TROJAN V PC

Zpráva

Pravnik1 · #46 Příspěvek od **Pravnik1** » 24 srp 2010 16:34

Zdravim

mam podozrenie, ze mam v PC trojana. Prosim o kontrolu LOG-u

Dakujem

Pravnik1 · #47 Příspěvek od **Pravnik1** » 24 srp 2010 17:19

Logfile of random's system information tool 1.08 (written by random/random)
Run by STUDIO at 2010-08-24 18:16:20
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 11 GB (59%) free of 18 GB
Total RAM: 479 MB (24% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:17:29, on 24.8.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\windows\system32\bbwrlgb.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Ralink\Common\RaUI.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Ralink\Common\RaRegistry.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\RSIT.exe
C:\Program Files\trend micro\STUDIO.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zoznam.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [bbwrlgb] "c:\windows\system32\bbwrlgb.exe" bbwrlgb
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\Ralink\Common\RaUI.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net ... plugin.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\Ralink\Common\RaRegistry.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 5406 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\User_Feed_Synchronization-{D1265ECA-C7DE-4924-8894-5768127B0DC2}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StatusClient"=C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe [2002-12-16 36864]
"TomcatStartup"=C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe [2003-03-31 155648]
"REGSHAVE"=C:\Program Files\REGSHAVE\REGSHAVE.EXE [2002-02-04 53248]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-16 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-12-26 417792]
"bbwrlgb"=c:\windows\system32\bbwrlgb.exe [2010-08-24 503808]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Ralink Wireless Utility.lnk - C:\Program Files\Ralink\Common\RaUI.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}"=C:\Program Files\Microsoft AntiSpyware\shellextension.dll [2004-12-31 93408]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe:*:Disabled:javaw"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-08-24 18:16:20 ----D---- C:\rsit
2010-08-24 18:15:26 ----A---- C:\Program Files\RSIT.exe
2010-08-24 17:06:13 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
2010-08-24 16:59:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2010-08-24 16:51:47 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$
2010-08-24 16:32:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2010-08-24 16:28:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2160329$
2010-08-24 16:28:23 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2010-08-24 16:23:43 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2010-08-24 16:23:15 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2010-08-24 16:16:35 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-08-24 16:16:24 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2010-08-24 16:15:23 ----D---- C:\Program Files\Windows Media Connect 2
2010-08-24 16:14:51 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2010-08-24 16:11:04 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2010-08-24 16:09:46 ----A---- C:\WINDOWS\imsins.BAK
2010-08-24 16:09:40 ----D---- C:\WINDOWS\system32\LogFiles
2010-08-24 16:09:40 ----D---- C:\WINDOWS\system32\drivers\UMDF
2010-08-24 16:09:23 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2010-08-24 15:54:41 ----A---- C:\Program Files\wmp11-windowsxp-x86-CS-CZ.exe
2010-08-24 14:03:58 ----A---- C:\Program Files\flashplayer_10_plugin_debug.exe
2010-08-24 14:03:18 ----A---- C:\Program Files\flashplayer_10_ax_debug.exe
2010-08-24 12:59:16 ----A---- C:\WINDOWS\system32\bbwrlgb.exe
2010-07-27 12:00:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\McAfee

======List of files/folders modified in the last 1 months======

2010-08-24 18:16:41 ----D---- C:\Program Files\trend micro
2010-08-24 18:16:00 ----D---- C:\WINDOWS\Prefetch
2010-08-24 18:15:35 ----RD---- C:\Program Files
2010-08-24 18:08:13 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-24 18:06:33 ----D---- C:\WINDOWS
2010-08-24 18:05:02 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-24 17:15:08 ----HD---- C:\WINDOWS\inf
2010-08-24 17:06:25 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-24 17:06:25 ----D---- C:\WINDOWS\system32\drivers
2010-08-24 17:06:22 ----D---- C:\WINDOWS\system32
2010-08-24 17:04:36 ----HD---- C:\WINDOWS\$hf_mig$
2010-08-24 16:58:12 ----D---- C:\WINDOWS\system32\CatRoot
2010-08-24 16:46:55 ----A---- C:\WINDOWS\system.ini
2010-08-24 16:37:17 ----D---- C:\WINDOWS\Temp
2010-08-24 16:30:39 ----D---- C:\Program Files\Internet Explorer
2010-08-24 16:23:47 ----D---- C:\Program Files\Movie Maker
2010-08-24 16:15:53 ----A---- C:\WINDOWS\win.ini
2010-08-24 16:15:22 ----D---- C:\Program Files\Windows Media Player
2010-08-24 16:15:08 ----D---- C:\WINDOWS\Help
2010-08-24 13:18:20 ----A---- C:\WINDOWS\hplj1010.ini
2010-08-24 13:14:08 ----D---- C:\Program Files\CCleaner
2010-08-24 13:09:15 ----D---- C:\Documents and Settings\STUDIO\Data aplikací\Adobe
2010-08-24 13:09:11 ----D---- C:\Program Files\Common Files\Adobe
2010-08-24 13:08:11 ----HD---- C:\Program Files\InstallShield Installation Information
2010-08-24 13:07:53 ----D---- C:\Documents and Settings\STUDIO\Data aplikací\FUJIFILM
2010-08-24 13:07:27 ----D---- C:\Program Files\PIXELA
2010-08-24 13:05:48 ----SHD---- C:\WINDOWS\Installer
2010-08-24 13:04:33 ----D---- C:\Program Files\Common Files
2010-08-24 13:04:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2010-08-24 13:04:11 ----D---- C:\Documents and Settings\STUDIO\Data aplikací\Skype
2010-08-24 13:03:51 ----D---- C:\WINDOWS\twain_32
2010-08-24 13:02:59 ----D---- C:\Program Files\Common Files\DESIGNER
2010-08-24 12:59:40 ----D---- C:\Documents and Settings\STUDIO\Data aplikací\skypePM
2010-08-03 20:09:31 ----A---- C:\WINDOWS\system32\MRT.exe
2010-07-27 08:30:31 ----A---- C:\WINDOWS\system32\shell32.dll
2010-07-25 11:15:29 ----D---- C:\Program Files\Mozilla Firefox

