Win32/Bubnix.AB ; Win32/Rootkit.Kryptik.AF

[vhanus]

Zdravím,

dostal se mně do ruky jeden PC.
ESET každý den hází do karantény mnoho souborů buď BUBNIX, nebo Kryptik.

Je toho tam tolik, že radši nejdřív posílám log z RSITu.

Děkuji za radu


Logfile of random's system information tool 1.06 (written by random/random)
Run by zemanek at 2010-04-21 12:39:51
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 34 GB (44%) free of 76 GB
Total RAM: 2039 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:40:00, on 21.4.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Altap Salamander 2.5\salamand.exe
C:\Program Files\Corel\Graphics9\Programs\coreldrw.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Documents and Settings\zemanek\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\zemanek\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\zemanek\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\zemanek\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\NTR global\NTRsupport Installable RC\installablerc.exe
C:\totalcmd\TOTALCMD.EXE
C:\INSTALL\aa\RSIT.exe
E:\!Servis!\zemanek.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8978079510
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://host13.nwt.cz/activex/AMC.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://212.80.66.25/activex/AxisCamControl.cab
O16 - DPF: {CE40C3F1-3DF5-4461-A521-810923235628} (JOJ_Explorer_Player Control) - http://www.joj.sk/fileadmin/joj_player/ ... Player.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mullerpharma.local
O17 - HKLM\Software\..\Telephony: DomainName = mullerpharma.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = mullerpharma.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = mullerpharma.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = mullerpharma.local
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = mullerpharma.local
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: Domain = mullerpharma.local
O17 - HKLM\System\CS6\Services\Tcpip\Parameters: Domain = mullerpharma.local
O17 - HKLM\System\CS7\Services\Tcpip\Parameters: Domain = mullerpharma.local
O17 - HKLM\System\CS8\Services\Tcpip\Parameters: Domain = mullerpharma.local
O17 - HKLM\System\CS9\Services\Tcpip\Parameters: Domain = mullerpharma.local
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: NTRsupport Installable RC (installablerc) - NTRglobal - C:\Program Files\NTR global\NTRsupport Installable RC\installablerc.exe

--
End of file - 6905 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3056383651-3781826349-1766403218-1142Core1cab906d5823e22.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3056383651-3781826349-1766403218-1142Core1ca5babef3223d7.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-02-08 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-02-08 126976]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2004-10-27 61952]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-07-08 925696]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2005-05-31 716800]
"Synchronization Manager"=C:\WINDOWS\system32\mobsync.exe [2004-08-18 143872]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [2005-11-10 36975]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2005-12-09 35328]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-03-16 282624]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-05-14 2029640]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-18 15360]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2010-03-09 26100520]
"Advanced SystemCare 3"=C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe [2010-03-29 2343120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-02-08 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\installablerc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoResolveSearch"=
"NoWelcomeScreen"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. The whole world can talk for free."

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer"
"C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE"="C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE:*:Enabled:Microsoft Office PowerPoint"
"C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe"="C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe:*:Enabled:VoipDiscount"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. The whole world can talk for free."

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d1101f9-dc9a-11dd-a207-0013d49dd02f}]
shell\AutoRun\command - E:\PStart.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2ab2571-af7f-11db-9ff2-0013d49dd02f}]
shell\AutoRun\command - wd_windows_tools\setup.exe


======List of files/folders created in the last 1 months======

2010-04-21 12:39:51 ----D---- C:\rsit
2010-04-21 12:34:57 ----D---- C:\Program Files\NTR global
2010-04-21 12:34:17 ----D---- C:\Documents and Settings\zemanek\Data aplikací\ntr
2010-04-16 07:09:15 ----HD---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-16 07:08:57 ----HD---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-16 07:06:06 ----HD---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-16 07:05:47 ----HD---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-14 08:35:50 ----HD---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-14 08:35:41 ----HD---- C:\WINDOWS\$NtUninstallKB979309$
2010-03-30 06:51:17 ----D---- C:\Program Files\Common Files\Skype

