VIRY.CZ

Dobrý večer
záskok za kolegu.

V mbamu vše smažte. Jak to vypadá s počítačem?
Poprosím o nový log ze Rsitu

Přeji pěkný Silvestr popř. úspěšný nový rok!

V Mbamu smazáno vše co si sám označil, nic více jsem neoznačoval.
Počítač už se chová určitě rychleji a myslím si, že o moc rychlejší už ta herka nebude
Nový sken z RSITu:

Logfile of random's system information tool 1.08 (written by random/random)
Run by x at 2010-12-31 21:20:47
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 11 GB (57%) free of 19 GB
Total RAM: 111 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:21:22, on 31.12.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\WINDOWS\system32\HPConfig.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\RadioSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\x\Plocha\RSIT.exe
C:\Program Files\trend micro\x.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/info/homepage-o
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (file missing)
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HP RF Device Service (HpRfDev) - Hewlett-Packard - C:\WINDOWS\system32\HpRfDev.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PEVSystemStart - Unknown owner - C:\ComboFix\PEV.cfxxe
O23 - Service: RadioSvr - Hewlett-Packard - C:\WINDOWS\system32\RadioSvr.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)

--
End of file - 4710 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Low Battery Alarm Program.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2002-01-31 110592]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2002-01-31 450560]
"HP Display Settings"=C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe [2002-03-07 61440]
"CARPService"=C:\WINDOWS\system32\carpserv.exe [2002-03-19 4608]
"SearchSettings"=C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe [2010-11-18 524288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-09-20 441136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SYMTDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoResolveSearch"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"F:\PortableApps.com\PortableApps\WinSCPPortable\App\WinSCP\WinSCP.exe"="F:\PortableApps.com\PortableApps\WinSCPPortable\App\WinSCP\WinSCP.exe:*:Enabled:Windows SFTP, FTP and SCP client"
"C:\Program Files\Opera\Opera.exe"="C:\Program Files\Opera\Opera.exe:*:Enabled:Opera Internet Browser"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-12-30 17:18:26 ----ASH---- C:\hiberfil.sys
2010-12-30 16:26:42 ----D---- C:\Documents and Settings\x\Data aplikací\Malwarebytes
2010-12-30 16:25:23 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-12-30 16:25:03 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-12-30 16:23:42 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-12-30 16:23:35 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-12-30 10:47:43 ----D---- C:\Program Files\Altap Salamander
2010-12-30 09:53:06 ----D---- C:\rsit
2010-12-29 15:08:41 ----SD---- C:\ComboFix
2010-12-27 20:00:05 ----A---- C:\Boot.bak
2010-12-27 19:58:40 ----RASHD---- C:\cmdcons
2010-12-27 17:40:56 ----D---- C:\Documents and Settings\x\Data aplikací\Motive
2010-12-27 17:35:15 ----D---- C:\Program Files\TO2SAM
2010-12-27 17:27:49 ----D---- C:\Program Files\Common Files\Motive
2010-12-27 17:25:18 ----D---- C:\Documents and Settings\All Users\Data aplikací\Motive
2010-12-27 15:31:18 ----A---- C:\WINDOWS\NIRCMD.exe
2010-12-27 15:31:18 ----A---- C:\WINDOWS\MBR.exe
2010-12-27 15:31:17 ----A---- C:\WINDOWS\zip.exe
2010-12-27 15:31:17 ----A---- C:\WINDOWS\SWSC.exe
2010-12-27 15:31:17 ----A---- C:\WINDOWS\SWREG.exe
2010-12-27 15:31:17 ----A---- C:\WINDOWS\sed.exe
2010-12-27 15:31:17 ----A---- C:\WINDOWS\PEV.exe
2010-12-27 15:31:17 ----A---- C:\WINDOWS\grep.exe
2010-12-27 15:31:16 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-12-27 15:30:00 ----D---- C:\WINDOWS\ERDNT
2010-12-27 15:23:51 ----D---- C:\Qoobox
2010-12-27 13:45:43 ----D---- C:\Program Files\Trend Micro
2010-12-27 13:17:01 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-12-27 10:33:13 ----DC---- C:\Documents and Settings\All Users\Data aplikací\{589802B2-1BF3-4609-9ADE-CF6E6608D06D}
2010-12-27 10:23:04 ----A---- C:\WINDOWS\ntbtlog.txt
2010-12-26 20:46:55 ----D---- C:\Documents and Settings\x\Data aplikací\Search Settings
2010-12-26 20:42:16 ----D---- C:\Program Files\Application Updater
2010-12-26 20:42:04 ----D---- C:\Program Files\Common Files\Spigot
2010-12-26 20:41:57 ----D---- C:\Program Files\IObit Toolbar
2010-12-26 20:38:01 ----D---- C:\Documents and Settings\x\Data aplikací\IObit
2010-12-26 20:37:10 ----D---- C:\Program Files\IObit
2010-12-26 18:52:44 ----D---- C:\Program Files\Avira

