Trojan a ine virusy

Zpráva

Martin123Paula · #1 Příspěvek od **Martin123Paula** » 12 kvě 2010 16:35

Logfile of random's system information tool 1.07 (written by random/random)
Run by Miro at 2010-05-12 17:28:13
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 25 GB (82%) free of 31 GB
Total RAM: 1023 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:28:30, on 12. 5. 2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\DATA\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
D:\DATA\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
D:\DATA\Program Files\System Control Manager\edd.exe
C:\WINDOWS\system32\o2flash.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
D:\DATA\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\system32\wdfmgr.exe
D:\DATA\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
D:\DATA\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\AGRSMMSG.exe
D:\DATA\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\tsnp2std.exe
D:\DATA\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
D:\DATA\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\vsnp2std.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\bgsmsnd.exe
D:\DATA\Program Files\MSI\Digi VOX AD II\HyperMediaCenter\DTVR\Scheduled.exe
D:\DATA\Program Files\System Control Manager\MGSysCtrl.exe
D:\DATA\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
D:\DATA\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
D:\DATA\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\ctfmon.exe
D:\DATA\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
D:\DATA\Program Files\RALINK\Common\RaUI.exe
D:\DATA\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\opera\opera.exe
D:\DATA\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\smss32.exe
C:\WINDOWS\System32\svchost.exe
D:\DATA\Plocha\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
D:\DATA\Program Files\trend micro\Miro.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\DATA\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\DATA\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [StartCCC] "D:\DATA\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [GrooveMonitor] "D:\DATA\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [BtTray] "D:\DATA\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [HP Component Manager] "D:\DATA\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [nod32kui] "D:\DATA\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] D:\DATA\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "D:\DATA\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [bgsmsnd.exe] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\bgsmsnd.exe
O4 - HKLM\..\Run: [Center Agent] D:\DATA\Program Files\MSI\Digi VOX AD II\HyperMediaCenter\DTVR\Scheduled.exe
O4 - HKLM\..\Run: [MGSysCtrl] D:\DATA\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\DATA\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] D:\DATA\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "D:\DATA\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\DATA\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
O4 - HKCU\..\Run: [Security essentials 2010] C:\Program Files\Securityessentials2010\SE2010.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: wwwzuc32.exe
O4 - User Startup: wwwzuc32.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = D:\DATA\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = D:\DATA\Program Files\RALINK\Common\RaUI.exe
O4 - Global User Startup: Microtek Scanner Finder.lnk = D:\DATA\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global User Startup: Ralink Wireless Utility.lnk = D:\DATA\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\DATA\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\DATA\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\DATA\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\DATA\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\DATA\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\DATA\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\DATA\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\helpers32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\helpers32.dll
O15 - Trusted Zone: http://*.buy-security-essentials.com
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O15 - Trusted Zone: http://*.download-soft-package.com
O15 - Trusted Zone: http://*.download-software-package.com
O15 - Trusted Zone: http://*.get-key-se10.com
O15 - Trusted Zone: http://*.is-software-download.com
O15 - Trusted Zone: http://*.buy-security-essentials.com (HKLM)
O15 - Trusted Zone: http://*.get-key-se10.com (HKLM)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\DATA\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - D:\DATA\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleilCS - Unknown owner - D:\DATA\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - D:\DATA\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\DATA\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - D:\DATA\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (file missing)
O23 - Service: SCM Driver Daemon (NishService) - Unknown owner - D:\DATA\Program Files\System Control Manager\edd.exe
O23 - Service: NMIndexingService - Unknown owner - D:\DATA\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - D:\DATA\Program Files\Eset\nod32krn.exe (file missing)
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - D:\DATA\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

--
End of file - 9826 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - D:\DATA\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - D:\DATA\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2006-11-12 157592]
"StartCCC"=D:\DATA\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"FinePrint Dispatcher v5"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe [2005-02-13 479232]
"GrooveMonitor"=D:\DATA\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-09-09 88203]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-07-05 16380416]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"tsnp2std"=C:\WINDOWS\tsnp2std.exe [2006-03-24 114688]
"BtTray"=D:\DATA\Program Files\IVT Corporation\BlueSoleil\BtTray.exe [2008-08-05 258134]
"HP Component Manager"=D:\DATA\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-12-22 241664]
"snp2std"=C:\WINDOWS\vsnp2std.exe [2006-01-06 344064]
"nod32kui"=D:\DATA\Program Files\Eset\nod32kui.exe /WAITSERVICE []
"NeroFilterCheck"=D:\DATA\Program Files\Common Files\Nero\Lib\NeroCheck.exe []
"NBKeyScan"=D:\DATA\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe []
"bgsmsnd.exe"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\bgsmsnd.exe [2006-06-02 106496]
"Center Agent"=D:\DATA\Program Files\MSI\Digi VOX AD II\HyperMediaCenter\DTVR\Scheduled.exe [2006-10-19 867840]
"MGSysCtrl"=D:\DATA\Program Files\System Control Manager\MGSysCtrl.exe [2006-03-24 179200]
"TrueImageMonitor.exe"=D:\DATA\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2007-10-23 2615624]
"AcronisTimounterMonitor"=D:\DATA\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2007-10-23 906648]
"Acronis Scheduler2 Service"=D:\DATA\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2007-10-23 140568]
"smss32.exe"=C:\WINDOWS\system32\smss32.exe [2010-05-12 55808]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [1980-01-01 15360]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=D:\DATA\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020 []
"smss32.exe"=C:\WINDOWS\system32\smss32.exe [2010-05-12 55808]
"Security essentials 2010"=C:\Program Files\Securityessentials2010\SE2010.exe [2010-05-12 1540096]

D:\DATA\All Users\Nabídka Start\Programy\Po spuštění
Microtek Scanner Finder.lnk - D:\DATA\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
Ralink Wireless Utility.lnk - D:\DATA\Program Files\RALINK\Common\RaUI.exe

D:\DATA\Nabídka Start\Programy\Po spuštění
wwwzuc32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-02-26 126976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=D:\DATA\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0x95000000
"NoSetActiveDesktop"=1
"NoActiveDesktopChanges"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSetActiveDesktop"=
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\DATA\Program Files\Microsoft ActiveSync\rapimgr.exe"="D:\DATA\Program Files\Microsoft ActiveSync\rapimgr.exe:*:Enabled:ActiveSync RAPI Manager"
"D:\DATA\Program Files\Nero\Nero8\Nero ShowTime\ShowTime.exe"="D:\DATA\Program Files\Nero\Nero8\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime"
"D:\zzzzzzzzzz\Documents and Settings\BSO OM\Plocha\My Mobile\MyMobiler\MyMobiler.exe"="D:\zzzzzzzzzz\Documents and Settings\BSO OM\Plocha\My Mobile\MyMobiler\MyMobiler.exe:*:Enabled:My Mobile - My Mobiler"
"D:\DATA\Program Files\Microsoft ActiveSync\WCESMgr.exe"="D:\DATA\Program Files\Microsoft ActiveSync\WCESMgr.exe:*:Enabled:ActiveSync Application"
"D:\DATA\Program Files\Opera\opera.exe"="D:\DATA\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"D:\opera\opera.exe"="D:\opera\opera.exe:*:Enabled:Opera Internet Browser"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-05-12 17:28:13 ----D---- D:\DATA\Program Files\trend micro
2010-05-12 17:28:13 ----D---- C:\rsit
2010-05-12 17:15:48 ----A---- C:\WINDOWS\system32\41.exe
2010-05-12 17:15:42 ----A---- C:\WINDOWS\system32\helpers32.dll
2010-05-12 17:15:30 ----A---- C:\WINDOWS\system32\winlogon32.exe
2010-05-12 17:15:30 ----A---- C:\WINDOWS\system32\smss32.exe

======List of files/folders modified in the last 1 months======

2010-05-12 17:53:36 ----A---- C:\WINDOWS\system32\LOCALSERVICE.INI
2010-05-12 17:53:36 ----A---- C:\WINDOWS\system32\bscs.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 43008]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2008-09-08 15424]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2004-08-04 223616]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [1980-01-01 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-09-24 20747]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2008-10-07 44384]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-09-26 1145728]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [1980-01-01 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-02-26 2863616]
R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-07-18 4547584]
R3 MGHwCtrl;MGHwCtrl; \??\C:\WINDOWS\system32\drivers\MGHwCtrl.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [1980-01-01 61824]
R3 RT2500;RT2500 Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT2500.sys [2005-10-20 243328]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [1980-01-01 12416]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [1980-01-01 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [1980-01-01 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [1980-01-01 17024]
R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2007-03-05 34448]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2007-03-05 44304]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [1980-01-01 14848]
S2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2008-09-08 512096]
S3 ah2s5oco;ah2s5oco; C:\WINDOWS\system32\drivers\ah2s5oco.sys []
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2008-08-05 34312]
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [2007-06-24 27656]
S3 Bridge;Most MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [1980-01-01 71552]
S3 BridgeMP;Miniport mostu MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [1980-01-01 71552]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2007-06-24 38920]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 emAudio;USB EMP Audio Device; C:\WINDOWS\system32\drivers\emAudio.sys [2007-04-02 22912]
S3 GTFFBUS;GT FF BUS; C:\WINDOWS\system32\DRIVERS\gtffbus.sys [2006-01-25 16000]
S3 GTMMDMUSB;GT M 3G+ USB MDM; C:\WINDOWS\system32\DRIVERS\gtmmdmusb.sys [2006-02-01 25472]
S3 GTMNDISIRPXP;GT M 3G+ IRP NDIS; C:\WINDOWS\system32\DRIVERS\Gtm51Irp.sys [2006-02-01 102784]
S3 GTMSERUSB;GT M 3G+ USB SER; C:\WINDOWS\system32\DRIVERS\gtmserusb.sys [2006-02-01 21760]
S3 GTPTSER;GT PT SER; C:\WINDOWS\system32\DRIVERS\gtptser.sys [2006-01-25 8064]
S3 GTSCSER;GT SC SER; C:\WINDOWS\system32\DRIVERS\gtscser.sys [2005-12-09 19328]
S3 GtVUsb;GlobeTrotter 3G+ Viper Filter Service; C:\WINDOWS\system32\DRIVERS\GtVUsb.sys [2005-12-22 5120]
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [1980-01-01 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-01-05 51056]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-01-05 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-01-05 21488]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [1980-01-01 12160]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-03 15360]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [1980-01-01 5888]
S3 RT61;Ralink RT61 Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT61.sys [2006-01-19 363008]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [1980-01-01 67584]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD); C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-03-31 10301184]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-21 12800]
S3 USB28xxBGA;USB 2881 Device; C:\WINDOWS\system32\DRIVERS\emBDA.sys [2007-04-02 380416]
S3 USB28xxOEM;USB 28xx OEM Filter; C:\WINDOWS\system32\DRIVERS\emOEM.sys [2007-04-02 30208]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [1980-01-01 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [1980-01-01 14336]
R2 AcrSch2Svc;Acronis Scheduler2 Service; D:\DATA\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2007-10-23 427288]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-02-26 520192]
R2 BlueSoleilCS;BlueSoleilCS; D:\DATA\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [2008-08-05 1155180]
R2 NishService;SCM Driver Daemon; D:\DATA\Program Files\System Control Manager\edd.exe [2006-03-22 40960]
R2 O2Flash;O2Micro Flash Memory; C:\WINDOWS\system32\o2flash.exe [2005-01-27 36864]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 TryAndDecideService;Acronis Try And Decide Service; D:\DATA\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [2007-10-23 495832]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R3 BsHelpCS;BsHelpCS; D:\DATA\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [2007-08-17 57447]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-02-25 593920]
S2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; D:\DATA\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe []
S2 NOD32krn;NOD32 Kernel Service; D:\DATA\Program Files\Eset\nod32krn.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; D:\DATA\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; D:\DATA\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 NMIndexingService;NMIndexingService; D:\DATA\Program Files\Common Files\Nero\Lib\NMIndexingService.exe []
S3 odserv;Microsoft Office Diagnostics Service; D:\DATA\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; D:\DATA\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-01-05 65795]