======List of files/folders modified in the last 1 months======

2010-04-21 12:39:42 ----A---- C:\WINDOWS\wincmd.ini
2010-04-20 15:15:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-16 07:09:10 ----A---- C:\WINDOWS\imsins.BAK
2010-04-06 19:52:54 ----A---- C:\WINDOWS\system32\MRT.exe
2010-03-31 11:05:56 ----A---- C:\WINDOWS\barcode.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-05-14 94360]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-18 39936]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-05-14 114472]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-07-08 135168]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-07-08 127872]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-10-27 138240]
R3 HidBatt;Ovladač baterie zdroje UPS standardu HID; C:\WINDOWS\system32\DRIVERS\HidBatt.sys [2001-08-17 19200]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-02-08 804572]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2005-07-08 393088]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S1 SASDIFSV;SASDIFSV; \??\C:\DOCUME~1\zemanek\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS []
S1 SASKUTIL;SASKUTIL; \??\C:\DOCUME~1\zemanek\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys []
S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-27 145920]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-03 15360]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-04-04 47360]
S3 SASENUM;SASENUM; \??\C:\DOCUME~1\zemanek\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 TridVid;TM6000 TV Service; C:\WINDOWS\system32\DRIVERS\TridVid.sys [2007-12-24 230528]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]
R2 installablerc;NTRsupport Installable RC; C:\Program Files\NTR global\NTRsupport Installable RC\installablerc.exe [2009-08-31 430236]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-05-14 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Caroprd111]

Zdravím


Doporučuji odinstalovat Advanced SystemCare 3.


Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe

• Spusťte, poté do spodního políčka vložte následující skript.

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys 
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys 
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav 
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
CREATERESTOREPOINT

• Označte položku Pro všechny uživatele.
• Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
• Klikněte na tlačítko Prohledat
• Po dokončení, sem vložte logy OTL.Txt a Extras.txt

[vhanus]

Zde OTL.TXT:


OTL logfile created on: 21.4.2010 19:35:31 - Run 1
OTL by OldTimer - Version 3.2.1.3 Folder = C:\Documents and Settings\zemanek\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 69,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,51 Gb Total Space | 33,04 Gb Free Space | 44,34% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 82,80 Gb Total Space | 16,61 Gb Free Space | 20,06% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 63,41 Gb Total Space | 1,33 Gb Free Space | 2,10% Space Free | Partition Type: NTFS
Drive P: | 82,80 Gb Total Space | 16,61 Gb Free Space | 20,06% Space Free | Partition Type: NTFS
Drive U: | 63,41 Gb Total Space | 1,33 Gb Free Space | 2,10% Space Free | Partition Type: NTFS
Drive X: | 63,41 Gb Total Space | 1,33 Gb Free Space | 2,10% Space Free | Partition Type: NTFS
Drive Z: | 82,80 Gb Total Space | 16,61 Gb Free Space | 20,06% Space Free | Partition Type: NTFS

Computer Name: ZEMANEK
Current User Name: zemanek
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.04.21 19:34:04 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\zemanek\Plocha\OTL.exe
PRC - [2009.08.31 12:59:04 | 000,430,236 | ---- | M] (NTRglobal) -- C:\Program Files\NTR global\NTRsupport Installable RC\installablerc.exe
PRC - [2009.05.14 15:47:54 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009.05.14 15:47:08 | 002,029,640 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2007.06.13 15:23:40 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005.12.09 07:30:02 | 000,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2005.11.10 13:03:52 | 000,241,775 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
PRC - [2005.11.10 13:03:52 | 000,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
PRC - [2005.07.08 15:10:12 | 000,925,696 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2005.05.31 14:54:28 | 000,716,800 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4.exe