======List of files/folders modified in the last 1 months======

2010-12-31 21:20:49 ----D---- C:\WINDOWS\Prefetch
2010-12-31 20:51:13 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-12-30 18:20:31 ----D---- C:\WINDOWS\Temp
2010-12-30 18:12:02 ----D---- C:\WINDOWS\system32\drivers
2010-12-30 17:22:56 ----D---- C:\WINDOWS\system32\CatRoot2
2010-12-30 16:23:35 ----RD---- C:\Program Files
2010-12-29 15:52:32 ----D---- C:\WINDOWS
2010-12-29 15:52:32 ----AD---- C:\WINDOWS\system32
2010-12-29 10:02:14 ----D---- C:\Program Files\Spyware Doctor
2010-12-29 10:02:13 ----D---- C:\Program Files\Common Files\PC Tools
2010-12-28 18:19:24 ----A---- C:\WINDOWS\system.ini
2010-12-28 03:11:01 ----D---- C:\WINDOWS\Debug
2010-12-27 20:00:06 ----RASH---- C:\boot.ini
2010-12-27 17:27:49 ----D---- C:\Program Files\Common Files
2010-12-27 13:46:15 ----SHD---- C:\WINDOWS\Installer
2010-12-27 08:31:43 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-12-27 08:30:57 ----HD---- C:\WINDOWS\inf
2010-12-26 20:42:17 ----D---- C:\WINDOWS\WinSxS
2010-12-26 18:31:02 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-12-08 21:34:08 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 prohlp02;StarForce Protection Helper Driver v2; C:\WINDOWS\System32\drivers\prohlp02.sys [2004-08-09 114016]
R0 prosync1;StarForce Protection Synchronization Driver v1; C:\WINDOWS\System32\drivers\prosync1.sys [2004-07-19 7040]
R0 sfhlp01;StarForce Protection Helper Driver; C:\WINDOWS\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R0 viaagp;Filtr VIA sběrnice AGP ; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2004-08-04 42240]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 P3;Ovladač procesoru Intel PentiumIII; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-17 46336]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 Ethpdrv;Ethernet Packet Driver; C:\WINDOWS\System32\DRIVERS\ethpdrv.sys [2005-09-08 9728]
R2 HPGate;HPGate; C:\WINDOWS\System32\Drivers\HPGate.sys [2001-05-03 6848]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2001-10-22 9855]
R2 StreamDispatcher;StreamDispatcher; C:\WINDOWS\system32\DRIVERS\strmdisp.sys [2002-02-13 34224]
R2 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\System32\DRIVERS\SynTP.sys [2002-01-31 251120]
R3 CVIAAUD;Conexant AMC 3D Environmental Audio; C:\WINDOWS\system32\drivers\cviaaud.sys [2004-02-18 292352]
R3 CVIAHALA;CVIAHALA; C:\WINDOWS\system32\drivers\cviahal.sys [2004-02-18 273536]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 HPCI;HP Configuration Interface; C:\WINDOWS\System32\DRIVERS\hpci.sys [2002-01-30 14472]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2002-03-19 1171649]
R3 HSFHWVIA;HSFHWVIA; C:\WINDOWS\system32\DRIVERS\HSFHWVIA.sys [2002-03-19 154149]
R3 KBFiltr;Dritek HotKey Keyboard Filter Driver; C:\WINDOWS\System32\Drivers\KBFiltr.sys [2002-04-01 14643]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
R3 S3Twistr;S3Twistr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2002-03-07 131840]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2002-03-19 594033]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 ipw_bus;IPWireless; C:\WINDOWS\System32\DRIVERS\ipw_bus.sys [2005-09-27 58320]
S3 ipw_mdfl;Wireless Broadband Modem Filter; C:\WINDOWS\System32\DRIVERS\ipw_mdfl.sys [2005-09-27 8272]
S3 ipw_mdm;Wireless Broadband Modem (WDM); C:\WINDOWS\System32\DRIVERS\ipw_mdm.sys [2005-09-27 95440]
S3 LEX_NIC_SERVICE;IEEE 802.11 Wireless NIC Win2000 Driver; C:\WINDOWS\System32\DRIVERS\Express.sys [2002-01-18 57344]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2010-11-18 386560]
R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe []
R2 HPConfig;HP Configuration Interface Service; C:\WINDOWS\system32\HPConfig.exe [2002-03-14 151552]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-10-15 303104]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R3 RadioSvr;RadioSvr; C:\WINDOWS\system32\RadioSvr.exe [2002-03-25 122880]
S2 HpRfDev;HP RF Device Service; C:\WINDOWS\system32\HpRfDev.exe [2002-01-18 69632]
S2 PEVSystemStart;PEVSystemStart; C:\ComboFix\PEV.cfxxe [2010-04-26 256512]
S2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe []
S2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe []
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Ještě bych tam něco dočistila. Combofix Vám nefungoval?
Total RAM: 111 MB (35% free) - to máte fakt tak málo RAM?


Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript: - zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde

Obávám se, že s tou pamětí to bude pravda, jedná se skutečně o historický kousek. Ale jeho posláním je být lepším psacím strojem a to si myslím, že dokáže stále splnit

OTL:

OTL logfile created on: 31.12.2010 21:59:43 - Run 1
OTL by OldTimer - Version 3.2.18.2 Folder = C:\Documents and Settings\x\Plocha
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

111,00 Mb Total Physical Memory | 21,00 Mb Available Physical Memory | 18,00% Memory free
512,00 Mb Paging File | 381,00 Mb Available in Paging File | 74,00% Paging File free
Paging file location(s): C:\pagefile.sys 412 868 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18,61 Gb Total Space | 10,68 Gb Free Space | 57,41% Space Free | Partition Type: NTFS
Drive E: | 3,73 Gb Total Space | 0,52 Gb Free Space | 13,98% Space Free | Partition Type: FAT32

Computer Name: LAP_N | User Name: x | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2010.12.31 21:53:34 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\x\Plocha\OTL.exe
PRC - [2010.11.18 11:39:18 | 000,524,288 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2010.11.18 11:39:14 | 000,386,560 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2007.06.13 14:23:39 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002.03.25 17:38:38 | 000,122,880 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\RadioSvr.exe
PRC - [2002.03.19 13:50:22 | 000,004,608 | ---- | M] (Conexant Systems) -- C:\WINDOWS\system32\carpserv.exe
PRC - [2002.03.14 12:12:46 | 000,151,552 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPConfig.exe
PRC - [2002.03.07 17:57:50 | 000,061,440 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe
PRC - [2002.01.31 16:13:00 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe


========== Modules (SafeList) ==========

MOD - [2010.12.31 21:53:34 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\x\Plocha\OTL.exe
MOD - [2004.08.17 23:48:01 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2002.01.31 16:12:38 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - File not found [Auto | Stopped] -- C:\ComboFix\PEV.cfx -- (PEVSystemStart)
SRV - File not found [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010.11.18 11:39:14 | 000,386,560 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2002.03.25 17:38:38 | 000,122,880 | ---- | M] (Hewlett-Packard) [On_Demand | Running] -- C:\WINDOWS\system32\RadioSvr.exe -- (RadioSvr)
SRV - [2002.03.14 12:12:46 | 000,151,552 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPConfig.exe -- (HPConfig)
SRV - [2002.01.18 17:33:40 | 000,069,632 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\WINDOWS\system32\HpRfDev.exe -- (HpRfDev)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - [2008.03.29 10:20:55 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008.03.29 10:20:55 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2005.09.27 09:21:54 | 000,095,440 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipw_mdm.sys -- (ipw_mdm) Wireless Broadband Modem (WDM)
DRV - [2005.09.27 09:21:50 | 000,008,272 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipw_mdfl.sys -- (ipw_mdfl)
DRV - [2005.09.27 09:21:28 | 000,058,320 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipw_bus.sys -- (ipw_bus)
DRV - [2005.09.08 00:18:54 | 000,009,728 | R--- | M] (Gemfor s.r.o.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ethpdrv.sys -- (Ethpdrv)
DRV - [2004.08.09 12:33:26 | 000,114,016 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004.08.09 12:29:28 | 000,053,920 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2004.07.19 15:49:54 | 000,007,040 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1)
DRV - [2004.02.18 13:49:00 | 000,273,536 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cviahal.sys -- (CVIAHALA)
DRV - [2004.02.18 13:48:00 | 000,292,352 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cviaaud.sys -- (CVIAAUD)
DRV - [2003.12.01 16:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2002.04.01 17:05:08 | 000,014,643 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KBFILTR.SYS -- (KBFiltr)
DRV - [2002.03.19 13:50:02 | 000,154,149 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWVIA.sys -- (HSFHWVIA)
DRV - [2002.03.19 13:48:08 | 001,171,649 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2002.03.19 13:43:32 | 000,594,033 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2002.03.07 14:59:56 | 000,131,840 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Twistr)
DRV - [2002.02.13 10:30:12 | 000,034,224 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\strmdisp.sys -- (StreamDispatcher)
DRV - [2002.01.31 15:59:10 | 000,251,120 | ---- | M] (Synaptics, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2002.01.30 12:33:42 | 000,014,472 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hpci.sys -- (HPCI)
DRV - [2002.01.18 11:00:00 | 000,057,344 | ---- | M] (LAN-Express) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Express.sys -- (LEX_NIC_SERVICE)
DRV - [2001.05.03 10:29:58 | 000,006,848 | ---- | M] (Hewlett-Packard Co.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Hpgate.sys -- (HPGate)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/info/homepage-o
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/info/homepage-o
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/info/homepage-o
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/info/homepage-o
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-72185382-3322274812-248915221-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-72185382-3322274812-248915221-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-72185382-3322274812-248915221-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2008.06.14 10:07:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\x\Data aplikací\Mozilla\Extensions

O1 HOSTS File: ([2001.10.25 03:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-72185382-3322274812-248915221-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [CARPService] C:\WINDOWS\System32\carpserv.exe (Conexant Systems)
O4 - HKLM..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-72185382-3322274812-248915221-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-72185382-3322274812-248915221-1006\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-72185382-3322274812-248915221-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-72185382-3322274812-248915221-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-72185382-3322274812-248915221-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKU\S-1-5-21-72185382-3322274812-248915221-1006\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-72185382-3322274812-248915221-1006\..Trusted Domains: winternals.com ([www] https in Trusted sites)
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} http://office.microsoft.com/productupda ... t/opuc.cab (OPUCatalog Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\WALLPAPER\HP1280.BMP
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\WALLPAPER\HP1280.BMP
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002.05.03 13:46:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{151c7200-00ed-11de-b9b7-00c09f1925d4}\Shell\AutoRun\command - "" = E:\run.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (aswBoot.exe /A:"*" /L:"Czech" /KBD:2) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54901231209938944)

