VIRY.CZ

AVG našlo vir Rustock.m a nejde odstranit.
Prosím o kontrolu logu a pomoc

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2010-04-20 16:31:18
Systém Microsoft Windows XP Professional Service Pack 3
System drive H: has 83 GB (83%) free of 100 GB
Total RAM: 2047 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:31:25, on 20.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
H:\Program Files\AVG\AVG9\avgwdsvc.exe
H:\WINDOWS\avgagent.exe
H:\Program Files\AVG\AVG9\avgchsvx.exe
H:\Program Files\AVG\AVG9\avgrsx.exe
H:\Program Files\AVG\AVG9\avgcsrvx.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\AVG\AVG9\avgam.exe
H:\Program Files\AVG\AVG9\avgnsx.exe
H:\Program Files\AVG\AVG9\avgcsrvx.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\RTHDCPL.EXE
H:\WINDOWS\system32\RUNDLL32.EXE
H:\PROGRA~1\AVG\AVG9\avgtray.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\Program Files\AVG\AVG9\avgcsrvx.exe
H:\Documents and Settings\Administrator.EP9\Plocha\RSIT.exe
H:\Program Files\trend micro\Administrator.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18df081c-e8ad-4283-a596-fa578c2ebdc3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - H:\Program Files\AVG\AVG9\avgssie.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "H:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] H:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] H:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: e&xportovat do aplikace microsoft excel - res://H:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ep9.local
O17 - HKLM\Software\..\Telephony: DomainName = ep9.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ep9.local
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - H:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - H:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG9 Remote Support Service (AvgAgent) (avgagent) - Unknown owner - avgagent.exe (file missing)
O23 - Service: AVG9IDSAgent (avgidsagent) - AVG Technologies CZ, s.r.o. - H:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Služba inteligentního přenosu na pozadí (BITS) (BITS) - Unknown owner - H:\WINDOWS\
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Správce DSDM služby DDE v síti NetDDEdsdmTrkWks (NetDDEdsdmTrkWks) - Unknown owner - H:\WINDOWS\system32\1031f.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Automatické aktualizace (wuauserv) - Unknown owner - H:\WINDOWS\

--
End of file - 5015 bytes

======Scheduled tasks folder======

H:\WINDOWS\tasks\PCConfidential.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18df081c-e8ad-4283-a596-fa578c2ebdc3}]
Adobe PDF Link Helper - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3ca2f312-6f6e-4b53-a66e-4e65e497c8c0}]
AVG Safe Search - H:\Program Files\AVG\AVG9\avgssie.dll [2010-04-19 1615200]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"=H:\WINDOWS\SkyTel.EXE [2006-05-17 2879488]
"RTHDCPL"=H:\WINDOWS\RTHDCPL.EXE [2006-11-15 16270848]
"Alcmtr"=H:\WINDOWS\ALCMTR.EXE [2005-05-04 69632]
"NvCplDaemon"=H:\WINDOWS\system32\NvCpl.dll [2007-06-28 8466432]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=H:\WINDOWS\system32\NvMcTray.dll [2007-06-28 81920]
"Adobe Reader Speed Launcher"=H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=H:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"AVG9_TRAY"=H:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-04-19 2064736]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=H:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=H:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe [2009-02-03 240544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
H:\WINDOWS\system32\avgrsstx.dll [2010-04-13 12464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
H:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoWelcomeScreen"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"H:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="H:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"H:\WINDOWS\avgagent.exe"="H:\WINDOWS\avgagent.exe:*:Enabled:avgagent.exe"
"H:\Program Files\AVG\AVG8\avgam.exe"="H:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"H:\Program Files\AVG\AVG8\avgupd.exe"="H:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"H:\Program Files\AVG\AVG8\avgnsx.exe"="H:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"H:\Program Files\NetMeeting\conf.exe"="H:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"H:\Program Files\AVG\AVG9\avgdiagex.exe"="H:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"H:\Program Files\AVG\AVG9\avgam.exe"="H:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe"
"H:\Program Files\AVG\AVG9\avgupd.exe"="H:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"H:\Program Files\AVG\AVG9\avgnsx.exe"="H:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"

======List of files/folders created in the last 1 months======

2010-04-20 16:31:18 ----D---- H:\rsit
2010-04-20 16:31:18 ----D---- H:\Program Files\trend micro
2010-04-13 09:07:59 ----A---- H:\WINDOWS\system32\avgrsstx.dll
2010-04-13 08:58:06 ----HD---- H:\$AVG
2010-04-13 08:57:36 ----D---- H:\Documents and Settings\All Users\Data aplikací\avg9
2010-04-13 08:55:37 ----D---- H:\Documents and Settings\All Users\Data aplikací\Temp