-----------------EOF-----------------

#2 Příspěvek od **Caroprd111** » 12 kvě 2010 16:46

Zdravím

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe

Spusťte, poté do spodního políčka vložte následující skript.

Kód: Vybrat vše

 netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys 
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys 
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys 
cdrom.sys 
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav 
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT

Označte položku Pro všechny uživatele.
Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Klikněte na tlačítko Prohledat
Po dokončení, sem vložte logy OTL.Txt a Extras.txt

Martin123Paula · #3 Příspěvek od **Martin123Paula** » 12 kvě 2010 17:04

Dobry den

takze Extras :

OTL Extras logfile created on: 12. 5. 2010 17:56:53 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = D:\DATA\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000041B | Country: Slovensko | Language: SKY | Date Format: d. M. yyyy

1 023,00 Mb Total Physical Memory | 481,00 Mb Available Physical Memory | 47,00% Memory free
923,00 Mb Paging File | 462,00 Mb Available in Paging File | 50,00% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = D:\DATA\Program Files
Drive C: | 29,94 Gb Total Space | 24,58 Gb Free Space | 82,10% Space Free | Partition Type: FAT32
Drive D: | 63,20 Gb Total Space | 9,05 Gb Free Space | 14,31% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MO_MSI
Current User Name: Miro
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\DATA\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1708537768-329068152-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "D:\DATA\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "d:\OPERA\opera.exe" (Opera Software)
https [open] -- "d:\OPERA\opera.exe" (Opera Software)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\DATA\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\DATA\Program Files\Microsoft ActiveSync\rapimgr.exe" = D:\DATA\Program Files\Microsoft ActiveSync\rapimgr.exe:*:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"D:\DATA\Program Files\Nero\Nero8\Nero ShowTime\ShowTime.exe" = D:\DATA\Program Files\Nero\Nero8\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime -- File not found
"D:\zzzzzzzzzz\Documents and Settings\BSO OM\Plocha\My Mobile\MyMobiler\MyMobiler.exe" = D:\zzzzzzzzzz\Documents and Settings\BSO OM\Plocha\My Mobile\MyMobiler\MyMobiler.exe:*:Enabled:My Mobile - My Mobiler -- File not found
"D:\DATA\Program Files\Microsoft ActiveSync\WCESMgr.exe" = D:\DATA\Program Files\Microsoft ActiveSync\WCESMgr.exe:*:Enabled:ActiveSync Application -- (Microsoft Corporation)
"D:\DATA\Program Files\Opera\opera.exe" = D:\DATA\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- File not found
"D:\opera\opera.exe" = D:\opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{099DBF90-A0BA-466E-9294-1C95E9DDFC22}" = STORMWARE POHODA SK Start
"{0CDA1AA8-EC6D-295D-AC7E-36E8992A30C7}" = CCC Help English
"{0FABD3D7-3036-4e78-B29D-58957ADB0A12}" = HP PSC & OfficeJet 3.5
"{133CD5EF-A4A1-442a-8D50-910B5DEF76BD}" = 4200_Help
"{1A0D2EFC-C4FC-446A-8BC3-57A54CE5EADD}" = Opera 10.53
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1E726A53-78E9-47DE-B3D9-4165CBC9ABBF}" = Bluesoleil 5.0.5.178
"{1F7473D9-6C0B-4F5A-8FA4-AB8AD78CBE54}" = DocProc
"{229AC843-98B6-4BDE-919A-30587C698D23}" = Slovakia Roads v6
"{24C8FBF7-26C6-48ca-834B-A4E5C09E362F}" = AiO_Scan
"{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}" = Scan
"{26E20136-E332-4BC6-903F-ADDCAEE53263}" = ArCon 9 Profesionál
"{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}" = SkinsHP1
"{300D9EF4-2721-4cb4-A6C3-FB2337CFEA2D}" = AIOMinimal
"{33D3059C-444E-4DE3-A58D-AFD10D684F54}" = AdriaTOPO 2.00
"{34611BCF-3157-405b-A34E-879C7DC79142}" = 4200
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38B9A4E1-4482-44D9-AC14-64F70938CCB5}" = Garmin MapSource
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{415B8A4E-0EA2-4C69-975C-EEE07B837FD7}" = Unload
"{48242276-DB89-42e8-9678-BD4280D7B99A}" = Copy
"{4A5BDEE3-2B24-D925-3DF8-08ECD01AFB75}" = Catalyst Control Center Graphics Light
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}" = PrintScreen
"{5E65E94D-69F2-4850-9E93-6459C53A0F50}" = Microsoft .NET Framework 1.1 Czech Language Pack
"{6011F503-0D8A-9532-EB69-E4EB0095AB6F}" = ccc-utility
"{63F2408D-A675-4d97-A256-70EACB6B9B4A}" = AiOSoftware
"{68A2A8FC-2CA0-4b6c-BE09-CC7ABE2A8DDC}" = 4200Trb
"{6D45EF03-E8EE-4355-81C3-F918CBCF1029}" = Nero 8
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{723C033E-63EA-4227-BAB2-0AA8693C16EB}" = Director
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = USB2.0 PC Camera (SN9C201&202)
"{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}" = WinXP Manager
"{81DD5688-695A-4c1d-AE7D-368BF857725A}" = TrayApp
"{81E4A074-2092-4259-999E-FE31BA92B7F3}" = STORMWARE POHODA SK Start
"{828A3BA6-B5AB-4B03-AC13-443BE0C64C17}" = AdriaROUTE 2.00
"{833BCBC1-2D86-AC62-59CE-CA232BE81DB4}" = ccc-core-static
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}" = Windows Support Tools
"{90120000-0010-0405-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Czech) 12
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A0DCD97-9648-45ed-A52C-133C728AB2FF}" = 4200Tour
"{9B03C535-3AEA-4ef2-B326-0A01A2207034}" = CreativeProjects
"{A1E15B5F-E414-4595-A1B5-94A2F07EF9CB}" = Slovakia TOPO v2
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A7A65558-6AB7-484A-9228-7ADC6006427E}" = STORMWARE POHODA SK Start
"{AC76BA86-7AD7-1029-7B44-A70500000002}" = Adobe Reader 7.0.5 - Czech
"{AC9D640C-0D13-EE88-F835-C7FD77D20E30}" = Catalyst Control Center Graphics Full New
"{AE9C8073-B7CA-4BE3-BC3A-8797109343BE}" = HyperMediaCenter
"{AF226123-1A6F-4ec1-8DEF-E35E7A0D0127}" = Fax
"{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2
"{BF4720EC-795A-4DE4-8A03-F80C52256E03}" = SCG Route 1.50
"{C000C092-9B4A-C46E-C33C-ED0996C29415}" = Catalyst Control Center Core Implementation
"{C531EF57-8154-49E7-9D9B-7C1CD55B4BB9}" = StormWare Pohoda SK
"{CA317512-FCD4-460D-98E1-02BE7495FCDB}" = Slovakia Roads v5
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}" = QuickProjects
"{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}" = Overland
"{D3F9E8F4-70D6-4F0C-9E4A-2E196A889177}" = NaviGuide Hungary 4.61
"{D4F405EE-37BB-30DA-EC1A-9B239E01CAD7}" = Catalyst Control Center Graphics Full Existing
"{DFB6F5A3-20BD-2237-7C36-C4652773F14C}" = ccc-core-preinstall
"{E1A88DE8-BD36-4DEA-8DD8-E35EF475ADC7}" = Opera 9.52
"{E5343B27-55DF-40BD-9FCF-A643C1331E8A}" = Acronis True Image Home
"{E8BFBD0A-8002-4dc9-869C-E495FA9DCE7A}" = PhotoGallery
"{EB1B0104-6A57-446F-B855-FDF49151BE0C}" = O2Micro Flash Memory Card Windows Driver V2.04
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{EEC8205A-E3DE-4C00-B60C-48E3B9B58B13}" = Garmin City Navigator Europe NT 2008
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FAB1F336-1B7C-4057-A7BC-2922CD82A781}" = Ralink Wireless LAN Card
"{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg
"{FFAECE12-AD11-C0F2-128C-D730A607D8AA}" = Skins
"3FA1705966809259F916AF817C59B4F389F4572C" = Balíček ovladače systému Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem v6081
"All ATI Software" = ATI - Software Uninstall Utility
"ArCon PDF-Export" = ArCon PDF-Export
"ATI Display Driver" = ATI Display Driver
"BG OFFRoadMap" = BG OFFRoadMap 4.40
"Digital Guitar Tuner 2.3_is1" = Digital Guitar Tuner 2.3
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FinePrint" = FinePrint
"HP Photo & Imaging" = HP Image Zone 3.5
"HyperMedia_is1" = HyperMedia Software
"HyperMediaCenter 3.5_is1" = HyperMediaCenter 3.5
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{26E20136-E332-4BC6-903F-ADDCAEE53263}" = ArCon 9 Profesionál
"InstallShield_{EB1B0104-6A57-446F-B855-FDF49151BE0C}" = O2Micro Flash Memory Card Windows Driver V2.04
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (2.0)" = Mozilla Firefox (2.0)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NOD32" = NOD32 antivirus system
"Skype™ for Pocket PC_is1" = Skype™ for Pocket PC 2.2
"Syncrosoft's License Control" = Syncrosoft's License Control
"Totalcmd" = Total Commander (Remove or Repair)
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Mobile Device Handbook" = Windows Mobile Resources

