80\WebCache-MAIN_IMAGES-david.kovac72@gmail.com-GoogleMail[9]#localserver\aim_right_anchor_bubble_bot[2361].gif not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\dbxdfnrh.default\Google Gears for Firefox\mail.google.com\http_80\WebCache-MAIN_IMAGES-david.kovac72@gmail.com-GoogleMail[9]#localserver\aim_right_anchor_bubble_top[2362].gif not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\dbxdfnrh.default\Google Gears for Firefox\mail.google.com\http_80\WebCache-MAIN_IMAGES-david.kovac72@gmail.com-GoogleMail[9]#localserver\muc_left_anchor_bubble_bot[2376].png not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\dbxdfnrh.default\Google Gears for Firefox\mail.google.com\http_80\WebCache-MAIN_IMAGES-david.kovac72@gmail.com-GoogleMail[9]#localserver\muc_left_anchor_bubble_top[2377].png not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\dbxdfnrh.default\Google Gears for Firefox\mail.google.com\http_80\WebCache-MAIN_IMAGES-david.kovac72@gmail.com-GoogleMail[9]#localserver\muc_no_anchor_bubble_bot[2378].png not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\dbxdfnrh.default\Google Gears for Firefox\mail.google.com\http_80\WebCache-MAIN_IMAGES-david.kovac72@gmail.com-GoogleMail[9]#localserver\muc_no_anchor_bubble_top[2379].png not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\dbxdfnrh.default\Google Gears for Firefox\mail.google.com\http_80\WebCache-MAIN_IMAGES-david.kovac72@gmail.com-GoogleMail[9]#localserver\muc_right_anchor_bubble_bot[2380].png not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\dbxdfnrh.default\Google Gears for Firefox\mail.google.com\http_80\WebCache-MAIN_IMAGES-david.kovac72@gmail.com-GoogleMail[9]#localserver\muc_right_anchor_bubble_top[2381].png not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\dbxdfnrh.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-david.kovac72@gmail.com-GoogleMail[12]#localserver\aim_left_anchor_bubble_bot[3434].gif not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\dbxdfnrh.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-david.kovac72@gmail.com-GoogleMail[12]#localserver\aim_left_anchor_bubble_top[3435].gif not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\dbxdfnrh.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-david.kovac72@gmail.com-GoogleMail[12]#localserver\aim_no_anchor_bubble_bot[3437].gif not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\dbxdfnrh.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-david.kovac72@gmail.com-GoogleMail[12]#localserver\aim_no_anchor_bubble_top[3438].gif not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\dbxdfnrh.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-david.kovac72@gmail.com-GoogleMail[12]#localserver\aim_right_anchor_bubble_bot[3439].gif not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\dbxdfnrh.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-david.kovac72@gmail.com-GoogleMail[12]#localserver\aim_right_anchor_bubble_top[3440].gif not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\dbxdfnrh.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-david.kovac72@gmail.com-GoogleMail[12]#localserver\muc_left_anchor_bubble_bot[3462].png not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\dbxdfnrh.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-david.kovac72@gmail.com-GoogleMail[12]#localserver\muc_left_anchor_bubble_top[3463].png not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\dbxdfnrh.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-david.kovac72@gmail.com-GoogleMail[12]#localserver\muc_no_anchor_bubble_bot[3464].png not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\dbxdfnrh.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-david.kovac72@gmail.com-GoogleMail[12]#localserver\muc_no_anchor_bubble_top[3466].png not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\dbxdfnrh.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-david.kovac72@gmail.com-GoogleMail[12]#localserver\muc_right_anchor_bubble_bot[3467].png not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\dbxdfnrh.default\Google Gears for Firefox\mail.google.com\https_443\WebCache-MAIN_IMAGES-david.kovac72@gmail.com-GoogleMail[12]#localserver\muc_right_anchor_bubble_top[3469].png not found!

Registry entries deleted on Reboot...