======List of files/folders modified in the last 1 months======

2010-04-20 16:31:18 ----RD---- H:\Program Files
2010-04-20 16:31:17 ----D---- H:\WINDOWS\Temp
2010-04-20 16:29:37 ----D---- H:\WINDOWS\Prefetch
2010-04-20 16:22:15 ----D---- H:\WINDOWS\system32\CatRoot2
2010-04-20 16:21:39 ----D---- H:\WINDOWS\system32
2010-04-20 13:11:20 ----A---- H:\WINDOWS\SchedLgU.Txt
2010-04-20 13:08:49 ----D---- H:\WINDOWS\security
2010-04-19 14:10:30 ----D---- H:\WINDOWS\system32\drivers
2010-04-13 09:07:18 ----D---- H:\WINDOWS
2010-04-13 08:57:36 ----D---- H:\Program Files\AVG
2010-04-13 08:57:20 ----HD---- H:\Config.Msi
2010-04-13 08:57:19 ----SHD---- H:\WINDOWS\Installer
2010-04-13 08:57:19 ----D---- H:\WINDOWS\WinSxS
2010-04-13 08:57:03 ----D---- H:\Program Files\Common Files\Microsoft Shared
2010-04-12 18:19:36 ----A---- H:\WINDOWS\avgagent.ini
2010-04-12 16:58:15 ----A---- H:\WINDOWS\avgagent.exe
2010-03-29 08:36:47 ----A---- H:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; H:\WINDOWS\System32\Drivers\avgldx86.sys [2010-04-13 216200]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; H:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-04-13 29512]
R1 AvgTdiX;AVG8 Network Redirector; H:\WINDOWS\System32\Drivers\avgtdix.sys [2010-04-19 242896]
R1 intelppm;Řadič procesoru Intel; H:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; H:\WINDOWS\System32\drivers\ws2ifsl.sys [2007-08-02 12032]
R3 Arp1394;Protokol 1394 ARP Client; H:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller; H:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-10-31 35840]
R3 avgidsdriverxpx;AVG9IDSDriver; \??\H:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys []
R3 avgidsfilterxpx;AVG9IDSFilter; \??\H:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys []
R3 avgidsshimxpx;AVG9IDSShim; \??\H:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys []
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; H:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); H:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-16 4225920]
R3 MTsensor;ATK0110 ACPI UTILITY; H:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; H:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; H:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-06-28 6807328]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; H:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; H:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; H:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; H:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; H:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; H:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 WpdUsb;WpdUsb; H:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; H:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; H:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg9wd;AVG WatchDog; H:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-04-13 308064]
R2 avgagent;AVG9 Remote Support Service (AvgAgent); avgagent.exe /srvfsys []
R2 avgidsagent;AVG9IDSAgent; H:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-04-13 5888008]
R2 Net Driver HPZ12;Net Driver HPZ12; H:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 NVSvc;NVIDIA Display Driver Service; H:\WINDOWS\system32\nvsvc32.exe [2007-06-28 155716]
R2 Pml Driver HPZ12;Pml Driver HPZ12; H:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; H:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 NetDDEdsdmTrkWks;Správce DSDM služby DDE v síti NetDDEdsdmTrkWks; H:\WINDOWS\system32\1031f.exe srv []
S3 aspnet_state;ASP.NET State Service; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 odserv;Microsoft Office Diagnostics Service; H:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; H:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; H:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]

-----------------EOF-----------------

Zdravím


Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe

• Spusťte, poté do spodního políčka vložte následující skript.

• Označte položku Pro všechny uživatele.
• Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
• Klikněte na tlačítko Prohledat
• Po dokončení, sem vložte logy OTL.Txt a Extras.txt

Jak dlouho to pojede? Zustalo to viset na Manual fille scan -Getting fille structure

Pokud nebude OTL cca. 5 minut reagovat, tak restartujte PC a zkuste OTL v nouzovém režimu.

OTL logfile created on: 20.4.2010 16:50:13 - Run 1
OTL by OldTimer - Version 3.2.1.3 Folder = H:\Documents and Settings\Administrator.EP9\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): H:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program Files
C: Drive not present or media not loaded
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 97,65 Gb Total Space | 80,91 Gb Free Space | 82,85% Space Free | Partition Type: NTFS
Drive I: | 51,39 Gb Total Space | 51,31 Gb Free Space | 99,86% Space Free | Partition Type: NTFS
Drive N: | 465,73 Gb Total Space | 342,91 Gb Free Space | 73,63% Space Free | Partition Type: NTFS
Drive R: | 1828,86 Gb Total Space | 601,20 Gb Free Space | 32,87% Space Free | Partition Type: NTFS
Drive S: | 465,73 Gb Total Space | 342,91 Gb Free Space | 73,63% Space Free | Partition Type: NTFS
Drive X: | 1828,86 Gb Total Space | 601,20 Gb Free Space | 32,87% Space Free | Partition Type: NTFS

Computer Name: EXEKUTOR-21
Current User Name: administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.04.20 16:42:21 | 000,562,176 | ---- | M] (OldTimer Tools) -- H:\Documents and Settings\Administrator.EP9\Plocha\OTL.exe
PRC - [2010.04.19 14:10:25 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010.04.19 14:10:24 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010.04.13 09:18:40 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010.04.13 09:18:36 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010.04.13 09:18:31 | 000,596,488 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010.04.13 09:18:30 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010.04.13 09:18:29 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010.04.13 09:18:27 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010.04.13 09:18:26 | 000,836,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010.04.12 16:58:15 | 000,791,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\WINDOWS\avgagent.exe
PRC - [2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010.04.20 16:42:21 | 000,562,176 | ---- | M] (OldTimer Tools) -- H:\Documents and Settings\Administrator.EP9\Plocha\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (NetDDEdsdmTrkWks)
SRV - [2010.04.13 09:18:36 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- H:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010.04.13 09:18:30 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- H:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (avgidsagent)
SRV - [2010.04.12 16:58:15 | 000,791,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- H:\WINDOWS\avgagent.exe -- (avgagent) AVG9 Remote Support Service (AvgAgent)


