PC sa samovolne restartuje, zasekava sa

Zpráva

nemamradvirusy · #1 Příspěvek od **nemamradvirusy** » 23 dub 2010 19:07

zdravim, pozrite sa mi na to pls, log z RSIT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Stefan Babic at 2010-04-23 20:05:34
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 48 GB (63%) free of 76 GB
Total RAM: 1023 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:06:05, on 23.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\PROGRA~1\IMESHA~1\MediaBar\DataMngr\DataMngrUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
D:\DAEMON Tools Lite\DTLite.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\iMesh Applications\iMesh\iMesh.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\RSIT.exe
C:\Program Files\Trend Micro\RSIT.exe
C:\Program Files\trend micro\Stefan Babic.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=fbpage&s= ... Terms}&f=4
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\MediaBar\DataMngr\IEBHO.dll
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.3.60.32\facemoods.dll
O2 - BHO: MediaBar - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: MediaBar - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.3.60.32\facemoodsTlbr.dll
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe" "Microcom\ADSL DeskPorte USB"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DataMngr] C:\PROGRA~1\IMESHA~1\MediaBar\\DataMngr\DataMngrUI.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [iMesh] "C:\Program Files\iMesh Applications\iMesh\iMesh.exe" --lightmode
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Xfire.lnk = D:\Xfire\Xfire.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{B00600CE-4D29-4435-8412-0CC34E50F237}: NameServer = 195.146.128.62 195.146.132.58
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\IMESHA~1\MediaBar\\DataMngr\datamngr.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: Služba Google Update (gupdate1ca5eb583ed04a) (gupdate1ca5eb583ed04a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 7808 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\tasks\SmartDefrag.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{C99BAA4B-4D00-4017-B7AB-1EEFDE99ABAC}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pre aplikáciu Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
UrlHelper Class - C:\Program Files\iMesh Applications\MediaBar\DataMngr\IEBHO.dll [2010-02-23 392624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}]
CescrtHlpr Object - C:\Program Files\facemoods.com\facemoods\1.3.60.32\facemoods.dll [2010-01-21 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}]
MediaBar - C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll [2009-11-20 87472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-13 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-13 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-10-30 1019336]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-08-16 962808]
{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - MediaBar - C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll [2009-11-20 87472]
{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - facemoods Toolbar - C:\Program Files\facemoods.com\facemoods\1.3.60.32\facemoodsTlbr.dll [2010-01-21 167936]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CnxDslTaskBar"=C:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe [2004-06-15 233472]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-05-25 6746112]
"nwiz"=nwiz.exe /install []
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-12-13 149280]
"avast!"=C:\PROGRA~1\Avast4\ashDisp.exe [2009-11-24 81000]
"DataMngr"=C:\PROGRA~1\IMESHA~1\MediaBar\\DataMngr\DataMngrUI.exe [2010-02-23 786352]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"DAEMON Tools Lite"=D:\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
"ICQ"=C:\Program Files\ICQ6.5\ICQ.exe [2009-11-16 172792]
"iMesh"=C:\Program Files\iMesh Applications\iMesh\iMesh.exe [2010-02-23 17769904]

C:\Documents and Settings\Stefan Babic\Start Menu\Programs\Startup
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
Xfire.lnk - D:\Xfire\Xfire.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\IMESHA~1\MediaBar\\DataMngr\datamngr.dll "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoResolveSearch"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe"="C:\Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe:*:Enabled:CyberLink PowerDVD 9.0"
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe"="C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0"
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe"="C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"E:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe"="E:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
"E:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe"="E:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
"E:\Counter-Strike 1.6\mohpa.exe"="E:\Counter-Strike 1.6\mohpa.exe:*:Disabled:Medal of Honor Pacific Assault(tm)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe"="C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
shell\AutoRun\command - hjvjte.exe
shell\open\command - hjvjte.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08b674e8-b986-11de-bbe5-001333c08dff}]
shell\AutoRun\command - D:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe
shell\open\command - D:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17a14191-b912-11de-bbe4-001333c08dff}]
shell\AutoRun\command - vb0hsoay.exe
shell\open\command - vb0hsoay.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17a14192-b912-11de-bbe4-001333c08dff}]
shell\AutoRun\command - vb0hsoay.exe
shell\open\command - vb0hsoay.exe

======List of files/folders created in the last 1 months======

2010-04-23 20:05:34 ----D---- C:\rsit
2010-04-23 19:59:19 ----D---- C:\Program Files\Trend Micro
2010-04-23 18:36:39 ----D---- C:\Documents and Settings\All Users\Application Data\272BF
2010-04-14 17:22:32 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-14 17:22:23 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-14 17:22:19 ----A---- C:\WINDOWS\system32\wmpns.dll
2010-04-14 17:22:15 ----HDC---- C:\WINDOWS\$NtUninstallKB979402_WM9$
2010-04-14 17:20:22 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-14 17:20:15 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-14 17:20:09 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-14 17:19:53 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-04-13 22:09:23 ----D---- C:\WINDOWS\Sun
2010-04-09 10:00:26 ----A---- C:\WINDOWS\Pjykya.exe
2010-03-31 13:46:00 ----D---- C:\Documents and Settings\Stefan Babic\Application Data\facemoods.com

======List of files/folders modified in the last 1 months======

2010-04-23 20:05:42 ----D---- C:\WINDOWS\Prefetch
2010-04-23 19:59:24 ----SHD---- C:\WINDOWS\Installer
2010-04-23 19:59:20 ----HD---- C:\Config.Msi
2010-04-23 19:59:19 ----RD---- C:\Program Files
2010-04-23 19:33:32 ----D---- C:\Documents and Settings\Stefan Babic\Application Data\LimeWire
2010-04-23 19:15:07 ----D---- C:\WINDOWS\Temp
2010-04-23 17:04:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-20 18:54:25 ----D---- C:\Program Files\LimeWire
2010-04-20 18:35:03 ----D---- C:\Program Files\Internet Explorer
2010-04-14 18:06:08 ----D---- C:\WINDOWS
2010-04-14 18:05:21 ----D---- C:\WINDOWS\system32
2010-04-14 17:22:38 ----HD---- C:\WINDOWS\inf
2010-04-14 17:22:37 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-14 17:22:28 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-14 17:22:26 ----A---- C:\WINDOWS\imsins.BAK
2010-04-14 17:22:25 ----D---- C:\WINDOWS\system32\drivers
2010-04-14 17:20:03 ----D---- C:\WINDOWS\ie8updates
2010-04-14 11:25:40 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-10 17:08:59 ----SD---- C:\WINDOWS\Tasks
2010-04-08 19:20:25 ----D---- C:\Program Files\Google
2010-04-07 08:33:24 ----D---- C:\Program Files\Avast4
2010-04-07 00:56:48 ----D---- C:\Program Files\Opera
2010-04-06 10:52:54 ----A---- C:\WINDOWS\system32\MRT.exe
2010-04-05 12:03:03 ----SD---- C:\Documents and Settings\Stefan Babic\Application Data\Microsoft
2010-03-31 13:46:13 ----D---- C:\Documents and Settings\Stefan Babic\Application Data\imeshmediabartb
2010-03-28 18:10:15 ----RD---- C:\hity-90