#38 Příspěvek od **Caroprd111** » 20 dub 2010 16:09

Ok, ještě ten virustotal.

detroit · #39 Příspěvek od **detroit** » 20 dub 2010 16:20

islo to trochu pomalsie, preto to spozdenie

C:\WINDOWS\System32\pthreadVC.dll
http://www.virustotal.com/cs/analisis/9 ... 1271776618
C:\WINDOWS\System32\rmc_rtspdl.dll
http://www.virustotal.com/cs/analisis/c ... 1271776711

#40 Příspěvek od **Caroprd111** » 20 dub 2010 16:32

Jak to vypadá s PC

detroit · #41 Příspěvek od **detroit** » 20 dub 2010 16:34

je to ok, nevsimol som nic divne

#42 Příspěvek od **Caroprd111** » 20 dub 2010 16:37

Poprosím o nový log z RSIT.

detroit · #43 Příspěvek od **detroit** » 20 dub 2010 16:39

Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2010-04-20 17:38:33
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 11 GB (21%) free of 54 GB
Total RAM: 2431 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:38:40, on 20.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
c:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\Documents and Settings\Owner\Application Data\QipGuard\QipGuard.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\Far20b1420.x86.20100225\Far.exe
C:\Program Files\PSPad editor\PSPad.exe
C:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: NuSphere ToolBar - {0F62D223-9206-4EA3-9EA8-D0F3C7C82ACA} - C:\Program Files\NuSphere\PhpED\NuSphereIEBar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [accrdsub] "c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AT&T Communication Manager] "c:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [RTBatteryMeter] C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [QIP Internet Guardian] C:\Documents and Settings\Owner\Application Data\QipGuard\QipGuard.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Spoon Sandbox Manager 3.14.lnk = C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe
O8 - Extra context menu item: NuSphere PhpED :: Debug this page - res://C:\Program Files\NuSphere\PhpED\NuSphereIEBar.dll/1000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: Nastavenia rozšírenia &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: QIP Infium - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP Infium\infium.exe (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 1506473359
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1506464718
O20 - Winlogon Notify: ackpbsc - c:\WINDOWS\system32\ackpbsc.dll
O20 - Winlogon Notify: acunlock - c:\Program Files\ActivIdentity\ActivClient\acunlock.dll
O20 - Winlogon Notify: DeviceNP - C:\WINDOWS\SYSTEM32\DeviceNP.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - c:\Program Files\ActivIdentity\ActivClient\accoca.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\WINDOWS\system32\flcdlock.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: OracleDBConsoleorcl - Unknown owner - C:\oracle\product\10.2.0\db_1\bin\nmesrvc.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
O23 - Service: wampapache - Apache Software Foundation - C:\Program Files\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 11613 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1770027372-1801674531-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1770027372-1801674531-1003UA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{5C46FB11-4F45-431C-BE9F-36C6B3934444}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
Credential Manager for HP ProtectTools - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll [2006-11-21 70928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}]
