svchost zatazuje CPU na 100%

[robertoo]

Zdravim pani, mam problem s tym, ze hned po starte mi svchost.exe zatazuje CPU na 100per. Podobne temy som tu uz presiel, ale pre istotu poprosim o radu konkretne v mojom pripade.
Prikladam log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Roberto at 2010-05-04 13:01:50
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 2 GB (4%) free of 49 GB
Total RAM: 759 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:02:52, on 4. 5. 2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast5\setup\avast.setup
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Roberto\Local Settings\Temporary Internet Files\Content.IE5\LNPI9CFF\RSIT[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Roberto.exe
C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll
F2 - REG:system.ini: UserInit=Userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: wwwzuc32.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O15 - Trusted Zone: http://*.buy-security-essentials.com
O15 - Trusted Zone: http://*.download-soft-package.com
O15 - Trusted Zone: http://*.download-software-package.com
O15 - Trusted Zone: http://*.get-key-se10.com
O15 - Trusted Zone: http://*.is-software-download.com
O15 - Trusted Zone: http://*.buy-security-essentials.com (HKLM)
O15 - Trusted Zone: http://*.get-key-se10.com (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 9736 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\MpIdleTask.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2891711787-3761379876-4115774906-1006.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2891711787-3761379876-4115774906-1006.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-23 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-09-29 1082880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-08 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-02-08 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-03 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
HP Credential Manager for ProtectTools - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll [2005-03-03 50688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-11-03 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
free-downloads.net Toolbar - C:\Program Files\free-downloads.net\tbfre0.dll [2010-03-22 2349080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{ecdee021-0d17-467f-a1ff-c7a115230949} - free-downloads.net Toolbar - C:\Program Files\free-downloads.net\tbfre0.dll [2010-03-22 2349080]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-08 279664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2006-01-30 88203]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2005-05-06 716800]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-11-03 149280]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-03 761948]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2006-02-14 454656]
"CognizanceTS"=C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll [2003-12-22 17920]
"Recguard"=C:\WINDOWS\Sminst\Recguard.exe [2005-12-20 1187840]
"Reminder"=C:\WINDOWS\Creator\Remind_XP.exe [2006-03-09 806912]
"Scheduler"=C:\WINDOWS\SMINST\Scheduler.exe [2006-02-15 892928]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-04-14 2790472]
"MSSE"=C:\Program Files\Microsoft Security Essentials\msseces.exe [2010-02-21 1093208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-18 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-10-22 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]
C:\Program Files\AdVantage\AdVantage.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2009-04-02 203928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
C:\Program Files\HPQ\Default Settings\cpqset.exe [2006-01-26 172094]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR]
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE [2006-02-14 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-03-23 131072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-09-05 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-10-22 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-03-21 202256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2005-11-08 184320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2007-01-05 204288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^DVD Check.lnk]
C:\PROGRA~1\INTERV~1\DVDCHE~1\DVDCheck.exe [2005-11-08 184320]

C:\Documents and Settings\Roberto\Nabídka Start\Programy\Po spuštění
wwwzuc32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OneCard]
C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll [2005-07-25 40960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
AsWlnPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSetActiveDesktop"=1
"NoActiveDesktopChanges"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoSetActiveDesktop"=
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\SMINST\Scheduler.exe"="C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler "
"C:\GAMES\MOHAA\MOHAA.exe"="C:\GAMES\MOHAA\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault"
"C:\Documents and Settings\Roberto\temp\TeamViewer\Version5\TeamViewer.exe"="C:\Documents and Settings\Roberto\temp\TeamViewer\Version5\TeamViewer.exe:*:Enabled:TeamViewer"
"C:\GAMES\MOHAA\moh_Breakthrough.exe"="C:\GAMES\MOHAA\moh_Breakthrough.exe:*:Enabled:Medal of Honor Allied Assault(tm) Breakthrough"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-05-04 13:01:57 ----D---- C:\Program Files\trend micro
2010-05-04 13:01:50 ----D---- C:\rsit
2010-05-04 12:05:40 ----A---- C:\WINDOWS\system32\muweb.dll
2010-05-04 12:05:39 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2010-05-04 12:05:38 ----A---- C:\WINDOWS\system32\mucltui.dll
2010-05-04 12:05:36 ----D---- C:\WINDOWS\LastGood
2010-05-03 19:39:17 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2010-05-03 19:26:06 ----D---- C:\Program Files\Microsoft Security Essentials
2010-05-03 19:21:02 ----HDC---- C:\WINDOWS\$NtUninstallKB914882$
2010-05-03 18:21:52 ----A---- C:\WINDOWS\system32\16827.exe
2010-05-03 17:41:04 ----A---- C:\WINDOWS\system32\28145.exe
2010-05-03 16:40:26 ----A---- C:\WINDOWS\system32\26962.exe
2010-05-03 14:59:40 ----A---- C:\WINDOWS\system32\26500.exe
2010-05-03 13:51:08 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-05-03 13:50:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-05-03 13:26:16 ----D---- C:\Program Files\Securityessentials2010

======List of files/folders modified in the last 1 months======

2010-05-04 13:01:57 ----RD---- C:\Program Files
2010-05-04 13:01:48 ----D---- C:\WINDOWS\Temp
2010-05-04 12:40:25 ----D---- C:\WINDOWS\system32\drivers
2010-05-04 12:05:41 ----D---- C:\WINDOWS\system32
2010-05-04 12:05:36 ----D---- C:\WINDOWS
2010-05-04 12:05:35 ----HD---- C:\WINDOWS\inf
2010-05-04 11:18:22 ----SD---- C:\WINDOWS\Tasks
2010-05-04 11:14:33 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-04 11:11:30 ----D---- C:\WINDOWS\SMINST
2010-05-04 11:09:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-04 10:01:12 ----RASH---- C:\boot.ini
2010-05-04 10:01:12 ----A---- C:\WINDOWS\win.ini
2010-05-04 10:01:12 ----A---- C:\WINDOWS\system.ini
2010-05-04 10:00:35 ----D---- C:\WINDOWS\pss
2010-05-04 09:43:23 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-05-04 09:12:31 ----HD---- C:\Program Files\InstallShield Installation Information
2010-05-04 09:12:30 ----D---- C:\Program Files\Hewlett-Packard
2010-05-04 08:53:51 ----D---- C:\WINDOWS\system32\config
2010-05-03 19:49:55 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-05-03 19:29:19 ----SHD---- C:\WINDOWS\Installer
2010-05-03 19:27:50 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-05-03 19:26:53 ----D---- C:\WINDOWS\system32\CatRoot
2010-05-03 19:17:00 ----HD---- C:\WINDOWS\$hf_mig$
2010-05-03 19:13:58 ----D---- C:\WINDOWS\WinSxS
2010-05-03 13:50:56 ----D---- C:\Program Files\Alwil Software
2010-05-03 13:28:20 ----D---- C:\WINDOWS\Prefetch
2010-05-01 12:43:54 ----D---- C:\WINDOWS\Minidump
2010-04-23 13:15:21 ----D---- C:\Documents and Settings\Roberto\Data aplikací\Skype
2010-04-23 13:14:59 ----D---- C:\Documents and Settings\Roberto\Data aplikací\skypePM
2010-04-10 19:45:37 ----D---- C:\GAMES

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-04-14 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-04-14 162768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-04-14 46672]
R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2010-05-04 7808]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2010-05-03 39936]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2009-12-02 149040]
R1 VD_FileDisk;VD_FileDisk; C:\WINDOWS\system32\drivers\VD_FileDisk.sys [2006-01-13 15872]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-04-14 19024]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-04-14 100432]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-02-28 176128]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-06-07 152960]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-01-30 1120352]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-18 60800]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-01-19 424320]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-02-09 45312]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2005-09-19 9344]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-18 61824]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-03 192736]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-18 26624]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-18 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-18 20480]
S1 hjlnujok;hjlnujok; \??\C:\WINDOWS\system32\drivers\hjlnujok.sys []
S1 khdzyhmw;khdzyhmw; \??\C:\WINDOWS\system32\drivers\khdzyhmw.sys []
S1 nvnzqwmk;nvnzqwmk; \??\C:\WINDOWS\system32\drivers\nvnzqwmk.sys []
S1 rhhsjhmi;rhhsjhmi; \??\C:\WINDOWS\system32\drivers\rhhsjhmi.sys []
S3 ad2jrlf6;ad2jrlf6; C:\WINDOWS\system32\drivers\ad2jrlf6.sys []
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-04-14 23376]
S3 ATSWPDRV;AuthenTec TruePrint USB Driver (AES2500); C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys [2006-03-30 130432]
S3 b57w2k;Broadcom NetLink (TM) Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2001-10-24 97120]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-01-19 57096]
S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-19 5760]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-12-05 25280]
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2005-12-21 76544]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-10-24 35913]
S3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-01-19 1428096]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ASChannel;Local Communication Channel; C:\WINDOWS\System32\svchost.exe [2004-08-18 14336]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-04-14 40384]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-03-15 135168]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-11-03 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-12-18 73728]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2009-12-09 17904]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe []
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-08 135664]
S2 PCA;PC Angel; C:\WINDOWS\SMINST\PCAngel.exe [2006-01-12 294912]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-04-14 40384]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-04-14 40384]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-10-22 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]

-----------------EOF-----------------

[Caroprd111]

Zdravím


Doporučuji odinstalovat (pokud nepoužíváte) toolbary (lišty) v Přidat nebo odebrat programy.


Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe

• Spusťte, poté do spodního políčka vložte následující skript.