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-24 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-24 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-24 48560]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/10/21 21:57:41]; \??\C:\Program Files\CyberLink\PowerDVD9\000.fcl []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-24 94160]
R2 dk2drv;DK2 WindowsNT Driver; \??\C:\WINDOWS\system32\Drivers\dk2drv.sys []
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-08-14 404736]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-08-21 462940]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-24 23120]
R3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver; C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2004-06-15 131072]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver; C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2004-06-15 614272]
R3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver; C:\WINDOWS\system32\DRIVERS\CnxTgNP.sys [2004-06-15 60416]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-05-25 3193536]
R3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys [2003-08-13 65280]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 az6ea97v;az6ea97v; C:\WINDOWS\system32\drivers\az6ea97v.sys []
S3 CnxTgNW;Conexant AccessRunner ADSL WAN PPPoA Adapter Driver; C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys [2004-06-15 52736]
S3 DK2USB;DK2usb Driver; C:\WINDOWS\System32\Drivers\DK2USB.sys [2003-05-14 30304]
S3 FXDRV;FXDRV; \??\G:\Fxdrv.sys []
S3 GMSIPCI;GMSIPCI; \??\G:\INSTALL\GMSIPCI.SYS []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-07 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-07 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-07 21568]
S3 MSICPL;MSICPL; \??\G:\install4\MSICPL.sys []
S3 NTACCESS;NTACCESS; \??\G:\NTACCESS.sys []
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-11-05 47360]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\G:\NTGLM7X.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Avast4\aswUpdSv.exe [2009-11-24 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Avast4\ashServ.exe [2009-11-24 138680]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-08-16 222968]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-12-13 153376]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-05-25 127042]
R2 pgsql-8.3;PostgreSQL Database Server 8.3; C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe [2009-09-04 77824]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2009-04-27 271760]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Avast4\ashMaiSv.exe [2009-11-24 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Avast4\ashWebSv.exe [2009-11-24 352920]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 gupdate1ca5eb583ed04a;Služba Google Update (gupdate1ca5eb583ed04a); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-06 133104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-11-20 306432]

-----------------EOF-----------------

#2 Příspěvek od **Caroprd111** » 23 dub 2010 19:13

Zdravím

Doporučuji odinstalovat (pokud nepoužíváte) toolbary (lišty) v Přidat nebo odebrat programy.

Obrázek

Vložte do PC všechny flash disky, které používáte.

Obrázek

Stáhněte na plochu UsbFix http://pagesperso-orange.fr/NosTools/Ch ... UsbFix.exe

Spusťte, poté zvolte jazyk E - Enter
Zvolte 2 - Enter (je možný restart PC)
Po dokončení na Vás vyskočí log, vložte mi ho sem, případně ho najdete v C:\UsbFix.txt

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe

Spusťte, poté do spodního políčka vložte následující skript.

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys 
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys 
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys 
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav 
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT

Označte položku Pro všechny uživatele.
Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Klikněte na tlačítko Prohledat
Po dokončení, sem vložte logy OTL.Txt a Extras.txt

nemamradvirusy · #3 Příspěvek od **nemamradvirusy** » 24 dub 2010 13:27

USB disky tu na tomto PC nies su pouzivane...log:

############################## | UsbFix V6.108 |

User : Stefan Babic () # MICROSOF-74FFDD
Update on 23/04/2010 by El Desaparecido , C_XX & Chimay8
Start at: 14:17:56 | 24.4.2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Celeron(R) CPU 2.66GHz
Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : avast! antivirus 4.8.1368 [VPS 100424-0] 4.8.1368 [ Enabled | Updated ]

C:\ -> Local Fixed Disk # 74,56 Go (46,6 Go free) [Nový zväzok] # NTFS
G:\ -> CD-ROM Disc # 120,46 Mo (0 Mo free) [23 11 2009] # UDF

################## | Files # Infected Folders |

Deleted ! C:\WINDOWS\AhnRpta.exe
Deleted ! C:\WINDOWS\System32\autorun.inf
Deleted ! C:\DOCUME~1\STEFAN~1\STARTM~1\Programs\Startup\Xfire.lnk
Deleted ! C:\Recycler\S-1-5-21-0243936033-3052116371-381863308-1811
Deleted ! C:\Recycler\S-1-5-21-1085031214-261903793-682003330-1004
Deleted ! C:\Recycler\S-1-5-21-1275210071-1644491937-682003330-1004
Deleted ! C:\Recycler\S-1-5-21-1482476501-1644491937-682003330-1013

################## | Registry |

Deleted ! [HKCU\SOFTWARE\J8RPLTROBQ]
Deleted ! [HKCU\SOFTWARE\LEO0WTUNO7]
Deleted ! [HKCU\SOFTWARE\Microsoft\Handle]
Deleted ! [HKCU\SOFTWARE\WEK9EMDHI9]
Deleted ! [HKCU\SOFTWARE\YVIBBBHA8C]
Deleted ! [HKCR\CLSID\{B03A4BE6-5E5A-483E-B9B3-C484D4B20B72}]
Deleted ! [HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS]
Deleted ! [HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_SSHNAS]
Deleted ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoResolveSearch"

################## | Mountpoints2 |

Deleted ! HKCU\...\Explorer\MountPoints2\C\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{08b674e8-b986-11de-bbe5-001333c08dff}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{17a14191-b912-11de-bbe4-001333c08dff}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{17a14192-b912-11de-bbe4-001333c08dff}\Shell\AutoRun\Command