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI NEC FireWarden; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 sisagp;SiS AGP Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2001-12-26 27136]
R0 Stlth317;Stlth317; C:\WINDOWS\System32\DRIVERS\stlth317.sys [2002-08-07 83360]
R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2005-02-11 515712]
R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2005-02-11 4928]
R1 Avg7RsXP;AVG7 Rezident Driver; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2005-02-11 21120]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-04-16 12032]
R2 AvgTdi;AVG Network Redirector; \??\C:\WINDOWS\System32\Drivers\avgtdi.sys []
R2 Scutum50;Scutum50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\Scutum50.sys [2009-04-21 19072]
R3 ALCXWDM;Service for Avance AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2002-03-25 303948]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 rtl8139;Realtek RTL8139/810X Family PCI Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2001-08-23 25434]
R3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2002-02-01 177152]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S1 SiSkp;SiSkp; C:\WINDOWS\system32\drivers\srvkp.sys []
S3 BtAudio;Bluetooth Audio; C:\WINDOWS\System32\DRIVERS\btaudio.sys []
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\System32\DRIVERS\btport.sys []
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\System32\DRIVERS\btwdndis.sys []
S3 BTWUSB;USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DFSTR2K;Base USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\DFSTOR2K.SYS [2001-11-01 38037]
S3 dot4;Ovladač MS IEEE-1284.4; C:\WINDOWS\System32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\WINDOWS\System32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\WINDOWS\System32\DRIVERS\dot4usb.sys [2001-10-24 23808]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 massfilter;ZTE Mass Storage Filter Driver; C:\WINDOWS\system32\drivers\massfilter.sys []
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2003-04-16 5888]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt2870.sys [2009-09-15 779136]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SNPSTD3;USB PC Camera (SNPSTD3); C:\WINDOWS\system32\DRIVERS\snpstd3.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TridDev;TV650 Device; C:\WINDOWS\system32\DRIVERS\Triddev.sys [2005-04-26 3584]
S3 TridVid;InnoDV TVideo-650; C:\WINDOWS\system32\DRIVERS\TridVid.sys [2006-11-01 151296]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys []
S3 ZTEusbnmea;ZTE NMEA Port; C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys []
S3 ZTEusbser6k;ZTE Diagnostic Port; C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe [2005-02-11 310323]
R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe [2005-02-11 21555]
R2 RalinkRegistryWriter;Ralink Registry Writer; C:\Program Files\Ralink\Common\RaRegistry.exe [2009-08-19 185632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2002-08-01 65536]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-03-26 292864]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.08 2010-08-24 18:17:53

======Uninstall list======

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10i_Plugin.exe -maintain plugin
Adobe LiveMotion 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA2AAB2B-DE21-48DB-B15B-118AB957D3FF}\LM20.exe" -uninst
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Aktualizace systému Windows Internet Explorer 8 (KB973874)-->"C:\WINDOWS\ie8updates\KB973874-IE8\spuninst\spuninst.exe"
Aktualizace systému Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Aktualizace systému Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2183461)-->"C:\WINDOWS\ie8updates\KB2183461-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Aktualizace zabezpečení systému Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"
Autodesk MapGuide(R) Viewer ActiveX Control Release 6.5-->MsiExec.exe /I{E031338C-839D-4EDD-9537-99B653C39D81}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Favorit-->"c:\windows\system32\bbwrlgb.exe" -uninstall
FUJIFILM USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Excel MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0016-041B-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Slovak) 2007-->MsiExec.exe /X{90120000-001A-041B-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0018-041B-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Hungarian) 2007-->MsiExec.exe /X{90120000-001F-040E-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Slovak) 2007-->MsiExec.exe /X{90120000-002C-041B-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0019-041B-0000-0000000FF1CE}
Microsoft Office Shared MUI (Slovak) 2007-->MsiExec.exe /X{90120000-006E-041B-0000-0000000FF1CE}
Microsoft Office Small Business 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall SMALLBUSINESSR /dll OSETUP.DLL
Microsoft Office Small Business 2007-->MsiExec.exe /X{91120000-00CA-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (Slovak) 2007-->MsiExec.exe /X{90120000-001B-041B-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.6.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
PC Connectivity Solution-->MsiExec.exe /I{066D65EA-ED53-44E4-A96A-F81B6E409D2E}
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
Ralink RT2870 Wireless LAN Card-->C:\Program Files\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\setup.exe -runfromtemp -l0x0009 -removeonly
RAW FILE CONVERTER LE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D680C913-5955-469D-9D88-C1940F7506D6}\SETUP.EXE" -l0x9
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AV: Antivírusový systém AVG 7.0.289 (outdated)

======System event log======

Computer Name: STUDIO-0FZCGEMN
Event Code: 1073
Message: Pokus o Napájení vypnuto STUDIO-0FZCGEMN se nezdařil.

Record Number: 16953
Source Name: USER32
Time Written: 20100801151648.000000+120
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: STUDIO-0FZCGEMN
Event Code: 1073
Message: Pokus o Napájení vypnuto STUDIO-0FZCGEMN se nezdařil.

Record Number: 16724
Source Name: USER32
Time Written: 20100726225228.000000+120
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: STUDIO-0FZCGEMN
Event Code: 1073
Message: Pokus o Napájení vypnuto STUDIO-0FZCGEMN se nezdařil.

Record Number: 16647
Source Name: USER32
Time Written: 20100725223407.000000+120
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: STUDIO-0FZCGEMN
Event Code: 4226
Message: Došlo k překročení limitu možného počtu souběžných připojení protokolem TCP.

Record Number: 16184
Source Name: Tcpip
Time Written: 20100714195624.000000+120
Event Type: warning
User:

Computer Name: STUDIO-0FZCGEMN
Event Code: 240
Message: Žádost o pozastavení napájení byla odmítnuta: winlogon.exe.

Record Number: 15970
Source Name: Win32k
Time Written: 20100712071302.000000+120
Event Type: warning
User:

=====Application event log=====

Computer Name: STUDIO-0FZCGEMN
Event Code: 1517
Message: Systém Windows uložil registr uživatele STUDIO-0FZCGEMN\STUDIO, ale některá z aplikací nebo služeb během odhlášení registr nadále používala. Paměť používaná registrem uživatele nebyla uvolněna. Registr bude uvolněn, jakmile již nebude používán.

To je často způsobeno tím, že jsou služby spuštěny pomocí uživatelského účtu. Zkuste služby konfigurovat pro spuštění pomocí účtu místní nebo síťové služby.