========== Driver Services (SafeList) ==========

DRV - [2010.04.19 14:10:24 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- H:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010.04.13 09:18:40 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- H:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010.04.13 09:18:31 | 000,122,376 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- H:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (avgidsdriverxpx)
DRV - [2010.04.13 09:18:31 | 000,030,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- H:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (avgidsfilterxpx)
DRV - [2010.04.13 09:18:31 | 000,026,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- H:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (avgidsshimxpx)
DRV - [2010.04.13 09:18:31 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- H:\WINDOWS\System32\Drivers\AVGIDSxx.sys -- (avgidserhrxpx)
DRV - [2010.04.13 09:18:27 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- H:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010.04.13 09:18:26 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- H:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2008.04.13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007.06.28 18:43:00 | 006,807,328 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006.11.16 00:34:00 | 004,225,920 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006.10.31 21:10:06 | 000,035,840 | R--- | M] (Attansic Technology corporation.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\atl01_xp.sys -- (AtcL001)
DRV - [2004.08.13 20:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\s-1-5-21-1700143255-4060403972-1879100527-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2007.08.02 14:00:00 | 000,000,737 | ---- | M]) - H:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - H:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3 - HKU\s-1-5-21-1700143255-4060403972-1879100527-500\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] H:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG9_TRAY] H:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NvCplDaemon] H:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] H:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] H:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SkyTel] H:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-21-1700143255-4060403972-1879100527-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: e&xportovat do aplikace microsoft excel - H:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.158
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ep9.local
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - H:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - H:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - H:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - H:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: H:\WINDOWS\Web\Wallpaper\Nebe.bmp
O24 - Desktop BackupWallPaper: H:\WINDOWS\Web\Wallpaper\Nebe.bmp
O27 - HKLM IFEO\a2service.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ArcaCheck.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\arcavir.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ashDisp.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ashEnhcd.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ashServ.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ashUpd.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\aswUpdSv.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\autoruns.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avadmin.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avcenter.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avcls.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avconfig.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avconsol.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avgnt.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avgrssvc.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avguard.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\AvMonitor.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avp.com: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avp.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\AVP32.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avscan.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avz.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avz_se.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avz4.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\bdagent.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\bdinit.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\caav.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\caavguiscan.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\casecuritycenter.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\CCenter.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ccupdate.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\cfp.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\cfpupdat.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\cmdagent.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\drwadins.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\DRWEB32.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\drwebupw.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ekrn.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\FAMEH32.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\filemon.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\FPAVServer.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\fpscan.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\FPWin.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\fsav32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\fsgk32st.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\FSMA32.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\GFRing3.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\guardgui.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\guardxservice.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\guardxup.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\HijackThis.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KASMain.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KASTask.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KAV32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KAVDX.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KAVPF.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KAVPFW.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KAVStart.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KPFW32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KPFW32X.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Navapsvc.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Navapw32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\navigator.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\NAVNT.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\NAVSTUB.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\NAVW32.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\NAVWNT.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\niu.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\nod32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\nod32krn.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Nvcc.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\OllyDBG.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\outpost.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\preupd.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\procexp.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\pskdr.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\regedit.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\regmon.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\RegTool.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\scan32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\SfFnUp.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Vba32arkit.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\vba32ldr.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\vsserv.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Zanda.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\zapro.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Zlh.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\zonealarm.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\zoneband.dll: Debugger - ntsd -d (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.03.04 09:57:00 | 000,030,208 | ---- | M] () - N:\Autorizované konverze.doc -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - H:\WINDOWS\system32\ias [2007.11.21 23:02:51 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - H:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - H:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - H:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - H:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - H:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - H:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - H:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - H:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - H:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (55745656140070912)

