VIRY.CZ

OLT.txt:

OTL logfile created on: 14.1.2010 15:02:24 - Run 1
OTL by OldTimer - Version 3.1.24.0 Folder = C:\Documents and Settings\de Muerto\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 48,04 Gb Free Space | 64,47% Space Free | Partition Type: NTFS
Drive D: | 186,31 Gb Total Space | 175,77 Gb Free Space | 94,34% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 685,86 Gb Free Space | 73,63% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JDEM
Current User Name: de Muerto
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.01.14 14:53:47 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\de Muerto\Plocha\OTL.exe
PRC - [2009.12.30 23:53:56 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009.12.30 23:53:56 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009.12.12 15:10:48 | 01,038,336 | ---- | M] () -- C:\Program Files\WinRAR\WinRAR.exe
PRC - [2009.11.25 00:51:40 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009.11.25 00:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009.11.25 00:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009.11.25 00:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009.11.25 00:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009.11.22 15:44:16 | 02,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009.11.22 15:42:50 | 01,037,192 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009.11.20 19:01:18 | 00,832,296 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2009.02.16 16:13:14 | 00,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2009.02.13 11:38:28 | 00,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\ASTSRV.EXE
PRC - [2008.08.08 07:04:10 | 01,091,768 | ---- | M] (C. Ghisler & Co.) -- C:\Program Files\Totalcmd\TOTALCMD.EXE
PRC - [2008.04.14 04:22:22 | 01,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.04.16 15:28:22 | 00,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2006.11.13 16:50:20 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006.11.13 16:50:06 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe

========== Modules (SafeList) ==========

MOD - [2010.01.14 14:53:47 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\de Muerto\Plocha\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (iPod Service)
SRV - [2010.01.01 14:18:21 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.12.31 00:56:00 | 00,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009.12.30 23:53:56 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009.11.25 00:51:35 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009.11.25 00:51:21 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009.11.25 00:48:48 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009.11.25 00:43:56 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009.11.22 15:44:16 | 02,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009.02.16 16:13:14 | 00,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009.02.13 11:38:28 | 00,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\ASTSRV.EXE -- (astcc)
SRV - [2008.12.12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008.11.04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.07.29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.04.07 09:17:30 | 00,430,592 | ---- | M] (Nokia.) [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006.10.26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

========== Driver Services (SafeList) ==========

DRV - [2009.12.30 23:59:09 | 00,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.12.30 23:23:54 | 00,047,360 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2009.11.25 00:50:59 | 00,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009.11.25 00:50:12 | 00,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009.11.25 00:50:00 | 00,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009.11.25 00:49:07 | 00,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009.11.25 00:48:57 | 00,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009.11.25 00:47:54 | 00,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009.11.22 15:42:54 | 00,486,280 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009.05.18 14:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009.02.16 16:13:14 | 00,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2008.09.24 10:40:22 | 04,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008.04.13 19:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023x.sys -- (usb_rndisx)
DRV - [2008.04.13 17:39:14 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008.04.07 16:06:48 | 00,105,088 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007.09.17 15:53:26 | 00,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2006.11.08 14:23:52 | 00,102,912 | R--- | M] (VIA Technologies inc,.ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viamraid.sys -- (viamraid)
DRV - [2006.11.06 18:04:56 | 00,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wceusbsh.sys -- (wceusbsh)
DRV - [2006.10.17 20:22:26 | 00,009,216 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2005.03.09 15:53:00 | 00,042,496 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004.08.03 23:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004.04.09 10:54:34 | 00,190,720 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ulsata2.sys -- (ulsata2)
DRV - [2004.04.09 10:54:34 | 00,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)
DRV - [2001.10.25 17:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-746137067-1580436667-725345543-1003\S-1-5-21-746137067-1580436667-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-746137067-1580436667-725345543-1003\S-1-5-21-746137067-1580436667-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: (737 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [PtiuPbmd] C:\WINDOWS\System32\ulutil2.dll (Promise Technology,Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-746137067-1580436667-725345543-1003..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-746137067-1580436667-725345543-1003..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe (Autodesk, Inc)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-746137067-1580436667-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-746137067-1580436667-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-746137067-1580436667-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-746137067-1580436667-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-746137067-1580436667-725345543-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 2269556328 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.27.128.1 93.190.49.41
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll ()
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.12.30 19:43:33 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009.12.30 20:29:50 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (55172600128602112)