################## | Listing of the present files |

[19.01.2009 10:55|--a------|2544381] C:\11_-_Vivaldi_Winter_mvt_2_Largo_-_John_Harrison_violin.ogg
[24.01.2009 06:46|--a------|13343] C:\2007_06_01_slota.jpg
[19.02.2009 09:32|--a------|36295] C:\21-208317-sexy-mustang.jpg
[24.01.2009 06:44|--a------|10210] C:\26423_joj-jan-slota-neprisiel-do-relacie.jpg
[12.10.2009 12:06|--a------|0] C:\AUTOEXEC.BAT
[02.01.2010 13:30|--a------|53] C:\biosinfo
[19.01.2009 10:57|--a------|6204200] C:\BOCCHERINI_op27n°3_G303_Mvt1_Moderato_assai_-_Jacques_Lochet_violin_and_synthesizer.ogg
[12.10.2009 12:00|---hs----|211] C:\boot.ini
[02.01.2010 14:40|--a------|22356] C:\cc_20100102_133947.reg
[12.10.2009 12:06|--a------|0] C:\CONFIG.SYS
[13.08.2009 06:59|--a------|8388] C:\Hudba1.nra
[12.10.2009 12:06|-rahs----|0] C:\IO.SYS
[24.01.2009 06:42|--a------|16171] C:\j_slota.jpg
[05.01.2009 20:41|--a------|77975] C:\mf_178033810_443ae7708bef157718c6e1d7bb95788c.jpg
[19.01.2009 10:56|--a------|4230517] C:\Mozart_-_vesperae_de_dominica._1._dixit_dominus.ogg
[12.10.2009 12:06|-rahs----|0] C:\MSDOS.SYS
[04.08.2004 05:00|-rahs----|47564] C:\NTDETECT.COM
[20.11.2009 13:25|-rahs----|250048] C:\ntldr
[?|?|?] C:\pagefile.sys
[07.01.2010 17:18|--a------|2629] C:\pcwdbg.log
[19.01.2009 10:51|--a------|2502794] C:\Purcell_ode._1_sinfonia.ogg
[21.02.2009 10:00|--ahs----|23040] C:\Thumbs.db
[16.05.2002 13:50|--a------|1043] C:\Update.bat
[24.04.2010 14:21|--a------|3604] C:\UsbFix.txt
[05.01.2009 10:48|--a------|57268] C:\vexille_2077.dd79a7c10e.kmd
[07.02.2009 12:24|-r-------|4794897] G:\36.pdf
[07.02.2009 12:25|-r-------|5165867] G:\37.pdf
[07.02.2009 12:25|-r-------|6039629] G:\38.pdf
[07.02.2009 12:26|-r-------|5590098] G:\39.pdf
[07.02.2009 12:26|-r-------|4095411] G:\40.pdf
[07.02.2009 12:26|-r-------|4890196] G:\41.pdf
[07.02.2009 12:27|-r-------|4728252] G:\42.pdf
[07.02.2009 12:27|-r-------|4622139] G:\43.pdf
[08.02.2009 04:53|-r-------|2503145] G:\44.pdf
[07.02.2009 12:28|-r-------|4578340] G:\45.pdf
[07.02.2009 12:28|-r-------|5560362] G:\46.pdf
[07.02.2009 12:28|-r-------|5376923] G:\47.pdf
[07.02.2009 12:29|-r-------|4147665] G:\48.pdf
[07.02.2009 12:29|-r-------|7430164] G:\49.pdf
[07.02.2009 12:29|-r-------|5407981] G:\50.pdf
[07.02.2009 12:30|-r-------|6142401] G:\51.pdf
[07.02.2009 12:30|-r-------|5178124] G:\52.pdf
[07.02.2009 12:31|-r-------|4279447] G:\53.pdf
[07.02.2009 12:31|-r-------|4354364] G:\54.pdf
[07.02.2009 12:31|-r-------|4296479] G:\55.pdf
[07.02.2009 12:32|-r-------|4365388] G:\56.pdf
[07.02.2009 12:32|-r-------|5291647] G:\57.pdf
[07.02.2009 12:32|-r-------|4577858] G:\58.pdf
[07.02.2009 12:33|-r-------|4334184] G:\59.pdf
[07.02.2009 12:33|-r-------|5494591] G:\60.pdf
[08.02.2009 01:21|-r-------|2370246] G:\Vyhodnocovacie tabulky.pdf

################## | Vaccination |

# C:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).

################## | Upload |

Please send the file : C:\UsbFix_Upload_Me_MICROSOF-74FFDD.zip : http://chiquitine.changelog.fr/Sample/Upload.php
Thank you for your contribution .

################## | ! End of report # UsbFix V6.108 ! |

vznikol ale dalsi problem: zmnizli disky D:\ E:\ a F:\ ktore v case robenia logu z RSIT v tento pocitac pritomne boli, vobec netusim co sa s tym stalo (je to pc mojho uja)

nemamradvirusy · #4 Příspěvek od **nemamradvirusy** » 24 dub 2010 13:41

OTL logfile created on: 24.4.2010 14:30:18 - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\Stefan Babic\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d.M.yyyy

1 023,00 Mb Total Physical Memory | 657,00 Mb Available Physical Memory | 64,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): C:\pagefile.sys 2048 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,56 Gb Total Space | 48,63 Gb Free Space | 65,22% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 120,46 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MICROSOF-74FFDD
Current User Name: Stefan Babic
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.04.24 14:28:35 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stefan Babic\Desktop\OTL.exe
PRC - [2010.03.18 01:43:38 | 000,835,952 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2009.11.24 16:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4\ashServ.exe
PRC - [2009.11.24 16:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4\ashMaiSv.exe
PRC - [2009.11.24 16:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4\ashWebSv.exe
PRC - [2009.11.24 16:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4\aswUpdSv.exe
PRC - [2009.09.04 03:54:24 | 000,077,824 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
PRC - [2009.09.04 03:53:16 | 003,686,400 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
PRC - [2009.03.08 05:31:54 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msfeedssync.exe
PRC - [2008.04.13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010.04.24 14:28:35 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stefan Babic\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009.11.24 16:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009.11.24 16:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009.11.24 16:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009.11.24 16:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009.11.20 14:29:00 | 000,306,432 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009.09.04 03:54:24 | 000,077,824 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2007.12.20 11:41:56 | 000,029,440 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)