Record Number: 588
Source Name: Userenv
Time Written: 20070522163625.000000+120
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: STUDIO-0FZCGEMN
Event Code: 1002
Message: Zablokovaná aplikace dj9800en.exe, verze 1.1.0.0, zablokovaný modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Record Number: 587
Source Name: Application Hang
Time Written: 20070522161742.000000+120
Event Type: error
User:

Computer Name: STUDIO-0FZCGEMN
Event Code: 1517
Message: Systém Windows uložil registr uživatele STUDIO-0FZCGEMN\STUDIO, ale některá z aplikací nebo služeb během odhlášení registr nadále používala. Paměť používaná registrem uživatele nebyla uvolněna. Registr bude uvolněn, jakmile již nebude používán.

To je často způsobeno tím, že jsou služby spuštěny pomocí uživatelského účtu. Zkuste služby konfigurovat pro spuštění pomocí účtu místní nebo síťové služby.

Record Number: 580
Source Name: Userenv
Time Written: 20070522152102.000000+120
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: STUDIO-0FZCGEMN
Event Code: 1517
Message: Systém Windows uložil registr uživatele STUDIO-0FZCGEMN\STUDIO, ale některá z aplikací nebo služeb během odhlášení registr nadále používala. Paměť používaná registrem uživatele nebyla uvolněna. Registr bude uvolněn, jakmile již nebude používán.

To je často způsobeno tím, že jsou služby spuštěny pomocí uživatelského účtu. Zkuste služby konfigurovat pro spuštění pomocí účtu místní nebo síťové služby.

Record Number: 573
Source Name: Userenv
Time Written: 20070522143420.000000+120
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: STUDIO-0FZCGEMN
Event Code: 1517
Message: Systém Windows uložil registr uživatele STUDIO-0FZCGEMN\STUDIO, ale některá z aplikací nebo služeb během odhlášení registr nadále používala. Paměť používaná registrem uživatele nebyla uvolněna. Registr bude uvolněn, jakmile již nebude používán.

To je často způsobeno tím, že jsou služby spuštěny pomocí uživatelského účtu. Zkuste služby konfigurovat pro spuštění pomocí účtu místní nebo síťové služby.

Record Number: 566
Source Name: Userenv
Time Written: 20070522134054.000000+120
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 1 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0103
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------

#48 Příspěvek od **Caroprd111** » 24 srp 2010 19:55

Zdravím

Stáhněte OTL http://oldtimer.geekstogo.com/OTL.exe na plochu

Spusťte, poté do spodního políčka vložte následující skript.

Kód: Vybrat vše

 netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys 
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys 
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys 
cdrom.sys 
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav 
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT

Označte položku Pro všechny uživatele.
Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Klikněte na tlačítko Prohledat
Po dokončení, sem vložte logy OTL.Txt a Extras.txt

Pravnik1 · #49 Příspěvek od **Pravnik1** » 25 srp 2010 10:39

OTL logfile created on: 25.8.2010 9:54:12 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Program Files
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041B | Country: Slovensko | Language: SKY | Date Format: d.M.yyyy

479,00 Mb Total Physical Memory | 100,00 Mb Available Physical Memory | 21,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 17,58 Gb Total Space | 10,17 Gb Free Space | 57,83% Space Free | Partition Type: NTFS
Drive D: | 19,68 Gb Total Space | 12,46 Gb Free Space | 63,29% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STUDIO-0FZCGEMN
Current User Name: STUDIO
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.08.25 09:53:12 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Program Files\OTL.exe
PRC - [2010.08.24 12:59:16 | 000,503,808 | ---- | M] (Doric) -- C:\WINDOWS\system32\bbwrlgb.exe
PRC - [2010.07.25 11:14:59 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010.07.25 11:14:48 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005.02.11 17:44:51 | 000,021,555 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgupsvc.exe
PRC - [2005.02.11 17:44:48 | 000,310,323 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe
PRC - [2004.06.16 06:03:04 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2002.12.16 17:51:24 | 000,036,864 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
PRC - [2001.05.06 12:14:22 | 000,020,549 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe

========== Modules (SafeList) ==========

MOD - [2010.08.25 09:53:12 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Program Files\OTL.exe
MOD - [2008.04.14 05:19:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007.03.26 14:06:24 | 000,292,864 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2005.02.11 17:44:51 | 000,021,555 | ---- | M] (GRISOFT, s.r.o.) [Auto | Running] -- C:\Program Files\Grisoft\AVG7\avgupsvc.exe -- (Avg7UpdSvc)
SRV - [2005.02.11 17:44:48 | 000,310,323 | ---- | M] (GRISOFT, s.r.o.) [Auto | Running] -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe -- (Avg7Alrt)
SRV - [2002.08.01 11:22:40 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\srvkp.sys -- (SiSkp)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\Scutum50.sys -- (Scutum50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\rt2870.sys -- (rt2870)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\massfilter.sys -- (massfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\btwusb.sys -- (BTWUSB)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btwdndis.sys -- (BTWDNDIS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btport.sys -- (BTDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btaudio.sys -- (BtAudio)
DRV - [2008.04.13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008.04.13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2006.11.01 09:18:54 | 000,151,296 | R--- | M] (Trident Multimedia Technologies Co.,Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TridVid.sys -- (TridVid)
DRV - [2005.04.26 09:01:38 | 000,003,584 | R--- | M] (Trident Microsystem Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Triddev.sys -- (TridDev)
DRV - [2005.02.11 17:44:54 | 000,004,320 | ---- | M] (GRISOFT, s.r.o.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\avgtdi.sys -- (AvgTdi)
DRV - [2005.02.11 17:44:53 | 000,021,120 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avg7rsxp.sys -- (Avg7RsXP)
DRV - [2005.02.11 17:44:52 | 000,515,712 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avg7core.sys -- (Avg7Core)
DRV - [2005.02.11 17:44:52 | 000,004,928 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avg7rsw.sys -- (Avg7RsW)
DRV - [2002.08.07 17:00:10 | 000,083,360 | ---- | M] (Generic) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\stlth317.sys -- (Stlth317)
DRV - [2002.03.25 22:13:54 | 000,303,948 | ---- | M] (Avance Logic, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Avance AC97 Audio (WDM)
DRV - [2002.02.01 14:02:48 | 000,177,152 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2001.12.26 22:52:58 | 000,027,136 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2001.11.01 10:49:16 | 000,038,037 | ---- | M] (DATAFAB) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DFSTOR2K.SYS -- (DFSTR2K)
DRV - [2001.08.23 22:03:54 | 000,025,434 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-842925246-299502267-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-842925246-299502267-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-842925246-299502267-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.zoznam.sk/
IE - HKU\S-1-5-21-842925246-299502267-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B4 10 79 FD 52 FA CA 01 [binary data]
IE - HKU\S-1-5-21-842925246-299502267-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-842925246-299502267-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-842925246-299502267-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-842925246-299502267-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.sk/"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.24 20:39:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.24 20:39:08 | 000,000,000 | ---D | M]