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2. 10. 2008 7:12:34 | Computer Name = MO_MSI | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace NeroStartSmart.exe, verze 8.3.7.1, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 2. 10. 2008 7:18:30 | Computer Name = MO_MSI | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace nero.exe, verze 8.3.6.0, zablokovaný modul hungapp,
verze 0.0.0.0, adresa bloku 0x00000000.

Error - 2. 10. 2008 7:18:35 | Computer Name = MO_MSI | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace nero.exe, verze 8.3.6.0, zablokovaný modul hungapp,
verze 0.0.0.0, adresa bloku 0x00000000.

Error - 2. 10. 2008 7:58:17 | Computer Name = MO_MSI | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace nero.exe, verze 8.3.6.0, zablokovaný modul hungapp,
verze 0.0.0.0, adresa bloku 0x00000000.

Error - 4. 10. 2008 15:07:01 | Computer Name = MO_MSI | Source = Application Error | ID = 1000
Description = Chybující aplikace , verze 0.0.0.0, chybující modul unknown, verze
0.0.0.0, adresa chyby 0x00000000.

Error - 4. 10. 2008 17:06:18 | Computer Name = MO_MSI | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace TOTALCMD.EXE, verze 7.0.4.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 4. 10. 2008 17:48:01 | Computer Name = MO_MSI | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace TOTALCMD.EXE, verze 7.0.4.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 4. 10. 2008 17:48:12 | Computer Name = MO_MSI | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace TOTALCMD.EXE, verze 7.0.4.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 4. 10. 2008 18:06:19 | Computer Name = MO_MSI | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace TOTALCMD.EXE, verze 7.0.4.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 5. 10. 2008 0:48:52 | Computer Name = MO_MSI | Source = Application Error | ID = 1000
Description = Chybující aplikace nero.exe, verze 8.3.6.0, chybující modul msvcr80.dll,
verze 8.0.50727.762, adresa chyby 0x00008a8c.

[ System Events ]
Error - 21. 12. 2009 16:41:04 | Computer Name = MO_MSI | Source = Service Control Manager | ID = 7000
Description = Služba AMON neuspěla při spuštění v důsledku následující chyby: %%2

Error - 21. 12. 2009 16:41:04 | Computer Name = MO_MSI | Source = Service Control Manager | ID = 7000
Description = Služba Nero BackItUp Scheduler 3 neuspěla při spuštění v důsledku
následující chyby: %%2

Error - 21. 12. 2009 16:41:04 | Computer Name = MO_MSI | Source = Service Control Manager | ID = 7000
Description = Služba SCM Driver Daemon neuspěla při spuštění v důsledku následující
chyby: %%2

Error - 21. 12. 2009 16:41:04 | Computer Name = MO_MSI | Source = Service Control Manager | ID = 7000
Description = Služba NOD32 Kernel Service neuspěla při spuštění v důsledku následující
chyby: %%2

Error - 21. 12. 2009 16:41:15 | Computer Name = MO_MSI | Source = DCOM | ID = 10016
Description = Nastavení omezení specifické pro aplikaci neuděluje oprávnění typu
Místní - Spuštění k aplikaci COM Server s identifikátorem CLSID {D851F103-8C90-4321-AFF0-58BA5BD421C2}

uživateli NT AUTHORITY\SYSTEM (SID S-1-5-18). Toto oprávnění zabezpečení lze upravit
pomocí nástroje správy Služba komponent.

Error - 21. 12. 2009 16:41:15 | Computer Name = MO_MSI | Source = DCOM | ID = 10016
Description = Nastavení omezení specifické pro aplikaci neuděluje oprávnění typu
Místní - Spuštění k aplikaci COM Server s identifikátorem CLSID {D851F103-8C90-4321-AFF0-58BA5BD421C2}

uživateli NT AUTHORITY\SYSTEM (SID S-1-5-18). Toto oprávnění zabezpečení lze upravit
pomocí nástroje správy Služba komponent.

Error - 12. 5. 2010 11:51:16 | Computer Name = MO_MSI | Source = Service Control Manager | ID = 7000
Description = Služba AMON neuspěla při spuštění v důsledku následující chyby: %%2

Error - 12. 5. 2010 11:51:16 | Computer Name = MO_MSI | Source = Service Control Manager | ID = 7000
Description = Služba Nero BackItUp Scheduler 3 neuspěla při spuštění v důsledku
následující chyby: %%2

Error - 12. 5. 2010 11:51:16 | Computer Name = MO_MSI | Source = Service Control Manager | ID = 7000
Description = Služba NOD32 Kernel Service neuspěla při spuštění v důsledku následující
chyby: %%2

Error - 12. 5. 2010 11:15:57 | Computer Name = MO_MSI | Source = Service Control Manager | ID = 7000
Description = Služba Microsoft Kernel Acoustic Echo Canceller neuspěla při spuštění
v důsledku následující chyby: %%31

< End of report >

Martin123Paula · #4 Příspěvek od **Martin123Paula** » 12 kvě 2010 17:06

a este OTL, do jednej spravy sa mi to nepomestilo :

OTL logfile created on: 12. 5. 2010 17:56:53 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = D:\DATA\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000041B | Country: Slovensko | Language: SKY | Date Format: d. M. yyyy