========== Driver Services (SafeList) ==========

DRV - [2009.11.24 16:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009.11.24 16:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009.11.24 16:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009.11.24 16:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009.11.24 16:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009.11.24 16:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009.11.19 00:52:24 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.05.07 21:05:22 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/10/21 21:57:41] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2005.11.03 07:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005.08.10 07:06:28 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2005.08.10 05:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005.07.04 00:32:58 | 000,364,544 | R--- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\msicpl.dll -- (MSICPL)
DRV - [2005.05.25 07:02:00 | 003,193,536 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005.05.16 06:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004.08.03 15:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004.06.15 22:51:56 | 000,614,272 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CnxEtU.sys -- (CnxEtU)
DRV - [2004.06.15 22:51:56 | 000,060,416 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CnxTgNP.sys -- (CnxTgNP)
DRV - [2004.06.15 22:51:56 | 000,052,736 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CnxTgNW.sys -- (CnxTgNW)
DRV - [2004.06.15 22:51:50 | 000,131,072 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CnxEtP.sys -- (CnxEtP)
DRV - [2003.11.20 05:59:34 | 000,030,873 | ---- | M] (Data Encryption Systems Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dk2drv.sys -- (dk2drv)
DRV - [2003.08.21 01:31:52 | 000,462,940 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003.08.14 08:16:38 | 000,404,736 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003.08.13 00:27:22 | 000,065,280 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2003.05.14 05:39:52 | 000,030,304 | ---- | M] (Data Encryption Systems Limited) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DK2USB.sys -- (DK2USB)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=fbpage&s= ... Terms}&f=4

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1275210071-1644491937-682003330-1004\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1275210071-1644491937-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[2009.12.13 12:04:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Babic\Application Data\Mozilla\Extensions
[2009.12.13 12:04:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Babic\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010.03.17 16:10:07 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.03.17 16:10:07 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com
[2010.01.24 08:50:12 | 000,002,025 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml

O1 HOSTS File: ([2009.11.20 12:56:52 | 000,356,633 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 12234 more lines...
O2 - BHO: (Podpora odkazu pre aplikáciu Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (UrlHelper Class) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\MediaBar\DataMngr\IEBHO.dll (iMesh, Inc)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.3.60.32\facemoods.dll (facemoods.com)
O2 - BHO: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll ()
O3 - HKLM\..\Toolbar: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll ()
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.3.60.32\facemoodsTlbr.dll (facemoods.com)
O3 - HKU\S-1-5-21-1275210071-1644491937-682003330-1004\..\Toolbar\ShellBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKU\S-1-5-21-1275210071-1644491937-682003330-1004\..\Toolbar\ShellBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-1275210071-1644491937-682003330-1004\..\Toolbar\ShellBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O3 - HKU\S-1-5-21-1275210071-1644491937-682003330-1004\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-1275210071-1644491937-682003330-1004\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-1275210071-1644491937-682003330-1004\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [avast!] C:\Program Files\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [CnxDslTaskBar] File not found
O4 - HKLM..\Run: [DataMngr] C:\PROGRA~1\IMESHA~1\MediaBar\\DataMngr\DataMngrUI.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKU\S-1-5-21-1275210071-1644491937-682003330-1004..\Run: [DAEMON Tools Lite] D:\DAEMON Tools Lite\DTLite.exe File not found
O4 - HKU\S-1-5-21-1275210071-1644491937-682003330-1004..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-1275210071-1644491937-682003330-1004..\Run: [iMesh] C:\Program Files\iMesh Applications\iMesh\iMesh.exe (iMesh, Inc)
O4 - Startup: C:\Documents and Settings\Stefan Babic\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Documents and Settings\Stefan Babic\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1275210071-1644491937-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1275210071-1644491937-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-1275210071-1644491937-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 255
O7 - HKU\S-1-5-21-1275210071-1644491937-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0
O7 - HKU\S-1-5-21-1275210071-1644491937-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O15 - HKU\S-1-5-21-1275210071-1644491937-682003330-1004\..Trusted Domains: //@install.mar@ ([]msni in My Computer)
O15 - HKU\S-1-5-21-1275210071-1644491937-682003330-1004\..Trusted Domains: //@mail.mar@ ([]msni in Local intranet)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\MediaBar\\DataMngr\datamngr.dll) - C:\PROGRA~1\IMESHA~1\MediaBar\\DataMngr\datamngr.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Stefan Babic\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Stefan Babic\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.10.12 12:06:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.04.24 14:21:51 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009.11.01 23:06:29 | 000,000,000 | ---D | M] - C:\autoskola -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009.10.12 12:05:41 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: SSHNAS - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56027131116781568)