========== Files/Folders - Created Within 7 Days ==========

[2010.01.14 14:53:46 | 00,544,256 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\de Muerto\Plocha\OTL.exe
[2010.01.13 21:00:55 | 00,000,000 | ---D | C] -- C:\Program Files\CABviaActiveSync
[2010.01.13 20:58:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\de Muerto\Dokumenty\WM_de_Muerto Dokumenty
[2010.01.13 20:50:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\ASTULogTemp
[2010.01.13 20:24:27 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2010.01.13 20:13:58 | 00,000,000 | ---D | C] -- C:\ComboFix
[2010.01.13 19:37:41 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\de Muerto\Recent
[2010.01.12 21:28:47 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2010.01.12 21:27:41 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.01.12 21:27:40 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.01.12 21:27:40 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.01.12 21:27:40 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.01.12 21:26:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.01.12 21:25:12 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010.01.12 18:52:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010.01.12 06:32:02 | 00,000,000 | ---D | C] -- C:\rsit
[2010.01.10 21:12:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\de Muerto\Data aplikací\Apple Computer
[2010.01.10 21:06:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
[2010.01.10 21:06:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Apple
[2010.01.10 21:00:35 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2010.01.10 21:00:22 | 00,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2010.01.10 20:18:44 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010.01.10 19:00:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\de Muerto\Local Settings\Data aplikací\Apple_Inc
[2010.01.10 18:51:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010.01.10 17:16:37 | 00,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2010.01.09 09:05:24 | 00,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2010.01.09 09:05:24 | 00,026,600 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\drivers\GEARAspiWDM.sys
[2010.01.09 09:04:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010.01.09 09:03:15 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010.01.09 09:03:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\de Muerto\Local Settings\Data aplikací\Apple
[2010.01.09 09:01:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\de Muerto\Local Settings\Data aplikací\Apple Computer
[2010.01.09 08:45:13 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2010.01.09 08:45:12 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2010.01.09 08:45:11 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2009.12.30 23:23:54 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\de Muerto\Data aplikací\pcouffin.sys
[2009.12.30 23:17:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[2009.12.30 19:46:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[2009.12.30 19:43:25 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[2009.12.30 19:43:25 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Data aplikací\Microsoft
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2010.01.14 14:53:47 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\de Muerto\Plocha\OTL.exe
[2010.01.14 09:55:32 | 00,000,784 | ---- | M] () -- C:\Documents and Settings\de Muerto\Plocha\Zástupce - CABviaActiveSync.exe.lnk
[2010.01.14 09:36:20 | 00,002,627 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010.01.14 09:24:33 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.01.14 09:24:18 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.01.14 09:24:17 | 21,470,04416 | -HS- | M] () -- C:\hiberfil.sys
[2010.01.14 07:25:43 | 02,097,152 | -H-- | M] () -- C:\Documents and Settings\de Muerto\NTUSER.DAT
[2010.01.14 07:25:43 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\de Muerto\ntuser.ini
[2010.01.13 21:58:16 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\de Muerto\Plocha\dds.scr
[2010.01.13 21:58:06 | 00,047,104 | ---- | M] () -- C:\Documents and Settings\de Muerto\Plocha\Win32kDiag.exe
[2010.01.13 20:58:59 | 00,001,437 | ---- | M] () -- C:\Documents and Settings\de Muerto\Plocha\Sawyer.LNK
[2010.01.13 20:37:50 | 00,241,830 | ---- | M] () -- C:\Documents and Settings\de Muerto\Dokumenty\Rada 001.jpg
[2010.01.13 20:27:02 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\lmhosts
[2010.01.13 20:19:35 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.01.13 20:11:53 | 03,823,462 | R--- | M] () -- C:\Documents and Settings\de Muerto\Plocha\ComboFix.exe
[2010.01.13 19:44:16 | 00,000,481 | ---- | M] () -- C:\Documents and Settings\de Muerto\Plocha\Zástupce - RSIT.exe.lnk