Kód: Vybrat vše

 netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys 
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys 
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys 
cdrom.sys 
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav 
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT 

• Označte položku Pro všechny uživatele.
• Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
• Klikněte na tlačítko Prohledat
• Po dokončení, sem vložte logy OTL.Txt a Extras.txt

[robertoo]

extras.txt:

OTL Extras logfile created on: 4. 5. 2010 14:32:50 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Roberto\Plocha
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041B | Country: Slovensko | Language: SKY | Date Format: d. M. yyyy

759,00 Mb Total Physical Memory | 138,00 Mb Available Physical Memory | 18,00% Memory free
1,00 Gb Paging File | 0,00 Gb Available in Paging File | 40,00% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,32 Gb Total Space | 2,05 Gb Free Space | 4,24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 7,56 Gb Total Space | 1,69 Gb Free Space | 22,37% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MENGELE
Current User Name: Roberto
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Služba Windows Media Player Network Sharing
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Služba Windows Media Player Network Sharing
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Služba Windows Media Player Network Sharing
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Služba Windows Media Player Network Sharing
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Služba Windows Media Player Network Sharing
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Služba Windows Media Player Network Sharing

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Služba Windows Media Player Network Sharing
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Služba Windows Media Player Network Sharing
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Služba Windows Media Player Network Sharing
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Služba Windows Media Player Network Sharing
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Služba Windows Media Player Network Sharing
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Služba Windows Media Player Network Sharing

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler -- ()
"C:\GAMES\MOHAA\MOHAA.exe" = C:\GAMES\MOHAA\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault -- File not found
"C:\Documents and Settings\Roberto\temp\TeamViewer\Version5\TeamViewer.exe" = C:\Documents and Settings\Roberto\temp\TeamViewer\Version5\TeamViewer.exe:*:Enabled:TeamViewer -- (TeamViewer GmbH)
"C:\GAMES\MOHAA\moh_Breakthrough.exe" = C:\GAMES\MOHAA\moh_Breakthrough.exe:*:Enabled:Medal of Honor Allied Assault(tm) Breakthrough -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.00 F1
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = Instalátor programu HP Backup and Recovery Manager
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 E1
"{48CF6549-B45D-4313-9927-EFCCC8A3493F}" = TIPCI
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{5E65E94D-69F2-4850-9E93-6459C53A0F50}" = Microsoft .NET Framework 1.1 Czech Language Pack
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7B1AF68B-4606-4152-9991-1E9D4FF5F0FA}" = Microsoft Antimalware Service CS-CZ Language Pack
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{9011041B-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{914E1AB1-DCA0-4A7D-935F-B58C4B887A2B}" = HP ProtectTools Security Manager 2.00 C3
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{ABB2901A-3D0A-4F21-8324-2F13C3EFE163}" = LightScribe 1.4.62.1
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{AE052EF7-2640-48D7-8915-69B810D975CB}" = HP BIOS Configuration for ProtectTools 2.00 E1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B9F4C05D-E42F-4E9A-A73F-FDD9355319FB}" = HP Credential Manager for ProtectTools
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DB0781F5-06D2-49BB-87B5-00F3B834FC3B}" = HP User Guides 0015
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E0DBC47C-ED3F-4A1B-A929-9A26DAAA14B3}" = Application Installer 4.00.B5
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"avast5" = avast! Free Antivirus
"BSPlayerf" = BS.Player FREE powered by AdVantage
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"CountDown ShutDown PC_is1" = CountDown ShutDown PC
"free-downloads.net Toolbar" = free-downloads.net Toolbar
"Hamachi" = Hamachi 1.0.2.5
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{48CF6549-B45D-4313-9927-EFCCC8A3493F}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Lexicon 4.0" = Lingea Lexicon 2002
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft Security Essentials" = Microsoft Security Essentials
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"PC Wizard 2010_is1" = PC Wizard 2010.1.93
"QIP 2005_is1" = QIP 2005 8080
"RealPlayer 12.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TC UP" = Total Commander Ultima Prime 3.7.0.0
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2891711787-3761379876-4115774906-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 3. 5. 2010 22:54:06 | Computer Name = MENGELE | Source = Microsoft Antimalware | ID = 1008
Description = %%861 – došlo k chybě při provádění akce se spywarem nebo jiným potenciálně
nežádoucím softwarem. Další informace naleznete v následujících položkách: http://go.microsoft.com/fwlink/?linkid= ... 2147571054

Uživatel:
NT AUTHORITY\SYSTEM Název: TrojanDownloader:Win32/Renos ID: 2147571054 Závažnost:
Vážné Kategorie: Trojský stahovací program Cesta: Akce: %%808 Kód chyby: 0x80508023

Popis
chyby: Programu se nepodařilo najít spyware ani jiný potenciálně nežádoucí software
v tomto počítači. Stav: Verze podpisu: AV: 1.81.874.0, AS: 1.81.874.0 Verze stroje:
1.1.5703.0

Error - 4. 5. 2010 2:26:07 | Computer Name = MENGELE | Source = Dhcp | ID = 1002
Description = Zapůjčení adresy IP 192.168.1.2 pro síťovou kartu s adresou 0014A5AF09E1
byla serverem DHCP 192.168.1.1 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).

Error - 4. 5. 2010 2:56:58 | Computer Name = MENGELE | Source = Dhcp | ID = 1002
Description = Zapůjčení adresy IP 192.168.1.2 pro síťovou kartu s adresou 0014A5AF09E1
byla serverem DHCP 192.168.1.1 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).

Error - 4. 5. 2010 3:00:28 | Computer Name = MENGELE | Source = Service Control Manager | ID = 7000
Description = Služba avast! iAVS4 Control Service neuspěla při spuštění v důsledku
následující chyby: %%2

Error - 4. 5. 2010 3:35:01 | Computer Name = MENGELE | Source = Dhcp | ID = 1002
Description = Zapůjčení adresy IP 192.168.1.2 pro síťovou kartu s adresou 0014A5AF09E1
byla serverem DHCP 192.168.1.1 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).

Error - 4. 5. 2010 3:38:23 | Computer Name = MENGELE | Source = Service Control Manager | ID = 7000
Description = Služba avast! iAVS4 Control Service neuspěla při spuštění v důsledku
následující chyby: %%2

Error - 4. 5. 2010 5:06:48 | Computer Name = MENGELE | Source = Service Control Manager | ID = 7031
Description = Služba Spouštěč procesů serveru DCOM byla nečekaně ukončena. Stalo
se to 1 krát. Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat
počítač.

Error - 4. 5. 2010 5:06:48 | Computer Name = MENGELE | Source = Service Control Manager | ID = 7034
Description = Služba Terminálová služba byla neočekávaně ukončena. Tento stav nastal
již 1krát.

Error - 4. 5. 2010 5:11:07 | Computer Name = MENGELE | Source = Dhcp | ID = 1002
Description = Zapůjčení adresy IP 192.168.1.2 pro síťovou kartu s adresou 0014A5AF09E1
byla serverem DHCP 192.168.1.1 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).

Error - 4. 5. 2010 5:14:14 | Computer Name = MENGELE | Source = Service Control Manager | ID = 7000
Description = Služba avast! iAVS4 Control Service neuspěla při spuštění v důsledku
následující chyby: %%2


< End of report >

[robertoo]

otl.txt:

OTL logfile created on: 4. 5. 2010 14:32:50 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Roberto\Plocha
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041B | Country: Slovensko | Language: SKY | Date Format: d. M. yyyy

759,00 Mb Total Physical Memory | 138,00 Mb Available Physical Memory | 18,00% Memory free
1,00 Gb Paging File | 0,00 Gb Available in Paging File | 40,00% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,32 Gb Total Space | 2,05 Gb Free Space | 4,24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 7,56 Gb Total Space | 1,69 Gb Free Space | 22,37% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MENGELE
Current User Name: Roberto
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.05.04 14:30:46 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Roberto\Plocha\OTL.exe
PRC - [2010.04.14 18:54:35 | 002,519,064 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\Setup\avast.setup
PRC - [2010.04.14 18:47:08 | 002,790,472 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010.04.14 18:47:05 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010.02.21 05:03:12 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2009.12.09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009.10.22 20:50:28 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2006.02.15 16:43:16 | 000,892,928 | ---- | M] () -- C:\WINDOWS\SMINST\Scheduler.exe
PRC - [2005.12.23 12:44:26 | 000,491,606 | ---- | M] () -- C:\Program Files\HPQ\Shared\HpqToaster.exe
PRC - [2005.06.29 21:06:54 | 000,043,008 | ---- | M] (Cognizance Corporation) -- C:\Program Files\HPQ\IAM\Bin\asghost.exe
PRC - [2005.05.20 10:11:06 | 000,925,696 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2004.08.18 10:00:00 | 001,032,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010.05.04 14:30:46 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Roberto\Plocha\OTL.exe
MOD - [2004.08.18 10:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004.08.18 10:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (aswUpdSv)
SRV - [2010.04.14 18:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010.04.14 18:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010.04.14 18:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009.12.09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)