========== Files/Folders - Created Within 30 Days ==========

[2010.04.24 14:28:35 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Stefan Babic\Desktop\OTL.exe
[2010.04.24 14:21:51 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2010.04.24 14:14:27 | 000,000,000 | ---D | C] -- C:\UsbFix
[2010.04.24 12:53:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\1213
[2010.04.23 20:05:34 | 000,000,000 | ---D | C] -- C:\rsit
[2010.04.23 19:59:19 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010.04.13 22:09:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010.04.07 00:40:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stefan Babic\Desktop\fotak olympus
[2010.03.31 13:46:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stefan Babic\Application Data\facemoods.com
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.04.24 14:28:35 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stefan Babic\Desktop\OTL.exe
[2010.04.24 14:21:52 | 000,195,685 | ---- | M] () -- C:\UsbFix_Upload_Me_MICROSOF-74FFDD.zip
[2010.04.24 14:20:00 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C99BAA4B-4D00-4017-B7AB-1EEFDE99ABAC}.job
[2010.04.24 14:17:41 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.04.24 14:17:38 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.24 14:17:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.24 14:16:35 | 008,388,608 | ---- | M] () -- C:\Documents and Settings\Stefan Babic\ntuser.dat
[2010.04.24 14:16:35 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Stefan Babic\ntuser.ini
[2010.04.24 14:16:30 | 006,972,182 | -H-- | M] () -- C:\Documents and Settings\Stefan Babic\Local Settings\Application Data\IconCache.db
[2010.04.24 14:15:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.04.24 14:13:54 | 001,777,482 | ---- | M] () -- C:\Documents and Settings\Stefan Babic\Desktop\UsbFix.exe
[2010.04.24 12:52:14 | 000,024,771 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.04.23 19:59:46 | 000,002,461 | ---- | M] () -- C:\Documents and Settings\Stefan Babic\Desktop\HiJackThis.lnk
[2010.04.23 17:17:44 | 000,000,390 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2010.04.21 00:16:04 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010.04.15 19:49:13 | 000,018,944 | ---- | M] () -- C:\Documents and Settings\Stefan Babic\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.15 10:14:36 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Stefan Babic\My Documents\Peter Babič.doc
[2010.04.14 17:22:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.04.12 00:29:20 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010.04.09 20:13:09 | 000,005,859 | ---- | M] () -- C:\Documents and Settings\Stefan Babic\Desktop\nicole mccluod showdnace j [torrenthound.com][yxufel].torrent
[2010.04.09 20:04:12 | 005,106,236 | ---- | M] () -- C:\Documents and Settings\Stefan Babic\Desktop\04 nicole mccluod showdnace j.mov
[2010.04.09 10:00:14 | 000,189,952 | ---- | M] () -- C:\WINDOWS\Pjykya.exe
[2010.04.08 19:20:45 | 000,001,926 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Zem.lnk
[2010.04.07 00:56:50 | 000,000,603 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010.04.05 14:43:29 | 000,022,104 | ---- | M] () -- C:\Documents and Settings\Stefan Babic\Application Data\GDIPFONTCACHEV1.DAT
[2010.04.05 12:13:13 | 000,086,528 | ---- | M] () -- C:\Documents and Settings\Stefan Babic\My Documents\doc1.doc
[2010.04.05 12:10:53 | 000,086,528 | ---- | M] () -- C:\Documents and Settings\Stefan Babic\My Documents\doc11.doc
[2010.04.04 17:45:37 | 000,022,104 | ---- | M] () -- C:\Documents and Settings\Stefan Babic\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010.04.04 13:30:04 | 000,000,412 | ---- | M] () -- C:\Documents and Settings\Stefan Babic\My Documents\spider.sav
[2010.03.29 14:17:55 | 005,106,557 | ---- | M] () -- C:\Documents and Settings\Stefan Babic\Desktop\09 pribehy zveirna nocenj 2h feat.mov
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.04.24 14:21:52 | 000,195,685 | ---- | C] () -- C:\UsbFix_Upload_Me_MICROSOF-74FFDD.zip
[2010.04.24 14:13:51 | 001,777,482 | ---- | C] () -- C:\Documents and Settings\Stefan Babic\Desktop\UsbFix.exe
[2010.04.23 19:59:19 | 000,002,461 | ---- | C] () -- C:\Documents and Settings\Stefan Babic\Desktop\HiJackThis.lnk
[2010.04.15 10:14:35 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Stefan Babic\My Documents\Peter Babič.doc
[2010.04.09 20:26:39 | 000,005,859 | ---- | C] () -- C:\Documents and Settings\Stefan Babic\Desktop\nicole mccluod showdnace j [torrenthound.com][yxufel].torrent
[2010.04.09 20:04:29 | 005,106,236 | ---- | C] () -- C:\Documents and Settings\Stefan Babic\Desktop\04 nicole mccluod showdnace j.mov
[2010.04.09 10:00:26 | 000,189,952 | ---- | C] () -- C:\WINDOWS\Pjykya.exe
[2010.04.08 19:20:45 | 000,001,926 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Zem.lnk
[2010.04.05 12:13:12 | 000,086,528 | ---- | C] () -- C:\Documents and Settings\Stefan Babic\My Documents\doc1.doc
[2010.04.05 12:10:53 | 000,086,528 | ---- | C] () -- C:\Documents and Settings\Stefan Babic\My Documents\doc11.doc
[2010.03.31 13:46:30 | 000,000,436 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C99BAA4B-4D00-4017-B7AB-1EEFDE99ABAC}.job
[2010.03.29 14:18:25 | 005,106,557 | ---- | C] () -- C:\Documents and Settings\Stefan Babic\Desktop\09 pribehy zveirna nocenj 2h feat.mov
[2009.11.27 11:49:07 | 000,000,083 | ---- | C] () -- C:\WINDOWS\wa.INI
[2009.11.26 19:58:20 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2009.11.26 18:37:34 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009.11.20 15:45:15 | 000,327,168 | ---- | C] () -- C:\WINDOWS\System32\cutil32.dll
[2009.11.20 12:55:09 | 000,005,478 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009.11.19 00:52:23 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.10.29 18:26:10 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2009.10.15 08:59:10 | 000,000,384 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.10.15 08:47:39 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2009.10.13 13:43:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2009.10.13 13:41:44 | 000,009,728 | R--- | C] () -- C:\WINDOWS\System32\sysinfoX64.sys
[2009.10.13 13:41:44 | 000,008,192 | R--- | C] () -- C:\WINDOWS\System32\sysinfo.sys
[2005.05.25 07:02:00 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

========== LOP Check ==========

[2010.04.24 12:53:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1213
[2009.11.19 00:52:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009.11.19 12:50:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2010.01.10 17:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2009.10.24 20:06:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SweetIM
[2009.10.21 21:56:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2009.11.20 14:28:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009.11.19 00:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Babic\Application Data\DAEMON Tools Lite
[2010.03.31 13:46:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Babic\Application Data\facemoods.com
[2010.01.10 23:01:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Babic\Application Data\ICQ
[2010.04.24 14:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Babic\Application Data\imeshmediabartb
[2009.11.20 12:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Babic\Application Data\IObit
[2009.11.19 01:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Babic\Application Data\Leadertech
[2010.04.24 12:52:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Babic\Application Data\LimeWire
[2010.03.11 20:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Babic\Application Data\OpenOffice.org
[2009.10.13 14:12:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Babic\Application Data\Opera
[2009.11.20 02:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Babic\Application Data\TeamViewer
[2009.11.20 14:29:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Babic\Application Data\TuneUp Software
[2009.11.05 20:05:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Babic\Application Data\Vso
[2010.04.23 17:17:44 | 000,000,390 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job
[2010.04.12 00:29:20 | 000,000,398 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job
[2010.04.24 14:20:00 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{C99BAA4B-4D00-4017-B7AB-1EEFDE99ABAC}.job