[2010.07.23 17:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STUDIO\Data aplikací\Mozilla\Extensions
[2010.07.27 21:40:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STUDIO\Data aplikací\Mozilla\Firefox\Profiles\0jxj7bkh.default\extensions
[2010.08.24 13:06:07 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.07.14 00:14:18 | 000,001,583 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\atlas-sk.xml
[2010.07.14 00:14:18 | 000,001,380 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\azet-sk.xml
[2010.07.14 00:14:18 | 000,001,479 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\dunaj-sk.xml
[2010.07.14 00:14:18 | 000,001,473 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slovnik-sk.xml
[2010.07.14 00:14:18 | 000,001,104 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-sk.xml
[2010.07.14 00:14:18 | 000,000,830 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\zoznam-sk.xml

O1 HOSTS File: ([2003.04.16 21:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No CLSID value found.
O3 - HKU\S-1-5-21-842925246-299502267-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [bbwrlgb] C:\WINDOWS\System32\bbwrlgb.exe (Doric)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe (Hewlett-Packard)
O4 - HKLM..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe (Hewlett-Packard)
O4 - HKU\.DEFAULT..\Run: [AVG7_Run] C:\Program Files\Grisoft\AVG7\avgw.exe (GRISOFT, s.r.o.)
O4 - HKU\S-1-5-18..\Run: [AVG7_Run] C:\Program Files\Grisoft\AVG7\avgw.exe (GRISOFT, s.r.o.)
O4 - HKU\S-1-5-19..\Run: [AVG7_Run] C:\Program Files\Grisoft\AVG7\avgw.exe (GRISOFT, s.r.o.)
O4 - HKU\S-1-5-20..\Run: [AVG7_Run] C:\Program Files\Grisoft\AVG7\avgw.exe (GRISOFT, s.r.o.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-842925246-299502267-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-842925246-299502267-1801674531-1003\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net ... plugin.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O28 - HKLM ShellExecuteHooks: {9EF34FF2-3396-4527-9D27-04C8C1C67806} - C:\Program Files\Microsoft AntiSpyware\shellextension.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.02.11 17:00:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{77ccaa82-90be-11de-9e54-b5b94915f0a1}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.MP42 - C:\WINDOWS\System32\MPG4c32.dll (Microsoft Corporation)
Drivers32: vidc.MP43 - C:\WINDOWS\System32\MPG4c32.dll (Microsoft Corporation)
Drivers32: vidc.MPG4 - C:\WINDOWS\System32\MPG4c32.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56027131116781568)