========== Driver Services (SafeList) ==========

DRV - [2010.05.04 12:40:26 | 000,030,784 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\khdzyhmw.sys -- (khdzyhmw)
DRV - [2010.05.04 11:47:39 | 000,030,784 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\rhhsjhmi.sys -- (rhhsjhmi)
DRV - [2010.05.04 11:27:02 | 000,030,784 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\hjlnujok.sys -- (hjlnujok)
DRV - [2010.05.04 04:53:35 | 000,007,808 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2010.05.04 04:53:34 | 000,125,184 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftdisk.sys -- (Ftdisk)
DRV - [2010.05.04 04:53:33 | 000,052,352 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2010.05.04 04:53:32 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\RDPCDD.sys -- (RDPCDD)
DRV - [2010.05.04 04:53:31 | 000,058,240 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2010.05.03 19:56:45 | 000,039,936 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm)
DRV - [2010.04.14 18:35:47 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010.04.14 18:35:25 | 000,162,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010.04.14 18:31:39 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010.04.14 18:31:12 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010.04.14 18:31:01 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.04.14 18:30:45 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009.12.07 23:31:09 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.12.05 21:15:28 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.12.02 15:23:40 | 000,149,040 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2009.10.19 08:05:26 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2006.03.30 14:39:48 | 000,130,432 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (AES2500)
DRV - [2006.03.03 18:31:48 | 000,192,736 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006.02.28 15:36:20 | 000,176,128 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2006.02.09 03:00:04 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006.01.30 03:00:04 | 001,120,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.01.19 15:50:40 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2006.01.19 15:50:14 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006.01.19 09:45:00 | 000,057,096 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006.01.13 15:00:52 | 000,015,872 | ---- | M] (Flint Incorporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\vd_filedisk.sys -- (VD_FileDisk)
DRV - [2005.10.12 14:07:12 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005.09.19 13:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\eabusb.sys -- (eabusb)
DRV - [2005.09.19 13:24:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005.01.07 17:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004.08.03 23:00:14 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\changer.sys -- (Changer)
DRV - [2004.08.03 22:59:34 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2001.10.24 12:04:44 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001.10.24 11:46:48 | 000,097,120 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) Broadcom NetLink (TM)
DRV - [2001.08.17 16:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2891711787-3761379876-4115774906-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
IE - HKU\S-1-5-21-2891711787-3761379876-4115774906-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKU\S-1-5-21-2891711787-3761379876-4115774906-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2891711787-3761379876-4115774906-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2891711787-3761379876-4115774906-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2891711787-3761379876-4115774906-1006\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2891711787-3761379876-4115774906-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2004.08.18 10:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (HP Credential Manager for ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll (Infineon Technologies AG)
O2 - BHO: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2891711787-3761379876-4115774906-1006\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2891711787-3761379876-4115774906-1006\..\Toolbar\WebBrowser: (free-downloads.net Toolbar) - {ECDEE021-0D17-467F-A1FF-C7A115230949} - C:\Program Files\free-downloads.net\tbfre0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\HPQ\IAM\Bin\AsTsVcc.dll (Cognizance Corporation)
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe ()
O4 - HKLM..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe ()
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKU\S-1-5-21-2891711787-3761379876-4115774906-1006..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\Roberto\Nabídka Start\Programy\Po spuštění\wwwzuc32.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2891711787-3761379876-4115774906-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2891711787-3761379876-4115774906-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-21-2891711787-3761379876-4115774906-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O15 - HKLM\..Trusted Domains: buy-security-essentials.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: get-key-se10.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2891711787-3761379876-4115774906-1006\..Trusted Domains: buy-security-essentials.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2891711787-3761379876-4115774906-1006\..Trusted Domains: download-soft-package.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2891711787-3761379876-4115774906-1006\..Trusted Domains: download-software-package.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2891711787-3761379876-4115774906-1006\..Trusted Domains: get-key-se10.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2891711787-3761379876-4115774906-1006\..Trusted Domains: is-software-download.com ([]http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\OneCard: DllName - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll (Cognizance Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop BackupWallPaper: C:\WINDOWS\HP Cityscape.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001.07.27 23:07:00 | 000,000,000 | -HS- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004.04.30 15:01:00 | 000,000,053 | -HS- | M] () - E:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009.10.23 04:48:27 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (55745656140070912)

========== Files/Folders - Created Within 30 Days ==========

[2010.05.04 14:30:43 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Roberto\Plocha\OTL.exe
[2010.05.04 13:14:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.05.04 13:01:57 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.05.04 13:01:50 | 000,000,000 | ---D | C] -- C:\rsit
[2010.05.04 12:40:25 | 000,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\khdzyhmw.sys
[2010.05.04 12:05:39 | 000,017,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010.05.04 12:05:38 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010.05.04 12:05:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010.05.04 11:47:39 | 000,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rhhsjhmi.sys
[2010.05.04 11:27:01 | 000,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hjlnujok.sys
[2010.05.03 19:45:00 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys
[2010.05.03 19:43:15 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\changer.sys
[2010.05.03 19:39:17 | 000,181,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010.05.03 19:26:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010.05.03 19:01:19 | 011,902,560 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Roberto\Dokumenty\mssefullinstall-x86fre-cs-cz-xp.exe
[2010.05.03 17:41:04 | 000,095,744 | ---- | C] (The PHP Group) -- C:\WINDOWS\System32\28145.exe
[2010.05.03 13:54:20 | 000,162,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010.05.03 13:54:20 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010.05.03 13:54:20 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010.05.03 13:54:20 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010.05.03 13:54:20 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010.05.03 13:54:20 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010.05.03 13:54:20 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010.05.03 13:51:08 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010.05.03 13:51:08 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010.05.03 13:50:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2010.05.03 13:26:16 | 000,000,000 | ---D | C] -- C:\Program Files\Securityessentials2010
[109 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.05.04 14:59:31 | 000,000,374 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2010.05.04 14:30:46 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Roberto\Plocha\OTL.exe
[2010.05.04 14:30:11 | 000,001,000 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.05.04 12:40:26 | 000,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\khdzyhmw.sys
[2010.05.04 11:47:39 | 000,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rhhsjhmi.sys
[2010.05.04 11:27:02 | 000,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hjlnujok.sys
[2010.05.04 11:18:23 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010.05.04 11:13:09 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.05.04 11:10:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.05.04 11:10:42 | 796,315,648 | -HS- | M] () -- C:\hiberfil.sys
[2010.05.04 11:09:22 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\Roberto\ntuser.ini
[2010.05.04 11:09:21 | 003,670,016 | -H-- | M] () -- C:\Documents and Settings\Roberto\NTUSER.DAT
[2010.05.04 11:09:04 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\Roberto\Local Settings\Data aplikací\IconCache.db
[2010.05.04 10:01:12 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.05.04 10:01:12 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.05.04 10:01:12 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010.05.04 09:43:29 | 000,383,452 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.05.04 09:43:29 | 000,382,436 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.05.04 09:43:29 | 000,053,806 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.05.04 09:43:28 | 000,063,000 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.05.04 09:43:23 | 000,892,370 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.05.04 04:53:35 | 000,007,808 | ---- | M] () -- C:\WINDOWS\System32\drivers\eabfiltr.sys
[2010.05.04 04:53:34 | 000,125,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\ftdisk.sys
[2010.05.04 04:53:33 | 000,052,352 | ---- | M] () -- C:\WINDOWS\System32\drivers\i8042prt.sys
[2010.05.04 04:53:32 | 000,004,224 | ---- | M] () -- C:\WINDOWS\System32\drivers\RDPCDD.sys
[2010.05.04 04:53:31 | 000,058,240 | ---- | M] () -- C:\WINDOWS\System32\drivers\redbook.sys
[2010.05.04 04:30:12 | 000,000,996 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.05.03 20:27:25 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2891711787-3761379876-4115774906-1006.job
[2010.05.03 20:16:29 | 000,004,278 | ---- | M] () -- C:\WINDOWS\System32\warnings.html
[2010.05.03 19:56:45 | 000,039,936 | ---- | M] () -- C:\WINDOWS\System32\drivers\intelppm.sys
[2010.05.03 19:26:28 | 000,000,832 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Microsoft Security Essentials.lnk
[2010.05.03 19:12:21 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.05.03 19:01:31 | 011,902,560 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Roberto\Dokumenty\mssefullinstall-x86fre-cs-cz-xp.exe
[2010.05.03 18:21:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16827.exe
[2010.05.03 17:41:05 | 000,095,744 | ---- | M] (The PHP Group) -- C:\WINDOWS\System32\28145.exe
[2010.05.03 16:40:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26962.exe
[2010.05.03 14:59:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe
[2010.05.03 13:54:21 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\avast! Free Antivirus.lnk
[2010.05.03 13:54:20 | 000,002,553 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010.05.03 13:33:38 | 000,000,016 | ---- | M] () -- C:\Documents and Settings\Roberto\Data aplikací\qvjsge.dat
[2010.05.03 13:24:57 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Roberto\Data aplikací\avdrn.dat
[2010.04.23 13:14:42 | 000,002,275 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[2010.04.14 18:47:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010.04.14 18:47:03 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010.04.14 18:35:47 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010.04.14 18:35:25 | 000,162,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010.04.14 18:31:39 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010.04.14 18:31:12 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010.04.14 18:31:09 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010.04.14 18:31:01 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010.04.14 18:30:45 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010.04.10 19:06:46 | 009,042,188 | ---- | M] () -- C:\Documents and Settings\Roberto\Plocha\prirucka.pdf
[109 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.05.03 19:40:12 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010.05.03 19:40:10 | 000,000,374 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2010.05.03 19:26:27 | 000,000,832 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Microsoft Security Essentials.lnk
[2010.05.03 18:21:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\16827.exe
[2010.05.03 16:40:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\26962.exe
[2010.05.03 14:59:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\26500.exe
[2010.05.03 13:54:21 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\avast! Free Antivirus.lnk
[2010.05.03 13:33:36 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\Roberto\Data aplikací\qvjsge.dat
[2010.05.03 13:25:17 | 000,004,278 | ---- | C] () -- C:\WINDOWS\System32\warnings.html
[2010.05.03 13:25:05 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\NetworkService\Data aplikací\qvjsge.dat
[2010.05.03 13:24:57 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Roberto\Data aplikací\avdrn.dat
[2010.04.10 19:06:45 | 009,042,188 | ---- | C] () -- C:\Documents and Settings\Roberto\Plocha\prirucka.pdf
[2010.02.23 14:03:13 | 000,327,168 | ---- | C] () -- C:\WINDOWS\System32\cutil32.dll
[2010.01.29 15:10:21 | 000,000,382 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.12.24 22:17:47 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.12.07 23:31:08 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.10.22 20:12:00 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009.10.22 20:12:00 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009.10.22 20:12:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009.10.22 20:12:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009.10.22 20:12:00 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009.10.22 20:12:00 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006.04.28 20:50:49 | 000,007,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\eabfiltr.sys
[2006.04.28 20:39:57 | 000,000,172 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006.04.28 20:38:36 | 000,029,516 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006.04.28 20:19:50 | 000,058,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\redbook.sys
[2005.10.14 12:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 12:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 12:56:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 12:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 12:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 12:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 12:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 12:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2004.09.08 12:26:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004.08.18 10:00:00 | 000,125,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\ftdisk.sys
[2004.08.18 10:00:00 | 000,052,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\i8042prt.sys
[2004.08.18 10:00:00 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\drivers\intelppm.sys
[2004.08.18 10:00:00 | 000,028,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004.08.18 10:00:00 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\RDPCDD.sys
[2004.06.01 11:39:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2003.04.07 12:38:32 | 000,005,746 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1998.05.07 04:10:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.dll

========== LOP Check ==========

[2010.05.03 13:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2006.09.22 01:43:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Data aplikací\SampleView
[2009.12.04 18:39:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roberto\Data aplikací\BSplayer
[2009.12.04 18:38:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roberto\Data aplikací\BSplayer Pro
[2010.02.12 17:38:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roberto\Data aplikací\GetRightToGo
[2010.01.29 14:55:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roberto\Data aplikací\HEXelon
[2006.09.22 01:43:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roberto\Data aplikací\SampleView
[2009.12.06 23:02:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roberto\Data aplikací\TeamViewer
[2010.05.04 11:18:23 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010.05.04 14:59:31 | 000,000,374 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2004.08.18 10:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation)
"swg" = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -- [2009.10.22 20:50:28 | 000,068,856 | ---- | M] (Google Inc.)