========== Files/Folders - Created Within 30 Days ==========

[2010.04.20 16:42:21 | 000,562,176 | ---- | C] (OldTimer Tools) -- H:\Documents and Settings\Administrator.EP9\Plocha\OTL.exe
[2010.04.20 16:31:18 | 000,000,000 | ---D | C] -- H:\Program Files\trend micro
[2010.04.20 16:31:18 | 000,000,000 | ---D | C] -- H:\rsit
[2010.04.13 09:07:59 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- H:\WINDOWS\System32\avgrsstx.dll
[2010.04.13 09:07:22 | 000,000,000 | ---D | M] -- H:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[2010.04.13 08:58:06 | 000,000,000 | -H-D | C] -- H:\$AVG
[2010.04.13 08:57:49 | 000,025,096 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- H:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010.04.13 08:57:36 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Data aplikací\avg9
[2010.04.13 08:55:37 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Data aplikací\Temp
[2009.01.12 08:55:06 | 000,000,000 | ---D | M] -- H:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[2008.11.10 18:02:07 | 000,000,000 | --SD | M] -- H:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[2008.11.10 18:02:07 | 000,000,000 | --SD | M] -- H:\Documents and Settings\LocalService\Data aplikací\Microsoft
[5 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.04.20 16:51:35 | 000,101,952 | ---- | M] () -- H:\WINDOWS\System32\drivers\a129c789.sys
[2010.04.20 16:47:50 | 001,048,576 | ---- | M] () -- H:\Documents and Settings\Administrator.EP9\NTUSER.DAT
[2010.04.20 16:47:48 | 000,013,646 | ---- | M] () -- H:\WINDOWS\System32\wpa.dbl
[2010.04.20 16:47:41 | 000,000,416 | ---- | M] () -- H:\WINDOWS\tasks\PCConfidential.job
[2010.04.20 16:47:25 | 000,000,006 | -H-- | M] () -- H:\WINDOWS\tasks\SA.DAT
[2010.04.20 16:47:24 | 000,002,048 | --S- | M] () -- H:\WINDOWS\bootstat.dat
[2010.04.20 16:42:21 | 000,562,176 | ---- | M] (OldTimer Tools) -- H:\Documents and Settings\Administrator.EP9\Plocha\OTL.exe
[2010.04.20 14:53:06 | 000,781,909 | ---- | M] () -- H:\Documents and Settings\Administrator.EP9\Plocha\RSIT.exe
[2010.04.20 14:51:04 | 003,921,705 | ---- | M] () -- H:\Documents and Settings\Administrator.EP9\Plocha\ComboFix.exe
[2010.04.20 08:22:19 | 059,060,287 | ---- | M] () -- H:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010.04.19 14:10:24 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\WINDOWS\System32\drivers\avgtdix.sys
[2010.04.13 09:18:40 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\WINDOWS\System32\drivers\avgmfx86.sys
[2010.04.13 09:18:40 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\WINDOWS\System32\avgrsstx.dll
[2010.04.13 09:18:31 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- H:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010.04.13 09:18:27 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\WINDOWS\System32\drivers\avgldx86.sys
[2010.04.13 09:18:26 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\WINDOWS\System32\drivers\avgrkx86.sys
[2010.04.13 08:57:51 | 000,001,507 | ---- | M] () -- H:\Documents and Settings\All Users\Plocha\AVG 9.0.lnk
[2010.04.13 08:57:49 | 000,113,461 | ---- | M] () -- H:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010.04.12 18:19:36 | 000,000,042 | ---- | M] () -- H:\WINDOWS\avgagent.ini
[2010.04.12 16:58:15 | 000,791,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\WINDOWS\avgagent.exe
[2010.04.12 16:58:15 | 000,010,366 | ---- | M] () -- H:\WINDOWS\avgagent_jp.lng
[2010.04.12 16:58:15 | 000,007,544 | ---- | M] () -- H:\WINDOWS\avgagent_ge.lng
[2010.04.12 16:58:15 | 000,007,415 | ---- | M] () -- H:\WINDOWS\avgagent_it.lng
[2010.04.12 16:58:15 | 000,007,340 | ---- | M] () -- H:\WINDOWS\avgagent_pb.lng
[2010.04.12 16:58:15 | 000,007,307 | ---- | M] () -- H:\WINDOWS\avgagent_fr.lng
[2010.04.12 16:58:15 | 000,007,024 | ---- | M] () -- H:\WINDOWS\avgagent_cz.lng
[2010.04.12 16:58:15 | 000,006,840 | ---- | M] () -- H:\WINDOWS\avgagent_us.lng
[2010.03.29 08:36:47 | 000,942,834 | ---- | M] () -- H:\WINDOWS\System32\PerfStringBackup.INI
[2010.03.29 08:36:47 | 000,400,600 | ---- | M] () -- H:\WINDOWS\System32\perfh009.dat
[2010.03.29 08:36:47 | 000,398,316 | ---- | M] () -- H:\WINDOWS\System32\perfh005.dat
[2010.03.29 08:36:47 | 000,071,746 | ---- | M] () -- H:\WINDOWS\System32\perfc005.dat
[2010.03.29 08:36:47 | 000,060,760 | ---- | M] () -- H:\WINDOWS\System32\perfc009.dat
[5 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.04.20 16:28:56 | 000,781,909 | ---- | C] () -- H:\Documents and Settings\Administrator.EP9\Plocha\RSIT.exe
[2010.04.20 16:28:52 | 003,921,705 | ---- | C] () -- H:\Documents and Settings\Administrator.EP9\Plocha\ComboFix.exe
[2010.04.13 08:57:51 | 000,001,507 | ---- | C] () -- H:\Documents and Settings\All Users\Plocha\AVG 9.0.lnk
[2010.04.12 18:19:36 | 000,010,366 | ---- | C] () -- H:\WINDOWS\avgagent_jp.lng
[2009.06.03 10:14:06 | 000,101,952 | ---- | C] () -- H:\WINDOWS\System32\drivers\a129c789.sys
[2009.02.06 12:36:04 | 000,000,000 | ---- | C] () -- H:\WINDOWS\HPMProp.INI
[2008.12.19 14:42:44 | 000,000,160 | ---- | C] () -- H:\WINDOWS\System32\AddPort.ini
[2008.12.19 14:42:20 | 000,000,666 | ---- | C] () -- H:\WINDOWS\hpntwksetup.ini
[2008.12.19 14:40:17 | 000,000,308 | ---- | C] () -- H:\Documents and Settings\All Users\Data aplikací\hpzinstall.log
[2008.11.07 15:38:53 | 000,000,042 | ---- | C] () -- H:\WINDOWS\avgagent.ini
[2008.04.08 18:11:28 | 000,000,178 | -HS- | C] () -- H:\Documents and Settings\Administrator.EP9\ntuser.ini
[2008.04.08 18:11:27 | 000,192,512 | -H-- | C] () -- H:\Documents and Settings\Administrator.EP9\ntuser.dat.LOG
[2008.04.08 18:11:26 | 001,048,576 | ---- | C] () -- H:\Documents and Settings\Administrator.EP9\NTUSER.DAT
[2007.11.30 13:00:07 | 000,009,406 | RHS- | C] () -- H:\Documents and Settings\All Users\ntuser.pol
[2007.11.21 22:25:02 | 000,011,649 | ---- | C] () -- H:\WINDOWS\Ascd_tmp.ini
[2007.11.21 22:25:02 | 000,005,810 | R--- | C] () -- H:\WINDOWS\System32\drivers\ASACPI.sys
[2007.11.21 22:24:47 | 000,010,288 | ---- | C] () -- H:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007.06.28 18:43:00 | 001,703,936 | ---- | C] () -- H:\WINDOWS\System32\nvwdmcpl.dll
[2007.06.28 18:43:00 | 001,474,560 | ---- | C] () -- H:\WINDOWS\System32\nview.dll
[2007.06.28 18:43:00 | 001,019,904 | ---- | C] () -- H:\WINDOWS\System32\nvwimg.dll
[2007.06.28 18:43:00 | 000,466,944 | ---- | C] () -- H:\WINDOWS\System32\nvshell.dll
[2007.06.28 18:43:00 | 000,286,720 | ---- | C] () -- H:\WINDOWS\System32\nvnt4cpl.dll
[2001.07.07 05:00:00 | 000,003,165 | ---- | C] () -- H:\WINDOWS\System32\HPTCPMON.INI