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.13 17:12:16 | 000,015,360 | ---- | M] (Microsoft Corporation)
"MSMSGS" = "C:\Program Files\Messenger\msmsgs.exe" /background -- [2008.04.13 17:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation)
"DAEMON Tools Lite" = "D:\DAEMON Tools Lite\DTLite.exe" -autorun -- File not found
"ICQ" = "C:\Program Files\ICQ6.5\ICQ.exe" silent -- [2009.11.16 08:36:19 | 000,172,792 | ---- | M] (ICQ, LLC.)
"iMesh" = "C:\Program Files\iMesh Applications\iMesh\iMesh.exe" --lightmode -- [2010.02.23 10:26:56 | 017,769,904 | ---- | M] (iMesh, Inc)

< c:\windows\*.* /U >
[4 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >
[2010.04.24 12:53:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1213
[2009.10.15 09:41:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009.10.21 21:57:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2009.11.19 00:52:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009.11.19 12:50:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2009.10.15 09:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2009.10.15 09:08:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP
[2010.01.10 17:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2009.11.19 01:11:36 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009.11.20 01:59:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010.01.02 14:38:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009.10.24 20:06:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SweetIM
[2009.10.21 21:56:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2009.11.20 14:28:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009.10.15 09:09:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEBREG

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2009.10.21 21:56:08 | 000,053,319 | ---- | M] ( ) -- C:\Documents and Settings\All Users\Application Data\Temp\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe

< %APPDATA%\*. >
[2009.10.15 09:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Babic\Application Data\Adobe
[2009.10.21 21:58:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Babic\Application Data\CyberLink
[2009.11.19 00:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Babic\Application Data\DAEMON Tools Lite
[2009.11.08 15:52:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Babic\Application Data\DivX
[2009.11.24 17:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Babic\Application Data\dvdcss
[2010.03.31 13:46:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Babic\Application Data\facemoods.com
[2010.01.29 01:03:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Babic\Application Data\Google
[2010.01.10 23:01:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Babic\Application Data\ICQ
[2009.10.12 12:27:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Babic\Application Data\Identities
[2010.04.24 14:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Babic\Application Data\imeshmediabartb
[2009.11.20 12:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Babic\Application Data\IObit
[2009.11.19 01:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Babic\Application Data\Leadertech
[2010.04.24 12:52:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Babic\Application Data\LimeWire
[2009.10.15 08:43:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Babic\Application Data\Macromedia
[2010.04.05 12:03:03 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Stefan Babic\Application Data\Microsoft
[2010.01.10 17:51:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Babic\Application Data\Mozilla
[2010.03.11 20:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Babic\Application Data\OpenOffice.org
[2009.10.13 14:12:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Babic\Application Data\Opera
[2009.12.29 00:51:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Babic\Application Data\Skype
[2009.12.28 23:39:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Babic\Application Data\skypePM
[2009.12.13 12:00:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Babic\Application Data\Sun
[2009.11.20 02:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Babic\Application Data\TeamViewer
[2009.11.20 14:29:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Babic\Application Data\TuneUp Software
[2010.01.17 17:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Babic\Application Data\vlc
[2009.11.05 20:05:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Babic\Application Data\Vso
[2009.11.19 18:53:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Babic\Application Data\WinRAR
[2010.01.17 17:30:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stefan Babic\Application Data\Xfire

< %APPDATA%\*.exe /s >
[2009.11.05 20:05:20 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\Stefan Babic\Application Data\inst.exe
[2009.12.13 12:04:19 | 000,163,840 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Stefan Babic\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
[2009.12.13 12:04:23 | 000,196,608 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Stefan Babic\Application Data\LimeWire\browser\xulrunner\updater.exe
[2009.12.13 12:04:23 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Stefan Babic\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
[2009.12.13 12:04:23 | 000,077,824 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Stefan Babic\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
[2009.12.13 12:04:23 | 000,266,240 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Stefan Babic\Application Data\LimeWire\browser\xulrunner\xpidl.exe
[2009.12.13 12:04:23 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\Stefan Babic\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
[2009.12.13 12:04:23 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Stefan Babic\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
[2009.12.13 12:04:25 | 000,073,728 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Stefan Babic\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
[2009.12.13 12:04:25 | 000,102,400 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Stefan Babic\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
[2010.01.18 12:53:44 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Stefan Babic\Application Data\Microsoft\Installer\{141FBF87-4FB4-41E1-80B4-E1389268D541}\ARPPRODUCTICON.exe
[2010.01.18 12:53:44 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Stefan Babic\Application Data\Microsoft\Installer\{141FBF87-4FB4-41E1-80B4-E1389268D541}\GameShadow.exe1_0A3DE514292C4EBA987823B82B0B2BA2.exe
[2010.01.18 12:53:44 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Stefan Babic\Application Data\Microsoft\Installer\{141FBF87-4FB4-41E1-80B4-E1389268D541}\GameShadow.exe_0A3DE514292C4EBA987823B82B0B2BA2.exe
[2010.01.18 12:53:44 | 000,008,854 | R--- | M] () -- C:\Documents and Settings\Stefan Babic\Application Data\Microsoft\Installer\{141FBF87-4FB4-41E1-80B4-E1389268D541}\Uninstall_GameShadow_141FBF874FB441E180B4E1389268D541.exe
[2010.04.23 19:59:20 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Stefan Babic\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

< MD5 for: AGP440.SYS >
[2004.08.04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009.11.20 13:20:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009.11.20 13:20:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004.08.03 16:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004.08.04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009.11.20 13:20:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009.11.20 13:20:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys

< MD5 for: CRYPTSVC.DLL >
[2004.08.04 05:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=10654F9DDCEA9C46CFB77554231BE73B -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.13 17:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.13 17:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008.04.13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004.08.04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: HAL.DLL >
[2004.08.04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2009.11.20 13:20:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2009.11.20 13:20:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 11:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2008.04.13 11:31:28 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=6F61D3287A6A15A08A9433222C09D17F -- C:\WINDOWS\system32\HAL.DLL
[2004.08.04 05:00:00 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll

< MD5 for: CHANGER.SYS >
[2004.08.04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2009.11.20 13:20:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2009.11.20 13:20:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.13 11:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys

< MD5 for: ISAPNP.SYS >
[2009.11.20 13:20:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2009.11.20 13:20:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2008.04.13 11:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=05A299EC56E52649B1CF2FC52D20F2D7 -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.13 11:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=05A299EC56E52649B1CF2FC52D20F2D7 -- C:\WINDOWS\system32\drivers\isapnp.sys
[2001.08.17 13:58:02 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=E504F706CCB699C2596E9A3DA1596E87 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
[2004.08.04 05:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=E504F706CCB699C2596E9A3DA1596E87 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\isapnp.sys

< MD5 for: LSASS.EXE >
[2004.08.04 05:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=84885F9B82F4D55C6146EBF6065D75D2 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.13 17:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.13 17:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 12:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 12:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004.08.04 05:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008.04.13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009.02.06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004.08.04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004.08.04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2008.04.13 17:12:36 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.13 17:12:36 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\system32\smss.exe
[2004.08.04 05:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=BD7FB0957C716F1A60333AEE04DE2178 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004.08.04 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.06.20 03:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008.06.20 03:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2008.04.13 12:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.13 12:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 04:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008.06.20 04:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 04:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004.08.04 05:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008.06.20 04:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2004.08.04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008.04.13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2008.04.13 17:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.13 17:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[2004.08.04 05:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009.11.19 00:52:24 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2009.10.12 04:34:27 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009.10.12 04:34:27 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.10.12 04:34:26 | 000,888,832 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2010.04.24 12:52:14 | 000,024,771 | ---- | M] () -- C:\WINDOWS\system32\nvapps.xml
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report >

nemamradvirusy · #5 Příspěvek od **nemamradvirusy** » 24 dub 2010 13:42

OTL Extras logfile created on: 24.4.2010 14:30:18 - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\Stefan Babic\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d.M.yyyy

1 023,00 Mb Total Physical Memory | 657,00 Mb Available Physical Memory | 64,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): C:\pagefile.sys 2048 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,56 Gb Total Space | 48,63 Gb Free Space | 65,22% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 120,46 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MICROSOF-74FFDD
Current User Name: Stefan Babic
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe" = C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0 -- (CyberLink Corp.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe" = C:\Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe:*:Enabled:CyberLink PowerDVD 9.0 -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe" = C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0 -- (CyberLink Corp.)
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh -- (iMesh, Inc)
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- (Electronic Arts)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"E:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe" = E:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI) -- File not found
"E:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe" = E:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) -- File not found
"E:\Counter-Strike 1.6\mohpa.exe" = E:\Counter-Strike 1.6\mohpa.exe:*:Disabled:Medal of Honor Pacific Assault(tm) -- File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05ADEEC8-BD58-43D9-A9E3-1F53B0DA117A}" = Opera 10.51
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Zem
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{141FBF87-4FB4-41E1-80B4-E1389268D541}" = GameShadow
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3BB33584-3860-4772-AEE9-D8E61F552896}" = Tom Clancy's Rainbow Six: Lockdown
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{544DB849-AB59-4C12-A333-2F214E24870F}" = Commandos Strike Force
"{564D0000-547B-4ED8-8070-85286CC8C9BF}" = OpenOffice.org 3.0
"{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}" = Medal of Honor Pacific Assault(tm)
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{838E187D-8B7A-473D-B93C-C8E970B15D2B}" = psqlODBC
"{8789AED5-8F11-4922-8AF8-F1BCB824F681}_is1" = City Life Deluxe
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C13BEE4-E7CE-4E46-BD13-8F41DAD00FEF}" = SweetIM Toolbar for Internet Explorer 3.4
"{92110405-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1051-7B44-A81300000003}" = Adobe Reader 8 - Slovak
"{ADE91A13-434D-4229-00BC-182BAD607303}" = Need for Speed™ Most Wanted
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{C1920D73-7374-49d9-8C37-58A6E49078A5}" = F2100_Help
"{C5EF81AC-FE4C-4157-97E3-2E08B000742A}" = F2100_doccd
"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E548726E-F4E8-459f-BAB8-45551BC071E9}" = DJ_AIO_ProductContext
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EC87E256-B0A4-4A41-8682-AB57FF21196D}" = SweetIM for Messenger 2.7
"{F1C409F0-8322-4c87-BD08-2F62777D490D}" = F2100
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F2B5A2A7-2DF9-4361-8BD5-362714528B51}" = NHL® 09
"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"7-Zip" = 7-Zip 4.64
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"avast!" = avast! Antivirus
"CCleaner" = CCleaner (remove only)
"Conexant ADSL USB Modem" = Conexant AccessRunner ADSL
"DESkey DK2 Uninstall" = DK2 Drivers v 6.01.0.135
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EADM" = EA Download Manager
"facemoods" = facemoods
"FreeCommander_is1" = FreeCommander 2008.06c
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"iMesh" = iMesh
"iMesh MediaBar" = MediaBar
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"iWellSoft Power ISO Maker_is1" = iWellSoft Power ISO Maker 1.7
"Knight Rider" = Knight Rider
"LimeWire" = LimeWire 5.3.6
"MSNINST" = MSN
"NVIDIA Drivers" = NVIDIA Drivers
"PC Wizard 2009_is1" = PC Wizard 2009.1.91
"pdfFactory Pro" = pdfFactory Pro
"Roto Creator 3.1_is1" = Roto Creator 3.1
"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl
"Smart Defrag_is1" = Smart Defrag 1.20
"The KMPlayer" = The KMPlayer (remove only)
"VLC media player" = VLC media player 1.0.2
"Windowmaker" = Windowmaker
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"Worms Armageddon" = Worms Armageddon
"Xfire" = Xfire (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1275210071-1644491937-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PhotoFiltre" = PhotoFiltre

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 8.11.2009 17:50:00 | Computer Name = MICROSOF-74FFDD | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://pokec.azet.sk/_s/system/ping.php ... 000484&st=
failed, 0000A413.

Error - 26.11.2009 23:05:06 | Computer Name = MICROSOF-74FFDD | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
G:\MSMedia\mpfull.exe failed, 0000001E.