========== Modules (SafeList) ==========

MOD - [2010.04.21 19:34:04 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\zemanek\Plocha\OTL.exe
MOD - [2010.04.21 19:30:28 | 000,016,784 | -H-- | M] (NTRglobal (Net Transmit & Receive S.L.)) -- C:\Program Files\NTR global\NTRsupport Installable RC\7.ntr
MOD - [2006.08.25 17:51:20 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2006.05.03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - [2009.08.31 12:59:04 | 000,430,236 | ---- | M] (NTRglobal) [Auto | Running] -- C:\Program Files\NTR global\NTRsupport Installable RC\installablerc.exe -- (installablerc)
SRV - [2009.05.14 15:54:22 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009.05.14 15:47:54 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2008.07.29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)


========== Driver Services (SafeList) ==========

DRV - [2009.05.14 15:49:32 | 000,094,360 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009.05.14 15:47:14 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009.05.14 15:41:10 | 000,114,472 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2007.12.24 22:00:00 | 000,230,528 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TridVid.sys -- (TridVid)
DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2005.08.30 17:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2005.08.30 17:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2005.08.30 17:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2005.07.08 15:10:06 | 000,393,088 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2005.07.08 15:10:00 | 000,135,168 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2004.10.27 15:21:36 | 000,138,240 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004.10.27 15:21:30 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004.08.13 03:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004.08.03 23:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2004.08.03 23:00:14 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\Changer.sys -- (Changer)
DRV - [2004.08.03 22:59:34 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2004.08.03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2002.07.17 09:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aspi32.sys -- (ASPI)
DRV - [2001.08.17 21:58:00 | 000,019,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hidbatt.sys -- (HidBatt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.triline.cz
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.triline.cz
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.triline.cz

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.triline.cz

IE - HKU\S-1-5-21-3056383651-3781826349-1766403218-1142\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-3056383651-3781826349-1766403218-1142\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2008.06.17 10:51:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2008.06.17 10:51:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009.09.08 12:28:08 | 000,000,000 | ---D | M]

[2009.03.06 12:59:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zemanek\Data aplikací\Mozilla\Extensions
[2008.06.17 10:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zemanek\Data aplikací\Mozilla\Firefox\Profiles\gbit0io5.default\extensions
[2010.01.08 08:18:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\zemanek\Data aplikací\Mozilla\Firefox\Profiles\gbit0io5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.01.08 08:18:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zemanek\Data aplikací\Mozilla\Firefox\Profiles\gbit0io5.default\extensions\staged-xpis
[2008.06.17 10:51:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008.10.04 20:24:00 | 003,695,008 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
[2007.03.10 01:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
[2008.03.31 20:06:24 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2008.03.31 20:06:24 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2008.01.27 10:57:20 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2008.01.27 10:57:20 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2008.03.31 20:06:24 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2004.08.18 14:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-3056383651-3781826349-1766403218-1142\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3056383651-3781826349-1766403218-1142\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3056383651-3781826349-1766403218-1142\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3056383651-3781826349-1766403218-1142\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 8978079510 (MUWebControl Class)
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} http://host13.nwt.cz/activex/AMC.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://212.80.66.25/activex/AxisCamControl.cab (CamImage Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CE40C3F1-3DF5-4461-A521-810923235628} http://www.joj.sk/fileadmin/joj_player/ ... Player.cab (JOJ_Explorer_Player Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.130.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mullerpharma.local
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\zemanek\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\zemanek\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.11.23 14:41:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{1d1101f9-dc9a-11dd-a207-0013d49dd02f}\Shell\AutoRun\command - "" = E:\PStart.exe -- File not found
O33 - MountPoints2\{e2ab2571-af7f-11db-9ff2-0013d49dd02f}\Shell\AutoRun\command - "" = wd_windows_tools\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005.11.23 14:28:50 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\MPG4C32.DLL (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\MPG4C32.DLL (Microsoft Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (55745600305496064)