[2010.01.13 06:52:43 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\de Muerto\Data aplikací\winscp.rnd
[2010.01.13 06:50:20 | 00,000,802 | ---- | M] () -- C:\Documents and Settings\de Muerto\Plocha\Windows Installer Clean Up.lnk
[2010.01.12 21:28:53 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2010.01.12 18:55:58 | 00,432,492 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.01.12 18:55:58 | 00,429,024 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.01.12 18:55:58 | 00,067,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.01.12 18:55:57 | 00,078,052 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.01.12 18:55:56 | 01,020,324 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.01.12 18:52:36 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.01.11 21:10:58 | 00,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.01.10 21:31:56 | 00,075,288 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010.01.10 21:07:37 | 00,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\QuickTime Player.lnk
[2010.01.10 17:03:44 | 00,000,142 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010.01.09 09:14:29 | 00,100,800 | ---- | M] () -- C:\Documents and Settings\de Muerto\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.01.14 09:55:32 | 00,000,784 | ---- | C] () -- C:\Documents and Settings\de Muerto\Plocha\Zástupce - CABviaActiveSync.exe.lnk
[2010.01.13 21:58:14 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\de Muerto\Plocha\dds.scr
[2010.01.13 21:58:06 | 00,047,104 | ---- | C] () -- C:\Documents and Settings\de Muerto\Plocha\Win32kDiag.exe
[2010.01.13 20:58:59 | 00,001,437 | ---- | C] () -- C:\Documents and Settings\de Muerto\Plocha\Sawyer.LNK
[2010.01.13 20:37:50 | 00,241,830 | ---- | C] () -- C:\Documents and Settings\de Muerto\Dokumenty\Rada 001.jpg
[2010.01.13 19:44:16 | 00,000,481 | ---- | C] () -- C:\Documents and Settings\de Muerto\Plocha\Zástupce - RSIT.exe.lnk
[2010.01.13 06:50:20 | 00,000,802 | ---- | C] () -- C:\Documents and Settings\de Muerto\Plocha\Windows Installer Clean Up.lnk
[2010.01.12 21:28:53 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2010.01.12 21:28:50 | 00,261,312 | ---- | C] () -- C:\cmldr
[2010.01.12 21:27:41 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.01.12 21:27:41 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.01.12 21:27:40 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.01.12 21:27:40 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.01.12 21:27:40 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.01.12 18:57:30 | 03,823,462 | R--- | C] () -- C:\Documents and Settings\de Muerto\Plocha\ComboFix.exe
[2010.01.12 18:51:32 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\de Muerto\Plocha\gmer.exe
[2010.01.10 21:31:56 | 00,075,288 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010.01.10 21:07:37 | 00,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\QuickTime Player.lnk
[2010.01.10 19:25:38 | 00,238,224 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2010.01.10 17:03:44 | 00,000,142 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010.01.10 11:50:00 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\de Muerto\Data aplikací\winscp.rnd
[2010.01.06 06:28:00 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Data aplikací\$_hpcst$.hpc
[2010.01.01 13:37:43 | 00,004,608 | ---- | C] () -- C:\Documents and Settings\de Muerto\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.31 23:01:30 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2009.12.31 23:01:30 | 00,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2009.12.31 23:00:11 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\de Muerto\Data aplikací\$_hpcst$.hpc
[2009.12.30 23:59:09 | 00,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.12.30 23:24:02 | 00,000,034 | ---- | C] () -- C:\Documents and Settings\de Muerto\Data aplikací\pcouffin.log
[2009.12.30 23:23:54 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\de Muerto\Data aplikací\inst.exe
[2009.12.30 23:23:54 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\de Muerto\Data aplikací\pcouffin.cat
[2009.12.30 23:23:54 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\de Muerto\Data aplikací\pcouffin.inf
[2009.12.30 21:06:28 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009.12.30 20:06:27 | 00,002,627 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2009.03.25 21:30:02 | 01,481,728 | ---- | C] () -- C:\WINDOWS\System32\LegitCheckControl.dll
[2009.03.25 21:30:02 | 00,190,976 | ---- | C] () -- C:\WINDOWS\System32\wgalogon.dll.old
[2009.03.25 21:30:02 | 00,190,976 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll
[2007.10.25 17:26:10 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys

========== LOP Check ==========

[2009.12.31 00:51:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Autodesk
[2009.12.30 23:58:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
[2010.01.03 10:22:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\onOne Software
[2009.12.31 23:04:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Suite
[2010.01.09 09:05:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009.12.31 00:57:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\de Muerto\Data aplikací\Autodesk
[2009.12.31 00:34:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\de Muerto\Data aplikací\DAEMON Tools Lite
[2010.01.01 16:36:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\de Muerto\Data aplikací\Imagenomic
[2010.01.03 13:01:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\de Muerto\Data aplikací\Mask Pro 4.0
[2010.01.03 13:02:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\de Muerto\Data aplikací\onOne Software
[2009.12.30 22:31:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\de Muerto\Data aplikací\Opera
[2009.12.31 23:04:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\de Muerto\Data aplikací\PC Suite
[2009.12.31 23:00:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\de Muerto\Data aplikací\Samsung
[2009.12.30 23:55:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\de Muerto\Data aplikací\VitySoft
[2009.12.30 23:24:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\de Muerto\Data aplikací\Vso

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2004.08.17 16:49:08 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008.04.14 04:21:41 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 04:21:41 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:21:41 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2004.08.17 16:49:18 | 00,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 04:21:54 | 00,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 04:21:54 | 00,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:21:54 | 00,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2004.08.17 16:49:14 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 04:21:50 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 04:21:50 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:21:50 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2004.08.03 23:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008.04.13 19:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.13 19:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 19:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 23:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2008.04.13 19:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008.04.13 19:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 19:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

< %SYSTEMDRIVE%\nvatabus.sys /s /md5 >

< %SYSTEMDRIVE%\viamraid.sys /s /md5 >
[2006.11.08 14:25:24 | 00,116,688 | R--- | M] (VIA Technologies inc,.ltd) MD5=68B41DFA083C2734340BA254532700F3 -- C:\Program Files\VIA\Setup\viaraid\DRIVER\Raid\winnt40\viamraid.sys
[2006.11.08 14:23:52 | 00,102,912 | R--- | M] (VIA Technologies inc,.ltd) MD5=7DC3E1DC6E4F8BE381C31BFEA578412A -- C:\Program Files\VIA\Setup\viaraid\DRIVER\Raid\winxp\viamraid.sys
[2006.11.08 14:23:52 | 00,102,912 | R--- | M] (VIA Technologies inc,.ltd) MD5=7DC3E1DC6E4F8BE381C31BFEA578412A -- C:\WINDOWS\system32\drivers\viamraid.sys
[2006.11.08 14:23:52 | 00,102,912 | R--- | M] (VIA Technologies inc,.ltd) MD5=7DC3E1DC6E4F8BE381C31BFEA578412A -- C:\WINDOWS\system32\DRVSTORE\viamraid_0B7BD2CE86023D524D8509B41571686ECF13C39F\viamraid.sys
[2004.07.06 22:45:42 | 00,060,672 | ---- | M] (VIA Technologies inc,.ltd) MD5=44056E9FEE477F512EE58BCFEE949621 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\viamraid.sys

< %SYSTEMDRIVE%\nvata.sys /s /md5 >

< %SYSTEMROOT%\*. /mp /s >

< %SYSTEMROOT%\system32\*.dll /lockedfiles >
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMROOT%\Tasks\*.job /lockedfiles >
< End of report >