========== Files/Folders - Created Within 30 Days ==========

[2010.12.31 21:57:49 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\x\Plocha\OTL.exe
[2010.12.30 16:26:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\x\Data aplikací\Malwarebytes
[2010.12.30 16:25:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.12.30 16:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2010.12.30 16:23:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.12.30 16:23:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.12.30 16:21:28 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\x\Plocha\mbam-setup-1.50.1.1100.exe
[2010.12.30 10:47:43 | 000,000,000 | ---D | C] -- C:\Program Files\Altap Salamander
[2010.12.30 09:53:06 | 000,000,000 | ---D | C] -- C:\rsit
[2010.12.29 15:08:41 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010.12.27 19:58:40 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.12.27 17:40:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\x\Data aplikací\Motive
[2010.12.27 17:35:15 | 000,000,000 | ---D | C] -- C:\Program Files\TO2SAM
[2010.12.27 17:27:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[2010.12.27 17:25:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Motive
[2010.12.27 15:31:18 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.12.27 15:31:17 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.12.27 15:31:17 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.12.27 15:31:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.12.27 15:30:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.12.27 15:23:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.12.27 13:45:43 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010.12.27 10:33:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\{589802B2-1BF3-4609-9ADE-CF6E6608D06D}
[2010.12.26 20:46:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\x\Data aplikací\Search Settings
[2010.12.26 20:42:16 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2010.12.26 20:42:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2010.12.26 20:41:57 | 000,000,000 | ---D | C] -- C:\Program Files\IObit Toolbar
[2010.12.26 20:38:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\x\Data aplikací\IObit
[2010.12.26 20:37:10 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010.12.26 19:27:05 | 000,157,232 | ---- | C] (Alwil Software) -- C:\Documents and Settings\x\Plocha\aswclear5.exe
[2010.12.26 18:52:44 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010.12.26 18:18:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\x\Recent
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\x\Dokumenty\*.tmp files -> C:\Documents and Settings\x\Dokumenty\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.12.31 21:53:34 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\x\Plocha\OTL.exe
[2010.12.31 21:27:04 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\x\Data aplikací\winscp.rnd
[2010.12.31 20:54:40 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.12.31 20:50:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.12.31 20:50:33 | 116,969,472 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.30 16:25:39 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.12.30 16:01:42 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\x\Plocha\mbam-setup-1.50.1.1100.exe
[2010.12.30 10:49:11 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Altap Salamander.lnk
[2010.12.27 20:00:06 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010.12.27 13:52:53 | 000,002,433 | ---- | M] () -- C:\Documents and Settings\x\Plocha\HiJackThis.lnk
[2010.12.27 13:51:10 | 003,998,686 | R--- | M] () -- C:\Documents and Settings\x\Plocha\ComboFix.exe
[2010.12.27 13:44:12 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\x\Plocha\RSIT.exe
[2010.12.26 20:02:39 | 000,002,504 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010.12.26 19:05:34 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\x\Plocha\Microsoft Word.lnk
[2010.12.26 18:53:54 | 000,157,232 | ---- | M] (Alwil Software) -- C:\Documents and Settings\x\Plocha\aswclear5.exe
[2010.12.26 18:31:03 | 000,432,690 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.12.26 18:31:02 | 000,429,256 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.12.26 18:31:02 | 000,078,228 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.12.26 18:31:02 | 000,067,646 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\x\Dokumenty\*.tmp files -> C:\Documents and Settings\x\Dokumenty\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.12.30 17:18:26 | 116,969,472 | -HS- | C] () -- C:\hiberfil.sys
[2010.12.30 16:25:39 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.12.30 11:05:03 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\x\Data aplikací\winscp.rnd
[2010.12.30 10:49:10 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Altap Salamander.lnk
[2010.12.30 09:52:22 | 000,339,991 | ---- | C] () -- C:\Documents and Settings\x\Plocha\RSIT.exe
[2010.12.27 20:00:05 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010.12.27 19:59:29 | 000,261,312 | RHS- | C] () -- C:\cmldr
[2010.12.27 15:31:18 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.12.27 15:31:17 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.12.27 15:31:17 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.12.27 15:31:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.12.27 15:31:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.12.27 14:21:33 | 003,998,686 | R--- | C] () -- C:\Documents and Settings\x\Plocha\ComboFix.exe
[2010.12.27 13:45:57 | 000,002,433 | ---- | C] () -- C:\Documents and Settings\x\Plocha\HiJackThis.lnk
[2010.10.26 17:23:41 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010.02.11 16:11:59 | 000,031,910 | ---- | C] () -- C:\WINDOWS\MSUMLT0G.INI
[2010.02.11 16:08:55 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\M1680RES.dll
[2010.02.11 16:08:55 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\M1680WDX.dll
[2010.02.11 16:08:55 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\M1680WUX.dll
[2008.08.20 19:33:57 | 000,002,178 | ---- | C] () -- C:\Program Files\Activation.dml
[2008.08.20 19:33:38 | 000,638,976 | ---- | C] () -- C:\Program Files\Watermark.dll
[2008.08.20 19:33:38 | 000,004,188 | ---- | C] () -- C:\Program Files\WatermarkProperties.dml
[2008.08.20 19:29:53 | 000,017,548 | ---- | C] () -- C:\Program Files\ActivationDialog.dml
[2008.08.20 19:29:21 | 000,180,224 | ---- | C] () -- C:\Program Files\ActivationICP.exe
[2008.06.08 14:30:03 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2008.06.07 14:16:41 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008.06.07 14:16:40 | 000,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll
[2008.05.30 09:12:20 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2006.08.26 17:20:21 | 000,000,032 | ---- | C] () -- C:\WINDOWS\mgreg.ini
[2006.08.26 17:19:41 | 000,000,072 | ---- | C] () -- C:\WINDOWS\mgwin.ini
[2005.03.22 16:00:47 | 000,050,688 | ---- | C] () -- C:\Documents and Settings\x\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005.01.03 17:41:37 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2003.05.24 13:51:54 | 000,000,030 | ---- | C] () -- C:\WINDOWS\TextSpy.ini
[2003.05.23 07:38:07 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002.05.03 14:19:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002.05.03 13:33:03 | 000,004,265 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[1999.01.23 00:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1979.12.31 23:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[1979.12.31 23:00:00 | 000,000,936 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