========== Files/Folders - Created Within 30 Days ==========

[2010.04.21 19:34:02 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\zemanek\Plocha\OTL.exe
[2010.04.21 12:39:51 | 000,000,000 | ---D | C] -- C:\rsit
[2010.04.21 12:34:57 | 000,000,000 | ---D | C] -- C:\Program Files\NTR global
[2010.04.21 12:34:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\zemanek\Data aplikací\ntr
[2010.04.01 08:41:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\Adobe
[2010.03.30 06:51:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010.02.26 06:37:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\ESET
[2007.10.30 07:23:52 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\zemanek\Data aplikací\pcouffin.sys
[2005.11.23 14:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[2005.11.23 14:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[2005.11.23 14:33:16 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[2005.11.23 14:33:16 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Data aplikací\Microsoft
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\zemanek\*.tmp files -> C:\Documents and Settings\zemanek\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.04.21 19:38:58 | 000,802,304 | ---- | M] () -- C:\WINDOWS\System32\drivers\mlvzhv.sys
[2010.04.21 19:34:04 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\zemanek\Plocha\OTL.exe
[2010.04.21 12:48:28 | 000,002,120 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010.04.21 07:22:02 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3056383651-3781826349-1766403218-1142Core1cab906d5823e22.job
[2010.04.21 07:11:02 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3056383651-3781826349-1766403218-1142Core1ca5babef3223d7.job
[2010.04.21 06:51:08 | 000,000,307 | ---- | M] () -- C:\Documents and Settings\zemanek\intlname.ols
[2010.04.21 06:40:14 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.04.21 06:39:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.21 06:39:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.21 06:39:40 | 2138,361,856 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.20 15:15:02 | 006,987,776 | ---- | M] () -- C:\Documents and Settings\zemanek\ntuser.dat
[2010.04.20 15:15:02 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\zemanek\ntuser.ini
[2010.04.16 09:20:12 | 008,079,552 | -H-- | M] () -- C:\Documents and Settings\zemanek\Local Settings\Data aplikací\IconCache.db
[2010.04.16 07:09:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.04.12 06:57:54 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Data aplikací\LauncherAccess.dt
[2010.03.31 11:05:56 | 000,000,356 | ---- | M] () -- C:\WINDOWS\barcode.ini
[2010.03.31 09:05:18 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2010.03.29 06:41:18 | 001,892,592 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\zemanek\*.tmp files -> C:\Documents and Settings\zemanek\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.03.03 14:33:38 | 000,002,120 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2010.03.02 07:06:50 | 000,802,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\mlvzhv.sys
[2010.02.26 14:09:29 | 006,987,776 | ---- | C] () -- C:\Documents and Settings\zemanek\ntuser.dat
[2010.02.26 06:37:21 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\NetworkService\Data aplikací\rbuwzv.dat
[2009.05.04 14:01:52 | 000,000,412 | ---- | C] () -- C:\WINDOWS\eDARYLlek001.ini
[2009.05.04 14:01:47 | 000,000,047 | ---- | C] () -- C:\WINDOWS\eDARYLlekmsg.ini