========== LOP Check ==========

[2009.06.09 16:25:20 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Administrator.EP9\Data aplikací\ICQ Toolbar
[2010.04.13 09:06:18 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Data aplikací\avg9
[2007.11.21 22:46:22 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Data aplikací\ESET
[2010.04.13 08:55:37 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Data aplikací\Temp
[2009.05.22 13:12:00 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Data aplikací\Winferno
[2008.10.20 12:49:10 | 000,000,000 | ---D | M] -- H:\Documents and Settings\brigada.EP9\Data aplikací\ICQ Toolbar
[2008.05.26 15:23:06 | 000,000,000 | ---D | M] -- H:\Documents and Settings\filipova\Data aplikací\ICQ
[2009.06.05 15:34:28 | 000,000,000 | ---D | M] -- H:\Documents and Settings\filipova\Data aplikací\ICQ Toolbar
[2008.07.08 16:29:25 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Michlova\Data aplikací\ICQ Toolbar
[2007.11.21 22:47:43 | 000,000,000 | ---D | M] -- H:\Documents and Settings\User\Data aplikací\ESET
[2010.04.20 16:47:41 | 000,000,416 | ---- | M] () -- H:\WINDOWS\Tasks\PCConfidential.job

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = H:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 05:22:17 | 000,015,360 | ---- | M] (Microsoft Corporation)

< c:\windows\*.* /U >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2009.06.09 16:25:58 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Administrator.EP9\Data aplikací\Adobe
[2009.06.09 16:25:20 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Administrator.EP9\Data aplikací\ICQ Toolbar
[2008.04.08 18:11:33 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Administrator.EP9\Data aplikací\Identities
[2009.06.09 16:26:23 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Administrator.EP9\Data aplikací\Macromedia
[2009.08.25 10:08:26 | 000,000,000 | --SD | M] -- H:\Documents and Settings\Administrator.EP9\Data aplikací\Microsoft

< %APPDATA%\*.exe /s >


< MD5 for: AGP440.SYS >
[2007.08.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- H:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009.01.12 08:27:14 | 023,890,583 | ---- | M] () .cab file -- H:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009.01.12 08:27:14 | 023,890,583 | ---- | M] () .cab file -- H:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- H:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- H:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2007.08.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- H:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009.01.12 08:27:14 | 023,890,583 | ---- | M] () .cab file -- H:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009.01.12 08:27:14 | 023,890,583 | ---- | M] () .cab file -- H:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- H:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- H:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- H:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2007.08.02 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- H:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- H:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys

< MD5 for: CRYPTSVC.DLL >
[2007.08.02 14:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- H:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- H:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- H:\WINDOWS\system32\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- H:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- H:\WINDOWS\system32\eventlog.dll
[2007.08.02 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- H:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- H:\WINDOWS\explorer.exe
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- H:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007.08.02 14:00:00 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- H:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007.06.13 15:11:59 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=9B32416BD5988C97B6397CE0B02CAF97 -- H:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007.06.13 15:23:39 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=ED7B460B142A32097B8A8F6ECC941815 -- H:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: HAL.DLL >
[2007.08.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- H:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2009.01.12 08:27:14 | 023,890,583 | ---- | M] () .cab file -- H:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2009.01.12 08:27:14 | 023,890,583 | ---- | M] () .cab file -- H:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 20:31:28 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- H:\WINDOWS\system32\HAL.DLL
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- H:\WINDOWS\ServicePackFiles\i386\hal.dll
[2007.08.02 14:00:00 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- H:\WINDOWS\$NtServicePackUninstall$\hal.dll

< MD5 for: CHANGER.SYS >
[2007.08.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- H:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2009.01.12 08:27:14 | 023,890,583 | ---- | M] () .cab file -- H:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2009.01.12 08:27:14 | 023,890,583 | ---- | M] () .cab file -- H:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- H:\WINDOWS\ServicePackFiles\i386\changer.sys

< MD5 for: LSASS.EXE >
[2007.08.02 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- H:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- H:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- H:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- H:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- H:\WINDOWS\system32\drivers\ndis.sys
[2007.08.02 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- H:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2007.08.02 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- H:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- H:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- H:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2007.08.02 14:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- H:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- H:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- H:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2007.08.02 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- H:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- H:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- H:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- H:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- H:\WINDOWS\system32\svchost.exe
[2007.08.02 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- H:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2006.04.20 13:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- H:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- H:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2007.10.30 18:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- H:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- H:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2007.10.30 19:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- H:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- H:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- H:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- H:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- H:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- H:\WINDOWS\system32\drivers\tcpip.sys
[2007.08.02 14:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- H:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- H:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006.04.20 14:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- H:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- H:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- H:\WINDOWS\system32\userinit.exe
[2007.08.02 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- H:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2007.08.02 14:00:00 | 000,506,880 | ---- | M] (Microsoft Corporation) MD5=051A52001D625F316CE81A539BD25192 -- H:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- H:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- H:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2007.08.02 14:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- H:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- H:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- H:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.04.20 17:11:00 | 000,101,952 | ---- | M] () Unable to obtain MD5 -- H:\WINDOWS\system32\drivers\a129c789.sys

< %systemroot%\System32\config\*.sav >
[2007.11.21 23:07:17 | 000,094,208 | ---- | M] () -- H:\WINDOWS\system32\config\default.sav
[2007.11.21 23:07:17 | 000,663,552 | ---- | M] () -- H:\WINDOWS\system32\config\software.sav
[2007.11.21 23:07:17 | 000,487,424 | ---- | M] () -- H:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< End of report >

OTL Extras logfile created on: 20.4.2010 16:50:13 - Run 1
OTL by OldTimer - Version 3.2.1.3 Folder = H:\Documents and Settings\Administrator.EP9\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): H:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program Files
C: Drive not present or media not loaded
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 97,65 Gb Total Space | 80,91 Gb Free Space | 82,85% Space Free | Partition Type: NTFS
Drive I: | 51,39 Gb Total Space | 51,31 Gb Free Space | 99,86% Space Free | Partition Type: NTFS
Drive N: | 465,73 Gb Total Space | 342,91 Gb Free Space | 73,63% Space Free | Partition Type: NTFS
Drive R: | 1828,86 Gb Total Space | 601,20 Gb Free Space | 32,87% Space Free | Partition Type: NTFS
Drive S: | 465,73 Gb Total Space | 342,91 Gb Free Space | 73,63% Space Free | Partition Type: NTFS
Drive X: | 1828,86 Gb Total Space | 601,20 Gb Free Space | 32,87% Space Free | Partition Type: NTFS