========== Files/Folders - Created Within 30 Days ==========

[2010.08.25 10:06:40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\STUDIO\Recent
[2010.08.25 09:52:49 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Program Files\OTL.exe
[2010.08.24 20:08:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\STUDIO\Data aplikací\InstallShield
[2010.08.24 20:07:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\STUDIO\Local Settings\Data aplikací\Apple
[2010.08.24 20:07:11 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010.08.24 19:51:47 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010.08.24 19:38:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010.08.24 19:38:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Apple
[2010.08.24 19:09:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\STUDIO\Local Settings\Data aplikací\Apple Computer
[2010.08.24 18:56:33 | 096,971,560 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesSetup.exe
[2010.08.24 18:16:20 | 000,000,000 | ---D | C] -- C:\rsit
[2010.08.24 16:17:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Dokumenty\Dokument\Obrázky
[2010.08.24 16:17:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Dokumenty\Filmy
[2010.08.24 16:17:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Dokumenty\Dokument\Filmy
[2010.08.24 16:16:35 | 000,018,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010.08.24 16:15:23 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010.08.24 16:09:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010.08.24 16:09:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010.08.24 15:54:41 | 025,787,976 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmp11-windowsxp-x86-CS-CZ.exe
[2010.08.24 15:27:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\STUDIO\Plocha\HUDBA
[2010.08.24 14:03:58 | 003,041,744 | ---- | C] (Adobe Systems, Inc.) -- C:\Program Files\flashplayer_10_plugin_debug.exe
[2010.08.24 14:03:18 | 003,078,096 | ---- | C] (Adobe Systems, Inc.) -- C:\Program Files\flashplayer_10_ax_debug.exe
[2010.08.24 12:59:16 | 000,503,808 | ---- | C] (Doric) -- C:\WINDOWS\System32\bbwrlgb.exe
[2010.07.27 12:25:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Dokumenty\Dokument\Hudba
[2010.07.27 12:00:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\McAfee
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.08.25 10:20:05 | 000,001,679 | ---- | M] () -- C:\WINDOWS\System32\bbwrlgb_navps.dat
[2010.08.25 10:19:27 | 000,003,311 | ---- | M] () -- C:\WINDOWS\System32\bbwrlgb.dat
[2010.08.25 10:11:32 | 000,000,468 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D1265ECA-C7DE-4924-8894-5768127B0DC2}.job
[2010.08.25 09:53:12 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Program Files\OTL.exe
[2010.08.25 09:47:54 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.08.25 08:08:58 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.08.25 08:08:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.08.25 08:08:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.08.24 21:47:03 | 007,602,176 | -H-- | M] () -- C:\Documents and Settings\STUDIO\NTUSER.DAT
[2010.08.24 21:47:03 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\STUDIO\ntuser.ini
[2010.08.24 21:12:20 | 003,726,522 | -H-- | M] () -- C:\Documents and Settings\STUDIO\Local Settings\Data aplikací\IconCache.db
[2010.08.24 20:08:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.08.24 19:02:51 | 096,971,560 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunesSetup.exe
[2010.08.24 18:59:40 | 000,000,645 | ---- | M] () -- C:\Documents and Settings\STUDIO\Plocha\RegCleaner.lnk
[2010.08.24 18:58:47 | 000,553,687 | ---- | M] () -- C:\Program Files\regcleaner.exe
[2010.08.24 18:15:41 | 000,339,991 | ---- | M] () -- C:\Program Files\RSIT.exe
[2010.08.24 16:46:55 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.08.24 16:37:21 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010.08.24 16:37:21 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010.08.24 16:36:33 | 000,837,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.08.24 16:15:53 | 000,001,294 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.08.24 16:11:43 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010.08.24 16:09:51 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010.08.24 15:56:39 | 025,787,976 | ---- | M] (Microsoft Corporation) -- C:\Program Files\wmp11-windowsxp-x86-CS-CZ.exe
[2010.08.24 14:04:03 | 003,041,744 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\flashplayer_10_plugin_debug.exe
[2010.08.24 14:03:21 | 003,078,096 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\flashplayer_10_ax_debug.exe
[2010.08.24 13:18:20 | 000,002,301 | ---- | M] () -- C:\WINDOWS\hplj1010.his
[2010.08.24 13:18:20 | 000,000,648 | ---- | M] () -- C:\WINDOWS\hplj1010.ini
[2010.08.24 13:14:13 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\STUDIO\Plocha\CCleaner.lnk
[2010.08.24 12:59:16 | 000,503,808 | ---- | M] (Doric) -- C:\WINDOWS\System32\bbwrlgb.exe
[2010.07.28 20:13:46 | 000,002,565 | ---- | M] () -- C:\Documents and Settings\STUDIO\Plocha\Microsoft Office Word 2007.lnk
[2010.07.27 08:30:31 | 008,466,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.08.24 20:08:07 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.08.24 18:59:40 | 000,000,645 | ---- | C] () -- C:\Documents and Settings\STUDIO\Plocha\RegCleaner.lnk
[2010.08.24 18:58:39 | 000,553,687 | ---- | C] () -- C:\Program Files\regcleaner.exe
[2010.08.24 18:15:26 | 000,339,991 | ---- | C] () -- C:\Program Files\RSIT.exe
[2010.08.24 16:09:51 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010.08.24 13:17:56 | 000,244,694 | ---- | C] () -- C:\WINDOWS\hplj1010.hi1
[2010.08.24 13:17:56 | 000,018,048 | ---- | C] () -- C:\WINDOWS\hplj1010.bu1
[2010.08.24 12:59:20 | 000,001,735 | ---- | C] () -- C:\WINDOWS\System32\bbwrlgb_navps.dat
[2010.08.24 12:59:19 | 000,084,904 | ---- | C] () -- C:\WINDOWS\System32\bbwrlgb_nav.dat
[2010.08.24 12:59:19 | 000,003,189 | ---- | C] () -- C:\WINDOWS\System32\bbwrlgb.dat
[2007.10.23 18:21:45 | 000,061,440 | R--- | C] () -- C:\WINDOWS\System32\VendorCmdRW.dll
[2007.10.23 18:21:40 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2007.08.16 17:49:48 | 000,002,963 | ---- | C] () -- C:\WINDOWS\fontlab.INI
[2007.03.16 18:34:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\GTWST.dll
[2007.03.16 16:41:06 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\GTTunerCard.dll
[2007.02.08 17:58:46 | 000,000,397 | ---- | C] () -- C:\WINDOWS\hpw9800k.ini
[2007.02.08 17:57:42 | 000,000,478 | ---- | C] () -- C:\WINDOWS\hpdj9800.ini
[2007.02.08 17:57:36 | 000,001,567 | ---- | C] () -- C:\WINDOWS\mariner.ini
[2007.01.09 15:14:44 | 000,083,456 | ---- | C] () -- C:\Documents and Settings\STUDIO\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.11.13 12:10:58 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\setting.ini
[2005.08.03 15:21:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TVAudio.dll
[2005.03.18 18:14:06 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\msplock32.dll
[2005.03.10 14:27:03 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\msclock32.dll
[2005.03.10 14:27:03 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\msegcompid.dll
[2005.03.09 19:27:45 | 000,000,397 | ---- | C] () -- C:\WINDOWS\barcode.ini
[2005.03.03 18:09:01 | 000,000,288 | ---- | C] () -- C:\WINDOWS\WINCMD.INI
[2005.02.28 12:12:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSPublisher_Quark Converter.INI
[2005.02.18 13:51:22 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2005.02.18 13:14:45 | 000,112,688 | ---- | C] () -- C:\WINDOWS\System32\shw32.dll
[2005.02.15 15:41:04 | 000,005,555 | ---- | C] () -- C:\Documents and Settings\STUDIO\Data aplikací\icmprof.cat
[2005.02.15 15:40:52 | 000,000,960 | ---- | C] () -- C:\Documents and Settings\STUDIO\Data aplikací\Color.ini
[2005.02.13 12:22:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CorelDrw.INI
[2005.02.13 11:58:28 | 000,000,033 | ---- | C] () -- C:\WINDOWS\quark.ini
[2005.02.11 18:24:14 | 000,001,225 | ---- | C] () -- C:\WINDOWS\SMSHELL.INI
[2005.02.11 18:24:13 | 000,002,204 | ---- | C] () -- C:\WINDOWS\System32\drivers\UNINST2K.SYS
[2005.02.11 18:24:10 | 000,004,231 | ---- | C] () -- C:\WINDOWS\System32\Dfusbpdr.ini
[2005.02.11 18:17:34 | 000,000,648 | ---- | C] () -- C:\WINDOWS\hplj1010.ini
[2005.02.11 18:16:11 | 000,000,044 | ---- | C] () -- C:\WINDOWS\STXKBDTS.INI
[2005.02.11 18:15:15 | 000,000,467 | ---- | C] () -- C:\WINDOWS\WTRDICT.INI
[2005.02.11 18:12:32 | 000,001,889 | ---- | C] () -- C:\WINDOWS\WEBWTR.INI
[2005.02.11 18:12:28 | 000,000,043 | ---- | C] () -- C:\WINDOWS\STXKBD.INI
[2005.02.11 18:12:27 | 000,001,433 | ---- | C] () -- C:\WINDOWS\WINTRAN.INI
[2005.02.11 18:12:27 | 000,001,286 | ---- | C] () -- C:\WINDOWS\WDICT32.INI
[2005.02.11 18:12:01 | 000,000,033 | ---- | C] () -- C:\WINDOWS\WTRDCTM.INI
[2005.02.11 17:34:09 | 000,000,494 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005.02.11 17:17:35 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2005.02.11 17:16:04 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\setuplib.dll
[2005.02.11 17:15:32 | 000,032,768 | R--- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2004.07.29 02:19:46 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003.08.29 11:23:49 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2003.06.28 14:34:20 | 000,069,707 | ---- | C] () -- C:\WINDOWS\System32\DISP_OPT1.dll
[2002.03.21 16:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL

========== LOP Check ==========

[2007.02.06 14:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ACD Systems
[2005.02.11 17:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AVG7
[2005.02.11 17:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Grisoft
[2008.01.10 15:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Installations
[2009.08.24 14:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Paradoxx
[2008.01.10 15:05:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Suite
[2005.02.11 17:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\AVG7
[2005.02.28 11:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STUDIO\Data aplikací\ACD Systems
[2005.03.03 17:33:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STUDIO\Data aplikací\AVG7
[2010.08.24 13:07:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STUDIO\Data aplikací\FUJIFILM
[2005.02.12 15:15:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STUDIO\Data aplikací\Leadertech
[2008.01.10 15:18:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STUDIO\Data aplikací\Nokia
[2010.05.07 18:42:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STUDIO\Data aplikací\Opera
[2005.02.15 15:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STUDIO\Data aplikací\Palettes
[2005.02.15 15:40:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STUDIO\Data aplikací\PaperTypes
[2009.08.24 14:40:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STUDIO\Data aplikací\Paradoxx
[2008.01.10 15:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STUDIO\Data aplikací\PC Suite
[2010.06.20 18:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STUDIO\Data aplikací\TweakNow RegCleaner
[2010.08.25 10:11:32 | 000,000,468 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{D1265ECA-C7DE-4924-8894-5768127B0DC2}.job

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"MSMSGS" = "C:\Program Files\Messenger\msmsgs.exe" /background -- [2008.04.14 05:22:36 | 001,695,232 | ---- | M] (Microsoft Corporation)
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 05:22:17 | 000,015,360 | ---- | M] (Microsoft Corporation)

< c:\windows\*.* /U >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2005.02.28 11:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STUDIO\Data aplikací\ACD Systems
[2010.08.24 13:09:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STUDIO\Data aplikací\Adobe
[2005.02.12 15:02:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STUDIO\Data aplikací\AdobeUM
[2005.03.03 17:33:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STUDIO\Data aplikací\AVG7
[2006.01.01 11:56:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STUDIO\Data aplikací\Corel
[2005.02.15 15:40:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STUDIO\Data aplikací\CorelDRAW11
[2010.08.24 13:07:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STUDIO\Data aplikací\FUJIFILM
[2010.05.07 19:37:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STUDIO\Data aplikací\Google
[2005.02.12 17:39:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STUDIO\Data aplikací\Help
[2005.02.11 17:06:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STUDIO\Data aplikací\Identities
[2010.08.24 20:08:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STUDIO\Data aplikací\InstallShield
[2005.02.12 15:15:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STUDIO\Data aplikací\Leadertech
[2008.01.10 15:00:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STUDIO\Data aplikací\Macromedia
[2009.08.24 23:10:04 | 000,000,000 | --SD | M] -- C:\Documents and Settings\STUDIO\Data aplikací\Microsoft
[2010.07.23 17:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STUDIO\Data aplikací\Mozilla
[2010.07.17 22:20:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STUDIO\Data aplikací\MSN6
[2008.01.10 15:18:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STUDIO\Data aplikací\Nokia
[2010.05.07 18:42:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STUDIO\Data aplikací\Opera
[2005.02.15 15:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STUDIO\Data aplikací\Palettes
[2005.02.15 15:40:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STUDIO\Data aplikací\PaperTypes
[2009.08.24 14:40:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STUDIO\Data aplikací\Paradoxx
[2008.01.10 15:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STUDIO\Data aplikací\PC Suite
[2010.08.24 13:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STUDIO\Data aplikací\Skype
[2010.08.24 12:59:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STUDIO\Data aplikací\skypePM
[2005.02.11 17:52:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STUDIO\Data aplikací\Spybot - Search & Destroy
[2010.06.20 18:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\STUDIO\Data aplikací\TweakNow RegCleaner

< %APPDATA%\*.exe /s >
[2009.12.26 14:00:06 | 015,737,800 | ---- | M] (Paradoxx Software s.r.o. ) -- C:\Documents and Settings\STUDIO\Data aplikací\Paradoxx\PhoneReport\Updates\update_3.57.95.99.exe

< MD5 for: AGP440.SYS >
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009.11.16 13:40:47 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2009.11.16 13:40:47 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2003.04.16 21:00:00 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009.11.16 13:40:47 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2009.11.16 13:40:47 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: CDROM.SYS >
[2003.04.16 21:00:00 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:cdrom.sys
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2009.11.16 13:40:47 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:cdrom.sys
[2009.11.16 13:40:47 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2009.12.22 20:39:20 | 000,062,592 | ---- | M] (Microsoft Corporation) MD5=7B53584D94E9D8716B2DE91D5F1CB42D -- C:\WINDOWS\system32\dllcache\cdrom.sys
[2004.08.03 23:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2004.08.17 16:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2004.08.17 16:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004.08.17 16:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: HAL.DLL >
[2003.04.16 21:00:00 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:hal.dll
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2009.11.16 13:40:47 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:hal.dll
[2009.11.16 13:40:47 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2008.04.13 20:31:28 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=6F61D3287A6A15A08A9433222C09D17F -- C:\WINDOWS\system32\HAL.DLL
[2004.08.03 23:59:10 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll

< MD5 for: CHANGER.SYS >
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2009.11.16 13:40:47 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:Changer.sys
[2009.11.16 13:40:47 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys
[2004.08.04 00:00:14 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=DAF1A8193B6CAF0FB858CADCC5C4AF4A -- C:\WINDOWS\$NtServicePackUninstall$\changer.sys