[2008.05.29 10:33:44 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008.05.29 10:33:28 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008.05.29 10:33:28 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008.05.29 10:33:27 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.05.29 10:33:12 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.05.29 10:33:12 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008.04.04 06:21:47 | 000,587,104 | ---- | C] () -- C:\Documents and Settings\zemanek\Data aplikací\vso_ts_preview.xml
[2008.04.04 06:17:47 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\zemanek\Data aplikací\inst.exe
[2008.04.01 09:24:12 | 000,230,528 | R--- | C] () -- C:\WINDOWS\System32\drivers\TridVid.sys
[2008.04.01 09:23:58 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2008.02.08 07:56:51 | 000,001,386 | ---- | C] () -- C:\Documents and Settings\zemanek\Data aplikací\filterclsid.dat
[2008.02.08 07:37:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\LauncherAccess.dt
[2008.02.08 07:34:42 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007.10.30 07:24:14 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\zemanek\Data aplikací\pcouffin.log
[2007.10.30 07:23:52 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\zemanek\Data aplikací\ezpinst.exe
[2007.10.30 07:23:52 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\zemanek\Data aplikací\pcouffin.cat
[2007.10.30 07:23:52 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\zemanek\Data aplikací\pcouffin.inf
[2006.10.06 07:32:40 | 000,011,912 | ---- | C] () -- C:\WINDOWS\System32\SETUP.INI
[2006.10.05 12:03:57 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2006.01.20 14:23:16 | 000,000,017 | -H-- | C] () -- C:\Documents and Settings\zemanek\Local Settings\Data aplikací\19720201.dat
[2006.01.20 14:23:16 | 000,000,016 | -H-- | C] () -- C:\Documents and Settings\zemanek\Local Settings\Data aplikací\art.udk
[2006.01.16 09:17:35 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\FOLESVR.DLL
[2006.01.02 09:09:54 | 000,000,142 | ---- | C] () -- C:\WINDOWS\Readiris.ini
[2006.01.02 09:09:52 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2005.12.23 07:25:35 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\zemanek\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005.12.08 11:21:48 | 000,019,619 | ---- | C] () -- C:\WINDOWS\MSUMLT_U.INI
[2005.12.08 06:46:20 | 000,000,307 | ---- | C] () -- C:\Documents and Settings\zemanek\intlname.ols
[2005.12.07 15:17:20 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005.12.07 11:52:11 | 000,000,356 | ---- | C] () -- C:\WINDOWS\barcode.ini
[2005.12.07 11:49:51 | 000,112,688 | ---- | C] () -- C:\WINDOWS\System32\shw32.dll
[2005.12.07 10:42:40 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\zemanek\ntuser.dat.LOG
[2005.12.07 10:42:40 | 000,000,272 | -HS- | C] () -- C:\Documents and Settings\zemanek\ntuser.ini
[2005.12.07 10:41:18 | 000,013,314 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2005.12.07 10:36:09 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2005.12.07 10:36:09 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2005.11.23 20:07:57 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005.11.23 14:54:43 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004.10.13 04:55:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\MSHRES_U.DLL
[2004.08.13 03:56:20 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2003.04.09 15:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1980.01.01 00:00:00 | 000,000,510 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