1 023,00 Mb Total Physical Memory | 481,00 Mb Available Physical Memory | 47,00% Memory free
923,00 Mb Paging File | 462,00 Mb Available in Paging File | 50,00% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = D:\DATA\Program Files
Drive C: | 29,94 Gb Total Space | 24,58 Gb Free Space | 82,10% Space Free | Partition Type: FAT32
Drive D: | 63,20 Gb Total Space | 9,05 Gb Free Space | 14,31% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MO_MSI
Current User Name: Miro
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.05.12 17:54:10 | 000,570,880 | ---- | M] (OldTimer Tools) -- D:\DATA\Plocha\OTL.exe
PRC - [2010.05.12 17:15:28 | 000,055,808 | ---- | M] () -- C:\WINDOWS\system32\smss32.exe
PRC - [2010.04.28 13:45:50 | 000,835,952 | ---- | M] (Opera Software) -- D:\opera\opera.exe
PRC - [2010.03.16 22:53:54 | 000,910,296 | ---- | M] (Mozilla Corporation) -- D:\DATA\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008.08.05 13:10:27 | 001,155,180 | ---- | M] () -- D:\DATA\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
PRC - [2008.08.05 13:10:27 | 000,258,134 | ---- | M] () -- D:\DATA\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
PRC - [2007.10.23 19:41:36 | 000,495,832 | ---- | M] () -- D:\DATA\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
PRC - [2007.10.23 17:58:18 | 000,906,648 | ---- | M] (Acronis) -- D:\DATA\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2007.10.23 16:10:50 | 000,140,568 | ---- | M] (Acronis) -- D:\DATA\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2007.10.23 16:10:38 | 000,427,288 | ---- | M] (Acronis) -- D:\DATA\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2007.10.23 16:05:10 | 002,615,624 | ---- | M] (Acronis) -- D:\DATA\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2007.08.17 15:58:08 | 000,057,447 | ---- | M] () -- D:\DATA\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
PRC - [2006.11.12 12:48:48 | 000,157,592 | ---- | M] (DT Soft Ltd.) -- C:\Program Files\DAEMON Tools\daemon.exe
PRC - [2006.10.19 15:21:12 | 000,867,840 | ---- | M] () -- D:\DATA\Program Files\MSI\Digi VOX AD II\HyperMediaCenter\DTVR\Scheduled.exe
PRC - [2006.06.02 01:33:00 | 000,106,496 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\2\bgsmsnd.exe
PRC - [2006.03.24 16:23:56 | 000,179,200 | ---- | M] (MSI) -- D:\DATA\Program Files\System Control Manager\MGSysCtrl.exe
PRC - [2006.03.24 10:43:46 | 000,114,688 | ---- | M] () -- C:\WINDOWS\tsnp2std.exe
PRC - [2006.03.22 12:07:22 | 000,040,960 | ---- | M] () -- D:\DATA\Program Files\System Control Manager\edd.exe
PRC - [2006.01.18 10:31:42 | 000,589,824 | ---- | M] (Ralink Technology, Corp.) -- D:\DATA\Program Files\RALINK\Common\RaUI.exe
PRC - [2006.01.06 13:57:06 | 000,344,064 | ---- | M] (Sonix) -- C:\WINDOWS\vsnp2std.exe
PRC - [2005.05.06 17:58:24 | 000,335,872 | ---- | M] () -- D:\DATA\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
PRC - [2005.02.13 22:38:04 | 000,479,232 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\fpdisp5a.exe
PRC - [2005.01.27 16:33:58 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\o2flash.exe
PRC - [1980.01.01 00:00:00 | 001,032,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010.05.12 17:54:10 | 000,570,880 | ---- | M] (OldTimer Tools) -- D:\DATA\Plocha\OTL.exe
MOD - [2005.08.26 12:41:14 | 000,010,752 | ---- | M] () -- D:\DATA\Program Files\System Control Manager\MGKBHook.dll
MOD - [2004.08.17 14:48:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [1980.01.01 00:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (NOD32krn)
SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
SRV - File not found [Auto | Stopped] -- -- (Nero BackItUp Scheduler 3)
SRV - [2008.08.05 13:10:27 | 001,155,180 | ---- | M] () [Auto | Running] -- D:\DATA\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS)
SRV - [2007.10.23 19:41:36 | 000,495,832 | ---- | M] () [Auto | Running] -- D:\DATA\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2007.10.23 16:10:38 | 000,427,288 | ---- | M] (Acronis) [Auto | Running] -- D:\DATA\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007.08.17 15:58:08 | 000,057,447 | ---- | M] () [On_Demand | Running] -- D:\DATA\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS)
SRV - [2006.03.22 12:07:22 | 000,040,960 | ---- | M] () [Auto | Running] -- D:\DATA\Program Files\System Control Manager\edd.exe -- (NishService)
SRV - [2005.01.27 16:33:58 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\o2flash.exe -- (O2Flash)
SRV - [2004.01.05 14:07:36 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2008.10.07 05:09:30 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008.10.07 05:09:30 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008.10.07 05:09:26 | 000,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2008.10.07 05:09:20 | 000,368,736 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2008.09.08 10:29:12 | 000,512,096 | ---- | M] (Eset ) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON)
DRV - [2008.09.08 10:29:12 | 000,015,424 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nod32drv.sys -- (nod32drv)
DRV - [2008.08.05 14:12:30 | 000,034,312 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2008.07.29 16:24:50 | 000,639,224 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.06.08 09:37:56 | 000,132,904 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\imagesrv.sys -- (imagesrv)
DRV - [2008.06.08 09:37:46 | 000,011,304 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\imagedrv.sys -- (imagedrv)
DRV - [2008.02.26 07:51:44 | 002,863,616 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007.07.18 19:26:04 | 004,547,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.06.24 21:56:54 | 000,038,920 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2007.06.24 21:56:40 | 000,027,656 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2007.04.02 16:52:58 | 000,022,912 | R--- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emAudio.sys -- (emAudio)
DRV - [2007.04.02 15:52:58 | 000,380,416 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2007.04.02 15:52:58 | 000,030,208 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2007.03.05 20:59:04 | 000,018,320 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT)
DRV - [2007.03.05 20:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2007.03.05 20:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vbtenum.sys -- (BTHidEnum)
DRV - [2007.03.05 20:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2007.03.05 20:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2006.06.18 23:59:28 | 000,043,008 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006.03.31 17:27:46 | 010,301,184 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD)
DRV - [2006.02.27 15:00:50 | 000,034,880 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\o2media.sys -- (O2MDRDR)
DRV - [2006.02.20 16:01:06 | 000,029,056 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\o2sd.sys -- (O2SDRDR)
DRV - [2006.02.01 12:29:12 | 000,102,784 | ---- | M] (Option NV) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Gtm51Irp.sys -- (GTMNDISIRPXP)
DRV - [2006.02.01 12:29:08 | 000,021,760 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtmserusb.sys -- (GTMSERUSB)
DRV - [2006.02.01 12:29:04 | 000,025,472 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtmmdmusb.sys -- (GTMMDMUSB)
DRV - [2006.01.25 14:50:40 | 000,016,000 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtffbus.sys -- (GTFFBUS)
DRV - [2006.01.25 14:50:36 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtptser.sys -- (GTPTSER)
DRV - [2006.01.19 22:10:50 | 000,363,008 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2005.12.22 15:30:46 | 000,005,120 | ---- | M] (option) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GtVUsb.sys -- (GtVUsb)
DRV - [2005.12.09 13:41:38 | 000,019,328 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtscser.sys -- (GTSCSER)
DRV - [2005.10.20 15:00:04 | 000,243,328 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RT2500.SYS -- (RT2500)
DRV - [2005.09.26 06:21:24 | 001,145,728 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005.03.10 09:56:08 | 000,020,128 | ---- | M] (Your Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MGHwCtrl.sys -- (MGHwCtrl)
DRV - [2005.01.07 17:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004.08.04 00:07:46 | 000,223,616 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2004.08.03 23:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2004.08.03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Ovladač zvukové karty USB (WDM)
DRV - [2003.08.04 15:22:44 | 000,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1708537768-329068152-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.2
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.6.117
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_result ... 2.0.0.2&q="
FF - prefs.js..network.proxy.type: 2

FF - HKLM\software\mozilla\Mozilla Firefox 2.0\extensions\\Components: D:\DATA\Program Files\Mozilla Firefox\components [2006.10.04 04:16:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0\extensions\\Plugins: D:\DATA\Program Files\Mozilla Firefox\plugins [2006.10.05 22:21:20 | 000,000,000 | ---D | M]

[2009.07.02 15:05:33 | 000,000,000 | ---D | M] -- D:\DATA\Data aplikací\Mozilla\Extensions
[2006.10.04 00:05:27 | 000,000,000 | ---D | M] -- D:\DATA\Data aplikací\Mozilla\Firefox\Profiles\5d5rgvwy.default\extensions
[2006.10.04 00:41:22 | 000,000,000 | ---D | M] (No name found) -- D:\DATA\Data aplikací\Mozilla\Firefox\Profiles\5d5rgvwy.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2006.10.04 00:05:25 | 000,000,000 | ---D | M] -- D:\DATA\Data aplikací\Mozilla\Firefox\Profiles\5d5rgvwy.default\extensions\toolbar@ask.com
[2010.02.03 14:37:50 | 000,000,947 | ---- | M] () -- D:\DATA\Data aplikací\Mozilla\Firefox\Profiles\5d5rgvwy.default\searchplugins\icqplugin.xml
[2006.10.04 00:05:27 | 000,000,000 | ---D | M] -- D:\DATA\Program Files\Mozilla Firefox\extensions
[2008.09.18 15:09:50 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- D:\DATA\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009.08.07 10:38:10 | 000,044,544 | ---- | M] (BitDefender S.R.L.) -- D:\DATA\Program Files\Mozilla Firefox\components\FFComm.dll
[2010.03.16 22:09:32 | 000,001,583 | ---- | M] () -- D:\DATA\Program Files\Mozilla Firefox\searchplugins\atlas-sk.xml
[2010.03.16 22:09:32 | 000,001,380 | ---- | M] () -- D:\DATA\Program Files\Mozilla Firefox\searchplugins\azet-sk.xml
[2010.03.16 22:09:32 | 000,001,479 | ---- | M] () -- D:\DATA\Program Files\Mozilla Firefox\searchplugins\dunaj-sk.xml
[2010.03.16 22:09:32 | 000,001,473 | ---- | M] () -- D:\DATA\Program Files\Mozilla Firefox\searchplugins\slovnik-sk.xml
[2010.03.16 22:09:32 | 000,001,104 | ---- | M] () -- D:\DATA\Program Files\Mozilla Firefox\searchplugins\wikipedia-sk.xml
[2010.03.16 22:09:32 | 000,000,830 | ---- | M] () -- D:\DATA\Program Files\Mozilla Firefox\searchplugins\zoznam-sk.xml

O1 HOSTS File: ([1980.01.01 00:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\DATA\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\DATA\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] D:\DATA\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] D:\DATA\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [bgsmsnd.exe] C:\WINDOWS\system32\spool\drivers\w32x86\2\bgsmsnd.exe ()
O4 - HKLM..\Run: [BtTray] D:\DATA\Program Files\IVT Corporation\BlueSoleil\BtTray.exe ()
O4 - HKLM..\Run: [Center Agent] D:\DATA\Program Files\MSI\Digi VOX AD II\HyperMediaCenter\DTVR\Scheduled.exe ()
O4 - HKLM..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)
O4 - HKLM..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [MGSysCtrl] D:\DATA\Program Files\System Control Manager\MGSysCtrl.exe (MSI)
O4 - HKLM..\Run: [NBKeyScan] D:\DATA\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe File not found
O4 - HKLM..\Run: [NeroFilterCheck] D:\DATA\Program Files\Common Files\Nero\Lib\NeroCheck.exe File not found
O4 - HKLM..\Run: [nod32kui] D:\DATA\Program Files\Eset\nod32kui.exe File not found
O4 - HKLM..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe ()
O4 - HKLM..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe (Sonix)
O4 - HKLM..\Run: [StartCCC] D:\DATA\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] D:\DATA\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe ()
O4 - HKU\S-1-5-21-1708537768-329068152-725345543-1003..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] D:\DATA\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe File not found
O4 - HKU\S-1-5-21-1708537768-329068152-725345543-1003..\Run: [Security essentials 2010] C:\Program Files\Securityessentials2010\SE2010.exe ()
O4 - HKU\S-1-5-21-1708537768-329068152-725345543-1003..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1708537768-329068152-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKU\S-1-5-21-1708537768-329068152-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-21-1708537768-329068152-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-21-1708537768-329068152-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - D:\DATA\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\DATA\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\DATA\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\DATA\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\DATA\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\DATA\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\helpers32.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000055 - C:\WINDOWS\System32\helpers32.dll ()
O15 - HKLM\..Trusted Domains: buy-security-essentials.com ([]http in Důvěryhodné servery)
O15 - HKLM\..Trusted Domains: get-key-se10.com ([]http in Důvěryhodné servery)
O15 - HKU\S-1-5-21-1708537768-329068152-725345543-1003\..Trusted Domains: buy-security-essentials.com ([]http in Důvěryhodné servery)
O15 - HKU\S-1-5-21-1708537768-329068152-725345543-1003\..Trusted Domains: com.tw ([asia.msi] http in Důvěryhodné servery)
O15 - HKU\S-1-5-21-1708537768-329068152-725345543-1003\..Trusted Domains: com.tw ([global.msi] http in Důvěryhodné servery)
O15 - HKU\S-1-5-21-1708537768-329068152-725345543-1003\..Trusted Domains: com.tw ([www.msi] http in Důvěryhodné servery)
O15 - HKU\S-1-5-21-1708537768-329068152-725345543-1003\..Trusted Domains: download-soft-package.com ([]http in Důvěryhodné servery)
O15 - HKU\S-1-5-21-1708537768-329068152-725345543-1003\..Trusted Domains: download-software-package.com ([]http in Důvěryhodné servery)
O15 - HKU\S-1-5-21-1708537768-329068152-725345543-1003\..Trusted Domains: get-key-se10.com ([]http in Důvěryhodné servery)
O15 - HKU\S-1-5-21-1708537768-329068152-725345543-1003\..Trusted Domains: is-software-download.com ([]http in Důvěryhodné servery)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mvadvd.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 92.60.48.2 192.168.0.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - D:\DATA\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\DATA\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - D:\DATA\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - D:\DATA\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\winlogon32.exe) - C:\WINDOWS\system32\winlogon32.exe ()
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\DATA\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2008.07.29 15:30:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk /p \??\J:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: Ias - C:\WINDOWS\system32\ias [2008.07.29 13:22:30 | 000,000,000 | ---D | M]
NetSvcs: Iprip - C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (55745656140070912)