Computer Name: EXEKUTOR-21
Current User Name: administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "H:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "H:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"6150:TCP" = 6150:TCP:*:Enabled:avgagent.exe
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"H:\WINDOWS\avgagent.exe" = H:\WINDOWS\avgagent.exe:*:Enabled:avgagent.exe -- (AVG Technologies CZ, s.r.o.)
"H:\Program Files\AVG\AVG8\avgam.exe" = H:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe -- File not found
"H:\Program Files\AVG\AVG8\avgupd.exe" = H:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"H:\Program Files\AVG\AVG8\avgnsx.exe" = H:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found
"H:\Program Files\NetMeeting\conf.exe" = H:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting® -- (Microsoft Corporation)
"H:\Program Files\AVG\AVG9\avgdiagex.exe" = H:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"H:\Program Files\AVG\AVG9\avgam.exe" = H:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"H:\Program Files\AVG\AVG9\avgupd.exe" = H:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"H:\Program Files\AVG\AVG9\avgnsx.exe" = H:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"H:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = H:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F698102-5739-441E-96F0-74F4EA540F06}" = Attansic Giga Ethernet Utility
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{6F801026-6AF0-4520-9153-4C9B4CAAB361}" = HP LaserJet P2050 Series 1.0
"{7fe1b36e-a269-451d-85f4-43fbc63778f3}" = 602XML Filler
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89B6F63A-7E0C-424A-9D39-C4EF59E96D78}" = hppQFolderP2050
"{90120000-0010-0405-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Czech) 12
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_PROHYBRIDR_{CB5EC6E0-FC8C-469B-A067-DEC8C6D17C59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_PROHYBRIDR_{CB5EC6E0-FC8C-469B-A067-DEC8C6D17C59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_PROHYBRIDR_{CB5EC6E0-FC8C-469B-A067-DEC8C6D17C59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_PROHYBRIDR_{CB5EC6E0-FC8C-469B-A067-DEC8C6D17C59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_PROHYBRIDR_{CB5EC6E0-FC8C-469B-A067-DEC8C6D17C59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_PROHYBRIDR_{CB5EC6E0-FC8C-469B-A067-DEC8C6D17C59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_PROHYBRIDR_{3C3813E1-C370-4F32-9639-8B43C7C780CD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_PROHYBRIDR_{F67648A4-713E-4298-BBAD-A83D8283B0F3}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_PROHYBRIDR_{2659571A-3405-4486-B7D8-2F125BC0E3B2}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{ac76ba86-7ad7-1029-7b44-a92000000001}" = Adobe Reader 9.2 - Czech
"{AFAF626C-D2E6-455C-9A5A-ACDF049A6168}" = ASUS nVidia Driver
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AtcL1" = Attansic L1 Gigabit Ethernet Driver
"avg9uninstall" = AVG 9.0
"ccleaner" = CCleaner (remove only)
"hijackthis" = HijackThis 2.0.2
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"PROHYBRIDR" = 2007 Microsoft Office system
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 13.7.2009 1:21:50 | Computer Name = EXEKUTOR-21 | Source = Userenv | ID = 1054
Description = Systém Windows nemůže získat název řadiče domény vaší sítě. (Zadaná
doména neexistuje nebo není k dispozici. ). Zpracovávání zásad skupin bylo zastaveno.


Error - 13.7.2009 1:21:51 | Computer Name = EXEKUTOR-21 | Source = AutoEnrollment | ID = 15
Description = Automatickému zápisu certifikátu pro Local System se nezdařilo kontaktovat
adresář Active Directory(0x8007054b). Zadaná doména neexistuje nebo není k dispozici.

Zápis nebude proveden.

Error - 13.7.2009 16:41:00 | Computer Name = EXEKUTOR-21 | Source = Userenv | ID = 1030
Description = Systém Windows nemůže získat seznam objektů zásad skupiny. Zpráva
popisující důvod tohoto omezení byla již dříve protokolována tímto modulem zásad.

Error - 15.7.2009 1:44:36 | Computer Name = EXEKUTOR-21 | Source = Userenv | ID = 1054
Description = Systém Windows nemůže získat název řadiče domény vaší sítě. (Zadaná
doména neexistuje nebo není k dispozici. ). Zpracovávání zásad skupin bylo zastaveno.


Error - 15.7.2009 1:44:37 | Computer Name = EXEKUTOR-21 | Source = AutoEnrollment | ID = 15
Description = Automatickému zápisu certifikátu pro Local System se nezdařilo kontaktovat
adresář Active Directory(0x8007054b). Zadaná doména neexistuje nebo není k dispozici.

Zápis nebude proveden.

Error - 16.7.2009 1:17:17 | Computer Name = EXEKUTOR-21 | Source = Userenv | ID = 1054
Description = Systém Windows nemůže získat název řadiče domény vaší sítě. (Zadaná
doména neexistuje nebo není k dispozici. ). Zpracovávání zásad skupin bylo zastaveno.


Error - 16.7.2009 1:17:17 | Computer Name = EXEKUTOR-21 | Source = AutoEnrollment | ID = 15
Description = Automatickému zápisu certifikátu pro Local System se nezdařilo kontaktovat
adresář Active Directory(0x8007054b). Zadaná doména neexistuje nebo není k dispozici.

Zápis nebude proveden.

Error - 17.7.2009 1:20:31 | Computer Name = EXEKUTOR-21 | Source = Userenv | ID = 1054
Description = Systém Windows nemůže získat název řadiče domény vaší sítě. (Zadaná
doména neexistuje nebo není k dispozici. ). Zpracovávání zásad skupin bylo zastaveno.


Error - 17.7.2009 1:20:33 | Computer Name = EXEKUTOR-21 | Source = AutoEnrollment | ID = 15
Description = Automatickému zápisu certifikátu pro Local System se nezdařilo kontaktovat
adresář Active Directory(0x8007054b). Zadaná doména neexistuje nebo není k dispozici.

Zápis nebude proveden.

Error - 17.7.2009 4:36:17 | Computer Name = EXEKUTOR-21 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 evolio7 r1.exe, P2 7.50.17.108, P3 49ca33b9,
P4 system.data, P5 2.0.0.0, P6 471ebf27, P7 7a8, P8 29, P9 system.data.rownotintable,
P10 NIL.

[ OSession Events ]
Error - 18.9.2009 7:55:04 | Computer Name = EXEKUTOR-21 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 25
seconds with 0 seconds of active time. This session ended with a crash.

Error - 18.9.2009 8:41:37 | Computer Name = EXEKUTOR-21 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.

Error - 18.9.2009 8:41:54 | Computer Name = EXEKUTOR-21 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

Error - 18.9.2009 8:44:54 | Computer Name = EXEKUTOR-21 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 18.9.2009 8:48:43 | Computer Name = EXEKUTOR-21 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 169
seconds with 120 seconds of active time. This session ended with a crash.

Error - 18.9.2009 8:49:19 | Computer Name = EXEKUTOR-21 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 18.9.2009 9:23:52 | Computer Name = EXEKUTOR-21 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 25
seconds with 0 seconds of active time. This session ended with a crash.

Error - 21.9.2009 8:41:59 | Computer Name = EXEKUTOR-21 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.

Error - 29.9.2009 8:57:27 | Computer Name = EXEKUTOR-21 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 80
seconds with 60 seconds of active time. This session ended with a crash.

Error - 11.1.2010 5:12:33 | Computer Name = EXEKUTOR-21 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 14
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 20.4.2010 2:19:23 | Computer Name = EXEKUTOR-21 | Source = Service Control Manager | ID = 7000
Description = Služba Automatické aktualizace neuspěla při spuštění v důsledku následující
chyby: %%2

Error - 20.4.2010 7:08:41 | Computer Name = EXEKUTOR-21 | Source = Service Control Manager | ID = 7000
Description = Služba Služba inteligentního přenosu na pozadí (BITS) neuspěla při
spuštění v důsledku následující chyby: %%2

Error - 20.4.2010 7:08:41 | Computer Name = EXEKUTOR-21 | Source = Service Control Manager | ID = 7000
Description = Služba Automatické aktualizace neuspěla při spuštění v důsledku následující
chyby: %%2

Error - 20.4.2010 10:21:36 | Computer Name = EXEKUTOR-21 | Source = NETLOGON | ID = 5719
Description = V doméně EP9 není k dispozici žádný řadič domény z důvodu: %%1311.

Přesvědčte
se, zda je počítač připojen k síti a akci opakujte. Pokud budou potíže trvat, obraťte
se na správce domény.

Error - 20.4.2010 10:21:47 | Computer Name = EXEKUTOR-21 | Source = Service Control Manager | ID = 7000
Description = Služba Služba inteligentního přenosu na pozadí (BITS) neuspěla při
spuštění v důsledku následující chyby: %%2

Error - 20.4.2010 10:21:47 | Computer Name = EXEKUTOR-21 | Source = Service Control Manager | ID = 7000
Description = Služba Automatické aktualizace neuspěla při spuštění v důsledku následující
chyby: %%2

Error - 20.4.2010 10:27:48 | Computer Name = EXEKUTOR-21 | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %2 při pokusu o spuštění služby wuauserv
s argumenty za účelem spuštění serveru: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 20.4.2010 10:27:48 | Computer Name = EXEKUTOR-21 | Source = Service Control Manager | ID = 7000
Description = Služba Automatické aktualizace neuspěla při spuštění v důsledku následující
chyby: %%2

Error - 20.4.2010 10:47:31 | Computer Name = EXEKUTOR-21 | Source = Service Control Manager | ID = 7000
Description = Služba Služba inteligentního přenosu na pozadí (BITS) neuspěla při
spuštění v důsledku následující chyby: %%2

Error - 20.4.2010 10:47:31 | Computer Name = EXEKUTOR-21 | Source = Service Control Manager | ID = 7000
Description = Služba Automatické aktualizace neuspěla při spuštění v důsledku následující
chyby: %%2


< End of report >

Co dál prosím.

Spusťte OTL a do spodního okna vložte následující skript. Poté klikněte na Opravit, PC se restartuje, log vložte sem.




Start > Spustit (Win + R) > napište regedit.exe > OK

• Najděte následující klíče klíče (je možné, že tam některý nebude)

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BITS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\wuauserv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BITS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\wuauserv
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv

• Najďěte složky BITS a wuauserv (u všech klíčů výše uvedených), klikněte na ně pravým tlačítkem myši, vyberte možnost "Oprávnění". Dejte "Povolit vše".