========== LOP Check ==========

[2009.09.08 12:28:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2006.01.02 09:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zemanek\Data aplikací\Složka odesílání Share-to-Web
[2006.01.30 09:02:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zemanek\Data aplikací\WebCompiler3
[2006.05.25 14:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zemanek\Data aplikací\VoipDiscount
[2007.10.30 07:23:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zemanek\Data aplikací\Vso
[2008.02.08 07:38:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zemanek\Data aplikací\Samsung
[2009.02.12 09:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zemanek\Data aplikací\EBookSys
[2009.09.22 15:09:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zemanek\Data aplikací\ViStart
[2009.09.22 15:09:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zemanek\Data aplikací\ViGlance
[2009.09.22 15:09:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zemanek\Data aplikací\ViSplore
[2010.03.01 12:30:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zemanek\Data aplikací\IObit
[2010.04.21 12:34:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zemanek\Data aplikací\ntr
[2008.10.21 08:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kankova\Data aplikací\Složka odesílání Share-to-Web

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2004.08.18 14:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation)
"Skype" = "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized -- [2010.03.09 10:02:14 | 026,100,520 | R--- | M] (Skype Technologies S.A.)

< c:\windows\*.* /U >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2005.11.23 14:53:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zemanek\Data aplikací\Identities
[2005.11.23 19:54:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zemanek\Data aplikací\CyberLink
[2005.11.23 14:33:16 | 000,000,000 | --SD | M] -- C:\Documents and Settings\zemanek\Data aplikací\Microsoft
[2005.12.07 13:15:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zemanek\Data aplikací\Corel
[2005.12.07 14:59:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zemanek\Data aplikací\Macromedia
[2005.12.08 13:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zemanek\Data aplikací\Adobe
[2005.12.20 07:29:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zemanek\Data aplikací\Google
[2006.01.02 09:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zemanek\Data aplikací\Složka odesílání Share-to-Web
[2006.01.03 15:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zemanek\Data aplikací\Hewlett-Packard
[2006.01.17 10:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zemanek\Data aplikací\Real
[2006.01.20 11:45:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zemanek\Data aplikací\Help
[2006.01.24 13:42:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zemanek\Data aplikací\Sun
[2006.01.30 09:02:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zemanek\Data aplikací\WebCompiler3
[2006.02.09 06:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zemanek\Data aplikací\Lavasoft
[2006.05.25 14:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zemanek\Data aplikací\VoipDiscount
[2007.03.13 14:29:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zemanek\Data aplikací\Skype
[2007.10.30 07:23:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zemanek\Data aplikací\Vso
[2008.02.08 07:38:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zemanek\Data aplikací\Samsung
[2008.06.17 10:51:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zemanek\Data aplikací\Mozilla
[2008.06.17 11:08:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zemanek\Data aplikací\vlc
[2009.02.12 09:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zemanek\Data aplikací\EBookSys
[2009.04.08 07:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zemanek\Data aplikací\skypePM
[2009.09.22 15:09:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zemanek\Data aplikací\ViStart
[2009.09.22 15:09:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zemanek\Data aplikací\ViGlance
[2009.09.22 15:09:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zemanek\Data aplikací\ViSplore
[2010.03.01 12:30:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zemanek\Data aplikací\IObit
[2010.03.03 14:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zemanek\Data aplikací\Malwarebytes
[2010.03.09 17:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zemanek\Data aplikací\SUPERAntiSpyware.com
[2010.04.21 12:34:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\zemanek\Data aplikací\ntr

< %APPDATA%\*.exe /s >
[2007.10.30 07:23:54 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\zemanek\Data aplikací\ezpinst.exe
[2008.04.09 13:17:54 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\zemanek\Data aplikací\inst.exe
[2008.04.07 06:57:36 | 006,871,480 | ---- | M] () -- C:\Documents and Settings\zemanek\Data aplikací\Real\Update\setup\data\firefoxgoogletoolbarsetup.exe
[2008.04.07 06:58:36 | 013,293,064 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\zemanek\Data aplikací\Real\Update\setup\data\RealPlayer11GOLD.exe
[2008.04.07 06:57:48 | 001,145,896 | ---- | M] (Google) -- C:\Documents and Settings\zemanek\Data aplikací\Real\Update\setup\data\GOOGLE_TOOLBAR\googletoolbarinstaller.exe


< MD5 for: AGP440.SYS >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\agp440.sys

< MD5 for: ATAPI.SYS >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: CRYPTSVC.DLL >
[2004.08.18 14:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\cryptsvc.dll
[2004.08.18 15:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\dllcache\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 05:21:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\eventlog.dll
[2004.08.18 15:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004.08.18 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\explorer.exe
[2007.06.13 15:12:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=9B32416BD5988C97B6397CE0B02CAF97 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007.06.13 15:23:40 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=ED7B460B142A32097B8A8F6ECC941815 -- C:\WINDOWS\Explorer.EXE
[2007.06.13 15:23:40 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=ED7B460B142A32097B8A8F6ECC941815 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: HAL.DLL >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\I386\sp2.cab:hal.dll
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\hal.dll
[2004.08.18 14:00:00 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\system32\hal.dll

< MD5 for: CHANGER.SYS >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\I386\sp2.cab:Changer.sys
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\changer.sys
[2004.08.03 23:00:14 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=DAF1A8193B6CAF0FB858CADCC5C4AF4A -- C:\WINDOWS\system32\dllcache\changer.sys
[2004.08.03 23:00:14 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=DAF1A8193B6CAF0FB858CADCC5C4AF4A -- C:\WINDOWS\system32\drivers\Changer.sys