========== Files/Folders - Created Within 30 Days ==========

[2010.05.12 17:53:51 | 000,570,880 | ---- | C] (OldTimer Tools) -- D:\DATA\Plocha\OTL.exe
[2010.05.12 17:28:13 | 000,000,000 | ---D | C] -- D:\DATA\Program Files\trend micro
[2010.05.12 17:28:13 | 000,000,000 | ---D | C] -- C:\rsit
[2008.08.04 08:39:16 | 000,147,456 | ---- | C] ( ) -- C:\WINDOWS\rsnp2std.dll
[2008.08.04 08:39:16 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2std.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.05.12 17:58:18 | 000,859,648 | ---- | M] () -- C:\WINDOWS\System32\drivers\xvgcyu.sys
[2010.05.12 17:55:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
[2010.05.12 17:54:10 | 000,570,880 | ---- | M] (OldTimer Tools) -- D:\DATA\Plocha\OTL.exe
[2010.05.12 17:53:36 | 000,001,009 | ---- | M] () -- C:\WINDOWS\System32\bscs.ini
[2010.05.12 17:51:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.05.12 17:51:10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.05.12 17:50:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.05.12 17:50:56 | 000,266,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.05.12 17:35:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
[2010.05.12 17:28:32 | 000,004,335 | ---- | M] () -- C:\WINDOWS\System32\LOCALSERVICE.INI
[2010.05.12 17:27:34 | 000,824,681 | ---- | M] () -- D:\DATA\Plocha\RSIT.exe
[2010.05.12 17:15:57 | 000,000,544 | ---- | M] () -- D:\DATA\Plocha\Security essentials 2010.lnk
[2010.05.12 17:15:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\41.exe
[2010.05.12 17:15:44 | 000,048,128 | ---- | M] () -- C:\WINDOWS\System32\helpers32.dll
[2010.05.12 17:15:32 | 000,004,278 | ---- | M] () -- C:\WINDOWS\System32\warnings.html
[2010.05.12 17:15:28 | 000,055,808 | ---- | M] () -- C:\WINDOWS\System32\winlogon32.exe
[2010.05.12 17:15:28 | 000,055,808 | ---- | M] () -- C:\WINDOWS\System32\smss32.exe
[2010.05.12 16:57:34 | 000,000,470 | ---- | M] () -- D:\DATA\All Users\Plocha\Opera.lnk
[2010.05.12 16:15:15 | 003,883,330 | -H-- | M] () -- D:\DATALocal Settings\Data aplikací\IconCache.db
[2010.05.06 10:45:56 | 001,872,472 | ---- | M] () -- D:\DATA\Plocha\SmitfraudFix.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.05.12 17:55:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\6334.exe
[2010.05.12 17:35:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
[2010.05.12 17:27:34 | 000,824,681 | ---- | C] () -- D:\DATA\Plocha\RSIT.exe
[2010.05.12 17:15:57 | 000,000,544 | ---- | C] () -- D:\DATA\Plocha\Security essentials 2010.lnk
[2010.05.12 17:15:55 | 000,859,648 | ---- | C] () -- C:\WINDOWS\System32\drivers\xvgcyu.sys
[2010.05.12 17:15:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\41.exe
[2010.05.12 17:15:42 | 000,048,128 | ---- | C] () -- C:\WINDOWS\System32\helpers32.dll
[2010.05.12 17:15:31 | 000,004,278 | ---- | C] () -- C:\WINDOWS\System32\warnings.html
[2010.05.12 17:15:30 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\winlogon32.exe
[2010.05.12 17:15:30 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\smss32.exe
[2008.09.23 14:02:39 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\SYNSOACC.dll
[2008.09.23 14:02:30 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\bgspmnt.dll
[2008.09.23 14:02:19 | 000,000,571 | ---- | C] () -- C:\WINDOWS\System32\FeMakro.ini
[2008.09.23 14:02:19 | 000,000,497 | ---- | C] () -- C:\WINDOWS\System32\FeAnim.ini
[2008.09.22 12:58:55 | 000,000,117 | ---- | C] () -- C:\WINDOWS\StwPh.INI
[2008.09.16 08:46:28 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.09.08 10:29:22 | 000,015,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\nod32drv.sys
[2008.08.25 01:09:23 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2008.08.05 13:18:27 | 000,001,574 | ---- | C] () -- C:\WINDOWS\System32\SHORTCUT.INI
[2008.08.05 13:12:41 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\REMOTEDEVICE.INI
[2008.08.05 13:09:32 | 000,004,335 | ---- | C] () -- C:\WINDOWS\System32\LOCALSERVICE.INI
[2008.08.05 13:09:26 | 000,000,098 | ---- | C] () -- C:\WINDOWS\System32\LOCALDEVICE.INI
[2008.08.05 13:02:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\BSPRINT.INI
[2008.08.04 09:49:06 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Kit.ini
[2008.08.04 09:12:48 | 000,295,016 | ---- | C] () -- C:\WINDOWS\System32\Install6x.dll
[2008.08.04 08:39:18 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2std.ini
[2008.08.04 08:39:16 | 010,301,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2sxp.sys
[2008.07.31 08:45:41 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\MGHwCtrl.dll
[2008.07.31 08:45:41 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MGFPCtrl.dll
[2008.07.31 08:45:41 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\MGPwrShm.dll
[2008.07.30 13:27:11 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008.07.30 11:54:53 | 000,003,551 | ---- | C] () -- C:\WINDOWS\WTRAN32.INI
[2008.07.29 16:24:49 | 000,639,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008.07.29 16:21:51 | 000,004,390 | ---- | C] () -- C:\WINDOWS\WINCMD.INI
[2008.01.31 17:18:14 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashSys.sys
[2007.09.14 10:34:20 | 000,001,009 | ---- | C] () -- C:\WINDOWS\System32\bscs.ini
[2007.08.17 15:59:36 | 000,278,647 | ---- | C] () -- C:\WINDOWS\System32\outlookAddin.dll
[2007.08.17 15:59:14 | 000,528,485 | ---- | C] () -- C:\WINDOWS\System32\BSShell.dll
[2007.08.17 15:57:54 | 000,077,923 | ---- | C] () -- C:\WINDOWS\System32\Bs2Res.dll
[2007.07.30 09:32:16 | 016,326,769 | ---- | C] () -- C:\WINDOWS\System32\BsLangInDepRes.dll
[2007.03.19 10:59:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\BsVistaCommon.dll
[2005.01.21 12:02:28 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\RMDevice.dll
[2004.01.05 14:07:38 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[1980.01.01 00:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[1980.01.01 00:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

========== LOP Check ==========

[2008.07.31 09:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Bluetooth
[2008.07.31 16:56:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\GARMIN
[2008.10.01 10:27:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Autodesk
[2008.10.07 05:09:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Acronis
[2008.10.07 05:12:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\Acronis
[2008.07.29 22:10:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miro\Data aplikací\Opera
[2008.07.30 08:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miro\Data aplikací\XnView

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [1980.01.01 00:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation)
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = "D:\DATA\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 -- File not found
"smss32.exe" = C:\WINDOWS\system32\smss32.exe -- [2010.05.12 17:15:28 | 000,055,808 | ---- | M] ()
"Security essentials 2010" = C:\Program Files\Securityessentials2010\SE2010.exe -- [2010.05.12 17:15:50 | 001,540,096 | ---- | M] ()