Google Gears Helper - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll [2010-02-23 2121728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-11 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0F62D223-9206-4EA3-9EA8-D0F3C7C82ACA} - NuSphere ToolBar - C:\Program Files\NuSphere\PhpED\NuSphereIEBar.dll [2009-11-04 500856]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-14 208952]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-28 1040384]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2009-04-15 181816]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-01-05 872448]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-04-15 488752]
"PTHOSTTR"=c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [2007-01-09 145184]
"accrdsub"=c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [2007-05-04 293168]
"CognizanceTS"=C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll [2003-12-23 17920]
"HP Software Update"=c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]
"AT&T Communication Manager"=c:\Program Files\AT&T\Communication Manager\ATTCM.exe [2007-05-26 22528]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2009-07-16 1945600]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
"RTBatteryMeter"=C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe [2003-01-16 49152]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2010-01-29 1800464]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2009-09-24 434176]
"TaskSwitchXP"=C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe [2007-05-09 106904]
"Google Update"=C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-31 135664]
"QIP Internet Guardian"=C:\Documents and Settings\Owner\Application Data\QipGuard\QipGuard.exe [2010-03-12 184272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSwitch]
C:\WINDOWS\system32\taskswitch.exe [2002-03-20 45632]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
Spoon Sandbox Manager 3.14.lnk - C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.14.0.5\Spoon-Sandbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ackpbsc]
c:\WINDOWS\system32\ackpbsc.dll [2007-05-04 112640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\acunlock]
c:\Program Files\ActivIdentity\ActivClient\acunlock.dll [2007-05-04 281088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-12-18 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DeviceNP]
C:\WINDOWS\system32\DeviceNP.dll [2007-06-08 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OneCard]
C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [2008-05-13 85504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-24 3584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2009-04-20 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"ForceClassicControlPanel"=
"MaxRecentDocs"=
"NoSMConfigurePrograms"=
"NoDriveTypeAutoRun"=
"NoRecentDocsNetHood"=
"MemCheckBoxInRunDlg"=
"NoDriveAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\NuSphere\PhpED\php\php.exe"="C:\Program Files\NuSphere\PhpED\php\php.exe:*:Enabled:php4-cgi"
"C:\Program Files\NuSphere\PhpED\php\php-cli.exe"="C:\Program Files\NuSphere\PhpED\php\php-cli.exe:*:Enabled:php4-cli"
"C:\Program Files\NuSphere\PhpED\php5\php-cgi.exe"="C:\Program Files\NuSphere\PhpED\php5\php-cgi.exe:*:Enabled:php5-cgi"
"C:\Program Files\NuSphere\PhpED\php5\php.exe"="C:\Program Files\NuSphere\PhpED\php5\php.exe:*:Enabled:php5-cli"
"C:\Program Files\NuSphere\PhpED\php53\php-cgi.exe"="C:\Program Files\NuSphere\PhpED\php53\php-cgi.exe:*:Enabled:php53-cgi"
"C:\Program Files\NuSphere\PhpED\php53\php.exe"="C:\Program Files\NuSphere\PhpED\php53\php.exe:*:Enabled:php53-cli"
"C:\Program Files\NuSphere\PhpED\Srv.exe"="C:\Program Files\NuSphere\PhpED\Srv.exe:*:Enabled:NuSphere PhpED SRV web server"
"C:\Program Files\NuSphere\PhpED\debugger\DbgListener.exe"="C:\Program Files\NuSphere\PhpED\debugger\DbgListener.exe:*:Enabled:NuSphere PhpED Dbg Listener"
"C:\Program Files\NuSphere\PhpED\phped.exe"="C:\Program Files\NuSphere\PhpED\phped.exe:*:Enabled:NuSphere PhpED Embedded browser"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-04-20 16:53:27 ----D---- C:\_OTL
2010-04-20 16:07:31 ----SHD---- C:\RECYCLER
2010-04-19 21:35:39 ----A---- C:\ComboFix.txt