< c:\windows\*.* /U >

< %SYSTEMDRIVE%\*.exe >
[2009.11.22 22:14:48 | 025,635,800 | -H-- | M] ( ) -- C:\Adobe.Reader.v9.2.0.SK.exe

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2009.10.24 12:46:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roberto\Data aplikací\Adobe
[2009.12.12 17:05:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roberto\Data aplikací\AdobeUM
[2009.12.04 18:39:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roberto\Data aplikací\BSplayer
[2009.12.04 18:38:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roberto\Data aplikací\BSplayer Pro
[2010.02.12 17:38:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roberto\Data aplikací\GetRightToGo
[2009.10.22 21:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roberto\Data aplikací\Google
[2009.12.20 15:25:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roberto\Data aplikací\Hamachi
[2009.12.06 16:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roberto\Data aplikací\Help
[2010.01.29 14:55:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roberto\Data aplikací\HEXelon
[2006.09.22 01:43:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roberto\Data aplikací\Identities
[2009.10.22 21:25:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roberto\Data aplikací\Macromedia
[2010.02.03 20:32:13 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Roberto\Data aplikací\Microsoft
[2010.03.08 10:43:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roberto\Data aplikací\Real
[2006.09.22 01:43:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roberto\Data aplikací\SampleView
[2010.04.23 13:15:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roberto\Data aplikací\Skype
[2010.04.23 13:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roberto\Data aplikací\skypePM
[2009.11.03 14:16:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roberto\Data aplikací\Sun
[2009.12.06 23:02:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roberto\Data aplikací\TeamViewer
[2009.12.07 22:58:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roberto\Data aplikací\U3

< %APPDATA%\*.exe /s >
[2006.08.15 11:15:04 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Roberto\Data aplikací\U3\temp\cleanup.exe


< MD5 for: AGP440.SYS >
[2004.08.18 15:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004.08.18 10:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004.08.18 10:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\i386\sp2.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\agp440.sys

< MD5 for: ATAPI.SYS >
[2004.08.18 15:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004.08.18 10:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004.08.18 10:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\i386\sp2.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\atapi.sys
[2004.08.03 17:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: CDROM.SYS >
[2004.08.18 15:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\I386\sp2.cab:cdrom.sys
[2004.08.18 10:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2004.08.18 10:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\i386\sp2.cab:cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\cdrom.sys
[2004.08.18 10:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\drivers\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2004.08.18 10:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\eventlog.dll
[2004.08.18 10:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\explorer.exe
[2004.08.18 10:00:00 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\explorer.exe
[2007.06.13 15:23:39 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=ED7B460B142A32097B8A8F6ECC941815 -- C:\My Backup -- 22-10-09 1832\WINDOWS\explorer.exe
[2007.06.13 15:23:39 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=ED7B460B142A32097B8A8F6ECC941815 -- C:\My Backup -- 22-10-09 1832\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: HAL.DLL >
[2004.08.18 15:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\I386\sp2.cab:hal.dll
[2004.08.18 10:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2004.08.18 10:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\i386\sp2.cab:hal.dll
[2004.11.16 03:37:04 | 000,134,272 | ---- | M] (Microsoft Corporation) MD5=417BD7E8FB59F811C134F63FD1992058 -- C:\WINDOWS\$NtUninstallKB896256$\hal.dll
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\hal.dll
[2005.09.29 01:35:25 | 000,134,272 | ---- | M] (Microsoft Corporation) MD5=A3961B9456DE472D2F152C9DE950FFA5 -- C:\WINDOWS\system32\HAL.DLL
[2004.11.16 03:37:04 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=BE7A7927F3BE8068C81577771D33762F -- C:\WINDOWS\Driver Cache\i386\hal.dll
[2004.08.03 22:59:14 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- C:\WINDOWS\$NtUninstallKB889673$\hal.dll

< MD5 for: CHANGER.SYS >
[2004.08.18 15:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\I386\sp2.cab:Changer.sys
[2004.08.18 10:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2004.08.18 10:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\i386\sp2.cab:Changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\changer.sys
[2004.08.03 23:00:14 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=DAF1A8193B6CAF0FB858CADCC5C4AF4A -- C:\WINDOWS\system32\drivers\changer.sys

< MD5 for: IASTOR.SYS >
[2005.10.12 14:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\SwSetup\HDD\iastor.sys
[2005.10.12 14:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: ISAPNP.SYS >
[2001.10.24 06:44:12 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\drivers\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\isapnp.sys

< MD5 for: LSASS.EXE >
[2004.08.18 10:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\ndis.sys
[2004.08.18 10:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtUninstallKB912436$\ndis.sys
[2006.01.10 03:01:06 | 000,182,528 | ---- | M] (Microsoft Corporation) MD5=AA898F84D2B59129FB92E143A2C73434 -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\My Backup -- 22-10-09 1832\WINDOWS\system32\dllcache\netlogon.dll
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\My Backup -- 22-10-09 1832\WINDOWS\system32\netlogon.dll
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004.08.18 10:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004.08.18 10:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.18 10:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\smss.exe
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\smss.exe
[2004.08.18 15:00:00 | 000,481,792 | ---- | M] (Microsoft Corporation) MD5=CB56F803D2CAF6B3F32E82D2F73F4B3A -- C:\I386\SYSTEM32\SMSS.EXE

< MD5 for: SVCHOST.EXE >
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\svchost.exe
[2004.08.18 10:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\My Backup -- 22-10-09 1832\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\My Backup -- 22-10-09 1832\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\system32\drivers\tcpip.sys
[2006.01.13 19:07:08 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=5562CC0A47B2AEF06D3417B733F3C195 -- C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[2006.01.13 04:28:14 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=583E063FDC888CA30D05C2724B0D7EF4 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2005.05.25 21:07:12 | 000,359,936 | ---- | M] (Microsoft Corporation) MD5=63FDFEA54EB53DE2D863EE454937CE1E -- C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2005.05.25 21:04:02 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=88763A98A4C26C409741B4AA162720C9 -- C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2004.08.18 10:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\userinit.exe
[2004.08.18 10:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.18 10:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\winlogon.exe

< MD5 for: WS2_32.DLL >
[2004.08.18 10:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\system32\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009.03.08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009.03.08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[109 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009.12.07 23:31:09 | 000,721,904 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2004.09.08 14:00:50 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004.09.08 14:00:50 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004.09.08 14:00:50 | 000,471,040 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[2009.03.08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009.03.08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2004.08.18 10:00:00 | 000,087,040 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mprapi.dll
[109 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >
[2010.05.04 04:53:35 | 000,007,808 | ---- | M] () -- C:\WINDOWS\system32\drivers\eabfiltr.sys
[2010.05.04 04:53:34 | 000,125,184 | ---- | M] () -- C:\WINDOWS\system32\drivers\ftdisk.sys
[2010.05.04 11:27:02 | 000,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hjlnujok.sys
[2010.05.04 04:53:33 | 000,052,352 | ---- | M] () -- C:\WINDOWS\system32\drivers\i8042prt.sys
[2010.05.03 19:56:45 | 000,039,936 | ---- | M] () -- C:\WINDOWS\system32\drivers\intelppm.sys
[2010.05.04 12:40:26 | 000,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\khdzyhmw.sys
[2010.05.04 04:53:32 | 000,004,224 | ---- | M] () -- C:\WINDOWS\system32\drivers\RDPCDD.sys
[2010.05.04 04:53:31 | 000,058,240 | ---- | M] () -- C:\WINDOWS\system32\drivers\redbook.sys
[2010.05.04 11:47:39 | 000,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rhhsjhmi.sys

< %systemroot%\system32\*.* /3 >
[2010.05.03 18:21:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\system32\16827.exe
[2010.05.03 14:59:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\system32\26500.exe
[2010.05.03 16:40:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\system32\26962.exe
[2010.05.03 17:41:05 | 000,095,744 | ---- | M] (The PHP Group) -- C:\WINDOWS\system32\28145.exe
[2010.05.03 13:54:20 | 000,002,553 | ---- | M] () -- C:\WINDOWS\system32\CONFIG.NT
[2010.05.04 11:10:52 | 000,033,000 | ---- | M] () -- C:\WINDOWS\system32\lsass.log
[2010.05.04 09:43:28 | 000,063,000 | ---- | M] () -- C:\WINDOWS\system32\perfc005.dat
[2010.05.04 09:43:29 | 000,053,806 | ---- | M] () -- C:\WINDOWS\system32\perfc009.dat
[2010.05.04 09:43:29 | 000,382,436 | ---- | M] () -- C:\WINDOWS\system32\perfh005.dat
[2010.05.04 09:43:29 | 000,383,452 | ---- | M] () -- C:\WINDOWS\system32\perfh009.dat
[2010.05.04 09:43:23 | 000,892,370 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI
[2010.05.03 20:16:29 | 000,004,278 | ---- | M] () -- C:\WINDOWS\system32\warnings.html
[2010.05.03 19:12:21 | 000,001,158 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[109 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

========== Alternate Data Streams ==========

@Alternate Data Stream - 522 bytes -> C:\WINDOWS\System32\drivers\khdzyhmw.sys:changelist
@Alternate Data Stream - 356 bytes -> C:\WINDOWS\System32\drivers\rhhsjhmi.sys:changelist
@Alternate Data Stream - 356 bytes -> C:\WINDOWS\System32\drivers\hjlnujok.sys:changelist
< End of report >

[Caroprd111]

Spusťte OTL a do spodního okna vložte následující skript.