OTL Extras logfile created on: 14.1.2010 15:02:24 - Run 1
OTL by OldTimer - Version 3.1.24.0 Folder = C:\Documents and Settings\de Muerto\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 48,04 Gb Free Space | 64,47% Space Free | Partition Type: NTFS
Drive D: | 186,31 Gb Total Space | 175,77 Gb Free Space | 94,34% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 685,86 Gb Free Space | 73,63% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JDEM
Current User Name: de Muerto
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0901FCE8-5415-4499-BBC8-1AA106DD66E2}" = Adobe Setup
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{293D5729-7C01-4FA4-A4DE-BB6A1587BBB9}" = PDF Settings
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4781569D-5404-1F26-4B2B-6DF444441031}" = Nero 7 Ultra Edition
"{5178C1BB-1EB1-4468-894B-7DE964DDCAA2}" = Adobe Photoshop CS3
"{546C143E-68DC-314D-97BC-1E454E3BA429}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CSY
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5783F2D7-5001-0405-0002-0060B0CE6BBA}" = AutoCAD 2007 - Český
"{6179A7D2-A668-4F1D-BC9A-DCC6A10C7871}" = Adobe Color NA Extra Settings
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D12B99F-EAAA-49D8-8E2F-74FA7459CCB2}" = Adobe Asset Services CS3
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F378798-88D8-4FA1-AB74-F035542133A6}" = Portraiture Plug-in
"{90120000-0010-0405-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Czech) 12
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_ENTERPRISE_{294B4278-CF7B-40B9-86A1-2D3FF0C2C524}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_ENTERPRISE_{10EC59E5-9BCE-4884-BB1A-E28627220232}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_ENTERPRISE_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2C9CD1B-2551-3AED-B244-6698FB929FA6}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CSY
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1029-7B44-A92000000001}" = Adobe Reader 9.2 - Czech
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD087F50-46B2-43E4-BD73-5DB3DC20B47C}" = Adobe Color EU Recommended Settings
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C3290361-3F0E-4F58-9182-6351B16A0F24}" = Plug-in Suite 4
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver
"{D92B72E2-C854-4738-8ED6-4C3661CC17AE}" = Adobe Color JA Extra Settings
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{E108ADB5-8B3E-427D-A945-EAA2FCE68913}" = Wocarson Windows Genuine Advantage Validation v1.9.40.0 Cracked V2
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FB8148DD-C575-4B0A-9F6C-0CFC46937930}" = Opera 10.10
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Balíček ovladače systému Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_4977c84bcdc298c444ccfbdcccb660d" = Adobe Photoshop CS3
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"avast!" = avast! Antivirus
"CCleaner" = CCleaner
"CeRegEditor_is1" = CeRegEditor 0.0.5.1
"DVDFab 6_is1" = DVDFab 6.1.2.5 (27/10/2009)
"E24870CB6AA1C3511635FF9020A3E9471287FBE7" = Balíček ovladače systému Windows - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HD Tune Pro_is1" = HD Tune Pro 3.50
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platforma Ovladače zařízení
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"IrfanView" = IrfanView (remove only)
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Download Driver" = SAMSUNG Mobile USB Download Driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"ShockwaveFlash" = Macromedia Flash Player 8
"Totalcmd" = Total Commander (Remove or Repair)
"VLC media player" = VLC media player 1.0.3
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43-7
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"ZoneAlarm" = ZoneAlarm

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 30.12.2009 19:05:58 | Computer Name = JDEM | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.

Error - 31.12.2009 13:45:02 | Computer Name = JDEM | Source = Application Error | ID = 1000
Description = Chybující aplikace explorer.exe, verze 6.0.2900.5512, chybující modul
kernel32.dll, verze 5.1.2600.5781, adresa chyby 0x0000980f.

Error - 4.1.2010 1:18:40 | Computer Name = JDEM | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.

Error - 4.1.2010 15:17:18 | Computer Name = JDEM | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.

Error - 6.1.2010 1:27:46 | Computer Name = JDEM | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.

Error - 9.1.2010 5:38:45 | Computer Name = JDEM | Source = Application Error | ID = 1000
Description = Chybující aplikace itunes.exe, verze 9.0.2.25, chybující modul corefoundation.dll,
verze 1.544.19.0, adresa chyby 0x0004acb0.

Error - 10.1.2010 16:01:28 | Computer Name = JDEM | Source = VBRuntime | ID = 1
Description = The VB Application identified by the event source logged this Application
MSICUU: Thread ID: 2196 ,Logged: Failed: C:\Program Files\Windows Installer Clean
Up\msizap.exe TW! {3FA365DF-2D68-45ED-8F83-8C8A33E65143}

Error - 13.1.2010 1:51:05 | Computer Name = JDEM | Source = VBRuntime | ID = 1
Description = The VB Application identified by the event source logged this Application
MSICUU: Thread ID: 3628 ,Logged: Failed: C:\Program Files\Windows Installer Clean
Up\msizap.exe TW! {A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}

Error - 13.1.2010 1:57:33 | Computer Name = JDEM | Source = VBRuntime | ID = 1
Description = The VB Application identified by the event source logged this Application
MSICUU: Thread ID: 3628 ,Logged: Failed: C:\Program Files\Windows Installer Clean
Up\msizap.exe TW! {07287123-B8AC-41CE-8346-3D777245C35B}

[ System Events ]
Error - 13.1.2010 15:04:30 | Computer Name = JDEM | Source = Service Control Manager | ID = 7000
Description = Služba adfs neuspěla při spuštění v důsledku následující chyby: %%2

Error - 13.1.2010 15:22:48 | Computer Name = JDEM | Source = Service Control Manager | ID = 7009
Description = Vypršel časový limit (30000 milisekund) čekání na připojení služby
TrueVector Internet Monitor.