2010-04-17 18:58:12 ----A---- C:\WINDOWS\system32\wscntfy.exe
2010-04-17 18:51:49 ----A---- C:\Boot.bak
2010-04-17 18:51:40 ----RASHD---- C:\cmdcons
2010-04-17 18:42:05 ----N---- C:\wscntfy.exe
2010-04-17 17:27:21 ----D---- C:\Program Files\xerox
2010-04-17 17:27:19 ----D---- C:\WINDOWS\system32\xircom
2010-04-17 17:27:19 ----D---- C:\Program Files\windows nt
2010-04-17 17:27:19 ----D---- C:\Program Files\outlook express
2010-04-17 17:27:18 ----D---- C:\WINDOWS\system32\inetsrv
2010-04-17 17:27:18 ----D---- C:\Program Files\netmeeting
2010-04-17 17:27:18 ----D---- C:\Program Files\msn gaming zone
2010-04-17 17:27:18 ----D---- C:\Program Files\microsoft frontpage
2010-04-17 17:07:16 ----A---- C:\WINDOWS\zip.exe
2010-04-17 17:07:16 ----A---- C:\WINDOWS\SWREG.exe
2010-04-17 17:07:16 ----A---- C:\WINDOWS\sed.exe
2010-04-17 17:07:16 ----A---- C:\WINDOWS\PEV.exe
2010-04-17 17:07:16 ----A---- C:\WINDOWS\NIRCMD.exe
2010-04-17 17:07:16 ----A---- C:\WINDOWS\MBR.exe
2010-04-17 17:07:16 ----A---- C:\WINDOWS\grep.exe
2010-04-17 17:07:15 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-04-17 17:07:15 ----A---- C:\WINDOWS\SWSC.exe
2010-04-17 17:07:01 ----D---- C:\WINDOWS\ERDNT
2010-04-17 17:02:55 ----D---- C:\Qoobox
2010-04-17 16:04:24 ----D---- C:\rsit
2010-04-17 14:34:38 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-17 14:31:00 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-17 14:30:50 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-17 14:30:29 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-17 14:30:20 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-17 14:29:38 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-04-17 14:29:23 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-04-17 14:29:13 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-04-17 14:29:01 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-04-17 14:28:52 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-04-17 14:28:32 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-04-17 14:28:22 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-04-17 14:28:14 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-04-17 14:28:04 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-04-17 14:27:53 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-04-17 14:27:45 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-04-17 14:27:37 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-04-17 14:27:30 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-04-17 14:27:20 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-04-17 14:27:11 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-04-17 14:27:04 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-04-17 14:26:56 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-04-17 14:26:50 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-04-17 14:26:43 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-04-17 14:26:35 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-04-17 14:26:28 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-04-17 14:26:21 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-04-17 14:26:17 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-04-17 14:18:37 ----N---- C:\WINDOWS\system32\browserchoice.exe
2010-04-17 14:14:59 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2010-04-17 14:14:59 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2010-04-11 01:01:51 ----A---- C:\WINDOWS\system32\javaws.exe
2010-04-11 01:01:51 ----A---- C:\WINDOWS\system32\javaw.exe
2010-04-11 01:01:51 ----A---- C:\WINDOWS\system32\java.exe
2010-04-02 20:26:23 ----D---- C:\Program Files\Buzzer Control
2010-03-31 19:15:53 ----D---- C:\WINDOWS\system32\NtmsData
2010-03-31 18:40:07 ----D---- C:\Documents and Settings\Owner\Application Data\Avira
2010-03-31 13:59:46 ----D---- C:\Documents and Settings\Owner\Application Data\QipGuard