Kód: Vybrat vše

:OTL
SRV - File not found [Auto | Stopped] -- -- (aswUpdSv)
O4 - Startup: C:\Documents and Settings\Roberto\Nabídka Start\Programy\Po spuštění\wwwzuc32.exe ()
O15 - HKLM\..Trusted Domains: buy-security-essentials.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: get-key-se10.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2891711787-3761379876-4115774906-1006\..Trusted Domains: buy-security-essentials.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2891711787-3761379876-4115774906-1006\..Trusted Domains: download-soft-package.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2891711787-3761379876-4115774906-1006\..Trusted Domains: download-software-package.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2891711787-3761379876-4115774906-1006\..Trusted Domains: get-key-se10.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2891711787-3761379876-4115774906-1006\..Trusted Domains: is-software-download.com ([]http in Trusted sites)
[2010.05.04 12:40:25 | 000,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\khdzyhmw.sys
[2010.05.04 11:47:39 | 000,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rhhsjhmi.sys
[2010.05.04 11:27:01 | 000,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hjlnujok.sys
[2010.05.03 17:41:04 | 000,095,744 | ---- | C] (The PHP Group) -- C:\WINDOWS\System32\28145.exe
[2010.05.03 13:26:16 | 000,000,000 | ---D | C] -- C:\Program Files\Securityessentials2010
[109 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2010.05.03 18:21:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16827.exe
[2010.05.03 16:40:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26962.exe
[2010.05.03 14:59:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe
[2010.05.03 13:33:38 | 000,000,016 | ---- | M] () -- C:\Documents and Settings\Roberto\Data aplikací\qvjsge.dat
[2010.05.03 13:24:57 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Roberto\Data aplikací\avdrn.dat
[2010.05.03 13:25:05 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\NetworkService\Data aplikací\qvjsge.dat
@Alternate Data Stream - 522 bytes -> C:\WINDOWS\System32\drivers\khdzyhmw.sys:changelist
@Alternate Data Stream - 356 bytes -> C:\WINDOWS\System32\drivers\rhhsjhmi.sys:changelist
@Alternate Data Stream - 356 bytes -> C:\WINDOWS\System32\drivers\hjlnujok.sys:changelist

:Commands
[EMPTYTEMP] 
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[CREATERESTOREPOINT]

Poté klikněte na Opravit, PC se restartuje, log vložte sem.

[robertoo]

Po restarte mi vyhodilo toto txt:

Kód: Vybrat vše

  
All processes killed
========== OTL ==========
Service aswUpdSv stopped successfully!
Service aswUpdSv deleted successfully!
File move failed. C:\Documents and Settings\Roberto\Nabídka Start\Programy\Po spuštění\wwwzuc32.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-security-essentials.com\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\get-key-se10.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2891711787-3761379876-4115774906-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-security-essentials.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2891711787-3761379876-4115774906-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-soft-package.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2891711787-3761379876-4115774906-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-software-package.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2891711787-3761379876-4115774906-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\get-key-se10.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2891711787-3761379876-4115774906-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\is-software-download.com\ deleted successfully.
File C:\WINDOWS\System32\drivers\khdzyhmw.sys not found.
File C:\WINDOWS\System32\drivers\rhhsjhmi.sys not found.
File C:\WINDOWS\System32\drivers\hjlnujok.sys not found.
File C:\WINDOWS\System32\28145.exe not found.
C:\Program Files\Securityessentials2010 folder moved successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET1232.tmp deleted successfully.
C:\WINDOWS\System32\SET1238.tmp deleted successfully.
C:\WINDOWS\System32\SET1239.tmp deleted successfully.
C:\WINDOWS\System32\SET1240.tmp deleted successfully.
C:\WINDOWS\System32\SET1244.tmp deleted successfully.
C:\WINDOWS\System32\SET1245.tmp deleted successfully.
C:\WINDOWS\System32\SET1246.tmp deleted successfully.
C:\WINDOWS\System32\SET1247.tmp deleted successfully.
C:\WINDOWS\System32\SET1248.tmp deleted successfully.
C:\WINDOWS\System32\SET1249.tmp deleted successfully.
C:\WINDOWS\System32\SET124A.tmp deleted successfully.
C:\WINDOWS\System32\SET1587.tmp deleted successfully.
C:\WINDOWS\System32\SET158C.tmp deleted successfully.
C:\WINDOWS\System32\SET158D.tmp deleted successfully.
C:\WINDOWS\System32\SET1594.tmp deleted successfully.
C:\WINDOWS\System32\SET1598.tmp deleted successfully.
C:\WINDOWS\System32\SET1599.tmp deleted successfully.
C:\WINDOWS\System32\SET159A.tmp deleted successfully.
C:\WINDOWS\System32\SET159B.tmp deleted successfully.
C:\WINDOWS\System32\SET159C.tmp deleted successfully.
C:\WINDOWS\System32\SET159D.tmp deleted successfully.
C:\WINDOWS\System32\SET159E.tmp deleted successfully.
C:\WINDOWS\System32\SET1BC1.tmp deleted successfully.
C:\WINDOWS\System32\SET1BC6.tmp deleted successfully.
C:\WINDOWS\System32\SET1BC7.tmp deleted successfully.
C:\WINDOWS\System32\SET1BCE.tmp deleted successfully.
C:\WINDOWS\System32\SET1BD2.tmp deleted successfully.
C:\WINDOWS\System32\SET1BD3.tmp deleted successfully.
C:\WINDOWS\System32\SET1BD4.tmp deleted successfully.
C:\WINDOWS\System32\SET1BD5.tmp deleted successfully.
C:\WINDOWS\System32\SET1BD6.tmp deleted successfully.
C:\WINDOWS\System32\SET1BD7.tmp deleted successfully.
C:\WINDOWS\System32\SET1BD8.tmp deleted successfully.
C:\WINDOWS\System32\SET29B4.tmp deleted successfully.
C:\WINDOWS\System32\SET29B9.tmp deleted successfully.
C:\WINDOWS\System32\SET29BA.tmp deleted successfully.
C:\WINDOWS\System32\SET29C1.tmp deleted successfully.
C:\WINDOWS\System32\SET29C5.tmp deleted successfully.
C:\WINDOWS\System32\SET29C6.tmp deleted successfully.
C:\WINDOWS\System32\SET29C7.tmp deleted successfully.
C:\WINDOWS\System32\SET29C8.tmp deleted successfully.
C:\WINDOWS\System32\SET29C9.tmp deleted successfully.
C:\WINDOWS\System32\SET29CA.tmp deleted successfully.
C:\WINDOWS\System32\SET29CB.tmp deleted successfully.
C:\WINDOWS\System32\SET2CA7.tmp deleted successfully.
C:\WINDOWS\System32\SET2CAC.tmp deleted successfully.
C:\WINDOWS\System32\SET2CAD.tmp deleted successfully.
C:\WINDOWS\System32\SET2CB4.tmp deleted successfully.
C:\WINDOWS\System32\SET3369.tmp deleted successfully.
C:\WINDOWS\System32\SET336E.tmp deleted successfully.
C:\WINDOWS\System32\SET336F.tmp deleted successfully.
C:\WINDOWS\System32\SET3376.tmp deleted successfully.
C:\WINDOWS\System32\SET399D.tmp deleted successfully.
C:\WINDOWS\System32\SET39A2.tmp deleted successfully.
C:\WINDOWS\System32\SET39A3.tmp deleted successfully.
C:\WINDOWS\System32\SET39AA.tmp deleted successfully.
C:\WINDOWS\System32\SET39F8.tmp deleted successfully.
C:\WINDOWS\System32\SET39FD.tmp deleted successfully.
C:\WINDOWS\System32\SET39FE.tmp deleted successfully.
C:\WINDOWS\System32\SET3A05.tmp deleted successfully.
C:\WINDOWS\System32\SET3A09.tmp deleted successfully.
C:\WINDOWS\System32\SET3A0A.tmp deleted successfully.
C:\WINDOWS\System32\SET3A0B.tmp deleted successfully.
C:\WINDOWS\System32\SET3A0C.tmp deleted successfully.
C:\WINDOWS\System32\SET3A0D.tmp deleted successfully.
C:\WINDOWS\System32\SET3A0F.tmp deleted successfully.
C:\WINDOWS\System32\SET3C6.tmp deleted successfully.
C:\WINDOWS\System32\SET3EB.tmp deleted successfully.
C:\WINDOWS\System32\SET3ED.tmp deleted successfully.
C:\WINDOWS\System32\SET411.tmp deleted successfully.
C:\WINDOWS\System32\SET429.tmp deleted successfully.
C:\WINDOWS\System32\SET432.tmp deleted successfully.
C:\WINDOWS\System32\SET433.tmp deleted successfully.
C:\WINDOWS\System32\SET434.tmp deleted successfully.
C:\WINDOWS\System32\SET435.tmp deleted successfully.
C:\WINDOWS\System32\SET436.tmp deleted successfully.
C:\WINDOWS\System32\SET43B.tmp deleted successfully.
C:\WINDOWS\System32\SET443.tmp deleted successfully.
C:\WINDOWS\System32\SET445.tmp deleted successfully.
C:\WINDOWS\System32\SET464.tmp deleted successfully.
C:\WINDOWS\System32\SET466.tmp deleted successfully.
C:\WINDOWS\System32\SET49F.tmp deleted successfully.
C:\WINDOWS\System32\SET4A1.tmp deleted successfully.
C:\WINDOWS\System32\SET4B9.tmp deleted successfully.
C:\WINDOWS\System32\SET4BE.tmp deleted successfully.
C:\WINDOWS\System32\SET4D2.tmp deleted successfully.
C:\WINDOWS\System32\SET4D3.tmp deleted successfully.
C:\WINDOWS\System32\SET4D4.tmp deleted successfully.
C:\WINDOWS\System32\SET4D5.tmp deleted successfully.
C:\WINDOWS\System32\SET4DA.tmp deleted successfully.
C:\WINDOWS\System32\SET4E4.tmp deleted successfully.
C:\WINDOWS\System32\SET52A.tmp deleted successfully.
C:\WINDOWS\System32\SET52F.tmp deleted successfully.
C:\WINDOWS\System32\SET530.tmp deleted successfully.
C:\WINDOWS\System32\SET531.tmp deleted successfully.
C:\WINDOWS\System32\SET532.tmp deleted successfully.
C:\WINDOWS\System32\SET533.tmp deleted successfully.
C:\WINDOWS\System32\SETEEE.tmp deleted successfully.
C:\WINDOWS\System32\SETF0F.tmp deleted successfully.
C:\WINDOWS\System32\SETF10.tmp deleted successfully.
C:\WINDOWS\System32\SETF30.tmp deleted successfully.
C:\WINDOWS\System32\SETF48.tmp deleted successfully.
C:\WINDOWS\System32\SETF49.tmp deleted successfully.
C:\WINDOWS\System32\SETF4B.tmp deleted successfully.
C:\WINDOWS\System32\SETF4D.tmp deleted successfully.
C:\WINDOWS\System32\SETF4E.tmp deleted successfully.
C:\WINDOWS\System32\SETF50.tmp deleted successfully.
C:\WINDOWS\System32\SETF52.tmp deleted successfully.
C:\WINDOWS\system32\16827.exe moved successfully.
C:\WINDOWS\system32\26962.exe moved successfully.
C:\WINDOWS\system32\26500.exe moved successfully.
C:\Documents and Settings\Roberto\Data aplikací\qvjsge.dat moved successfully.
C:\Documents and Settings\Roberto\Data aplikací\avdrn.dat moved successfully.
C:\Documents and Settings\NetworkService\Data aplikací\qvjsge.dat moved successfully.
Unable to delete ADS C:\WINDOWS\System32\drivers\khdzyhmw.sys:changelist .
Unable to delete ADS C:\WINDOWS\System32\drivers\rhhsjhmi.sys:changelist .
Unable to delete ADS C:\WINDOWS\System32\drivers\hjlnujok.sys:changelist .
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
 