< MD5 for: ISAPNP.SYS >
[2009.11.16 13:40:47 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2009.11.16 13:40:47 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2003.04.16 21:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2004.08.17 16:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004.08.04 00:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2004.08.17 16:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004.08.17 16:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.17 16:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2004.08.17 16:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\SoftwareDistribution\Download\1d2803a1f84cfd41d61e509943d67213\sp2gdr\tcpip.sys
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\SoftwareDistribution\Download\1d2803a1f84cfd41d61e509943d67213\sp2qfe\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\SoftwareDistribution\Download\1d2803a1f84cfd41d61e509943d67213\sp3gdr\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\SoftwareDistribution\Download\1d2803a1f84cfd41d61e509943d67213\sp3qfe\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2004.08.17 16:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.17 16:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2004.08.17 16:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005.02.11 17:48:50 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005.02.11 17:48:49 | 000,630,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005.02.11 17:48:49 | 000,385,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemRoot%\System32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2010.08.24 16:37:21 | 000,016,832 | ---- | M] () -- C:\WINDOWS\system32\amcompat.tlb
[2010.08.25 11:29:32 | 000,003,243 | ---- | M] () -- C:\WINDOWS\system32\bbwrlgb.dat
[2010.08.24 12:59:16 | 000,503,808 | ---- | M] (Doric) -- C:\WINDOWS\system32\bbwrlgb.exe
[2010.08.25 11:30:25 | 000,001,750 | ---- | M] () -- C:\WINDOWS\system32\bbwrlgb_navps.dat
[2010.08.25 09:47:54 | 000,000,664 | ---- | M] () -- C:\WINDOWS\system32\d3d9caps.dat
[2010.08.24 16:36:33 | 000,837,952 | ---- | M] () -- C:\WINDOWS\system32\FNTCACHE.DAT
[2010.08.24 16:37:21 | 000,023,392 | ---- | M] () -- C:\WINDOWS\system32\nscompat.tlb
[2010.08.25 08:08:58 | 000,013,646 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report >

Pravnik1 · #50 Příspěvek od **Pravnik1** » 25 srp 2010 10:41

OTL Extras logfile created on: 25.8.2010 9:54:12 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Program Files
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041B | Country: Slovensko | Language: SKY | Date Format: d.M.yyyy

479,00 Mb Total Physical Memory | 100,00 Mb Available Physical Memory | 21,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 17,58 Gb Total Space | 10,17 Gb Free Space | 57,83% Space Free | Partition Type: NTFS
Drive D: | 19,68 Gb Total Space | 12,46 Gb Free Space | 63,29% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STUDIO-0FZCGEMN
Current User Name: STUDIO
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-842925246-299502267-1801674531-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\PROGRA~1\MICROS~2\Office12\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\opera.exe" "%1" File not found
https [open] -- "C:\Program Files\Opera\opera.exe" "%1" File not found
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe" = C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe:*:Disabled:javaw -- ()
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- File not found
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066D65EA-ED53-44E4-A96A-F81B6E409D2E}" = PC Connectivity Solution
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{90120000-0010-041B-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Slovak) 12
"{90120000-0016-041B-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Slovak) 2007
"{90120000-0018-041B-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Slovak) 2007
"{90120000-0019-041B-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Slovak) 2007
"{90120000-001A-041B-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Slovak) 2007
"{90120000-001B-041B-0000-0000000FF1CE}" = Microsoft Office Word MUI (Slovak) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040E-0000-0000000FF1CE}" = Microsoft Office Proof (Hungarian) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-002C-041B-0000-0000000FF1CE}" = Microsoft Office Proofing (Slovak) 2007
"{90120000-006E-041B-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Slovak) 2007
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{AA2AAB2B-DE21-48DB-B15B-118AB957D3FF}" = Adobe LiveMotion 2.0
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{D680C913-5955-469D-9D88-C1940F7506D6}" = RAW FILE CONVERTER LE
"{E031338C-839D-4EDD-9537-99B653C39D81}" = Autodesk MapGuide(R) Viewer ActiveX Control Release 6.5
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"bbwrlgb" = Favorit
"CCleaner" = CCleaner
"ie8" = Windows Internet Explorer 8
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1.9.2009 14:25:40 | Computer Name = STUDIO-0FZCGEMN | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace Picasa3.exe, verze 3.1.71.43, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 1.9.2009 14:38:33 | Computer Name = STUDIO-0FZCGEMN | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace Picasa3.exe, verze 3.1.71.43, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 2.9.2009 16:17:08 | Computer Name = STUDIO-0FZCGEMN | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace Picasa3.exe, verze 3.1.71.43, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 26.9.2009 12:16:11 | Computer Name = STUDIO-0FZCGEMN | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace Picasa3.exe, verze 3.1.71.43, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 18.10.2009 3:25:19 | Computer Name = STUDIO-0FZCGEMN | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace Picasa3.exe, verze 3.1.71.43, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 31.10.2009 4:13:09 | Computer Name = STUDIO-0FZCGEMN | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace Picasa3.exe, verze 3.1.71.43, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 10.1.2010 13:53:19 | Computer Name = STUDIO-0FZCGEMN | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace FinePixViewerS.exe, verze 2.1.0.3, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 10.1.2010 14:45:21 | Computer Name = STUDIO-0FZCGEMN | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace FinePixViewerS.exe, verze 2.1.0.3, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 11.1.2010 16:32:13 | Computer Name = STUDIO-0FZCGEMN | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace Picasa3.exe, verze 3.1.71.43, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 20.2.2010 4:26:40 | Computer Name = STUDIO-0FZCGEMN | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace Picasa3.exe, verze 3.1.71.43, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

[ System Events ]
Error - 1.8.2010 13:30:35 | Computer Name = STUDIO-0FZCGEMN | Source = DCOM | ID = 10010
Description = Server {B2B3C70A-B20F-40B7-90C5-EA7E946C16E0} se v daném časovém limitu
neregistroval u služby DCOM.

Error - 24.8.2010 10:34:34 | Computer Name = STUDIO-0FZCGEMN | Source = Windows Update Agent | ID = 20
Description = Instalace se nezdařila: Instalace následující aktualizace se nezdařila
z důvodu chyby (0xd0000142): Aktualizace zabezpečení systému Windows XP (KB981852).

Error - 24.8.2010 10:34:34 | Computer Name = STUDIO-0FZCGEMN | Source = Windows Update Agent | ID = 20
Description = Instalace se nezdařila: Instalace následující aktualizace se nezdařila
z důvodu chyby (0xd0000142): Aktualizace zabezpečení systému Windows XP (KB2115168).

Error - 25.8.2010 2:08:52 | Computer Name = STUDIO-0FZCGEMN | Source = Service Control Manager | ID = 7000
Description = Služba Scutum50 NDIS Protocol Driver neuspěla při spuštění v důsledku
následující chyby: %%2

< End of report >

#51 Příspěvek od **Caroprd111** » 25 srp 2010 11:59

Spusťte OTL a do spodního okna vložte následující skript.