========== LOP Check ==========

[2002.05.03 14:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\InterTrust
[2002.05.03 14:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.LAP_NOVOSAD\Data aplikací\InterTrust
[2010.08.31 18:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2009.02.18 11:30:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Avg7
[2010.12.31 20:51:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2010.12.27 10:33:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\{589802B2-1BF3-4609-9ADE-CF6E6608D06D}
[2002.05.03 14:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Data aplikací\InterTrust
[2002.05.03 14:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Data aplikací\InterTrust
[2009.02.18 11:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Data aplikací\COWON
[2008.08.01 13:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Data aplikací\Dev-Cpp
[2008.08.09 09:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Data aplikací\FileZilla
[2006.12.31 12:38:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Data aplikací\ICQLite
[2002.05.03 14:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Data aplikací\InterTrust
[2010.12.26 20:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Data aplikací\IObit
[2008.02.07 21:04:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Data aplikací\Jpeg Resampler
[2007.07.05 09:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Data aplikací\Opera
[2008.06.07 14:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Data aplikací\Orbit
[2010.12.26 23:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Data aplikací\Search Settings
[2006.09.02 07:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Data aplikací\uk.co.planetside
[2008.09.21 17:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Data aplikací\uTorrent
[2003.06.24 18:16:08 | 000,000,098 | ---- | M] () -- C:\WINDOWS\Tasks\Low Battery Alarm Program.job

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2004.08.17 23:49:22 | 000,015,360 | ---- | M] (Microsoft Corporation)
"MSMSGS" = "C:\Program Files\Messenger\msmsgs.exe" /background -- [2004.10.13 17:24:37 | 001,694,208 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Disabled]
"MSMSGS" = "C:\Program Files\Messenger\msmsgs.exe" /background -- [2004.10.13 17:24:37 | 001,694,208 | ---- | M] (Microsoft Corporation)

< c:\windows\*.* /U >
[1 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >
[2006.12.28 17:45:14 | 000,571,392 | ---- | M] () -- C:\CDmage1-01-5.exe
[2009.06.19 13:58:28 | 006,827,264 | ---- | M] (Foxit Software Company) -- C:\Foxit Reader.exe

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2008.02.09 14:19:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Data aplikací\Adobe
[2009.02.18 11:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Data aplikací\COWON
[2008.09.08 16:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Data aplikací\Creative
[2008.08.01 13:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Data aplikací\Dev-Cpp
[2008.08.09 09:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Data aplikací\FileZilla
[2004.12.31 14:21:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Data aplikací\Help
[2006.12.31 12:38:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Data aplikací\ICQLite
[2002.05.03 13:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Data aplikací\Identities
[2002.05.03 14:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Data aplikací\InterTrust
[2010.12.26 20:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Data aplikací\IObit
[2008.02.07 21:04:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Data aplikací\Jpeg Resampler
[2006.11.18 16:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Data aplikací\Macromedia
[2010.12.30 16:26:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Data aplikací\Malwarebytes
[2008.06.08 14:29:38 | 000,000,000 | --SD | M] -- C:\Documents and Settings\x\Data aplikací\Microsoft
[2003.05.23 07:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Data aplikací\Microsoft Web Folders
[2010.12.27 18:52:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Data aplikací\Motive
[2008.06.14 10:07:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Data aplikací\Mozilla
[2009.08.02 15:29:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Data aplikací\MSN6
[2007.07.05 09:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Data aplikací\Opera
[2008.06.07 14:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Data aplikací\Orbit
[2010.12.26 23:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Data aplikací\Search Settings
[2008.06.22 20:09:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Data aplikací\Sun
[2002.05.03 14:09:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Data aplikací\Symantec
[2006.09.02 07:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Data aplikací\uk.co.planetside
[2008.09.21 17:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Data aplikací\uTorrent

< %APPDATA%\*.exe /s >
[2007.07.05 09:20:34 | 000,061,440 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\x\Data aplikací\Microsoft\Installer\{39619863-8A11-4B60-A166-E6747C986EBE}\ARPPRODUCTICON.exe
[2010.12.27 13:46:13 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Documents and Settings\x\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe


< MD5 for: AGP440.SYS >
[2006.12.05 18:48:11 | 022,286,602 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2006.12.05 18:48:11 | 022,286,602 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\agp440.sys
[2004.08.04 07:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004.08.04 07:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2003.05.21 11:31:24 | 012,110,692 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2006.12.05 18:48:11 | 022,286,602 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2003.05.21 11:31:24 | 012,110,692 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:atapi.sys
[2006.12.05 18:48:11 | 022,286,602 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2002.08.29 09:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\atapi.sys
[2004.08.04 06:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004.08.04 06:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: CDROM.SYS >
[2003.05.21 11:31:24 | 012,110,692 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:cdrom.sys
[2006.12.05 18:48:11 | 022,286,602 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2003.05.21 11:31:24 | 012,110,692 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:cdrom.sys
[2006.12.05 18:48:11 | 022,286,602 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:cdrom.sys
[2008.04.13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\cdrom.sys
[2002.08.29 09:27:56 | 000,047,488 | ---- | M] (Microsoft Corporation) MD5=6506E033AD04CFEC9EE56DBEFD1083DD -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys
[2004.08.04 06:59:52 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2004.08.04 06:59:52 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\drivers\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2003.04.02 16:34:06 | 000,053,760 | ---- | M] (Microsoft Corporation) MD5=35E7A47474BC678DB1AE1E749E14D3BA -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2004.08.17 23:49:03 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2004.08.17 23:49:03 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\cryptsvc.dll
[2008.04.14 04:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 04:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\eventlog.dll
[2004.08.17 23:49:06 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004.08.17 23:49:06 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\eventlog.dll
[2002.09.21 02:03:50 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=E8508E7F865490D8AE71D00C8DF4D227 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 04:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\explorer.exe
[2004.08.17 23:49:22 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2004.08.17 23:49:22 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007.06.13 14:11:59 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=9B32416BD5988C97B6397CE0B02CAF97 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2003.05.29 10:54:12 | 000,996,864 | ---- | M] (Microsoft Corporation) MD5=BF21F35083CA0D4FED191CAF1FFB8AF4 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2007.06.13 14:23:39 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=ED7B460B142A32097B8A8F6ECC941815 -- C:\WINDOWS\explorer.exe
[2007.06.13 14:23:39 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=ED7B460B142A32097B8A8F6ECC941815 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: HAL.DLL >
[2003.05.21 11:31:24 | 012,110,692 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:hal.dll
[2006.12.05 18:48:11 | 022,286,602 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2003.05.21 11:31:24 | 012,110,692 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:hal.dll
[2006.12.05 18:48:11 | 022,286,602 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:hal.dll
[2002.08.29 09:05:04 | 000,077,440 | ---- | M] (Microsoft Corporation) MD5=09C4C15D18A7133C91C3EF3C4600D256 -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll
[2004.08.04 06:59:06 | 000,081,280 | ---- | M] (Microsoft Corporation) MD5=4AF58CA3425F28FC5E3DB47DC122F722 -- C:\WINDOWS\system32\HAL.DLL
[2008.04.13 19:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\hal.dll
[2004.08.04 06:59:19 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=C321C95318495909A0066FB0EDC97287 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll

< MD5 for: CHANGER.SYS >
[2006.12.05 18:48:11 | 022,286,602 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2006.12.05 18:48:11 | 022,286,602 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:Changer.sys
[2008.04.13 19:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\changer.sys
[2004.08.04 07:00:12 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=DAF1A8193B6CAF0FB858CADCC5C4AF4A -- C:\WINDOWS\ServicePackFiles\i386\changer.sys

< MD5 for: ISAPNP.SYS >
[2001.10.25 03:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\drivers\isapnp.sys
[2008.04.14 03:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\isapnp.sys

< MD5 for: LSASS.EXE >
[2002.09.21 02:05:32 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=32F7074BAC9A5F899CCA9C046C9FA6EB -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2004.08.17 23:49:23 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2004.08.17 23:49:23 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\lsass.exe
[2008.04.14 04:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\ndis.sys
[2002.08.29 10:09:26 | 000,167,552 | ---- | M] (Microsoft Corporation) MD5=3B350E5A2A5E951453F3993275A4523A -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
[2004.08.04 07:14:28 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2004.08.04 07:14:28 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.02.06 19:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 19:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004.08.17 23:49:13 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004.08.17 23:49:13 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\netlogon.dll
[2008.04.14 04:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\netlogon.dll
[2002.09.21 02:04:34 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=CF03E300B5CEEFFEFBE6F67532BD0EF1 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004.08.17 23:49:16 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004.08.17 23:49:16 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\scecli.dll
[2008.04.14 04:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\scecli.dll
[2002.09.21 02:04:42 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B2666CAB5E8C8A741D63F18D551A47FB -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.17 23:49:27 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2004.08.17 23:49:27 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\smss.exe
[2001.10.25 03:00:00 | 000,481,792 | ---- | M] (Microsoft Corporation) MD5=0B7569ECA93964A39BEDCF763E78E22A -- C:\I386\SYSTEM32\SMSS.EXE
[2004.08.17 15:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2002.09.21 02:05:44 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=7763D73255AD4046FA999D42EAF22C26 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2008.04.14 04:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\smss.exe

< MD5 for: SVCHOST.EXE >
[2001.10.25 03:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=329945887A0C684C38A4845330BC9100 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2008.04.14 04:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\svchost.exe
[2004.08.17 23:49:27 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2004.08.17 23:49:27 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2006.04.20 12:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
[2008.06.20 11:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 11:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\system32\drivers\tcpip.sys
[2007.10.30 17:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[2008.06.20 11:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2007.10.30 18:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.13 20:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2004.08.04 07:14:40 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006.04.20 12:38:44 | 000,340,480 | ---- | M] (Microsoft Corporation) MD5=B8158E2A6112C0A5CA67BC158FC70218 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 04:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\userinit.exe
[2004.08.17 23:49:27 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2004.08.17 23:49:27 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\userinit.exe
[2002.09.21 02:05:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B26871B5CE92F9D95AE6E62119799EB9 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.17 23:49:27 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2004.08.17 23:49:27 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\winlogon.exe
[2008.04.14 04:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\winlogon.exe
[2002.09.21 02:05:50 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=FF8857D1AF59071F172C0FAD0FD33E87 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

< MD5 for: WS2_32.DLL >
[2004.08.17 23:49:20 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2004.08.17 23:49:20 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\system32\ws2_32.dll
[2008.04.14 04:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\ws2_32.dll
[2006.08.16 13:16:16 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=D23E4E91AB6A1D922F6F1BFE81F56589 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2002.05.03 13:31:30 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2002.05.03 13:31:30 | 000,614,400 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2002.05.03 13:31:28 | 000,385,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2010.12.31 20:54:40 | 000,001,158 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:DFC5A2B2
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:18B7103A
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:A8ADE5D8

< End of report >

Extras.txt

OTL Extras logfile created on: 31.12.2010 21:59:43 - Run 1
OTL by OldTimer - Version 3.2.18.2 Folder = C:\Documents and Settings\x\Plocha
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

111,00 Mb Total Physical Memory | 21,00 Mb Available Physical Memory | 18,00% Memory free
512,00 Mb Paging File | 381,00 Mb Available in Paging File | 74,00% Paging File free
Paging file location(s): C:\pagefile.sys 412 868 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18,61 Gb Total Space | 10,68 Gb Free Space | 57,41% Space Free | Partition Type: NTFS
Drive E: | 3,73 Gb Total Space | 0,52 Gb Free Space | 13,98% Space Free | Partition Type: FAT32

Computer Name: LAP_N | User Name: x | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\PortableApps.com\PortableApps\WinSCPPortable\App\WinSCP\WinSCP.exe" = F:\PortableApps.com\PortableApps\WinSCPPortable\App\WinSCP\WinSCP.exe:*:Enabled:Windows SFTP, FTP and SCP client -- File not found
"C:\Program Files\Opera\Opera.exe" = C:\Program Files\Opera\Opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010405-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{05D1A9A0-5E78-11D4-AF53-0080C7CE18D8}" = HP Presentation Ready
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{30028582-2546-4807-A385-3BA9FCB58798}" = KONICA MINOLTA magicolor 1680MF Scanner
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{350C97C4-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39619863-8A11-4B60-A166-E6747C986EBE}" = Opera 9.21
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{546C143E-68DC-314D-97BC-1E454E3BA429}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CSY
"{7B8BA496-E201-4246-9A8B-687B49145F53}" = IObit Toolbar v4.1
"{A2C9CD1B-2551-3AED-B244-6698FB929FA6}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CSY
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6792A59-15B3-4FD4-BE35-45F1E00A51AF}" = Hpsetup
"{A8F2DCDE-AE4E-4AC9-BECD-496FB80FBF6A}" = HP Notebook Utilities
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0604F35-314C-4341-A05E-3FEABCFDD470}" = HP Desktop Zoom
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Altap Salamander 2.54" = Altap Salamander 2.54
"CNXT_MODEM_PCI_VEN_1106&DEV_3068&SUBSYS_0028103C" = Conexant 56K ACLink Modem
"Conexant PCI Audio" = Conexant AC-Link Audio
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"ie8" = Windows Internet Explorer 8
"InstallShield_{30028582-2546-4807-A385-3BA9FCB58798}" = KONICA MINOLTA magicolor 1680MF Scanner
"KONICA MINOLTA magicolor 1680MF" = KONICA MINOLTA magicolor 1680MF
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"QT4HPOT" = HP One-Touch Buttons
"S3Display" = S3Display
"S3Gamma2" = S3Gamma2
"S3Info2" = S3Info2
"SynTPDeinstKey" = Synaptics TouchPad
"T-Mobile Communication Centre" = T-Mobile Communication Centre
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 2
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 30.3.2010 2:53:00 | Computer Name = LAP_N | Source = SecurityCenter | ID = 1802
Description = Službě Centrum zabezpečení systému Windows se nepodařilo vytvořit
dotazy na události na službu WMI v zájmu sledování antivirového programu a brány
firewall třetí strany.

Error - 30.3.2010 10:18:13 | Computer Name = LAP_N | Source = SecurityCenter | ID = 1802
Description = Službě Centrum zabezpečení systému Windows se nepodařilo vytvořit
dotazy na události na službu WMI v zájmu sledování antivirového programu a brány
firewall třetí strany.

Error - 31.3.2010 6:23:31 | Computer Name = LAP_N | Source = SecurityCenter | ID = 1802
Description = Službě Centrum zabezpečení systému Windows se nepodařilo vytvořit
dotazy na události na službu WMI v zájmu sledování antivirového programu a brány
firewall třetí strany.

Error - 31.3.2010 6:56:50 | Computer Name = LAP_N | Source = Application Error | ID = 1000
Description = Chybující aplikace opera.exe, verze 9.21.8776.0, chybující modul opera.dll,
verze 9.21.8776.0, adresa chyby 0x002a8fd9.

Error - 31.3.2010 9:27:57 | Computer Name = LAP_N | Source = SecurityCenter | ID = 1802
Description = Službě Centrum zabezpečení systému Windows se nepodařilo vytvořit
dotazy na události na službu WMI v zájmu sledování antivirového programu a brány
firewall třetí strany.

Error - 1.4.2010 2:29:15 | Computer Name = LAP_N | Source = SecurityCenter | ID = 1802
Description = Službě Centrum zabezpečení systému Windows se nepodařilo vytvořit
dotazy na události na službu WMI v zájmu sledování antivirového programu a brány
firewall třetí strany.

Error - 1.4.2010 10:11:20 | Computer Name = LAP_N | Source = SecurityCenter | ID = 1802
Description = Službě Centrum zabezpečení systému Windows se nepodařilo vytvořit
dotazy na události na službu WMI v zájmu sledování antivirového programu a brány
firewall třetí strany.

Error - 1.4.2010 12:20:50 | Computer Name = LAP_N | Source = SecurityCenter | ID = 1802
Description = Službě Centrum zabezpečení systému Windows se nepodařilo vytvořit
dotazy na události na službu WMI v zájmu sledování antivirového programu a brány
firewall třetí strany.

Error - 3.4.2010 6:11:37 | Computer Name = LAP_N | Source = SecurityCenter | ID = 1802
Description = Službě Centrum zabezpečení systému Windows se nepodařilo vytvořit
dotazy na události na službu WMI v zájmu sledování antivirového programu a brány
firewall třetí strany.

Error - 4.4.2010 10:28:47 | Computer Name = LAP_N | Source = SecurityCenter | ID = 1802
Description = Službě Centrum zabezpečení systému Windows se nepodařilo vytvořit
dotazy na události na službu WMI v zájmu sledování antivirového programu a brány
firewall třetí strany.

[ System Events ]
Error - 30.12.2010 12:14:59 | Computer Name = LAP_N | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby StiSvc
s argumenty za účelem spuštění serveru: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 30.12.2010 12:17:18 | Computer Name = LAP_N | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby EventSystem
s argumenty za účelem spuštění serveru: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 30.12.2010 12:21:24 | Computer Name = LAP_N | Source = Service Control Manager | ID = 7000
Description = Služba PC Tools Auxiliary Service neuspěla při spuštění v důsledku
následující chyby: %%2

Error - 30.12.2010 12:21:24 | Computer Name = LAP_N | Source = Service Control Manager | ID = 7000
Description = Služba PC Tools Security Service neuspěla při spuštění v důsledku
následující chyby: %%2

Error - 30.12.2010 12:22:20 | Computer Name = LAP_N | Source = Service Control Manager | ID = 7022
Description = Služba Avira AntiVir Guard přestala během spouštění reagovat.

Error - 30.12.2010 12:24:58 | Computer Name = LAP_N | Source = Service Control Manager | ID = 7023
Description = Služba Prohledávání počítačů byla ukončena s následující chybou: %%1460

Error - 30.12.2010 13:19:03 | Computer Name = LAP_N | Source = Service Control Manager | ID = 7000
Description = Služba PC Tools Auxiliary Service neuspěla při spuštění v důsledku
následující chyby: %%2

Error - 30.12.2010 13:19:03 | Computer Name = LAP_N | Source = Service Control Manager | ID = 7000
Description = Služba PC Tools Security Service neuspěla při spuštění v důsledku
následující chyby: %%2

Error - 31.12.2010 15:52:20 | Computer Name = LAP_N | Source = Service Control Manager | ID = 7000
Description = Služba PC Tools Auxiliary Service neuspěla při spuštění v důsledku
následující chyby: %%2

Error - 31.12.2010 15:52:20 | Computer Name = LAP_N | Source = Service Control Manager | ID = 7000
Description = Služba PC Tools Security Service neuspěla při spuštění v důsledku
následující chyby: %%2


< End of report >

Než projdu log, máte sz

Vidím soubor od Avastu, ten jste instaloval?
A IObit používáte?

.... máte také SZ

Není to moje PC, je možné, že Avast tam někdy byl. Nicméně počítám s tím, že tam nainstaluji Aviru - sám s ní mám dlouholeté dobré zkušenosti.
To druhé netuším k čemu je dobré

A ještě se zeptám
Co je v této složce?
C:\Documents and Settings\All Users\Data aplikací\{589802B2-1BF3-4609-9ADE-CF6E6608D06D}

Tyto programy znáte?
C:\Documents and Settings\x\Data aplikací\uk.co.planetside
C:\Documents and Settings\x\Data aplikací\InterTrust

Máte další sz . Na ty složky se zítra zeptejte majitelů pc, když tak je pak domažeme ručně

Spustte OTL
-do bílého okna dole skopírujte tento skript:
-klikněte na tlačítko opravit.
-Následně se pc restartuje.
- Log vložte zde

ad 1) složka je prázdná

ad2) netuším o jaké programy se jedná, ale stoprocetně budou/jsou postradatelné

Na ten intertrust se raději zeptejte . Zítra to když tak smažete ručně, nebo přes OTL znovu .
Udělejte ten skript na OTL

Tak tady je...

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
Service sdCoreService stopped successfully!
Service sdCoreService deleted successfully!
File C:\Program Files\Spyware Doctor\pctsSvc.exe not found.
Service sdAuxService stopped successfully!
Service sdAuxService deleted successfully!
File C:\Program Files\Spyware Doctor\pctsAuxs.exe not found.
Error: No service named PEVSystemStart was found to stop!
Service\Driver key PEVSystemStart not found.
File C:\ComboFix\PEV.cfx not found.
Service Browser Defender Update Service stopped successfully!
Service Browser Defender Update Service deleted successfully!
File C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-72185382-3322274812-248915221-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe moved successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:18B7103A deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:A8ADE5D8 deleted successfully.
========== FILES ==========
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\msdownld.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP12A.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP195.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1C7.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1CA.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1DE.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP218.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2CD.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3C5.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPFF.tmp folder moved successfully.
C:\WINDOWS\Installer\MSID5.tmp moved successfully.
C:\WINDOWS\Installer\MSIDE.tmp moved successfully.
C:\Program Files\Common Files\Spigot\Search Settings\Res folder moved successfully.
C:\Program Files\Common Files\Spigot\Search Settings folder moved successfully.
C:\Program Files\Common Files\Spigot folder moved successfully.
C:\Documents and Settings\x\Data aplikací\Search Settings\temp folder moved successfully.
C:\Documents and Settings\x\Data aplikací\Search Settings\res folder moved successfully.
C:\Documents and Settings\x\Data aplikací\Search Settings folder moved successfully.
Folder move failed. C:\Program Files\IObit Toolbar\Res scheduled to be moved on reboot.
Folder move failed. C:\Program Files\IObit Toolbar\IE\4.1 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\IObit Toolbar\IE scheduled to be moved on reboot.
Folder move failed. C:\Program Files\IObit Toolbar scheduled to be moved on reboot.
C:\Documents and Settings\All Users\Data aplikací\Avg7 folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5\sounds folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5\report folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5\moved folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5\log folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5\journal folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5\integ folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5\HtmlData folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5\fw folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5\chest folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5\backup folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5\arpot\TEMP folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5\arpot folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Alwil Software\Avast5 folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Alwil Software folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Administrator.LAP_NOVOSAD
->Temp folder emptied: 10558 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33530 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: x
->Temp folder emptied: 568730 bytes
->Temporary Internet Files folder emptied: 115537 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 413 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33432 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 65984594 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33726 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 64,00 mb


[EMPTYFLASH]

User: Administrator

User: Administrator.LAP_NOVOSAD

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Owner

User: x
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.18.2 log created on 12312010_230958

Files\Folders moved on Reboot...
C:\Program Files\IObit Toolbar\Res folder moved successfully.
File\Folder C:\Program Files\IObit Toolbar\IE\4.1 not found!
C:\Program Files\IObit Toolbar\IE folder moved successfully.
C:\Program Files\IObit Toolbar folder moved successfully.

Registry entries deleted on Reboot...

Fajn, co počítač?

Zdá se, že počítač opět počítá Toť tedy vše? ..... každopádně zajímvě strávený Silvestr