Error - 13.1.2010 15:22:49 | Computer Name = JDEM | Source = Service Control Manager | ID = 7000
Description = Služba TrueVector Internet Monitor neuspěla při spuštění v důsledku
následující chyby: %%1053

Error - 13.1.2010 15:22:49 | Computer Name = JDEM | Source = Service Control Manager | ID = 7000
Description = Služba adfs neuspěla při spuštění v důsledku následující chyby: %%2

Error - 13.1.2010 15:24:01 | Computer Name = JDEM | Source = System Error | ID = 1003
Description = Kód chyby 00000019, parametr1 00000020, parametr2 889ae000, parametr3
889ae418, parametr4 1a830000.

Error - 13.1.2010 15:52:22 | Computer Name = JDEM | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1058 při pokusu o spuštění služby ServiceLayer
s argumenty za účelem spuštění serveru: {ACF50018-41F8-476D-85FD-CD953DAE4A49}

Error - 13.1.2010 15:52:25 | Computer Name = JDEM | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1058 při pokusu o spuštění služby ServiceLayer
s argumenty za účelem spuštění serveru: {ACF50018-41F8-476D-85FD-CD953DAE4A49}

Error - 13.1.2010 15:52:28 | Computer Name = JDEM | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1058 při pokusu o spuštění služby ServiceLayer
s argumenty za účelem spuštění serveru: {ACF50018-41F8-476D-85FD-CD953DAE4A49}

Error - 14.1.2010 1:58:22 | Computer Name = JDEM | Source = Service Control Manager | ID = 7000
Description = Služba adfs neuspěla při spuštění v důsledku následující chyby: %%2

Error - 14.1.2010 4:24:44 | Computer Name = JDEM | Source = Service Control Manager | ID = 7000
Description = Služba adfs neuspěla při spuštění v důsledku následující chyby: %%2

< End of report >

Pre mna su ale naozaj tie logy ciste

Skopiruj v OTL do policka pod nazvom "Custom Scans/Fixes":

Kód: Vybrat vše

:otl
SRV - File not found [Disabled | Stopped] -- -- (iPod Service)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKU\S-1-5-21-746137067-1580436667-725345543-1003..\Run: [AdobeBridge] File not found
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-746137067-1580436667-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-746137067-1580436667-725345543-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 2269556328 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)

:commands
[emptytemp]
[reboot]

Klikni na "Run Fix". Program zacne pracovat, mozny je restart PC. Po nom by sa ti mal objavit log, ten by som rad videl.

Moc Vám děkuji za Vaše rádcovství a zde je výstup z OTL:

All processes killed
========== OTL ==========
Service iPod Service stopped successfully!
Service iPod Service deleted successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NWEReboot deleted successfully.
Registry value HKEY_USERS\S-1-5-21-746137067-1580436667-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-746137067-1580436667-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-746137067-1580436667-725345543-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Starting removal of ActiveX control {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
C:\WINDOWS\Downloaded Program Files\muweb.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: de Muerto
->Temp folder emptied: 345890 bytes
->Temporary Internet Files folder emptied: 2671611 bytes
->Java cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2134153 bytes
%systemroot%\System32 .tmp files removed: 4374984 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49663 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 25873932 bytes

Total Files Cleaned = 34,00 mb

OTL by OldTimer - Version 3.1.24.0 log created on 01142010_204325

Files\Folders moved on Reboot...
C:\Documents and Settings\de Muerto\Local Settings\Temp\~DF6D03.tmp moved successfully.
File\Folder C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_6e4.dat not found!
File\Folder C:\WINDOWS\temp\ZLT00ce9.TMP not found!

Registry entries deleted on Reboot...

Pátral jsem na c: a nyní jsem již našel Vámi zmiňovaný soubor C:\Qoobox\ComboFix-quarantined-files.txt, zde je jeho obsah:

2010-01-13 19:20:17 . 2010-01-13 19:20:17 97 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-NPSStartup.reg.dat
2010-01-13 19:20:17 . 2010-01-13 19:20:17 96 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-NWEReboot.reg.dat
2010-01-13 19:20:16 . 2010-01-13 19:20:16 97 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-AdobeBridge.reg.dat
2010-01-12 20:33:25 . 2010-01-13 06:15:39 702 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_Apple Mobile Device.reg.dat
2010-01-12 20:33:25 . 2010-01-13 06:15:38 894 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_APPLE_MOBILE_DEVICE.reg.dat
2010-01-12 20:33:16 . 2010-01-13 19:18:47 7,374 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2010-01-12 20:26:55 . 2010-01-13 19:14:01 255 ----a-w- C:\Qoobox\Quarantine\catchme.log
2009-12-30 21:15:56 . 2009-12-30 21:15:56 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\etc\lmhosts.vir
2007-05-03 18:04:26 . 2007-05-03 18:04:26 77,312 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\TWAIN_32.DLL.vir