< c:\windows\*.* /U >
[4 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2008.07.19 19:00:15 | 000,000,000 | ---D | M] -- D:\DATA\Data aplikací\Adobe
[2008.07.19 19:00:28 | 000,000,000 | ---D | M] -- D:\DATA\Data aplikací\AdobeUM
[2008.07.19 15:16:44 | 000,000,000 | ---D | M] -- D:\DATA\Data aplikací\ATI
[2006.10.04 03:35:00 | 000,000,000 | ---D | M] -- D:\DATA\Data aplikací\BitDefender
[2010.03.07 22:11:10 | 000,000,000 | ---D | M] -- D:\DATA\Data aplikací\dvdcss
[2009.07.02 14:52:38 | 000,000,000 | ---D | M] -- D:\DATA\Data aplikací\ESET
[2008.07.24 13:34:21 | 000,000,000 | ---D | M] -- D:\DATA\Data aplikací\GARMIN
[2008.07.21 19:14:29 | 000,000,000 | ---D | M] -- D:\DATA\Data aplikací\Google
[2008.07.23 05:39:41 | 000,000,000 | ---D | M] -- D:\DATA\Data aplikací\HateML
[2008.07.25 16:10:53 | 000,000,000 | ---D | M] -- D:\DATA\Data aplikací\Help
[2008.07.23 05:38:25 | 000,000,000 | ---D | M] -- D:\DATA\Data aplikací\HEXelon
[2006.10.04 03:17:18 | 000,000,000 | ---D | M] -- D:\DATA\Data aplikací\ICQ
[2008.07.25 12:40:39 | 000,000,000 | ---D | M] -- D:\DATA\Data aplikací\InstallShield
[2006.10.04 00:53:03 | 000,000,000 | ---D | M] -- D:\DATA\Data aplikací\IObit
[2008.07.20 00:40:27 | 000,000,000 | ---D | M] -- D:\DATA\Data aplikací\Macromedia
[2010.03.11 18:00:51 | 000,000,000 | ---D | M] -- D:\DATA\Data aplikací\Microsoft
[2009.07.02 15:05:33 | 000,000,000 | ---D | M] -- D:\DATA\Data aplikací\Mozilla
[2008.09.17 20:05:48 | 000,000,000 | ---D | M] -- D:\DATA\Data aplikací\Nero
[2008.07.23 05:50:55 | 000,000,000 | ---D | M] -- D:\DATA\Data aplikací\NwDocx
[2010.04.10 13:07:16 | 000,000,000 | ---D | M] -- D:\DATA\Data aplikací\Opera
[2008.09.25 11:39:03 | 000,000,000 | ---D | M] -- D:\DATA\Data aplikací\pdfMachine
[2006.10.04 04:11:45 | 000,000,000 | ---D | M] -- D:\DATA\Data aplikací\RhythmRascal
[2006.10.04 02:27:32 | 000,000,000 | ---D | M] -- D:\DATA\Data aplikací\ScanSpyware
[2006.10.04 01:22:18 | 000,000,000 | ---D | M] -- D:\DATA\Data aplikací\Skype
[2006.10.04 00:03:40 | 000,000,000 | ---D | M] -- D:\DATA\Data aplikací\skypePM
[2008.07.25 13:39:55 | 000,000,000 | ---D | M] -- D:\DATA\Data aplikací\STORMWARE
[2008.07.25 02:37:26 | 000,000,000 | ---D | M] -- D:\DATA\Data aplikací\SumatraPDF
[2006.10.04 00:18:16 | 000,000,000 | ---D | M] -- D:\DATA\Data aplikací\SUPERAntiSpyware.com
[2010.03.11 17:51:58 | 000,000,000 | ---D | M] -- D:\DATA\Data aplikací\uTorrent
[2006.10.09 05:27:00 | 000,000,000 | ---D | M] -- D:\DATA\Data aplikací\vlc
[2006.10.09 05:34:01 | 000,000,000 | ---D | M] -- D:\DATA\Data aplikací\WinRAR
[2008.07.23 14:06:40 | 000,000,000 | ---D | M] -- D:\DATA\Data aplikací\XnView

< %APPDATA%\*.exe /s >
[2010.03.07 16:11:02 | 000,002,238 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{080EC56E-708E-4F76-8777-F925ED655C9A}\_21F3885A18D238E15AAE81.exe
[2010.03.07 16:11:02 | 000,002,238 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{080EC56E-708E-4F76-8777-F925ED655C9A}\_6FEFF9B68218417F98F549.exe
[2010.03.07 16:11:02 | 000,010,134 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{080EC56E-708E-4F76-8777-F925ED655C9A}\_8D5DDFF75D5B71601A7BD6.exe
[2010.03.07 16:11:02 | 000,002,238 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{080EC56E-708E-4F76-8777-F925ED655C9A}\_AC8DB0FAAD0C70FF86AE17.exe
[2010.03.07 16:11:02 | 000,002,238 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{080EC56E-708E-4F76-8777-F925ED655C9A}\_F2A3CDA9D6E45262B1E433.exe
[2010.03.07 16:11:02 | 000,002,238 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{080EC56E-708E-4F76-8777-F925ED655C9A}\_FD01BA332C9B5EB2DD9477.exe
[2008.07.22 02:09:03 | 000,015,086 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_0256DD72B4FCEE7E087CD6.exe
[2008.07.22 02:09:03 | 000,015,086 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_054EAA3D2854205365762A.exe
[2008.07.22 02:09:03 | 000,015,086 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_0BE7D1154E2488CC516D81.exe
[2008.07.22 02:09:03 | 000,009,662 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_12C7A2B80C63D47BA9442A.exe
[2008.07.22 02:09:03 | 000,015,086 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_2C11A35014CF33B0ED1F0C.exe
[2008.07.22 02:09:03 | 000,015,086 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_35AE3BD1E845012A08A140.exe
[2008.07.22 02:09:03 | 000,013,262 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_399A7F53989FAF17DBBE78.exe
[2008.07.22 02:09:03 | 000,015,086 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_3BA0F659663E00865042EE.exe
[2008.07.22 02:09:03 | 000,015,086 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_4582ACC69D1B999A874A49.exe
[2008.07.22 02:09:03 | 000,015,086 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_508E7E7120E720AE73B22A.exe
[2008.07.22 02:09:03 | 000,015,086 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_540FF579F1E651C5DA1177.exe
[2008.07.22 02:09:03 | 000,015,086 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_593CDD2374BA1441B4BC1A.exe
[2008.07.22 02:09:03 | 000,015,086 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_6FEFF9B68218417F98F549.exe
[2008.07.22 02:09:03 | 000,015,086 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_704F6D34061A7ABB31A184.exe
[2008.07.22 02:09:03 | 000,015,086 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_781B03DABCF92007C6FA6E.exe
[2008.07.22 02:09:03 | 000,015,086 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_84EEC0318A219DC96FCD30.exe
[2008.07.22 02:09:03 | 000,005,430 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_8B8988FCA6F095D66C8B6E.exe
[2008.07.22 02:09:03 | 000,015,086 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_8C08BFDEF5C377DC4E7BDE.exe
[2008.07.22 02:09:03 | 000,015,086 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_993E5DAF79260C8CBF61BF.exe
[2008.07.22 02:09:03 | 000,013,262 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_9AD746F64502ED33727B42.exe
[2008.07.22 02:09:03 | 000,015,086 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_BA27DAA71A66FA2F2794B2.exe
[2008.07.22 02:09:03 | 000,015,086 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_C7DA9F7ECA99013FB86200.exe
[2008.07.22 02:09:03 | 000,015,086 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_D1911D830CFD3DF6D81A4E.exe
[2008.07.22 02:09:03 | 000,015,086 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_DB3363B6F5A7DE8DB6322B.exe
[2008.07.22 02:09:03 | 000,015,086 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_E29FA00C9EFDA19E0EE874.exe
[2008.07.22 02:09:03 | 000,005,430 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_E54F22AC4F7B501F34A61F.exe
[2008.07.22 02:09:03 | 000,015,086 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_FB7DBA7B6C4302B53F60AC.exe
[2006.10.06 08:33:59 | 000,010,134 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{E8B0B371-85E3-403A-B2FD-ABF6E9D2F8AF}\_0173CE48E5AA721778F80F.exe
[2006.10.06 08:33:59 | 000,002,238 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{E8B0B371-85E3-403A-B2FD-ABF6E9D2F8AF}\_170126238D65BB93BAA648.exe
[2006.10.06 08:33:59 | 000,002,238 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{E8B0B371-85E3-403A-B2FD-ABF6E9D2F8AF}\_21F3885A18D238E15AAE81.exe
[2006.10.06 08:33:59 | 000,002,238 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{E8B0B371-85E3-403A-B2FD-ABF6E9D2F8AF}\_5CD933440DA36112796904.exe
[2006.10.06 08:33:59 | 000,002,238 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{E8B0B371-85E3-403A-B2FD-ABF6E9D2F8AF}\_6FEFF9B68218417F98F549.exe
[2006.10.06 08:33:59 | 000,002,238 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{E8B0B371-85E3-403A-B2FD-ABF6E9D2F8AF}\_B592CFA2DAA57D4AF6A020.exe

< MD5 for: AGP440.SYS >
[1980.01.01 00:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[1980.01.01 00:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[1980.01.01 00:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: CDROM.SYS >
[1980.01.01 00:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[1980.01.01 00:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\drivers\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[1980.01.01 00:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\cryptsvc.dll
[1980.01.01 02:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\dllcache\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[1980.01.01 02:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\dllcache\eventlog.dll
[1980.01.01 00:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[1980.01.01 00:00:00 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\explorer.exe
[1980.01.01 00:00:00 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: HAL.DLL >
[1980.01.01 00:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[1980.01.01 00:00:00 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\system32\hal.dll

< MD5 for: CHANGER.SYS >
[1980.01.01 00:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys

< MD5 for: ISAPNP.SYS >
[1980.01.01 00:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[1980.01.01 02:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\dllcache\lsass.exe
[1980.01.01 00:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[1980.01.01 00:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\dllcache\ndis.sys
[1980.01.01 00:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[1980.01.01 02:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[1980.01.01 00:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[1980.01.01 02:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\dllcache\scecli.dll
[1980.01.01 00:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[1980.01.01 02:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\dllcache\smss.exe
[1980.01.01 00:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[1980.01.01 02:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\system32\dllcache\svchost.exe
[1980.01.01 00:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2004.08.04 00:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2004.08.04 00:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\system32\drivers\tcpip.sys

< MD5 for: USERINIT.EXE >
[1980.01.01 00:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\dllcache\userinit.exe
[1980.01.01 00:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[1980.01.01 02:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[1980.01.01 00:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[1980.01.01 02:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[1980.01.01 00:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008.02.26 05:12:08 | 000,372,736 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2008.07.29 16:24:50 | 000,639,224 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
[2010.05.12 17:59:44 | 000,859,648 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\System32\drivers\xvgcyu.sys

< %systemroot%\System32\config\*.sav >
[2008.07.29 13:37:48 | 000,487,424 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
[2008.07.29 13:37:48 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008.07.29 13:37:50 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

< %systemroot%\system32\*.dll /lockedfiles >
[2008.02.26 05:12:08 | 000,372,736 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >
[2010.05.12 18:00:02 | 000,859,648 | ---- | M] () -- C:\WINDOWS\System32\drivers\xvgcyu.sys

< %systemroot%\system32\*.* /3 >
[2010.05.12 17:51:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[2010.05.12 17:53:36 | 000,001,009 | ---- | M] () -- C:\WINDOWS\system32\bscs.ini
[2010.05.12 17:50:56 | 000,266,208 | ---- | M] () -- C:\WINDOWS\system32\FNTCACHE.DAT
[2010.05.12 17:28:32 | 000,004,335 | ---- | M] () -- C:\WINDOWS\system32\LOCALSERVICE.INI
[2010.05.12 17:15:28 | 000,055,808 | ---- | M] () -- C:\WINDOWS\system32\smss32.exe
[2010.05.12 17:15:28 | 000,055,808 | ---- | M] () -- C:\WINDOWS\system32\winlogon32.exe
[2010.05.12 17:15:32 | 000,004,278 | ---- | M] () -- C:\WINDOWS\system32\warnings.html
[2010.05.12 17:15:44 | 000,048,128 | ---- | M] () -- C:\WINDOWS\system32\helpers32.dll
[2010.05.12 17:15:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\system32\41.exe
[2010.05.12 17:35:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\system32\18467.exe
[2010.05.12 17:55:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\system32\6334.exe
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report >

#5 Příspěvek od **Caroprd111** » 12 kvě 2010 17:26

Spusťte OTL a do spodního okna vložte následující skript.