[ Application Events ]
Error - 23.4.2010 14:15:08 | Computer Name = MICROSOF-74FFDD | Source = Google Update | ID = 20
Description =

Error - 23.4.2010 15:15:08 | Computer Name = MICROSOF-74FFDD | Source = Google Update | ID = 20
Description =

Error - 23.4.2010 16:15:07 | Computer Name = MICROSOF-74FFDD | Source = Google Update | ID = 20
Description =

Error - 23.4.2010 17:15:06 | Computer Name = MICROSOF-74FFDD | Source = Google Update | ID = 20
Description =

Error - 24.4.2010 11:15:05 | Computer Name = MICROSOF-74FFDD | Source = Google Update | ID = 20
Description =

Error - 24.4.2010 12:15:05 | Computer Name = MICROSOF-74FFDD | Source = Google Update | ID = 20
Description =

Error - 24.4.2010 13:15:05 | Computer Name = MICROSOF-74FFDD | Source = Google Update | ID = 20
Description =

Error - 24.4.2010 15:15:05 | Computer Name = MICROSOF-74FFDD | Source = Google Update | ID = 20
Description =

Error - 24.4.2010 16:15:05 | Computer Name = MICROSOF-74FFDD | Source = Google Update | ID = 20
Description =

Error - 24.4.2010 17:11:27 | Computer Name = MICROSOF-74FFDD | Source = MsiInstaller | ID = 11905
Description = Product: Ask Toolbar -- Error 1905.Module C:\Program Files\Ask.com\GenericAskToolbar.dll
failed to unregister. HRESULT -2147220472. Contact your support personnel.

[ System Events ]
Error - 24.4.2010 17:11:37 | Computer Name = MICROSOF-74FFDD | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 24.4.2010 17:11:37 | Computer Name = MICROSOF-74FFDD | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 24.4.2010 17:11:38 | Computer Name = MICROSOF-74FFDD | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 24.4.2010 17:11:38 | Computer Name = MICROSOF-74FFDD | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 24.4.2010 17:11:38 | Computer Name = MICROSOF-74FFDD | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 24.4.2010 17:11:38 | Computer Name = MICROSOF-74FFDD | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 24.4.2010 17:11:38 | Computer Name = MICROSOF-74FFDD | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 24.4.2010 17:11:38 | Computer Name = MICROSOF-74FFDD | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 24.4.2010 17:11:38 | Computer Name = MICROSOF-74FFDD | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 24.4.2010 17:11:38 | Computer Name = MICROSOF-74FFDD | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

< End of report >

#6 Příspěvek od **Caroprd111** » 24 dub 2010 19:29

Doporučuji odinstalovat Spybot - Search & Destroy a Advanced SystemCare 3.

Obrázek

Doporučuji odinstalovat LimeWire 5.3.6

P2P sítě a jejich klienti jsou potenciálním bezpečnostním rizikem, prakticky neustále jsou zdrojem virů, zbytečně se vystavujete riziku.

Obrázek

Spusťte OTL a do spodního okna vložte následující skript.

Kód: Vybrat vše

:OTL
O3 - HKU\S-1-5-21-1275210071-1644491937-682003330-1004\..\Toolbar\ShellBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKU\S-1-5-21-1275210071-1644491937-682003330-1004\..\Toolbar\ShellBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-1275210071-1644491937-682003330-1004\..\Toolbar\ShellBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O3 - HKU\S-1-5-21-1275210071-1644491937-682003330-1004\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-1275210071-1644491937-682003330-1004\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-1275210071-1644491937-682003330-1004\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [CnxDslTaskBar] File not found
O15 - HKU\S-1-5-21-1275210071-1644491937-682003330-1004\..Trusted Domains: //@install.mar@ ([]msni in My Computer)
O15 - HKU\S-1-5-21-1275210071-1644491937-682003330-1004\..Trusted Domains: //@mail.mar@ ([]msni in Local intranet)
NetSvcs: SSHNAS - File not found
[2010.04.24 12:53:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1213
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2009.11.05 20:05:20 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\Stefan Babic\Application Data\inst.exe
IE - HKU\S-1-5-21-1275210071-1644491937-682003330-1004\..\URLSearchHook: - Reg Error: Key error. File not found

:Commands
[EMPTYTEMP] 
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[RESETHOSTS] 
[CREATERESTOREPOINT]

Poté klikněte na Opravit, PC se restartuje, log vložte sem.

nemamradvirusy · #7 Příspěvek od **nemamradvirusy** » 25 dub 2010 14:58

oni si tu limewire aj tka nenainstaluju, to im asi nezabranim, zatial dakujem, nevem stale co s tymi zmiznutymi particiami, jetu nejaka suivslost? LOG:

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1275210071-1644491937-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\ not found.
Registry value HKEY_USERS\S-1-5-21-1275210071-1644491937-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-21-1275210071-1644491937-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
Registry value HKEY_USERS\S-1-5-21-1275210071-1644491937-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_USERS\S-1-5-21-1275210071-1644491937-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-21-1275210071-1644491937-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CnxDslTaskBar deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1275210071-1644491937-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//@install.mar@\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1275210071-1644491937-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//@mail.mar@\ deleted successfully.
SSHNAS removed from NetSvcs value successfully!
Folder C:\Documents and Settings\All Users\Application Data\1213\ not found.
C:\WINDOWS\002578_.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\Documents and Settings\Stefan Babic\Application Data\inst.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-1275210071-1644491937-682003330-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temporary Internet Files folder emptied: 32768 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes

User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Stefan Babic
->Temp folder emptied: 32708607 bytes
->Temporary Internet Files folder emptied: 32002817 bytes
->Java cache emptied: 12118713 bytes
->Google Chrome cache emptied: 819568 bytes
->Flash cache emptied: 3166 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1581990 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 76,00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: postgres

User: Stefan Babic
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

Restore points cleared and new OTL Restore Point set!
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

OTL by OldTimer - Version 3.2.2.0 log created on 04252010_155410

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
C:\WINDOWS\temp\Perflib_Perfdata_490.dat moved successfully.

Registry entries deleted on Reboot...

dakujem pekne

#8 Příspěvek od **Caroprd111** » 25 dub 2010 18:27

Zkuste přeinstalovat ovladače USB.

VIRY.CZ

PC sa samovolne restartuje, zasekava sa

PC sa samovolne restartuje, zasekava sa

Re: PC sa samovolne restartuje, zasekava sa

Re: PC sa samovolne restartuje, zasekava sa

Re: PC sa samovolne restartuje, zasekava sa

Re: PC sa samovolne restartuje, zasekava sa

Re: PC sa samovolne restartuje, zasekava sa

Re: PC sa samovolne restartuje, zasekava sa

Re: PC sa samovolne restartuje, zasekava sa