Kód: Vybrat vše

:Commands
[EMPTYTEMP] 
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]

:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\srvkp.sys -- (SiSkp)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\Scutum50.sys -- (Scutum50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\rt2870.sys -- (rt2870)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\massfilter.sys -- (massfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\btwusb.sys -- (BTWUSB)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btwdndis.sys -- (BTWDNDIS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btport.sys -- (BTDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btaudio.sys -- (BtAudio)
O3 - HKU\S-1-5-21-842925246-299502267-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [bbwrlgb] C:\WINDOWS\System32\bbwrlgb.exe (Doric)
O15 - HKU\S-1-5-21-842925246-299502267-1801674531-1003\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net ... plugin.cab (Reg Error: Key error.)
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2010.08.24 12:59:20 | 000,001,735 | ---- | C] () -- C:\WINDOWS\System32\bbwrlgb_navps.dat
[2010.08.24 12:59:19 | 000,084,904 | ---- | C] () -- C:\WINDOWS\System32\bbwrlgb_nav.dat
[2010.08.24 12:59:19 | 000,003,189 | ---- | C] () -- C:\WINDOWS\System32\bbwrlgb.dat

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"bbwrlgb"=-

Klikněte na Opravit, PC se restartuje, log vložte sem.

Pravnik1 · #52 Příspěvek od **Pravnik1** » 25 srp 2010 12:37

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: STUDIO
->Temp folder emptied: 74670471 bytes
->Temporary Internet Files folder emptied: 6193620 bytes
->FireFox cache emptied: 67245351 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 2342 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 5860352 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 512000 bytes

Total Files Cleaned = 147,00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: STUDIO
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

Restore points cleared and new OTL Restore Point set!
========== OTL ==========
Service ZTEusbser6k stopped successfully!
Service ZTEusbser6k deleted successfully!
File C:\WINDOWS\System32\DRIVERS\ZTEusbser6k.sys not found.
Service ZTEusbnmea stopped successfully!
Service ZTEusbnmea deleted successfully!
File C:\WINDOWS\System32\DRIVERS\ZTEusbnmea.sys not found.
Service ZTEusbmdm6k stopped successfully!
Service ZTEusbmdm6k deleted successfully!
File C:\WINDOWS\System32\DRIVERS\ZTEusbmdm6k.sys not found.
Error: No service named SNPSTD3) USB PC Camera (SNPSTD3 was found to stop!
Service\Driver key SNPSTD3) USB PC Camera (SNPSTD3 not found.
C:\WINDOWS\system32\drivers\snpstd3.sys moved successfully.
Service SiSkp stopped successfully!
Service SiSkp deleted successfully!
File C:\WINDOWS\System32\drivers\srvkp.sys not found.
Error: No service named Scutum50 was found to stop!
Service\Driver key Scutum50 not found.
File C:\WINDOWS\System32\Drivers\Scutum50.sys not found.
Error: No service named rt2870 was found to stop!
Service\Driver key rt2870 not found.
File C:\WINDOWS\System32\DRIVERS\rt2870.sys not found.
Service massfilter stopped successfully!
Service massfilter deleted successfully!
File C:\WINDOWS\System32\drivers\massfilter.sys not found.
Service GMSIPCI stopped successfully!
Service GMSIPCI deleted successfully!
File E:\INSTALL\GMSIPCI.SYS not found.
Service BTWUSB stopped successfully!
Service BTWUSB deleted successfully!
File C:\WINDOWS\System32\Drivers\btwusb.sys not found.
Service BTWDNDIS stopped successfully!
Service BTWDNDIS deleted successfully!
File C:\WINDOWS\System32\DRIVERS\btwdndis.sys not found.
Service BTDriver stopped successfully!
Service BTDriver deleted successfully!
File C:\WINDOWS\System32\DRIVERS\btport.sys not found.
Service BtAudio stopped successfully!
Service BtAudio deleted successfully!
File C:\WINDOWS\System32\DRIVERS\btaudio.sys not found.
Registry value HKEY_USERS\S-1-5-21-842925246-299502267-1801674531-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\bbwrlgb not found.
File C:\WINDOWS\System32\bbwrlgb.exe not found.
Registry value HKEY_USERS\S-1-5-21-842925246-299502267-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\\ deleted successfully.
Starting removal of ActiveX control {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
C:\WINDOWS\Downloaded Program Files\QTPlugin.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ not found.
C:\WINDOWS\system32\bbwrlgb_navps.dat moved successfully.
C:\WINDOWS\system32\bbwrlgb_nav.dat moved successfully.
C:\WINDOWS\system32\bbwrlgb.dat moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\bbwrlgb not found.

OTL by OldTimer - Version 3.2.10.0 log created on 08252010_133237

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#53 Příspěvek od **Caroprd111** » 25 srp 2010 12:41

Jak se chová PC

Pravnik1 · #54 Příspěvek od **Pravnik1** » 25 srp 2010 12:43

idete malinko rychlejsie, urobily sa nejake drobne zmeny.

#55 Příspěvek od **Caroprd111** » 25 srp 2010 13:49

Stáhněte T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe

Spusťte, pro potvrzení volby mačkejte klávesu A, Enter
Po použití program vymažte. Pozor, antiviry ho mohou falešně označit za vir.

Stáhněte TFC http://oldtimer.geekstogo.com/TFC.exe

Spusťte.
Klikněte na "Start". Potvrďte hlášku kliknutím na "Ok" (Bude následovat restart)

Stáhněte OTC http://oldtimer.geekstogo.com/OTC.exe

Spusťte.
Klikněte na "CleanUp!". Potvrďte hlášky kliknutím na "Yes" (Bude následovat restart)

Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478

Nainstalujte a v průběhu instalace odškrtněte, že chcete instalovat yahoo toolbar.

Záložka Čistič
Dejte analyzovat, po dokončení dejte Spustit Ccleaner.

Záložka Registry
Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, potom dejte Opravit všechny problémy.
OK Zavřít

Pravnik1 · #56 Příspěvek od **Pravnik1** » 26 srp 2010 15:07

Dakujem pekne za pomoc

Unlimited_Killer

Kolega je do neděle pryč, požádal mě o záskok, já ovšem můžu říct jen 'Není zač'.

VIRY.CZ

TROJAN V PC

Re: TROJAN V PC

Re: TROJAN V PC

Re: TROJAN V PC

Re: TROJAN V PC

Re: TROJAN V PC

Re: TROJAN V PC

Re: TROJAN V PC

Re: TROJAN V PC

Re: TROJAN V PC

Re: TROJAN V PC

Re: TROJAN V PC

Re: TROJAN V PC