Potom v pravém okénku najdete hodnotu ImagePath, klikněte na ni pravým tl. myši a zvolte možnost "Změnit".
Zobrazí se Vám okénko s cestou (%fystemRoot%\system32\svchost.exe -k netsvcs)
Vy musíte přepsat písmenko F na s
aby cesta byla (%systemRoot%\system32\svchost.exe -k netsvcs)

Tady je log po restartu a ted jdu na ty registry

All processes killed
========== OTL ==========
Service NetDDEdsdmTrkWks stopped successfully!
Service NetDDEdsdmTrkWks deleted successfully!
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\Domain| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a2service.exe\ deleted successfully.
H:\WINDOWS\System32\ntsd.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArcaCheck.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arcavir.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashEnhcd.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcls.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP32.EXE\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avscan.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz_se.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz4.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdinit.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caav.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caavguiscan.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\casecuritycenter.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccupdate.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwadins.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRWEB32.EXE\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FAMEH32.EXE\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filemon.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVServer.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fpscan.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPWin.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav32.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsgk32st.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSMA32.EXE\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFRing3.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxservice.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxup.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPF.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVNT.EXE\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSTUB.EXE\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVW32.EXE\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVWNT.EXE\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\niu.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcc.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OllyDBG.EXE\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\preupd.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pskdr.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regmon.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegTool.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SfFnUp.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Vba32arkit.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vba32ldr.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zanda.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zlh.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zoneband.dll\ deleted successfully.
File ntsd -d not found.
H:\WINDOWS\002913_.tmp deleted successfully.
H:\WINDOWS\SET25.tmp deleted successfully.
H:\WINDOWS\SET3.tmp deleted successfully.
H:\WINDOWS\SET4.tmp deleted successfully.
H:\WINDOWS\SET8.tmp deleted successfully.
File move failed. H:\WINDOWS\system32\drivers\a129c789.sys scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: administrator
->Temp folder emptied: 5656457 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Administrator.EP9
->Temp folder emptied: 1882310 bytes
->Temporary Internet Files folder emptied: 2324470 bytes
->Flash cache emptied: 564 bytes

User: Administrator.PC-AGEN-02
->Temp folder emptied: 587193 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: brigada
->Temp folder emptied: 1091754 bytes
->Temporary Internet Files folder emptied: 869496636 bytes
->Flash cache emptied: 7132 bytes

User: brigada.EP9
->Temp folder emptied: 977457 bytes
->Temporary Internet Files folder emptied: 6653929 bytes
->Flash cache emptied: 405 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: dubska
->Temp folder emptied: 587193 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: filipova
->Temp folder emptied: 245828475 bytes
->Temporary Internet Files folder emptied: 31745901 bytes
->Flash cache emptied: 72959 bytes

User: kropacova
->Temp folder emptied: 969715 bytes
->Temporary Internet Files folder emptied: 2528715 bytes
->Flash cache emptied: 405 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: malikova
->Temp folder emptied: 3960581 bytes
->Temporary Internet Files folder emptied: 1028842806 bytes
->Flash cache emptied: 719 bytes

User: Michlova
->Temp folder emptied: 968633 bytes
->Temporary Internet Files folder emptied: 2530608 bytes
->Flash cache emptied: 348 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: User
->Temp folder emptied: 1757508 bytes
->Temporary Internet Files folder emptied: 21979691 bytes
->Flash cache emptied: 348 bytes

User: zelenkova
->Temp folder emptied: 966745 bytes
->Temporary Internet Files folder emptied: 7420757 bytes
->Flash cache emptied: 564 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 20784062 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2 155,00 mb


[EMPTYFLASH]

User: administrator

User: Administrator.EP9
->Flash cache emptied: 0 bytes

User: Administrator.PC-AGEN-02

User: All Users

User: brigada
->Flash cache emptied: 0 bytes

User: brigada.EP9
->Flash cache emptied: 0 bytes

User: Default User

User: dubska

User: filipova
->Flash cache emptied: 0 bytes

User: kropacova
->Flash cache emptied: 0 bytes

User: LocalService

User: malikova
->Flash cache emptied: 0 bytes

User: Michlova
->Flash cache emptied: 0 bytes

User: NetworkService

User: User
->Flash cache emptied: 0 bytes

User: zelenkova
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

Restore points cleared and new OTL Restore Point set!
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

OTL by OldTimer - Version 3.2.1.3 log created on 04202010_180746

Files\Folders moved on Reboot...
File move failed. H:\WINDOWS\system32\drivers\a129c789.sys scheduled to be moved on reboot.
H:\Documents and Settings\Administrator.EP9\Local Settings\Temporary Internet Files\Content.IE5\8LQBCDYF\afr[1].htm moved successfully.
File\Folder H:\Documents and Settings\filipova\Local Settings\Temp\Temporary Internet Files\Content.IE5\81QBC9IR\ChISBKCIkzlmpDkY5gf4MDapEvN3kmXLIX-2P_TnLSoLb5IP9W0XDttHNOLj3ibnwmXPFIWOQ_yPfg7IP-iJOYQoLf3GPFWRfMMEaeerPAP2a_giABZBJvTR4vaEXnWTwkyyr9Wt-NiC5uCrqLr8Toix7I2jSIOBnKUEnF7h6[1].gif not found!
File\Folder H:\Documents and Settings\filipova\Local Settings\Temp\Temporary Internet Files\Content.IE5\0HU7ODEZ\3aey0C4Meuxzj1JtDYZ25VHInIAxNpFt0qRCPnqqrHBmIXhnNnDK08Kw_ZWkrin9I3EMm29UbRjdLWy0VNFimxh50Swl7clT1vAWVtwQxIP6Wun7oCkvBNOibBKJoZ6i3XpMdCiGbg59Jbl-OFeWvXQf86B4BjLsNkJLVDWEe[1].gif not found!

Registry entries deleted on Reboot...

Poté napište, jak to dopadlo.

Je tam stále.

Napište mi prosím cestu k souboru, který je podle AVG vir.

"H:\WINDOWS\system32\services.exe (812):\memory_009d0000";"Rozpoznán virus Win32/Rustock.M";"Objekt je nedostupný."
"H:\WINDOWS\system32\services.exe (812)";"Rozpoznán virus Win32/Rustock.M";""

Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary
• Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrazí stránka s licenčními podmínkami, pokračujte stisknutím tlačítka "Ano"
• Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna
• Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.
• Během skenování může být počítač restartován.

Nemohu vypnout AVG. Mým ho na chvíli odinstalovat?