======List of files/folders modified in the last 1 months======

2010-04-20 17:02:20 ----D---- C:\WINDOWS\system32
2010-04-20 17:02:20 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-20 17:01:17 ----SHD---- C:\System Volume Information
2010-04-20 17:01:17 ----D---- C:\WINDOWS\system32\Restore
2010-04-20 17:00:25 ----D---- C:\WINDOWS\Prefetch
2010-04-20 16:59:50 ----D---- C:\WINDOWS\Temp
2010-04-20 16:58:30 ----D---- C:\WINDOWS
2010-04-20 16:58:07 ----D---- C:\WINDOWS\system32\drivers
2010-04-20 16:57:55 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-20 16:56:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-20 12:53:45 ----D---- C:\Documents and Settings\Owner\Application Data\Azureus
2010-04-19 21:33:07 ----A---- C:\WINDOWS\system.ini
2010-04-19 21:30:23 ----D---- C:\WINDOWS\AppPatch
2010-04-19 21:30:16 ----D---- C:\Program Files\Common Files
2010-04-19 20:10:32 ----D---- C:\Documents and Settings\Owner\Application Data\vlc
2010-04-17 19:03:54 ----D---- C:\WINDOWS\system32\config
2010-04-17 18:51:49 ----RASH---- C:\boot.ini
2010-04-17 17:27:21 ----RD---- C:\Program Files
2010-04-17 17:27:20 ----D---- C:\WINDOWS\system32\wbem
2010-04-17 17:20:52 ----SD---- C:\WINDOWS\Tasks
2010-04-17 16:43:40 ----SHD---- C:\WINDOWS\Installer
2010-04-17 16:42:35 ----D---- C:\Program Files\Core Services
2010-04-17 15:38:59 ----D---- C:\WINDOWS\Microsoft.NET
2010-04-17 15:38:49 ----RSD---- C:\WINDOWS\assembly
2010-04-17 14:41:35 ----D---- C:\Program Files\Internet Explorer
2010-04-17 14:34:41 ----HD---- C:\WINDOWS\inf
2010-04-17 14:34:40 ----D---- C:\WINDOWS\system32\dllcache
2010-04-17 14:34:35 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-17 14:30:40 ----D---- C:\WINDOWS\ie8updates
2010-04-17 14:26:50 ----D---- C:\WINDOWS\WinSxS
2010-04-17 14:20:28 ----D---- C:\WINDOWS\system32\CatRoot
2010-04-17 14:15:15 ----D---- C:\WINDOWS\SoftwareDistribution
2010-04-17 14:15:01 ----D---- C:\WINDOWS\Help
2010-04-17 14:14:37 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-04-17 12:14:55 ----D---- C:\WINDOWS\Registration
2010-04-15 13:57:44 ----D---- C:\Program Files\Opera
2010-04-11 01:01:28 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-04-10 11:01:59 ----D---- C:\Program Files\Vuze
2010-04-07 00:32:19 ----A---- C:\WINDOWS\ModemLog_Sony Ericsson Device 1018 USB WMC Data Modem.txt
2010-04-06 23:09:48 ----D---- C:\Documents and Settings\Owner\Application Data\gtk-2.0
2010-04-06 10:52:56 ----A---- C:\WINDOWS\system32\MRT.exe
2010-04-04 16:22:45 ----D---- C:\Program Files\Mozilla Firefox
2010-03-31 23:20:49 ----A---- C:\WINDOWS\ModemLog_Bluetooth Modem.txt
2010-03-31 19:15:53 ----D---- C:\WINDOWS\repair
2010-03-31 13:59:10 ----D---- C:\Program Files\QIP Infium