Kód: Vybrat vše

:OTL
PRC - [2010.05.12 17:15:28 | 000,055,808 | ---- | M] () -- C:\WINDOWS\system32\smss32.exe
SRV - File not found [Auto | Stopped] -- -- (NOD32krn)
SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
SRV - File not found [Auto | Stopped] -- -- (Nero BackItUp Scheduler 3)
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.6.117
[2006.10.04 00:05:25 | 000,000,000 | ---D | M] -- D:\DATA\Data aplikací\Mozilla\Firefox\Profiles\5d5rgvwy.default\extensions\toolbar@ask.com
O4 - HKLM..\Run: [nod32kui] D:\DATA\Program Files\Eset\nod32kui.exe File not found
O4 - HKLM..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe ()
O4 - HKU\S-1-5-21-1708537768-329068152-725345543-1003..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] D:\DATA\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe File not found
O4 - HKU\S-1-5-21-1708537768-329068152-725345543-1003..\Run: [Security essentials 2010] C:\Program Files\Securityessentials2010\SE2010.exe ()
O4 - HKU\S-1-5-21-1708537768-329068152-725345543-1003..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe ()
O7 - HKU\S-1-5-21-1708537768-329068152-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-21-1708537768-329068152-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\helpers32.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000055 - C:\WINDOWS\System32\helpers32.dll ()
O15 - HKLM\..Trusted Domains: buy-security-essentials.com ([]http in Důvěryhodné servery)
O15 - HKLM\..Trusted Domains: get-key-se10.com ([]http in Důvěryhodné servery)
O15 - HKU\S-1-5-21-1708537768-329068152-725345543-1003\..Trusted Domains: buy-security-essentials.com ([]http in Důvěryhodné servery)
O15 - HKU\S-1-5-21-1708537768-329068152-725345543-1003\..Trusted Domains: com.tw ([asia.msi] http in Důvěryhodné servery)
O15 - HKU\S-1-5-21-1708537768-329068152-725345543-1003\..Trusted Domains: com.tw ([global.msi] http in Důvěryhodné servery)
O15 - HKU\S-1-5-21-1708537768-329068152-725345543-1003\..Trusted Domains: com.tw ([www.msi] http in Důvěryhodné servery)
O15 - HKU\S-1-5-21-1708537768-329068152-725345543-1003\..Trusted Domains: download-soft-package.com ([]http in Důvěryhodné servery)
O15 - HKU\S-1-5-21-1708537768-329068152-725345543-1003\..Trusted Domains: download-software-package.com ([]http in Důvěryhodné servery)
O15 - HKU\S-1-5-21-1708537768-329068152-725345543-1003\..Trusted Domains: get-key-se10.com ([]http in Důvěryhodné servery)
O15 - HKU\S-1-5-21-1708537768-329068152-725345543-1003\..Trusted Domains: is-software-download.com ([]http in Důvěryhodné servery)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mvadvd.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\winlogon32.exe) - C:\WINDOWS\system32\winlogon32.exe ()
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2010.05.12 17:58:18 | 000,859,648 | ---- | M] () -- C:\WINDOWS\System32\drivers\xvgcyu.sys
[2010.05.12 17:55:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
[2010.05.12 17:35:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
[2010.05.12 17:15:57 | 000,000,544 | ---- | M] () -- D:\DATA\Plocha\Security essentials 2010.lnk
[2010.05.12 17:15:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\41.exe
[2010.05.12 17:15:44 | 000,048,128 | ---- | M] () -- C:\WINDOWS\System32\helpers32.dll
[2010.05.12 17:15:32 | 000,004,278 | ---- | M] () -- C:\WINDOWS\System32\warnings.html
[2010.05.12 17:15:28 | 000,055,808 | ---- | M] () -- C:\WINDOWS\System32\winlogon32.exe
[2010.05.12 17:15:28 | 000,055,808 | ---- | M] () -- C:\WINDOWS\System32\smss32.exe
[2010.05.06 10:45:56 | 001,872,472 | ---- | M] () -- D:\DATA\Plocha\SmitfraudFix.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2010.05.12 17:55:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\6334.exe
[2010.05.12 17:35:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
[2010.03.07 16:11:02 | 000,002,238 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{080EC56E-708E-4F76-8777-F925ED655C9A}\_21F3885A18D238E15AAE81.exe
[2010.03.07 16:11:02 | 000,002,238 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{080EC56E-708E-4F76-8777-F925ED655C9A}\_6FEFF9B68218417F98F549.exe
[2010.03.07 16:11:02 | 000,010,134 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{080EC56E-708E-4F76-8777-F925ED655C9A}\_8D5DDFF75D5B71601A7BD6.exe
[2010.03.07 16:11:02 | 000,002,238 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{080EC56E-708E-4F76-8777-F925ED655C9A}\_AC8DB0FAAD0C70FF86AE17.exe
[2010.03.07 16:11:02 | 000,002,238 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{080EC56E-708E-4F76-8777-F925ED655C9A}\_F2A3CDA9D6E45262B1E433.exe
[2010.03.07 16:11:02 | 000,002,238 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{080EC56E-708E-4F76-8777-F925ED655C9A}\_FD01BA332C9B5EB2DD9477.exe
[2008.07.22 02:09:03 | 000,015,086 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_0256DD72B4FCEE7E087CD6.exe
[2008.07.22 02:09:03 | 000,015,086 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_054EAA3D2854205365762A.exe
[2008.07.22 02:09:03 | 000,015,086 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_0BE7D1154E2488CC516D81.exe
[2008.07.22 02:09:03 | 000,009,662 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_12C7A2B80C63D47BA9442A.exe
[2008.07.22 02:09:03 | 000,015,086 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_2C11A35014CF33B0ED1F0C.exe
[2008.07.22 02:09:03 | 000,015,086 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_35AE3BD1E845012A08A140.exe
[2008.07.22 02:09:03 | 000,013,262 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_399A7F53989FAF17DBBE78.exe
[2008.07.22 02:09:03 | 000,015,086 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_3BA0F659663E00865042EE.exe
[2008.07.22 02:09:03 | 000,015,086 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_4582ACC69D1B999A874A49.exe
[2008.07.22 02:09:03 | 000,015,086 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_508E7E7120E720AE73B22A.exe
[2008.07.22 02:09:03 | 000,015,086 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_540FF579F1E651C5DA1177.exe
[2008.07.22 02:09:03 | 000,015,086 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_593CDD2374BA1441B4BC1A.exe
[2008.07.22 02:09:03 | 000,015,086 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_6FEFF9B68218417F98F549.exe
[2008.07.22 02:09:03 | 000,015,086 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_704F6D34061A7ABB31A184.exe
[2008.07.22 02:09:03 | 000,015,086 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_781B03DABCF92007C6FA6E.exe
[2008.07.22 02:09:03 | 000,015,086 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_84EEC0318A219DC96FCD30.exe
[2008.07.22 02:09:03 | 000,005,430 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_8B8988FCA6F095D66C8B6E.exe
[2008.07.22 02:09:03 | 000,015,086 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_8C08BFDEF5C377DC4E7BDE.exe
[2008.07.22 02:09:03 | 000,015,086 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_993E5DAF79260C8CBF61BF.exe
[2008.07.22 02:09:03 | 000,013,262 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_9AD746F64502ED33727B42.exe
[2008.07.22 02:09:03 | 000,015,086 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_BA27DAA71A66FA2F2794B2.exe
[2008.07.22 02:09:03 | 000,015,086 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_C7DA9F7ECA99013FB86200.exe
[2008.07.22 02:09:03 | 000,015,086 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_D1911D830CFD3DF6D81A4E.exe
[2008.07.22 02:09:03 | 000,015,086 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_DB3363B6F5A7DE8DB6322B.exe
[2008.07.22 02:09:03 | 000,015,086 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_E29FA00C9EFDA19E0EE874.exe
[2008.07.22 02:09:03 | 000,005,430 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_E54F22AC4F7B501F34A61F.exe
[2008.07.22 02:09:03 | 000,015,086 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_FB7DBA7B6C4302B53F60AC.exe
[2006.10.06 08:33:59 | 000,010,134 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{E8B0B371-85E3-403A-B2FD-ABF6E9D2F8AF}\_0173CE48E5AA721778F80F.exe
[2006.10.06 08:33:59 | 000,002,238 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{E8B0B371-85E3-403A-B2FD-ABF6E9D2F8AF}\_170126238D65BB93BAA648.exe
[2006.10.06 08:33:59 | 000,002,238 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{E8B0B371-85E3-403A-B2FD-ABF6E9D2F8AF}\_21F3885A18D238E15AAE81.exe
[2006.10.06 08:33:59 | 000,002,238 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{E8B0B371-85E3-403A-B2FD-ABF6E9D2F8AF}\_5CD933440DA36112796904.exe
[2006.10.06 08:33:59 | 000,002,238 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{E8B0B371-85E3-403A-B2FD-ABF6E9D2F8AF}\_6FEFF9B68218417F98F549.exe
[2006.10.06 08:33:59 | 000,002,238 | R--- | M] () -- D:\DATA\Data aplikací\Microsoft\Installer\{E8B0B371-85E3-403A-B2FD-ABF6E9D2F8AF}\_B592CFA2DAA57D4AF6A020.exe


:Commands
[EMPTYTEMP] 
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[CREATERESTOREPOINT]

Poté klikněte na Opravit, PC se restartuje, log vložte sem.

Obrázek

Následující soubor/y otestujte na http://www.virustotal.com/cs/
C:\WINDOWS\system32\ATIDEMGX.dll

(Soubor/y nehledejte, jenom vložíte tučně označenou cestu, v případě hlášky "Soubor již byl testován" dejte otestovat znovu. Výsledek analýzy sem v podobě odkazu vložte.)

Martin123Paula · #6 Příspěvek od **Martin123Paula** » 12 kvě 2010 17:44

Log po restartovani pc:

All processes killed
========== OTL ==========
No active process named smss32.exe was found!
Service NOD32krn stopped successfully!
Service NOD32krn deleted successfully!
Service NMIndexingService stopped successfully!
Service NMIndexingService deleted successfully!
Service Nero BackItUp Scheduler 3 stopped successfully!
Service Nero BackItUp Scheduler 3 deleted successfully!
Prefs.js: toolbar@ask.com:3.6.6.117 removed from extensions.enabledItems
D:\DATA\Data aplikací\Mozilla\Firefox\Profiles\5d5rgvwy.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
D:\DATA\Data aplikací\Mozilla\Firefox\Profiles\5d5rgvwy.default\extensions\toolbar@ask.com\logs folder moved successfully.
D:\DATA\Data aplikací\Mozilla\Firefox\Profiles\5d5rgvwy.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
D:\DATA\Data aplikací\Mozilla\Firefox\Profiles\5d5rgvwy.default\extensions\toolbar@ask.com\defaults folder moved successfully.
D:\DATA\Data aplikací\Mozilla\Firefox\Profiles\5d5rgvwy.default\extensions\toolbar@ask.com\datastore folder moved successfully.
D:\DATA\Data aplikací\Mozilla\Firefox\Profiles\5d5rgvwy.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Wed-04-Oct-2006-00-04-05-GMT folder moved successfully.
D:\DATA\Data aplikací\Mozilla\Firefox\Profiles\5d5rgvwy.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully.
D:\DATA\Data aplikací\Mozilla\Firefox\Profiles\5d5rgvwy.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
D:\DATA\Data aplikací\Mozilla\Firefox\Profiles\5d5rgvwy.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
D:\DATA\Data aplikací\Mozilla\Firefox\Profiles\5d5rgvwy.default\extensions\toolbar@ask.com\chrome folder moved successfully.
D:\DATA\Data aplikací\Mozilla\Firefox\Profiles\5d5rgvwy.default\extensions\toolbar@ask.com folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\nod32kui deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\smss32.exe deleted successfully.
C:\WINDOWS\system32\smss32.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-1708537768-329068152-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1708537768-329068152-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Security essentials 2010 deleted successfully.
C:\Program Files\Securityessentials2010\SE2010.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-1708537768-329068152-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\smss32.exe deleted successfully.
File C:\WINDOWS\system32\smss32.exe not found.
Registry value HKEY_USERS\S-1-5-21-1708537768-329068152-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1708537768-329068152-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\ deleted successfully.
C:\WINDOWS\system32\helpers32.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000055\ deleted successfully.
C:\WINDOWS\system32\helpers32.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-security-essentials.com\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\get-key-se10.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1708537768-329068152-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-security-essentials.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1708537768-329068152-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\com.tw\asia.msi\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1708537768-329068152-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\com.tw\global.msi\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1708537768-329068152-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\com.tw\www.msi\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1708537768-329068152-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-soft-package.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1708537768-329068152-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-software-package.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1708537768-329068152-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\get-key-se10.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1708537768-329068152-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\is-software-download.com\ deleted successfully.
Starting removal of ActiveX control {41564D57-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\wmvadvd.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{41564D57-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41564D57-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{41564D57-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41564D57-9980-0010-8000-00AA00389B71}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\winlogon32.exe deleted successfully.
C:\WINDOWS\system32\winlogon32.exe moved successfully.
C:\WINDOWS\SET1.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET5.tmp deleted successfully.
C:\WINDOWS\SET9.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
File C:\WINDOWS\System32\drivers\xvgcyu.sys not found.
C:\WINDOWS\system32\6334.exe moved successfully.
C:\WINDOWS\system32\18467.exe moved successfully.
D:\DATA\Plocha\Security essentials 2010.lnk moved successfully.
C:\WINDOWS\system32\41.exe moved successfully.
C:\WINDOWS\system32\helpers32.dll moved successfully.
C:\WINDOWS\system32\warnings.html moved successfully.
File C:\WINDOWS\System32\winlogon32.exe not found.
File C:\WINDOWS\System32\smss32.exe not found.
D:\DATA\Plocha\SmitfraudFix.exe moved successfully.
File C:\WINDOWS\System32\6334.exe not found.
File C:\WINDOWS\System32\18467.exe not found.
D:\DATA\Data aplikací\Microsoft\Installer\{080EC56E-708E-4F76-8777-F925ED655C9A}\_21F3885A18D238E15AAE81.exe moved successfully.
D:\DATA\Data aplikací\Microsoft\Installer\{080EC56E-708E-4F76-8777-F925ED655C9A}\_6FEFF9B68218417F98F549.exe moved successfully.
D:\DATA\Data aplikací\Microsoft\Installer\{080EC56E-708E-4F76-8777-F925ED655C9A}\_8D5DDFF75D5B71601A7BD6.exe moved successfully.
D:\DATA\Data aplikací\Microsoft\Installer\{080EC56E-708E-4F76-8777-F925ED655C9A}\_AC8DB0FAAD0C70FF86AE17.exe moved successfully.
D:\DATA\Data aplikací\Microsoft\Installer\{080EC56E-708E-4F76-8777-F925ED655C9A}\_F2A3CDA9D6E45262B1E433.exe moved successfully.
D:\DATA\Data aplikací\Microsoft\Installer\{080EC56E-708E-4F76-8777-F925ED655C9A}\_FD01BA332C9B5EB2DD9477.exe moved successfully.
D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_0256DD72B4FCEE7E087CD6.exe moved successfully.
D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_054EAA3D2854205365762A.exe moved successfully.
D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_0BE7D1154E2488CC516D81.exe moved successfully.
D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_12C7A2B80C63D47BA9442A.exe moved successfully.
D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_2C11A35014CF33B0ED1F0C.exe moved successfully.
D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_35AE3BD1E845012A08A140.exe moved successfully.
D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_399A7F53989FAF17DBBE78.exe moved successfully.
D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_3BA0F659663E00865042EE.exe moved successfully.
D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_4582ACC69D1B999A874A49.exe moved successfully.
D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_508E7E7120E720AE73B22A.exe moved successfully.
D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_540FF579F1E651C5DA1177.exe moved successfully.
D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_593CDD2374BA1441B4BC1A.exe moved successfully.
D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_6FEFF9B68218417F98F549.exe moved successfully.
D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_704F6D34061A7ABB31A184.exe moved successfully.
D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_781B03DABCF92007C6FA6E.exe moved successfully.
D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_84EEC0318A219DC96FCD30.exe moved successfully.
D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_8B8988FCA6F095D66C8B6E.exe moved successfully.
D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_8C08BFDEF5C377DC4E7BDE.exe moved successfully.
D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_993E5DAF79260C8CBF61BF.exe moved successfully.
D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_9AD746F64502ED33727B42.exe moved successfully.
D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_BA27DAA71A66FA2F2794B2.exe moved successfully.
D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_C7DA9F7ECA99013FB86200.exe moved successfully.
D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_D1911D830CFD3DF6D81A4E.exe moved successfully.
D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_DB3363B6F5A7DE8DB6322B.exe moved successfully.
D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_E29FA00C9EFDA19E0EE874.exe moved successfully.
D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_E54F22AC4F7B501F34A61F.exe moved successfully.
D:\DATA\Data aplikací\Microsoft\Installer\{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}\_FB7DBA7B6C4302B53F60AC.exe moved successfully.
D:\DATA\Data aplikací\Microsoft\Installer\{E8B0B371-85E3-403A-B2FD-ABF6E9D2F8AF}\_0173CE48E5AA721778F80F.exe moved successfully.
D:\DATA\Data aplikací\Microsoft\Installer\{E8B0B371-85E3-403A-B2FD-ABF6E9D2F8AF}\_170126238D65BB93BAA648.exe moved successfully.
D:\DATA\Data aplikací\Microsoft\Installer\{E8B0B371-85E3-403A-B2FD-ABF6E9D2F8AF}\_21F3885A18D238E15AAE81.exe moved successfully.
D:\DATA\Data aplikací\Microsoft\Installer\{E8B0B371-85E3-403A-B2FD-ABF6E9D2F8AF}\_5CD933440DA36112796904.exe moved successfully.
D:\DATA\Data aplikací\Microsoft\Installer\{E8B0B371-85E3-403A-B2FD-ABF6E9D2F8AF}\_6FEFF9B68218417F98F549.exe moved successfully.
D:\DATA\Data aplikací\Microsoft\Installer\{E8B0B371-85E3-403A-B2FD-ABF6E9D2F8AF}\_B592CFA2DAA57D4AF6A020.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User

User: All Users

User: NetworkService

User: LocalService

User: Miro

User: Administrator

User: MO

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2334431 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2,00 mb

[EMPTYFLASH]

User: Default User

User: All Users

User: NetworkService

User: LocalService

User: Miro

User: Administrator

User: MO

Total Flash Files Cleaned = 0,00 mb

Restore points cleared and new OTL Restore Point set!
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\: LSP stack updated.

OTL by OldTimer - Version 3.2.4.1 log created on 05122010_183735

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...