Super, aspon nejaky pokrok

Stiahni na plochu CureIt. Zatial ho nespustat. Restart do nudoveho rezimu (>>klik<<) a v nom spravis nasledovne:

Spust program dvojklikom, zrus pripadne vyzvy na stiahnutie novsej verzie a klikni na "Start".
Potvrd okna a automaticky zacne expresny scan. Ak sa pri tomto kratkom scane najdu infikovane subory, klikni na "Vyber vsetky" -> "Liecit" -> "Odstran neliecitelne".
Vo vrchnom menu klikni na "Volby" -> "Zmenit Nastavenia" a vyfajkni Heuristicka analyza a Vyzva na akciu -> "OK". Vrat sa naspat do hlavneho menu, v nom zvol komplet scan a klikni na zelenu sipku naprvo pod logom Dr. Web.
Ked bude scan hotovy, vo vrchnom menu klik na "File" a zvol "Uloz...". Uloz log na plochu, otvor v poznamkovom bloku a vloz ho sem. Nezabudni restartovat PC.

Tak jsem to zkoušel o víkendu a nedokázal jsem se dostal k zdárnému proskenování celého kompu.
Při úvodním expres skenu to nic nenašlo.
Při kompletním skenu došlo vždy k restartu kompu, chybě či BSD...nevím jakou roli v tom hrají brebery a jakou ovladače či jiný SW, pro lepší představu posílám pořízené foto.

Obrázek

Zkoušel jsem následně sken po jednotlivých adresářích a v adresáři System Volume Information to našlo 5 potvor, přičemž 4 jsou smazány a 1 je v karanténě.
Zatím se budu snažit proskenovat disk c: po jednotlivých adresářích, následně vystavím log.
Zatím děkuji.

Dobre teda. Ak by neslo ani to, treba sa ozvat, poslem iny navod.

Tak se mi podařilo postupně proskenovat systémový disk a DrWeb našel 5 virů, včetně Combofixu. Pokud si dobře pamatuji tak veškerá havěť byla ve složce System Volume Information. Vše bylo smazáno, log měl na konci kolem 30MB.

Cize nulovy posun vpred, bude FP alebo SVI. Cele mi to ale pride ako divne...skusal si opravnu instalaciu? Ako sposob vylucenia nakopnuteho systemu?

Nezkoušel, nechám to ve stávajícím stavu a příští měsíc s novým železem přejdu na w7.
Tímto děkuji za Váš čas.

Ja som prechadzal cca pred mesiacom...z XP na Win7 a som spokojny.

Nemas zaco, skoda, ze sme neprisli na pricinu. Malware som ale v logoch nevidel

VIRY.CZ

Kontrola logu, Avast nasel trojana "Small-GWM", "FakeAV-ADU"

Re: Kontrola logu, Avast nasel trojana "Small-GWM", "FakeAV-ADU"

Re: Kontrola logu, Avast nasel trojana "Small-GWM", "FakeAV-ADU"

Re: Kontrola logu, Avast nasel trojana "Small-GWM", "FakeAV-ADU"

Re: Kontrola logu, Avast nasel trojana "Small-GWM", "FakeAV-ADU"

Re: Kontrola logu, Avast nasel trojana "Small-GWM", "FakeAV-ADU"

Re: Kontrola logu, Avast nasel trojana "Small-GWM", "FakeAV-ADU"

Re: Kontrola logu, Avast nasel trojana "Small-GWM", "FakeAV-ADU"

Re: Kontrola logu, Avast nasel trojana "Small-GWM", "FakeAV-ADU"

Re: Kontrola logu, Avast nasel trojana "Small-GWM", "FakeAV-ADU"

Re: Kontrola logu, Avast nasel trojana "Small-GWM", "FakeAV-ADU"

Re: Kontrola logu, Avast nasel trojana "Small-GWM", "FakeAV-ADU"

Re: Kontrola logu, Avast nasel trojana "Small-GWM", "FakeAV-ADU"