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-02 36864]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2010-02-01 134344]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2010-01-29 25160]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 VD_FileDisk;VD_FileDisk; C:\WINDOWS\system32\drivers\VD_FileDisk.sys [2006-01-13 15872]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2009-10-20 50704]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2009-04-20 62848]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2008-02-05 281600]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-07-13 94976]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2008-11-21 1204128]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-12-18 2849280]
R3 b57w2k;Broadcom 590x 10/100 Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-02-27 160256]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2007-02-14 530861]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2007-02-14 30459]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-02-14 868298]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 DynCal;Dynamic Calibration Service; C:\WINDOWS\system32\drivers\Dyncal.sys [2007-11-07 12928]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2009-03-19 9216]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-06-19 16768]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2009-04-20 12160]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-05-26 26368]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-03-28 224672]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2009-04-20 30336]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2009-04-20 17152]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2009-07-15 1391104]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-02-14 149123]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2007-02-14 47907]
S3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2007-02-14 30285]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-02-14 67960]
S3 catchme;catchme; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DAMDrv;DAMDrv; C:\WINDOWS\system32\DRIVERS\DAMDrv.sys [2007-06-08 30008]
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2007-09-25 13352]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2007-09-25 20520]
S3 HP24X;HP PC Card Smart Card Reader; C:\WINDOWS\system32\DRIVERS\HP24X.sys [2007-07-17 35072]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCTINDIS5.SYS []
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS []
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM); C:\WINDOWS\system32\DRIVERS\s1018bus.sys [2008-11-04 86696]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys [2008-11-04 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s1018mdm.sys [2008-11-04 114472]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys [2008-11-04 108200]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS); C:\WINDOWS\system32\DRIVERS\s1018nd5.sys [2008-11-04 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s1018obex.sys [2008-11-04 104616]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM); C:\WINDOWS\system32\DRIVERS\s1018unic.sys [2008-11-04 109736]
S3 s125bus;Sony Ericsson Device 125 driver (WDM); C:\WINDOWS\system32\DRIVERS\s125bus.sys [2007-04-24 83336]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s125mdfl.sys [2007-04-24 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s125mdm.sys [2007-04-24 108680]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s125mgmt.sys [2007-04-24 100488]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s125obex.sys [2007-04-24 98696]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-22 32384]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2009-04-20 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-04-20 82944]
S4 exFat;exFat; C:\WINDOWS\system32\drivers\exFat.sys [2009-04-20 133632]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 accoca;ActivClient Middleware Service; c:\Program Files\ActivIdentity\ActivClient\accoca.exe [2007-05-04 182576]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [2008-08-26 14336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-19 267432]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 ASBroker;Logon Session Broker; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 ASChannel;Local Communication Channel; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-12-18 512000]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-02-06 266295]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2010-01-29 723632]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-11 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-10-18 79136]
R2 OMSI download service;Sony Ericsson OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 SWIHPWMI;SWIHPWMI; C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [2006-12-04 292384]
R2 UPHClean;User Profile Hive Cleanup; C:\Program Files\UPHClean\uphclean.exe [2005-04-27 241725]
R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2009-07-16 24576]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-04-23 239160]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-10-22 228656]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-14 133104]
S2 OracleDBConsoleorcl;OracleDBConsoleorcl; C:\oracle\product\10.2.0\db_1\bin\nmesrvc.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; C:\WINDOWS\system32\flcdlock.exe [2007-06-08 172131]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-11-23 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-30 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-30 881664]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2009-10-20 117264]
S3 wampapache;wampapache; C:\Program Files\wamp\bin\apache\apache2.2.11\bin\httpd.exe [2008-12-10 24636]
S3 wampmysqld;wampmysqld; C:\Program Files\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe [2009-06-17 6582912]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2009-04-20 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-30 132096]

-----------------EOF-----------------

#44 Příspěvek od **Caroprd111** » 20 dub 2010 18:10

Odinstalujte ComboFix přes:
Start >> Spustit, zkopírujte do okénka:

ComboFix /Uninstall

stiskněte Enter

Obrázek

Stáhněte T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe

Spusťte, pro potvrzení volby mačkejte klávesu A, Enter
Po použití program vymažte. Pozor,antiviry ho mohou falešně označit za vir.

Stáhněte TFC http://oldtimer.geekstogo.com/TFC.exe

Spusťte.
Klikněte na "Start". Potvrďte hlášku kliknutím na "Ok" (Bude následovat restart)

Stáhněte OTC http://oldtimer.geekstogo.com/OTC.exe

Spusťte.
Klikněte na "CleanUp!". Potvrďte hlášky kliknutím na "Yes" (Bude následovat restart)

Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478

Nainstalujte a v průběhu instalace odškrtněte, že chcete instalovat yahoo toolbar.

Záložka Čistič
Dejte analyzovat, po dokončení dejte Spustit Ccleaner.

Záložka Registry
Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, potom dejte Opravit všechny problémy.
OK Zavřít

COMODO Internet Security používáte pouze jako firewall

detroit · #45 Příspěvek od **detroit** » 20 dub 2010 19:29

vykonal som vsetko podla pokynov. CIS pouzivam iba ako firewall + je tam zapnuta este sluzba Defense+

VIRY.CZ

prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu