Pomalý počítač, nelze otevřít soubory

[ajure]

Zdravim. Po otevreni podezreleho e-mailu je asi napadeny pocitac. Projevy: zpomaleni, nelze otevrit soubory *.doc a *.xls (hlaska: soubor nenalezen) a otevira se okno zabezpeceni, Spravce úloh (jednotlive ulohy jsou oznacene jako zavirovane nebo virusfree...) a okno asi podvodneho antiviru. Na PC je nainstalovany AVG, kontrola zlikvidovala 2 napadene soubory, ale popsane problemy zustavaji. Přikládám výpis RSIT:
----------
Logfile of random's system information tool 1.07 (written by random/random)
Run by Palanova at 2010-05-06 08:13:33
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 31 GB (42%) free of 73 GB
Total RAM: 479 MB (33% free)


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-12-11 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-11-25 1230080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-29 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-11-29 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-11-25 1230080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"=C:\WINDOWS\SiSUSBrg.exe [2002-07-12 106496]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-11-15 77824]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"ZENRC Tray Icon"=C:\WINDOWS\system32\zentray.exe [2001-06-15 28672]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-11-29 149280]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2010-03-18 2046816]
"LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2008-08-11 63048]
"setup"=C:\DOCUME~1\Palanova\LOCALS~1\Temp\Dočasný adresář 1 pro setup[1].zip\setup.exe []
"ToolbarToolbar"=c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\firefoxtoolbar10062.exe []
"IrfanViewiview32"=c:\program files\iview32irfanview.exe []
"msaddsComponents"=c:\program files\common files\system\msadc\componentsdata.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Windows Registry Repair Pro"=C:\Program Files\Windows Registry Repair Pro\RegistryRepairPro.exe 4 []
"bv9n6ausv5ko"=C:\Documents and Settings\Palanova\Local Settings\Temp\m.254.tmp.exe []
"Desktop Security 2010"=C:\Documents and Settings\Palanova\Data aplikací\Desktop Security 2010\Desktop Security 2010.exe [2010-04-30 1411584]
"SecurityCenter"=C:\Documents and Settings\Palanova\Data aplikací\Desktop Security 2010\securitycenter.exe []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
TaskZip.lnk - C:\Program Files\TaskZip\TaskZip.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-08-10 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2009-09-28 87352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\System32\DKabcoms.exe"="C:\WINDOWS\System32\DKabcoms.exe:*:Enabled:Dell Enhanced TCP/IP"
"C:\Program Files\Dell\Printer Software\DKab1err.EXE"="C:\Program Files\Dell\Printer Software\DKab1err.EXE:*:Enabled: "
"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG8\avgdiag.exe"="C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe"
"C:\Program Files\AVG\AVG8\avgdiagex.exe"="C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-05-06 08:13:36 ----D---- C:\Program Files\trend micro
2010-05-06 08:13:33 ----D---- C:\rsit
2010-05-05 11:15:27 ----D---- C:\Documents and Settings\Palanova\Data aplikací\Desktop Security 2010
2010-04-14 03:04:35 ----HD---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-14 03:04:20 ----HD---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-14 03:01:19 ----HD---- C:\WINDOWS\$NtUninstallKB981349$
2010-04-14 03:01:13 ----HD---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-14 03:01:06 ----HD---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-14 03:01:00 ----HD---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-14 03:00:44 ----HD---- C:\WINDOWS\$NtUninstallKB979309$

======List of files/folders modified in the last 1 months======

2010-05-06 08:13:10 ----A---- C:\WINDOWS\wincmd.ini
2010-05-06 07:20:26 ----A---- C:\WINDOWS\hpbafd.ini
2010-05-05 14:37:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-14 03:04:28 ----A---- C:\WINDOWS\imsins.BAK

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-10 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-10 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-06-13 108552]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2005-07-13 11904]
R2 BlankScreen;HBDevice; C:\WINDOWS\system32\drivers\BlankScreen.sys [2001-07-10 4480]
R2 Kblock;Kblock; C:\WINDOWS\system32\drivers\Kblock.sys [2001-06-15 3742]
R2 KBSTUFF;KBSTUFF; C:\WINDOWS\system32\drivers\KBSTUFF.sys [2001-07-10 5600]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R2 Mouslock;Mouslock; C:\WINDOWS\system32\drivers\Mouslock.sys [2001-06-15 3779]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-08-11 10144]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2005-07-13 257024]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-10 297752]
R2 dkab_device;dkab_device; C:\WINDOWS\system32\DKabcoms.exe [2008-07-02 586992]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-11-29 153376]
R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2009-09-28 116032]
R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2008-08-11 63040]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S2 Novell WUser Agent;Remote management; C:\NOVELL\ZENRC\wuser32.exe []
S2 WUOLService;WUOLservice; C:\NOVELL\ZENRC\WUOLService.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 UMWdf;Sada ovladačů pro uživatelský režim systému Windows; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]

-----------------EOF-----------------

[Caroprd111]

Zdravím


Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe

• Spusťte, poté do spodního políčka vložte následující skript.

Kód: Vybrat vše

 netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys 
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys 
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys 
cdrom.sys 
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav 
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT 

• Označte položku Pro všechny uživatele.
• Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
• Klikněte na tlačítko Prohledat
• Po dokončení, sem vložte logy OTL.Txt a Extras.txt

[ajure]

Díky, zde jsou logy, nešly mi poslat jako příloha:
OTL.txt:

OTL logfile created on: 6.5.2010 15:08:38 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\tmp
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

479,00 Mb Total Physical Memory | 136,00 Mb Available Physical Memory | 28,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 61,00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71,54 Gb Total Space | 29,97 Gb Free Space | 41,90% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 407,41 Gb Total Space | 352,51 Gb Free Space | 86,52% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive M: | 407,41 Gb Total Space | 352,51 Gb Free Space | 86,52% Space Free | Partition Type: NTFS
Drive N: | 407,41 Gb Total Space | 352,51 Gb Free Space | 86,52% Space Free | Partition Type: NTFS
Drive O: | 407,41 Gb Total Space | 352,51 Gb Free Space | 86,52% Space Free | Partition Type: NTFS
Drive R: | 407,41 Gb Total Space | 352,51 Gb Free Space | 86,52% Space Free | Partition Type: NTFS
Drive U: | 407,41 Gb Total Space | 352,51 Gb Free Space | 86,52% Space Free | Partition Type: NTFS
Drive X: | 407,41 Gb Total Space | 352,51 Gb Free Space | 86,52% Space Free | Partition Type: NTFS

Computer Name: PALANOVA2
Current User Name: Palanova
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.05.06 14:55:04 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\tmp\OTL.exe
PRC - [2010.04.30 19:09:08 | 001,411,584 | ---- | M] () -- C:\Documents and Settings\Palanova\Data aplikací\Desktop Security 2010\Desktop Security 2010.exe
PRC - [2010.03.18 08:32:16 | 002,046,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009.12.30 10:28:42 | 000,761,600 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgscanx.exe
PRC - [2009.11.29 09:56:38 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2009.09.28 19:34:22 | 000,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2009.09.28 19:34:16 | 000,378,176 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2009.08.10 07:09:10 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009.08.10 07:09:10 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009.08.10 07:09:06 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009.08.10 07:09:02 | 000,832,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgam.exe
PRC - [2009.08.10 07:08:54 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2008.08.11 12:41:00 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008.08.11 12:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2008.07.02 03:03:00 | 000,586,992 | ---- | M] ( ) -- C:\WINDOWS\system32\DKabcoms.exe
PRC - [2008.04.14 04:22:36 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2008.04.14 04:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005.05.31 06:53:00 | 000,837,156 | ---- | M] (C. Ghisler & Co.) -- C:\Program Files\totalcmd\TOTALCMD.EXE
PRC - [2004.11.15 12:20:20 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2001.10.09 20:02:02 | 000,475,136 | ---- | M] (Pierce Business Systems) -- C:\Program Files\TaskZip\TaskZip.exe


========== Modules (SafeList) ==========

MOD - [2010.05.06 14:55:04 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\tmp\OTL.exe
MOD - [2008.04.14 04:19:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (WUOLService)
SRV - File not found [Auto | Stopped] -- -- (Novell WUser Agent)
SRV - [2009.09.28 19:34:22 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2009.08.10 07:08:54 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2008.08.11 12:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2008.07.02 03:03:00 | 000,586,992 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\DKabcoms.exe -- (dkab_device)


========== Driver Services (SafeList) ==========

DRV - [2009.09.28 19:34:48 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2009.08.10 07:09:10 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009.08.10 07:09:10 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009.06.13 11:07:02 | 000,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2009.06.13 11:07:00 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2008.08.11 12:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008.08.11 12:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2005.07.13 03:48:02 | 000,011,904 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2005.07.13 03:07:18 | 000,257,024 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2004.11.17 13:05:38 | 002,297,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004.08.03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003.07.18 09:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2001.07.10 10:02:30 | 000,005,600 | ---- | M] (Novell Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\kbstuff.sys -- (KBSTUFF)
DRV - [2001.07.10 10:02:08 | 000,004,480 | ---- | M] (Novell, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\blankscreen.sys -- (BlankScreen)
DRV - [2001.06.15 12:01:28 | 000,003,779 | ---- | M] (Novell, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mouslock.sys -- (Mouslock)
DRV - [2001.06.15 12:01:24 | 000,003,742 | ---- | M] (Novell, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\kblock.sys -- (Kblock)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.cz
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comfor.cz
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comfor.cz
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comfor.cz

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comfor.cz

IE - HKU\S-1-5-21-568730901-4168273537-3479383672-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
IE - HKU\S-1-5-21-568730901-4168273537-3479383672-1005\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-568730901-4168273537-3479383672-1005\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-568730901-4168273537-3479383672-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-568730901-4168273537-3479383672-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-568730901-4168273537-3479383672-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.2.2:3128



O1 HOSTS File: ([2004.08.18 14:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-568730901-4168273537-3479383672-1005\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IrfanViewiview32] c:\program files\iview32irfanview.exe File not found
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [msaddsComponents] c:\program files\common files\system\msadc\componentsdata.exe File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [setup] C:\DOCUME~1\Palanova\LOCALS~1\Temp\Dočasný adresář 1 pro setup[1].zip\setup.exe File not found
O4 - HKLM..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ToolbarToolbar] c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\firefoxtoolbar10062.exe File not found
O4 - HKLM..\Run: [ZENRC Tray Icon] C:\WINDOWS\System32\zentray.exe (Novell, Inc.)
O4 - HKU\S-1-5-21-568730901-4168273537-3479383672-1005..\Run: [bv9n6ausv5ko] C:\Documents and Settings\Palanova\Local Settings\Temp\m.254.tmp.exe File not found
O4 - HKU\S-1-5-21-568730901-4168273537-3479383672-1005..\Run: [Desktop Security 2010] C:\Documents and Settings\Palanova\Data aplikací\Desktop Security 2010\Desktop Security 2010.exe ()
O4 - HKU\S-1-5-21-568730901-4168273537-3479383672-1005..\Run: [SecurityCenter] C:\Documents and Settings\Palanova\Data aplikací\Desktop Security 2010\securitycenter.exe File not found
O4 - HKU\S-1-5-21-568730901-4168273537-3479383672-1005..\Run: [Windows Registry Repair Pro] C:\Program Files\Windows Registry Repair Pro\RegistryRepairPro.exe File not found
O4 - HKLM..\RunServices: [BackItUpNero12061] c:\program files\ahead\nero backitup\neronero.exe File not found
O4 - HKLM..\RunServices: [Microsoftmsadds] c:\program files\common files\system\msadc\componentsdata.exe File not found
O4 - HKLM..\RunServices: [NeroSoundTrax] c:\program files\ahead\nero soundtrax\soundtraxsoundtrax.exe File not found
O4 - HKLM..\RunServices: [setup] C:\DOCUME~1\Palanova\LOCALS~1\Temp\Dočasný adresář 1 pro setup[1].zip\setup.exe File not found
O4 - HKLM..\RunServices: [Soustimsdfmap] c:\program files\common files\system\msadc\componentsdata.exe File not found
O4 - HKLM..\RunServices: [ViewerViewer] c:\program files\adobe\acrobat 7.0\reader\plug_ins\imageviewer\cs_cz\svgrsrcviewer60038545.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\TaskZip.lnk = C:\Program Files\TaskZip\TaskZip.exe (Pierce Business Systems)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-568730901-4168273537-3479383672-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKU\S-1-5-21-568730901-4168273537-3479383672-1005\..Trusted Ranges: Range1 ([file] in Místní intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.03.17 10:10:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006.03.17 09:58:04 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (55745656140070912)

========== Files/Folders - Created Within 30 Days ==========

[2010.05.06 15:05:42 | 000,000,000 | ---D | C] -- C:\tmp
[2010.05.06 08:13:36 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.05.06 08:13:33 | 000,000,000 | ---D | C] -- C:\rsit
[2010.05.05 11:15:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Palanova\Data aplikací\Desktop Security 2010
[2009.02.15 10:02:29 | 000,368,640 | ---- | C] ( ) -- C:\WINDOWS\System32\lexlog.dll
[2009.02.15 10:02:00 | 001,044,480 | ---- | C] ( ) -- C:\WINDOWS\System32\dkabserv.dll
[2009.02.15 10:02:00 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\dkabusb1.dll
[2009.02.15 10:02:00 | 000,651,264 | ---- | C] ( ) -- C:\WINDOWS\System32\dkabpmui.dll
[2009.02.15 10:02:00 | 000,573,440 | ---- | C] ( ) -- C:\WINDOWS\System32\dkablmpm.dll
[2009.02.15 10:02:00 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dkabpar1.dll
[2009.02.15 10:02:00 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\dkabiesc.dll
[2009.02.15 10:01:59 | 000,864,256 | ---- | C] ( ) -- C:\WINDOWS\System32\dkabip1.dll
[2009.02.15 10:01:59 | 000,819,200 | ---- | C] ( ) -- C:\WINDOWS\System32\dkabcomc.dll
[2009.02.15 10:01:59 | 000,454,656 | ---- | C] ( ) -- C:\WINDOWS\System32\dkabiobj.dll
[2009.02.15 10:01:59 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\dkabhcp.dll
[2009.02.15 10:01:59 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\dkabcomm.dll
[2009.02.15 10:01:59 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\dkabinpa.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Palanova\Dokumenty\*.tmp files -> C:\Documents and Settings\Palanova\Dokumenty\*.tmp -> ]
[1 C:\Documents and Settings\Palanova\*.tmp files -> C:\Documents and Settings\Palanova\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.05.06 15:05:22 | 000,002,574 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010.05.06 11:35:50 | 000,000,434 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2010.05.06 09:33:08 | 000,000,000 | ---- | M] () -- C:\predpis.csv
[2010.05.06 08:11:28 | 000,351,296 | ---- | M] () -- C:\Documents and Settings\Palanova\Plocha\RSIT.zip
[2010.05.05 14:40:46 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.05.05 14:39:04 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.05.05 14:38:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.05.05 14:38:56 | 502,583,296 | -HS- | M] () -- C:\hiberfil.sys
[2010.05.05 14:36:48 | 003,932,160 | ---- | M] () -- C:\Documents and Settings\Palanova\NTUSER.DAT
[2010.05.05 14:36:48 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\Palanova\ntuser.ini
[2010.05.03 07:43:34 | 000,064,000 | ---- | M] () -- C:\Documents and Settings\Palanova\Dokumenty\Výkaz práce.doc
[2010.04.27 08:50:28 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Palanova\Dokumenty\Nedoručené předpisy.doc
[2010.04.26 09:45:48 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\Palanova\Dokumenty\Seznam DD a hosp..xls
[2010.04.15 09:43:02 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\Palanova\Dokumenty\Převzetí předpisů.xls
[2010.04.14 03:04:28 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Palanova\Dokumenty\*.tmp files -> C:\Documents and Settings\Palanova\Dokumenty\*.tmp -> ]
[1 C:\Documents and Settings\Palanova\*.tmp files -> C:\Documents and Settings\Palanova\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.05.06 08:13:00 | 000,351,296 | ---- | C] () -- C:\Documents and Settings\Palanova\Plocha\RSIT.zip
[2010.04.15 15:16:56 | 000,045,056 | ---- | C] () -- C:\Documents and Settings\Palanova\Dokumenty\Seznam DD a hosp..xls
[2010.01.25 11:58:06 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2008.06.06 13:53:26 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\BTRDRVR.SYS
[2007.06.06 16:09:40 | 000,000,052 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2007.01.24 07:18:23 | 000,008,000 | ---- | C] () -- C:\WINDOWS\System32\yukti.dll
[2007.01.24 07:16:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Nciman.INI
[2007.01.24 07:14:14 | 000,002,420 | ---- | C] () -- C:\WINDOWS\lwppro.ini
[2006.09.01 10:24:51 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006.03.31 16:48:49 | 000,000,434 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2006.03.29 07:49:39 | 000,001,586 | ---- | C] () -- C:\WINDOWS\SETUPGB.INI
[2006.03.28 16:16:19 | 000,000,058 | ---- | C] () -- C:\WINDOWS\crw.ini
[2006.03.28 12:50:45 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2006.03.27 16:24:20 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.03.27 16:17:28 | 000,000,145 | ---- | C] () -- C:\WINDOWS\WINHELP.INI
[2006.03.27 16:13:27 | 000,152,576 | R--- | C] () -- C:\WINDOWS\System32\NLSAPI32.DLL
[2006.03.27 16:13:27 | 000,088,064 | R--- | C] () -- C:\WINDOWS\System32\NLS32.DLL
[2006.03.27 15:32:42 | 000,002,574 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2006.03.17 13:06:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006.03.17 11:42:24 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2006.03.17 11:42:22 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006.03.17 10:10:29 | 000,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2005.04.18 08:43:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2003.04.09 15:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001.10.04 14:40:54 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll
[1980.01.01 00:00:00 | 000,000,844 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

========== LOP Check ==========

[2008.08.28 14:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pervasive Software
[2009.06.13 11:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AVG Security Toolbar
[2009.12.04 06:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Temp
[2010.03.12 10:28:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\LogMeIn
[2008.10.28 10:56:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\OpenOffice.org
[2008.10.28 11:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Palanova\Data aplikací\OpenOffice.org
[2010.05.05 11:15:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Palanova\Data aplikací\Desktop Security 2010

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 04:22:18 | 000,015,360 | ---- | M] (Microsoft Corporation)
"Windows Registry Repair Pro" = C:\Program Files\Windows Registry Repair Pro\RegistryRepairPro.exe 4 -- File not found
"bv9n6ausv5ko" = C:\Documents and Settings\Palanova\Local Settings\Temp\m.254.tmp.exe -- File not found
"Desktop Security 2010" = "C:\Documents and Settings\Palanova\Data aplikací\Desktop Security 2010\Desktop Security 2010.exe" /STARTUP -- [2010.04.30 19:09:08 | 001,411,584 | ---- | M] ()
"SecurityCenter" = C:\Documents and Settings\Palanova\Data aplikací\Desktop Security 2010\securitycenter.exe -- File not found

< c:\windows\*.* /U >
[1 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2006.03.17 10:24:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Palanova\Data aplikací\Identities
[2006.03.17 12:49:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Palanova\Data aplikací\CyberLink
[2006.03.17 10:02:50 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Palanova\Data aplikací\Microsoft
[2006.03.27 15:12:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Palanova\Data aplikací\Macromedia
[2006.03.27 16:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Palanova\Data aplikací\Help
[2006.03.28 14:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Palanova\Data aplikací\Adobe
[2006.03.30 15:26:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Palanova\Data aplikací\AdobeUM
[2007.08.10 14:57:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Palanova\Data aplikací\Sun
[2008.10.28 11:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Palanova\Data aplikací\OpenOffice.org
[2009.10.02 14:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Palanova\Data aplikací\AVG8
[2010.05.05 11:15:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Palanova\Data aplikací\Desktop Security 2010

< %APPDATA%\*.exe /s >
[2010.04.30 19:09:08 | 001,411,584 | ---- | M] () -- C:\Documents and Settings\Palanova\Data aplikací\Desktop Security 2010\Desktop Security 2010.exe


< MD5 for: AGP440.SYS >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\INSTALL\I386\sp2.cab:AGP440.sys
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009.12.30 10:42:52 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009.12.30 10:42:52 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\INSTALL\I386\sp2.cab:atapi.sys
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009.12.30 10:42:52 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009.12.30 10:42:52 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.18 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: CDROM.SYS >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\INSTALL\I386\sp2.cab:cdrom.sys
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2009.12.30 10:42:52 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2009.12.30 10:42:52 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004.08.18 14:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2004.08.18 14:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 04:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 04:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 04:21:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:21:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2004.08.18 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 04:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 04:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004.08.18 14:00:00 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: HAL.DLL >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\INSTALL\I386\sp2.cab:hal.dll
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2009.12.30 10:42:52 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2009.12.30 10:42:52 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 19:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2008.04.13 19:31:28 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=6F61D3287A6A15A08A9433222C09D17F -- C:\WINDOWS\system32\HAL.DLL
[2004.08.18 14:00:00 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll

< MD5 for: CHANGER.SYS >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\INSTALL\I386\sp2.cab:Changer.sys
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2009.12.30 10:42:52 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2009.12.30 10:42:52 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.13 19:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys

< MD5 for: ISAPNP.SYS >
[2009.12.30 10:42:52 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2009.12.30 10:42:52 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2004.08.18 14:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
[2008.04.14 03:27:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 03:27:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2004.08.18 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 04:22:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 04:22:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 20:20:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 20:20:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004.08.18 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.02.06 19:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 19:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004.08.18 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 04:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004.08.18 14:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 04:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.18 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2008.04.14 04:22:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 04:22:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe
[2004.08.18 14:00:00 | 000,481,792 | ---- | M] (Microsoft Corporation) MD5=CB56F803D2CAF6B3F32E82D2F73F4B3A -- C:\INSTALL\I386\SYSTEM32\SMSS.EXE

< MD5 for: SVCHOST.EXE >
[2008.04.14 04:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 04:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2004.08.18 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.06.20 11:45:14 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2006.01.13 18:07:08 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=5562CC0A47B2AEF06D3417B733F3C195 -- C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[2006.01.13 03:28:14 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=583E063FDC888CA30D05C2724B0D7EF4 -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008.06.20 11:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2008.04.13 20:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.13 20:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004.08.18 14:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 04:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2004.08.18 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.18 14:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 04:22:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:22:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2004.08.18 14:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008.04.14 04:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 04:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006.03.17 10:02:14 | 000,454,656 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
[2006.03.17 10:02:14 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006.03.17 10:02:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2010.05.05 14:40:46 | 000,001,158 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report >
*------------------------------------------------ Extras.txt:

OTL Extras logfile created on: 6.5.2010 15:08:38 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\tmp
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

479,00 Mb Total Physical Memory | 136,00 Mb Available Physical Memory | 28,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 61,00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71,54 Gb Total Space | 29,97 Gb Free Space | 41,90% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 407,41 Gb Total Space | 352,51 Gb Free Space | 86,52% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive M: | 407,41 Gb Total Space | 352,51 Gb Free Space | 86,52% Space Free | Partition Type: NTFS
Drive N: | 407,41 Gb Total Space | 352,51 Gb Free Space | 86,52% Space Free | Partition Type: NTFS
Drive O: | 407,41 Gb Total Space | 352,51 Gb Free Space | 86,52% Space Free | Partition Type: NTFS
Drive R: | 407,41 Gb Total Space | 352,51 Gb Free Space | 86,52% Space Free | Partition Type: NTFS
Drive U: | 407,41 Gb Total Space | 352,51 Gb Free Space | 86,52% Space Free | Partition Type: NTFS
Drive X: | 407,41 Gb Total Space | 352,51 Gb Free Space | 86,52% Space Free | Partition Type: NTFS

Computer Name: PALANOVA2
Current User Name: Palanova
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\System32\DKabcoms.exe" = C:\WINDOWS\System32\DKabcoms.exe:*:Enabled:Dell Enhanced TCP/IP -- ( )
"C:\Program Files\Dell\Printer Software\DKab1err.EXE" = C:\Program Files\Dell\Printer Software\DKab1err.EXE:*:Enabled: -- (Dell, Inc.)
"C:\Program Files\AVG\AVG8\avgam.exe" = C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgdiag.exe" = C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgdiagex.exe" = C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A3238D7-AA32-1010-B717-F3E3F18B4A8C}" = Pervasive PSQL v10.10 Client (32-bit)
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{90AF0405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{91130405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{AC76BA86-7AD7-1029-7B44-A70500000002}" = Adobe Reader 7.0.5 - Czech
"{BE8BE32F-F595-4693-9F82-1E0A5A047BB6}" = OpenOffice.org 3.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{F02DBC5D-33E3-45E9-B0F8-B7745229ED1C}" = NICI (Shared) U.S./Worldwide (128 bit) (2.6.8-2)
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AVG8Uninstall" = AVG 8.5
"Dell_HostCD" = Dell Printer Software Uninstall
"DIGIMAX Home Print Service" = DIGIMAX Home Print Service
"Lexicon 4.0" = Lingea Lexicon 2002
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Nero - Burning Rom!UninstallKey" = Nero OEM
"TaskZip" = TaskZip
"Tiskový systém HP LaserJet 4000" = Tiskový systém HP LaserJet 4000
"Totalcmd" = Total Commander (Remove or Repair)
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows Registry Repair SE_is1" = Windows Registry Repair SE
"Windows XP Service Pack" = Windows XP Service Pack 3

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-568730901-4168273537-3479383672-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Desktop Security 2010" = Desktop Security 2010
"NI0108 - Elektronické výkaznictví ČSÚ_is1" = NI0108 - Elektronické výkaznictví ČSÚ 2.10

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 29.3.2010 2:38:50 | Computer Name = PALANOVA2 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace MGrntw.exe, verze 0.0.0.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 29.3.2010 2:42:12 | Computer Name = PALANOVA2 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace MGrntw.exe, verze 0.0.0.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 29.3.2010 9:34:15 | Computer Name = PALANOVA2 | Source = Application Error | ID = 1000
Description = Chybující aplikace msimn.exe, verze 6.0.2900.5512, chybující modul
directdb.dll, verze 6.0.2900.5512, adresa chyby 0x00007641.

Error - 30.3.2010 5:25:49 | Computer Name = PALANOVA2 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace iexplore.exe, verze 6.0.2900.5512, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 6.4.2010 9:01:36 | Computer Name = PALANOVA2 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace rundll32.exe, verze 5.1.2600.5512, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 14.4.2010 10:09:35 | Computer Name = PALANOVA2 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace WINWORD.EXE, verze 11.0.5604.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 14.4.2010 10:10:54 | Computer Name = PALANOVA2 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace WINWORD.EXE, verze 11.0.5604.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 14.4.2010 10:13:30 | Computer Name = PALANOVA2 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace WINWORD.EXE, verze 11.0.5604.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 17.4.2010 10:11:49 | Computer Name = PALANOVA2 | Source = Microsoft Office 11 | ID = 1000
Description = Faulting application winword.exe, version 11.0.5604.0, stamp 3f314a2f,
faulting module winword.exe, version 11.0.5604.0, stamp 3f314a2f, debug? 0, fault
address 0x00032b82.

Error - 18.4.2010 6:32:53 | Computer Name = PALANOVA2 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace WINWORD.EXE, verze 11.0.5604.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

[ System Events ]
Error - 13.4.2010 21:21:54 | Computer Name = PALANOVA2 | Source = Service Control Manager | ID = 7003
Description = Služba Remote management závisí na následující neexistující službě:
WM

Error - 13.4.2010 21:21:54 | Computer Name = PALANOVA2 | Source = Service Control Manager | ID = 7003
Description = Služba WUOLService závisí na následující neexistující službě: WM

Error - 14.4.2010 8:47:45 | Computer Name = PALANOVA2 | Source = Service Control Manager | ID = 7003
Description = Služba Remote management závisí na následující neexistující službě:
WM

Error - 14.4.2010 8:47:45 | Computer Name = PALANOVA2 | Source = Service Control Manager | ID = 7003
Description = Služba WUOLService závisí na následující neexistující službě: WM

Error - 26.4.2010 0:57:14 | Computer Name = PALANOVA2 | Source = Service Control Manager | ID = 7003
Description = Služba Remote management závisí na následující neexistující službě:
WM

Error - 26.4.2010 0:57:14 | Computer Name = PALANOVA2 | Source = Service Control Manager | ID = 7003
Description = Služba WUOLService závisí na následující neexistující službě: WM

Error - 3.5.2010 1:08:03 | Computer Name = PALANOVA2 | Source = Service Control Manager | ID = 7003
Description = Služba Remote management závisí na následující neexistující službě:
WM

Error - 3.5.2010 1:08:03 | Computer Name = PALANOVA2 | Source = Service Control Manager | ID = 7003
Description = Služba WUOLService závisí na následující neexistující službě: WM

Error - 5.5.2010 8:40:38 | Computer Name = PALANOVA2 | Source = Service Control Manager | ID = 7003
Description = Služba Remote management závisí na následující neexistující službě:
WM

Error - 5.5.2010 8:40:38 | Computer Name = PALANOVA2 | Source = Service Control Manager | ID = 7003
Description = Služba WUOLService závisí na následující neexistující službě: WM


< End of report >

Díky za spolupráci.

[Caroprd111]

Spusťte OTL a do spodního okna vložte následující skript.

Kód: Vybrat vše

:OTL
PRC - [2010.04.30 19:09:08 | 001,411,584 | ---- | M] () -- C:\Documents and Settings\Palanova\Data aplikací\Desktop Security 2010\Desktop Security 2010.exe
SRV - File not found [Auto | Stopped] -- -- (WUOLService)
SRV - File not found [Auto | Stopped] -- -- (Novell WUser Agent)
IE - HKU\S-1-5-21-568730901-4168273537-3479383672-1005\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [setup] C:\DOCUME~1\Palanova\LOCALS~1\Temp\Dočasný adresář 1 pro setup[1].zip\setup.exe File not found
O4 - HKLM..\Run: [IrfanViewiview32] c:\program files\iview32irfanview.exe File not found
O4 - HKLM..\Run: [msaddsComponents] c:\program files\common files\system\msadc\componentsdata.exe File not found
O4 - HKU\S-1-5-21-568730901-4168273537-3479383672-1005..\Run: [bv9n6ausv5ko] C:\Documents and Settings\Palanova\Local Settings\Temp\m.254.tmp.exe File not found
O4 - HKU\S-1-5-21-568730901-4168273537-3479383672-1005..\Run: [Desktop Security 2010] C:\Documents and Settings\Palanova\Data aplikací\Desktop Security 2010\Desktop Security 2010.exe ()
O4 - HKU\S-1-5-21-568730901-4168273537-3479383672-1005..\Run: [SecurityCenter] C:\Documents and Settings\Palanova\Data aplikací\Desktop Security 2010\securitycenter.exe File not found
O4 - HKU\S-1-5-21-568730901-4168273537-3479383672-1005..\Run: [Windows Registry Repair Pro] C:\Program Files\Windows Registry Repair Pro\RegistryRepairPro.exe File not found
O4 - HKLM..\RunServices: [BackItUpNero12061] c:\program files\ahead\nero backitup\neronero.exe File not found
O4 - HKLM..\RunServices: [Microsoftmsadds] c:\program files\common files\system\msadc\componentsdata.exe File not found
O4 - HKLM..\RunServices: [NeroSoundTrax] c:\program files\ahead\nero soundtrax\soundtraxsoundtrax.exe File not found
O4 - HKLM..\RunServices: [setup] C:\DOCUME~1\Palanova\LOCALS~1\Temp\Dočasný adresář 1 pro setup[1].zip\setup.exe File not found
O4 - HKLM..\RunServices: [Soustimsdfmap] c:\program files\common files\system\msadc\componentsdata.exe File not found
O4 - HKLM..\RunServices: [ViewerViewer] c:\program files\adobe\acrobat 7.0\reader\plug_ins\imageviewer\cs_cz\svgrsrcviewer60038545.exe File not found
O15 - HKU\S-1-5-21-568730901-4168273537-3479383672-1005\..Trusted Ranges: Range1 ([file] in Místní intranet)
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Palanova\Dokumenty\*.tmp files -> C:\Documents and Settings\Palanova\Dokumenty\*.tmp -> ]
[1 C:\Documents and Settings\Palanova\*.tmp files -> C:\Documents and Settings\Palanova\*.tmp -> ]
[2010.05.05 11:15:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Palanova\Data aplikací\Desktop Security 2010

:Commands
[EMPTYTEMP] 
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[CREATERESTOREPOINT]

Poté klikněte na Opravit, PC se restartuje, log vložte sem.



Tohle otestujte na http://www.virustotal.com/cs/
C:\WINDOWS\System32\dkabiesc.dll

(Soubor nehledejte, jenom vložíte tučně označenou cestu, v případě hlášky "Soubor již byl testován" dejte otestovat znovu. Výsledek analýzy sem v podobě odkazu vložte.)

[ajure]

Odkaz na výsledek kontroly:

http://www.virustotal.com/cs/analisis/9 ... 1273209249

Log z OTL:
All processes killed
========== OTL ==========
No active process named Desktop Security 2010.exe was found!
Service WUOLService stopped successfully!
Service WUOLService deleted successfully!
Service Novell WUser Agent stopped successfully!
Service Novell WUser Agent deleted successfully!
Registry value HKEY_USERS\S-1-5-21-568730901-4168273537-3479383672-1005\Software\Microsoft\Internet Explorer\URLSearchHooks\\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\setup deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IrfanViewiview32 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\msaddsComponents deleted successfully.
Registry value HKEY_USERS\S-1-5-21-568730901-4168273537-3479383672-1005\Software\Microsoft\Windows\CurrentVersion\Run\\bv9n6ausv5ko deleted successfully.
Registry value HKEY_USERS\S-1-5-21-568730901-4168273537-3479383672-1005\Software\Microsoft\Windows\CurrentVersion\Run\\Desktop Security 2010 deleted successfully.
C:\Documents and Settings\Palanova\Data aplikací\Desktop Security 2010\Desktop Security 2010.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-568730901-4168273537-3479383672-1005\Software\Microsoft\Windows\CurrentVersion\Run\\SecurityCenter deleted successfully.
Registry value HKEY_USERS\S-1-5-21-568730901-4168273537-3479383672-1005\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Registry Repair Pro deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\\BackItUpNero12061 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\\Microsoftmsadds deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\\NeroSoundTrax deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\\setup deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\\Soustimsdfmap deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\\ViewerViewer deleted successfully.
Registry value HKEY_USERS\S-1-5-21-568730901-4168273537-3479383672-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\file deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\002744_.tmp deleted successfully.
C:\Documents and Settings\Palanova\Dokumenty\~WRL2259.tmp deleted successfully.
C:\Documents and Settings\Palanova\vga115.tmp deleted successfully.
C:\Documents and Settings\Palanova\Data aplikací\Desktop Security 2010 folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Administrator
->Temp folder emptied: 8789412 bytes
->Temporary Internet Files folder emptied: 1111404 bytes

User: Palanova
->Temp folder emptied: 296033996 bytes
->Temporary Internet Files folder emptied: 11375097 bytes
->Java cache emptied: 38051244 bytes
->Flash cache emptied: 6618 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 582652458 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34306 bytes
RecycleBin emptied: 1581254811 bytes

Total Files Cleaned = 2 403,00 mb


[EMPTYFLASH]

User: Default User

User: All Users

User: NetworkService

User: LocalService

User: Administrator

User: Palanova
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

Restore points cleared and new OTL Restore Point set!
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

OTL by OldTimer - Version 3.2.4.1 log created on 05062010_185405

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

*-------------
Díky za ochotu a váš čas při odhalování likvidování breberek.

[Caroprd111]

Jak to vypadá s PC

[ajure]

Co jsem zkoušel, tak všechny problémy zmizely. Vypadá to OK. Moc děkuji za pomoc!

[Caroprd111]

Poprosím o nový log z RSIT.