User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 6025679 bytes
 
User: NetworkService
->Temp folder emptied: 58734 bytes
->Temporary Internet Files folder emptied: 627301 bytes
 
User: Roberto
->Temp folder emptied: 81659878 bytes
->Temporary Internet Files folder emptied: 1486597589 bytes
->Java cache emptied: 40239846 bytes
->Google Chrome cache emptied: 147486297 bytes
->Flash cache emptied: 26973 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 429611407 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 45690 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 2 091,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default User
 
User: LocalService
 
User: NetworkService
 
User: Roberto
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
Restore points cleared and new OTL Restore Point set!
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.
 
OTL by OldTimer - Version 3.2.4.1 log created on 05042010_212748

Files\Folders moved on Reboot...
C:\Documents and Settings\Roberto\Nabídka Start\Programy\Po spuštění\wwwzuc32.exe moved successfully.
File\Folder C:\Documents and Settings\Roberto\Local Settings\Temp\~DF2590.tmp not found!
File\Folder C:\Documents and Settings\Roberto\Local Settings\Temp\~DF8A1D.tmp not found!
File\Folder C:\Documents and Settings\Roberto\Local Settings\Temp\~DFFA20.tmp not found!
C:\Documents and Settings\Roberto\Local Settings\Temporary Internet Files\Content.IE5\LNPI9CFF\afr[2].htm moved successfully.
C:\Documents and Settings\Roberto\Local Settings\Temporary Internet Files\Content.IE5\LNPI9CFF\afr[4].htm moved successfully.
C:\Documents and Settings\Roberto\Local Settings\Temporary Internet Files\Content.IE5\LNPI9CFF\viewtopic[2].htm moved successfully.
C:\Documents and Settings\Roberto\Local Settings\Temporary Internet Files\Content.IE5\LNPI9CFF\viewtopic[3].htm moved successfully.
C:\Documents and Settings\Roberto\Local Settings\Temporary Internet Files\Content.IE5\DRUHKHYV\908186[1].htm moved successfully.
C:\Documents and Settings\Roberto\Local Settings\Temporary Internet Files\Content.IE5\DRUHKHYV\afr[6].htm moved successfully.
C:\Documents and Settings\Roberto\Local Settings\Temporary Internet Files\Content.IE5\DRUHKHYV\osetrenie-sperkov[1].htm moved successfully.
C:\Documents and Settings\Roberto\Local Settings\Temporary Internet Files\Content.IE5\DRUHKHYV\viewtopic[2].htm moved successfully.
C:\Documents and Settings\Roberto\Local Settings\Temporary Internet Files\Content.IE5\DRUHKHYV\viewtopic[3].htm moved successfully.
C:\Documents and Settings\Roberto\Local Settings\Temporary Internet Files\Content.IE5\DRUHKHYV\viewtopic[5].htm moved successfully.
C:\Documents and Settings\Roberto\Local Settings\Temporary Internet Files\Content.IE5\DRUHKHYV\www-fancy-sk[1].htm moved successfully.
C:\Documents and Settings\Roberto\Local Settings\Temporary Internet Files\Content.IE5\19V9FDFS\afr[1].htm moved successfully.
C:\Documents and Settings\Roberto\Local Settings\Temporary Internet Files\Content.IE5\19V9FDFS\afr[2].htm moved successfully.
C:\Documents and Settings\Roberto\Local Settings\Temporary Internet Files\Content.IE5\19V9FDFS\afr[3].htm moved successfully.
C:\Documents and Settings\Roberto\Local Settings\Temporary Internet Files\Content.IE5\19V9FDFS\likebox[1].htm moved successfully.
C:\Documents and Settings\Roberto\Local Settings\Temporary Internet Files\Content.IE5\19V9FDFS\viewtopic[1].htm moved successfully.

Registry entries deleted on Reboot...

a problem s vytazenim procesora sa odstranil, dufam ze na trvalo . Chcem sa Vam velmi podakovat za pomoc, sam by som to urcite nezvladol.

[Caroprd111]

Nedávejte logy do "Code". Poprosím o nový log z OTL (s prvním skriptem).

[robertoo]

Tak som sa tesil predcasne. Dnes po spusteni je CPU opat vytazene na 100%. Log pridam hned ako OTL skonci.

Este otazocka. Je bezne aby OTL nebol schopny prejst 60GB disk za 8hodin? Zda sa mi to neumerne dlho.

[Caroprd111]

Spusťte OTL v nouzovém režimu. Asi se zasekl.

[robertoo]

OTL.txt:

OTL logfile created on: 5. 5. 2010 21:48:02 - Run 2
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Roberto\Plocha
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041B | Country: Slovensko | Language: SKY | Date Format: d. M. yyyy

759,00 Mb Total Physical Memory | 492,00 Mb Available Physical Memory | 65,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,32 Gb Total Space | 5,58 Gb Free Space | 11,55% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 7,56 Gb Total Space | 1,76 Gb Free Space | 23,29% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MENGELE
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.05.04 14:30:46 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Roberto\Plocha\OTL.exe
PRC - [2009.12.09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2005.06.29 21:06:54 | 000,043,008 | ---- | M] (Cognizance Corporation) -- C:\Program Files\HPQ\IAM\Bin\asghost.exe
PRC - [2004.08.18 10:00:00 | 001,032,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010.05.04 14:30:46 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Roberto\Plocha\OTL.exe
MOD - [2004.08.18 10:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004.08.18 10:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2004.08.18 10:00:00 | 000,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cabinet.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (aswUpdSv)
SRV - [2009.12.09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)


========== Driver Services (SafeList) ==========

DRV - [2010.05.04 04:53:35 | 000,007,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2010.05.04 04:53:34 | 000,125,184 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftdisk.sys -- (Ftdisk)
DRV - [2010.05.04 04:53:33 | 000,052,352 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2010.05.04 04:53:32 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\RDPCDD.sys -- (RDPCDD)
DRV - [2010.05.04 04:53:31 | 000,058,240 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2010.05.03 19:56:45 | 000,039,936 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm)
DRV - [2009.12.07 23:31:09 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.12.05 21:15:28 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.12.02 15:23:40 | 000,149,040 | ---- | M] (Microsoft Corporation) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2009.10.19 08:05:26 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2006.03.30 14:39:48 | 000,130,432 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (AES2500)
DRV - [2006.03.03 18:31:48 | 000,192,736 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006.02.28 15:36:20 | 000,176,128 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2006.02.09 03:00:04 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006.01.30 03:00:04 | 001,120,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.01.19 15:50:40 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2006.01.19 15:50:14 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006.01.19 09:45:00 | 000,057,096 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006.01.13 15:00:52 | 000,015,872 | ---- | M] (Flint Incorporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\vd_filedisk.sys -- (VD_FileDisk)
DRV - [2005.10.12 14:07:12 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005.09.19 13:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\eabusb.sys -- (eabusb)
DRV - [2005.09.19 13:24:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005.01.07 17:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004.08.03 23:00:14 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\changer.sys -- (Changer)
DRV - [2004.08.03 22:59:34 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2001.10.24 12:04:44 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001.10.24 11:46:48 | 000,097,120 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) Broadcom NetLink (TM)
DRV - [2001.08.17 16:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2891711787-3761379876-4115774906-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
IE - HKU\S-1-5-21-2891711787-3761379876-4115774906-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2004.08.18 10:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (HP Credential Manager for ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll (Infineon Technologies AG)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\HPQ\IAM\Bin\AsTsVcc.dll (Cognizance Corporation)
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe ()
O4 - HKLM..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe ()
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - Startup: C:\Documents and Settings\Roberto\Nabídka Start\Programy\Po spuštění\wwwzuc32.exe (nyam's Laboratory)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2891711787-3761379876-4115774906-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\OneCard: DllName - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll (Cognizance Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\HP Cityscape.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\HP Cityscape.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001.07.27 23:07:00 | 000,000,000 | -HS- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004.04.30 15:01:00 | 000,000,053 | -HS- | M] () - E:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009.10.23 04:48:27 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 30 Days ==========