[ajure]

Omlouvám se, že jsem hned nereagoval. Zde je log:

Logfile of random's system information tool 1.07 (written by random/random)
Run by Palanova at 2010-05-14 14:45:36
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 36 GB (50%) free of 73 GB
Total RAM: 479 MB (34% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:47:46, on 14.5.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\DKabcoms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TaskZip\TaskZip.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Documents and Settings\Palanova\Plocha\RSIT.exe
C:\Program Files\trend micro\Palanova.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://hledani.tiscali.cz/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.cz
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.comfor.cz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.2.2:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ZENRC Tray Icon] zentray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [ToolbarToolbar] c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\firefoxtoolbar10062.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: TaskZip.lnk = C:\Program Files\TaskZip\TaskZip.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.cz
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8FCD59C-8080-4A75-9F0F-43689731C58C}: NameServer = 192.168.2.9
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: dkab_device - - C:\WINDOWS\system32\DKabcoms.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

--
End of file - 6419 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-12-11 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-11-25 1230080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-29 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-11-29 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-11-25 1230080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"=C:\WINDOWS\SiSUSBrg.exe [2002-07-12 106496]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-11-15 77824]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"ZENRC Tray Icon"=C:\WINDOWS\system32\zentray.exe [2001-06-15 28672]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-11-29 149280]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2010-03-18 2046816]
"LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2008-08-11 63048]
"ToolbarToolbar"=c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\firefoxtoolbar10062.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
TaskZip.lnk - C:\Program Files\TaskZip\TaskZip.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-08-10 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2009-09-28 87352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\System32\DKabcoms.exe"="C:\WINDOWS\System32\DKabcoms.exe:*:Enabled:Dell Enhanced TCP/IP"
"C:\Program Files\Dell\Printer Software\DKab1err.EXE"="C:\Program Files\Dell\Printer Software\DKab1err.EXE:*:Enabled: "
"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG8\avgdiag.exe"="C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe"
"C:\Program Files\AVG\AVG8\avgdiagex.exe"="C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-05-06 18:54:05 ----D---- C:\_OTL
2010-05-06 15:05:42 ----D---- C:\tmp
2010-05-06 08:13:36 ----D---- C:\Program Files\trend micro
2010-05-06 08:13:33 ----D---- C:\rsit

======List of files/folders modified in the last 1 months======

2010-05-14 14:45:20 ----A---- C:\WINDOWS\wincmd.ini
2010-05-14 13:06:26 ----A---- C:\WINDOWS\hpbafd.ini
2010-05-07 21:07:12 ----A---- C:\WINDOWS\SchedLgU.Txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-10 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-10 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-06-13 108552]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2005-07-13 11904]
R2 BlankScreen;HBDevice; C:\WINDOWS\system32\drivers\BlankScreen.sys [2001-07-10 4480]
R2 Kblock;Kblock; C:\WINDOWS\system32\drivers\Kblock.sys [2001-06-15 3742]
R2 KBSTUFF;KBSTUFF; C:\WINDOWS\system32\drivers\KBSTUFF.sys [2001-07-10 5600]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R2 Mouslock;Mouslock; C:\WINDOWS\system32\drivers\Mouslock.sys [2001-06-15 3779]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-08-11 10144]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2005-07-13 257024]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-10 297752]
R2 dkab_device;dkab_device; C:\WINDOWS\system32\DKabcoms.exe [2008-07-02 586992]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-11-29 153376]
R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2009-09-28 116032]
R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2008-08-11 63040]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 UMWdf;Sada ovladačů pro uživatelský režim systému Windows; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]

-----------------EOF-----------------

[Caroprd111]

V pořádku


Spusťte OTL a do spodního okna vložte následující skript.

Kód: Vybrat vše

:OTL
O4 - HKLM..\Run: [ToolbarToolbar] c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\firefoxtoolbar10062.exe File not found

Poté klikněte na Opravit, log vložte sem.


Doporučuji aktualizovat Adobe Reader http://www.stahuj.centrum.cz/podnikani_ ... batreader/


Používáte AVG Internet Security nebo AVG Anti-Virus (bez firewallu)

[ajure]

Log y OTL:
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ToolbarToolbar deleted successfully.

OTL by OldTimer - Version 3.2.4.1 log created on 05162010_111952

-----------------
Používáme AVG Anti-Virus network edition, z toho přes Admin server aktualizace AVG
na jednotlivých PC.

Aktualizaci AR na verzi 9.3 jsem provedl.

Děkuji za pomoc a trpělivost.

[Caroprd111]

Stáhněte TFC http://oldtimer.geekstogo.com/TFC.exe

• Spusťte.
• Klikněte na "Start". Potvrďte hlášku kliknutím na "Ok" (Bude následovat restart)

Stáhněte OTC http://oldtimer.geekstogo.com/OTC.exe

• Spusťte.
• Klikněte na "CleanUp!". Potvrďte hlášky kliknutím na "Yes" (Bude následovat restart)

Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478

• Nainstalujte a v průběhu instalace odškrtněte, že chcete instalovat yahoo toolbar.
  
  Záložka Čistič
• Dejte analyzovat, po dokončení dejte Spustit Ccleaner.
  
  Záložka Registry
• Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, potom dejte Opravit všechny problémy.
  OK Zavřít

[ajure]

Ok provedeno. Ještě jednou dík za všechno.

[Caroprd111]

Nemáte zač