[2010.05.05 21:34:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Data aplikací\Macromedia
[2010.05.05 21:26:38 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2010.05.05 21:26:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Adobe
[2010.05.05 21:26:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Data aplikací\Adobe
[2010.05.05 21:25:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010.05.05 21:24:57 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
[2010.05.05 21:24:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2010.05.05 21:24:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010.05.05 21:24:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Data aplikací
[2010.05.05 21:24:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Dokumenty\Obrázky
[2010.05.05 21:24:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Oblíbené položky
[2010.05.05 21:24:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Nabídka Start
[2010.05.05 21:24:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Dokumenty\Hudba
[2010.05.05 21:24:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Dokumenty
[2010.05.05 21:24:57 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2010.05.05 21:24:57 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Šablony
[2010.05.05 21:24:57 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Okolní tiskárny
[2010.05.05 21:24:57 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Okolní síť
[2010.05.05 21:24:57 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2010.05.05 21:24:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Data aplikací\SampleView
[2010.05.05 21:24:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Plocha
[2010.05.05 21:24:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Microsoft
[2010.05.05 21:24:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Data aplikací\Identities
[2010.05.05 21:24:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\ApplicationHistory
[2010.05.05 21:24:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\{3248F0A6-6813-11D6-A77B-00B0D0150060}
[2010.05.04 21:27:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.05.04 13:14:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.05.04 13:01:57 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.05.04 13:01:50 | 000,000,000 | ---D | C] -- C:\rsit
[2010.05.04 12:05:39 | 000,017,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010.05.04 12:05:38 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010.05.03 19:45:00 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys
[2010.05.03 19:45:00 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2010.05.03 19:43:15 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\changer.sys
[2010.05.03 19:43:15 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2010.05.03 19:39:17 | 000,181,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010.05.03 19:26:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010.05.03 13:50:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software

========== Files - Modified Within 30 Days ==========

[2010.05.05 21:38:49 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010.05.05 21:33:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.05.05 21:32:18 | 000,786,432 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010.05.05 21:32:12 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010.05.05 21:32:11 | 002,205,456 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\IconCache.db
[2010.05.05 21:23:15 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.05.05 20:30:11 | 000,001,000 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.05.05 13:43:25 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2891711787-3761379876-4115774906-1006.job
[2010.05.05 13:43:23 | 000,000,996 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.05.05 00:41:22 | 000,002,504 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010.05.04 10:01:12 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.05.04 10:01:12 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.05.04 10:01:12 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010.05.04 09:43:29 | 000,383,452 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.05.04 09:43:29 | 000,382,436 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.05.04 09:43:29 | 000,053,806 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.05.04 09:43:28 | 000,063,000 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.05.04 09:43:23 | 000,892,370 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.05.04 04:53:35 | 000,007,808 | ---- | M] () -- C:\WINDOWS\System32\drivers\eabfiltr.sys
[2010.05.04 04:53:34 | 000,125,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\ftdisk.sys
[2010.05.04 04:53:33 | 000,052,352 | ---- | M] () -- C:\WINDOWS\System32\drivers\i8042prt.sys
[2010.05.04 04:53:32 | 000,004,224 | ---- | M] () -- C:\WINDOWS\System32\drivers\RDPCDD.sys
[2010.05.04 04:53:31 | 000,058,240 | ---- | M] () -- C:\WINDOWS\System32\drivers\redbook.sys
[2010.05.03 20:16:29 | 000,004,278 | ---- | M] () -- C:\WINDOWS\System32\warnings.html
[2010.05.03 19:56:45 | 000,039,936 | ---- | M] () -- C:\WINDOWS\System32\drivers\intelppm.sys
[2010.05.03 19:26:28 | 000,000,832 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Microsoft Security Essentials.lnk
[2010.05.03 19:12:21 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.04.23 13:14:42 | 000,002,275 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk

========== Files Created - No Company Name ==========

[2010.05.05 21:24:58 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\fusioncache.dat
[2010.05.05 21:24:58 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\QSwitch.txt
[2010.05.05 21:24:58 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\DSwitch.txt
[2010.05.05 21:24:58 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\AtStart.txt
[2010.05.05 21:24:57 | 000,786,432 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010.05.05 21:24:57 | 000,151,552 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat.LOG
[2010.05.05 21:24:57 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010.05.05 00:57:43 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\NetworkService\Data aplikací\qvjsge.dat
[2010.05.03 19:40:12 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010.05.03 19:26:27 | 000,000,832 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Microsoft Security Essentials.lnk
[2010.05.03 13:25:17 | 000,004,278 | ---- | C] () -- C:\WINDOWS\System32\warnings.html
[2010.02.23 14:03:13 | 000,327,168 | ---- | C] () -- C:\WINDOWS\System32\cutil32.dll
[2010.01.29 15:10:21 | 000,000,382 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.12.24 22:17:47 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.12.07 23:31:08 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.10.22 20:12:00 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009.10.22 20:12:00 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009.10.22 20:12:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009.10.22 20:12:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009.10.22 20:12:00 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009.10.22 20:12:00 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006.04.28 20:50:49 | 000,007,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\eabfiltr.sys
[2006.04.28 20:39:57 | 000,000,172 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006.04.28 20:38:36 | 000,029,516 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006.04.28 20:19:50 | 000,058,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\redbook.sys
[2005.10.14 12:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 12:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 12:56:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 12:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 12:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 12:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 12:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 12:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2004.09.08 12:26:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004.08.18 10:00:00 | 000,125,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\ftdisk.sys
[2004.08.18 10:00:00 | 000,052,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\i8042prt.sys
[2004.08.18 10:00:00 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\drivers\intelppm.sys
[2004.08.18 10:00:00 | 000,028,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004.08.18 10:00:00 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\RDPCDD.sys
[2004.06.01 11:39:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2003.04.07 12:38:32 | 000,005,746 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1998.05.07 04:10:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.dll

========== LOP Check ==========

[2006.09.22 01:43:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\SampleView
[2010.05.05 00:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2006.09.22 01:43:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Data aplikací\SampleView
[2009.12.04 18:39:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roberto\Data aplikací\BSplayer
[2009.12.04 18:38:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roberto\Data aplikací\BSplayer Pro
[2010.02.12 17:38:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roberto\Data aplikací\GetRightToGo
[2010.01.29 14:55:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roberto\Data aplikací\HEXelon
[2006.09.22 01:43:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roberto\Data aplikací\SampleView
[2009.12.06 23:02:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roberto\Data aplikací\TeamViewer
[2010.05.05 21:38:49 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2004.08.18 10:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation)
"MSMSGS" = "C:\Program Files\Messenger\msmsgs.exe" /background -- [2004.10.13 18:24:37 | 001,694,208 | ---- | M] (Microsoft Corporation)

< c:\windows\*.* /U >

< %SYSTEMDRIVE%\*.exe >
[2009.11.22 22:14:48 | 025,635,800 | -H-- | M] ( ) -- C:\Adobe.Reader.v9.2.0.SK.exe

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010.05.05 21:34:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Adobe
[2009.10.23 04:32:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Identities
[2010.05.05 21:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Macromedia
[2009.10.23 04:32:51 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
[2006.09.22 01:43:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\SampleView

< %APPDATA%\*.exe /s >


< MD5 for: AGP440.SYS >
[2004.08.18 15:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004.08.18 10:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004.08.18 10:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\i386\sp2.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\agp440.sys

< MD5 for: ATAPI.SYS >
[2004.08.18 15:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004.08.18 10:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004.08.18 10:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\i386\sp2.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\atapi.sys
[2004.08.03 17:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: CDROM.SYS >
[2004.08.18 15:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\I386\sp2.cab:cdrom.sys
[2004.08.18 10:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2004.08.18 10:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\i386\sp2.cab:cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\cdrom.sys
[2004.08.18 10:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\drivers\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2004.08.18 10:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\eventlog.dll
[2004.08.18 10:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\explorer.exe
[2004.08.18 10:00:00 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\explorer.exe
[2007.06.13 15:23:39 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=ED7B460B142A32097B8A8F6ECC941815 -- C:\My Backup -- 22-10-09 1832\WINDOWS\explorer.exe
[2007.06.13 15:23:39 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=ED7B460B142A32097B8A8F6ECC941815 -- C:\My Backup -- 22-10-09 1832\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: HAL.DLL >
[2004.08.18 15:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\I386\sp2.cab:hal.dll
[2004.08.18 10:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2004.08.18 10:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\i386\sp2.cab:hal.dll
[2004.11.16 03:37:04 | 000,134,272 | ---- | M] (Microsoft Corporation) MD5=417BD7E8FB59F811C134F63FD1992058 -- C:\WINDOWS\$NtUninstallKB896256$\hal.dll
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\hal.dll
[2005.09.29 01:35:25 | 000,134,272 | ---- | M] (Microsoft Corporation) MD5=A3961B9456DE472D2F152C9DE950FFA5 -- C:\WINDOWS\system32\HAL.DLL
[2004.11.16 03:37:04 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=BE7A7927F3BE8068C81577771D33762F -- C:\WINDOWS\Driver Cache\i386\hal.dll
[2004.08.03 22:59:14 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- C:\WINDOWS\$NtUninstallKB889673$\hal.dll

< MD5 for: CHANGER.SYS >
[2004.08.18 15:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\I386\sp2.cab:Changer.sys
[2004.08.18 10:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2004.08.18 10:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\i386\sp2.cab:Changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\changer.sys
[2004.08.03 23:00:14 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=DAF1A8193B6CAF0FB858CADCC5C4AF4A -- C:\WINDOWS\system32\dllcache\changer.sys
[2004.08.03 23:00:14 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=DAF1A8193B6CAF0FB858CADCC5C4AF4A -- C:\WINDOWS\system32\drivers\changer.sys

< MD5 for: IASTOR.SYS >
[2005.10.12 14:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\SwSetup\HDD\iastor.sys
[2005.10.12 14:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: ISAPNP.SYS >
[2001.10.24 06:44:12 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\drivers\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\isapnp.sys

< MD5 for: LSASS.EXE >
[2004.08.18 10:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\ndis.sys
[2004.08.18 10:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtUninstallKB912436$\ndis.sys
[2006.01.10 03:01:06 | 000,182,528 | ---- | M] (Microsoft Corporation) MD5=AA898F84D2B59129FB92E143A2C73434 -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\My Backup -- 22-10-09 1832\WINDOWS\system32\dllcache\netlogon.dll
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\My Backup -- 22-10-09 1832\WINDOWS\system32\netlogon.dll
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004.08.18 10:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004.08.18 10:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.18 10:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\smss.exe
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\smss.exe
[2004.08.18 15:00:00 | 000,481,792 | ---- | M] (Microsoft Corporation) MD5=CB56F803D2CAF6B3F32E82D2F73F4B3A -- C:\I386\SYSTEM32\SMSS.EXE

< MD5 for: SVCHOST.EXE >
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\svchost.exe
[2004.08.18 10:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\My Backup -- 22-10-09 1832\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\My Backup -- 22-10-09 1832\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\system32\drivers\tcpip.sys
[2006.01.13 19:07:08 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=5562CC0A47B2AEF06D3417B733F3C195 -- C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[2006.01.13 04:28:14 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=583E063FDC888CA30D05C2724B0D7EF4 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2005.05.25 21:07:12 | 000,359,936 | ---- | M] (Microsoft Corporation) MD5=63FDFEA54EB53DE2D863EE454937CE1E -- C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2005.05.25 21:04:02 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=88763A98A4C26C409741B4AA162720C9 -- C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2004.08.18 10:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\userinit.exe
[2004.08.18 10:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.18 10:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\winlogon.exe

< MD5 for: WS2_32.DLL >
[2004.08.18 10:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\system32\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009.12.07 23:31:09 | 000,721,904 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2004.09.08 14:00:50 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004.09.08 14:00:50 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004.09.08 14:00:50 | 000,471,040 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >
[2010.05.04 04:53:35 | 000,007,808 | ---- | M] () -- C:\WINDOWS\system32\drivers\eabfiltr.sys
[2010.05.04 04:53:34 | 000,125,184 | ---- | M] () -- C:\WINDOWS\system32\drivers\ftdisk.sys
[2010.05.04 04:53:33 | 000,052,352 | ---- | M] () -- C:\WINDOWS\system32\drivers\i8042prt.sys
[2010.05.03 19:56:45 | 000,039,936 | ---- | M] () -- C:\WINDOWS\system32\drivers\intelppm.sys
[2010.05.04 04:53:32 | 000,004,224 | ---- | M] () -- C:\WINDOWS\system32\drivers\RDPCDD.sys
[2010.05.04 04:53:31 | 000,058,240 | ---- | M] () -- C:\WINDOWS\system32\drivers\redbook.sys

< %systemroot%\system32\*.* /3 >
[2010.05.05 00:41:22 | 000,002,504 | ---- | M] () -- C:\WINDOWS\system32\CONFIG.NT
[2010.05.05 21:33:14 | 000,033,660 | ---- | M] () -- C:\WINDOWS\system32\lsass.log
[2010.05.04 09:43:28 | 000,063,000 | ---- | M] () -- C:\WINDOWS\system32\perfc005.dat
[2010.05.04 09:43:29 | 000,053,806 | ---- | M] () -- C:\WINDOWS\system32\perfc009.dat
[2010.05.04 09:43:29 | 000,382,436 | ---- | M] () -- C:\WINDOWS\system32\perfh005.dat
[2010.05.04 09:43:29 | 000,383,452 | ---- | M] () -- C:\WINDOWS\system32\perfh009.dat
[2010.05.04 09:43:23 | 000,892,370 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI
[2010.05.03 20:16:29 | 000,004,278 | ---- | M] () -- C:\WINDOWS\system32\warnings.html
[2010.05.03 19:12:21 | 000,001,158 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
< End of report >

[cjube]

Zdravim vas, mam zrejme ten isty problem. dnes mi to zacalo robit tiez.
Mam podozrenie na tento subor:
O4 - Startup: wwwzuc32.exe

A ani tym OTL sa to nevymazalo (failed)

Moj log:

Logfile of HijackThis v1.99.1
Scan saved at 22:30:21, on 5. 5. 2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PHP Home Edition 2\Apache2\bin\Apache.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Rational\ClearCase\bin\cccredmgr.exe
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\PHP Home Edition 2\Apache2\bin\Apache.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Rational\ClearCase\bin\lockmgr.exe
C:\PROGRA~1\PHPHOM~1\mysql\bin\mysqld-nt.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\PHP Home Edition 2\Apache2\bin\ApacheMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\PHP Home Edition 2\mysql\bin\winmysqladmin.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
D:\downloads\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://spotit.s-mxs.net/CertLogin
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://spotit.s-mxs.net/CertLogin
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*;192.168.245.19;spornet;ithelpdesk.slsp.sk;infoportal.slsp.sk;infoportalfat.slsp.sk;infoportalb.slsp.sk;192.168.243.191;192.168.243.192;spotit.spordat.sk;mail.spordat.sk;*.spordat-internal.sk;mail;*infoportal*;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [CCDoctorLogonTesting] "C:\Program Files\Rational\ClearCase\bin\ccdoctor.exe" /LogonStartup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [ApacheMonitor.exe] C:\Program Files\PHP Home Edition 2\Apache2\bin\ApacheMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: WinMySQLadmin.lnk = C:\Program Files\PHP Home Edition 2\mysql\bin\winmysqladmin.exe
O4 - Startup: wwwzuc32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 2312639484
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2312616326
O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} (SlimClient Class) - https://portdc.s-itsolutions.sk/SNX/CSHELL/extender.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = spordat-internal.sk
O17 - HKLM\Software\..\Telephony: DomainName = spordat-internal.sk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = spordat-internal.sk
O20 - Winlogon Notify: ckpNotify - C:\WINDOWS\SYSTEM32\ckpNotify.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Atria Location Broker (Albd) - Unknown owner - C:\Program Files\Rational\ClearCase\bin\albd_server.exe
O23 - Service: Apache2 - Unknown owner - C:\Program Files\PHP Home Edition 2\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Atria Cred Manager (cccredmgr) - Unknown owner - C:\Program Files\Rational\ClearCase\bin\cccredmgr.exe
O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Atria Lock Manager (LockMgr) - Unknown owner - C:\Program Files\Rational\ClearCase\bin\lockmgr.exe
O23 - Service: MySql - Unknown owner - C:/PROGRA~1/PHPHOM~1/mysql/bin/mysqld-nt.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe

[motji]

cjube
Založte si proísm vlastní topic a vložte do něj log ze rsitu.
Takto by to bylo nepřehledné. děkujeme za pochopení .

[cjube]

Jasne chapem, sry za spam, len som chcel ukazat ze chyba bude s pravdepodobnostou hraniciacou s istotou v tom wwwzuc32.exe subore. Vcera sa mi ho pomocou OTL podarilo vymazat. Odvtedy je zatazenie CPU ok. Ak by to zacalo znova zalozim vlastny topic. dik

[Caroprd111]

robertoo


Spusťte OTL a do spodního okna vložte následující skript.

Kód: Vybrat vše

:OTL
SRV - File not found [Auto | Stopped] -- -- (aswUpdSv)
O4 - Startup: C:\Documents and Settings\Roberto\Nabídka Start\Programy\Po spuštění\wwwzuc32.exe (nyam's Laboratory)
[2010.05.05 00:57:43 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\NetworkService\Data aplikací\qvjsge.dat
[2010.05.03 13:25:17 | 000,004,278 | ---- | C] () -- C:\WINDOWS\System32\warnings.html

:Commands
[EMPTYTEMP] 
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[CREATERESTOREPOINT]

Poté klikněte na Opravit, PC se restartuje, log vložte sem.


Tohle otestujte na http://www.virustotal.com/cs/
C:\WINDOWS\system32\drivers\intelppm.sys
C:\WINDOWS\System32\cutil32.dll

(Soubor nehledejte, jenom vložíte tučně označenou cestu, v případě hlášky "Soubor již byl testován" dejte otestovat znovu. Výsledek analýzy sem v podobě odkazu vložte.)

[robertoo]

All processes killed
========== OTL ==========
Error: No service named aswUpdSv was found to stop!
Service\Driver key aswUpdSv not found.
C:\Documents and Settings\Roberto\Nabídka Start\Programy\Po spuštění\wwwzuc32.exe moved successfully.
C:\Documents and Settings\NetworkService\Data aplikací\qvjsge.dat moved successfully.
File C:\WINDOWS\System32\warnings.html not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 99328 bytes
->Temporary Internet Files folder emptied: 1256625 bytes
->Flash cache emptied: 598 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 12178 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Roberto
->Temp folder emptied: 27265 bytes
->Temporary Internet Files folder emptied: 789348 bytes
->Java cache emptied: 12118713 bytes
->Google Chrome cache emptied: 75354910 bytes
->Flash cache emptied: 1147 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 2578944 bytes
Windows Temp folder emptied: 7946 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 88,00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Roberto
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

Restore points cleared and new OTL Restore Point set!
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

OTL by OldTimer - Version 3.2.4.1 log created on 05062010_140123

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DFA592.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DFA5B6.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DFA6D3.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DFA6E9.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DFA9CA.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DFCCE9.tmp not found!
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\NGE6YW9O\afr[1].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\256M79ET\viewtopic[1].htm moved successfully.

Registry entries deleted on Reboot...