< MD5 for: LSASS.EXE >
[2004.08.18 15:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2004.08.18 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\lsass.exe
[2008.04.14 05:22:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 21:20:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\ndis.sys
[2004.08.18 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\dllcache\ndis.sys
[2004.08.18 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004.08.18 15:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004.08.18 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004.08.18 15:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004.08.18 14:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.18 15:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\dllcache\smss.exe
[2004.08.18 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\smss.exe
[2008.04.14 05:22:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\smss.exe
[2004.08.18 14:00:00 | 000,481,792 | ---- | M] (Microsoft Corporation) MD5=CB56F803D2CAF6B3F32E82D2F73F4B3A -- C:\I386\SYSTEM32\SMSS.EXE

< MD5 for: SVCHOST.EXE >
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\svchost.exe
[2004.08.18 15:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\system32\dllcache\svchost.exe
[2004.08.18 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.06.20 12:45:14 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 12:45:14 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\system32\drivers\tcpip.sys
[2006.01.13 18:07:08 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=5562CC0A47B2AEF06D3417B733F3C195 -- C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[2005.05.25 20:07:12 | 000,359,936 | ---- | M] (Microsoft Corporation) MD5=63FDFEA54EB53DE2D863EE454937CE1E -- C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[2007.10.30 17:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006.04.20 14:18:36 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\userinit.exe
[2004.08.18 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004.08.18 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.18 15:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004.08.18 14:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\winlogon.exe
[2008.04.14 05:22:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\winlogon.exe

< MD5 for: WS2_32.DLL >
[2004.08.18 15:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2004.08.18 14:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\system32\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.04.21 19:44:54 | 000,802,304 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\System32\drivers\mlvzhv.sys

< %systemroot%\System32\config\*.sav >
[2005.11.23 14:32:46 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
[2005.11.23 14:32:46 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005.11.23 14:32:46 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

< %systemroot%\system32\*.dll /lockedfiles >
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< End of report >

[vhanus]

Zde EXTRAS.TXT:


OTL Extras logfile created on: 21.4.2010 19:35:31 - Run 1
OTL by OldTimer - Version 3.2.1.3 Folder = C:\Documents and Settings\zemanek\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 69,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,51 Gb Total Space | 33,04 Gb Free Space | 44,34% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 82,80 Gb Total Space | 16,61 Gb Free Space | 20,06% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 63,41 Gb Total Space | 1,33 Gb Free Space | 2,10% Space Free | Partition Type: NTFS
Drive P: | 82,80 Gb Total Space | 16,61 Gb Free Space | 20,06% Space Free | Partition Type: NTFS
Drive U: | 63,41 Gb Total Space | 1,33 Gb Free Space | 2,10% Space Free | Partition Type: NTFS
Drive X: | 63,41 Gb Total Space | 1,33 Gb Free Space | 2,10% Space Free | Partition Type: NTFS
Drive Z: | 82,80 Gb Total Space | 16,61 Gb Free Space | 20,06% Space Free | Partition Type: NTFS

Computer Name: ZEMANEK
Current User Name: zemanek
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-3056383651-3781826349-1766403218-1142\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- File not found
"C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE" = C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE:*:Enabled:Microsoft Office PowerPoint -- (Microsoft Corporation)
"C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" = C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe:*:Enabled:VoipDiscount -- File not found
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{2B61D113-5EBD-45C4-B2DC-6BE8BBD1140D}" = NTRsupport Installable RC
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E270C95-8327-4C2F-A8E1-902CC2604A20}" = HP Photo and Imaging 2.3 - Scanjet 4600 Series
"{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}" = ShareIns
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6FA1D6BE-12DF-4C6F-98F5-A2EFFB9893E3}" = ESET NOD32 Antivirus
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{90120000-0020-0405-0000-0000000FF1CE}" = Sada Compatibility Pack pro systém Office 2007
"{91110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9B93C2B3-D9E8-11D6-AB3E-000102B0F79A}" = Readiris Pro 8
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1029-7B44-A93000000001}" = Adobe Reader 9.3.1 - Czech
"{B28EE453-DCC7-408F-8D58-2BF03F2D7BA9}" = Ruská - rozložení jako latinka (1.0.0)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D642ACC5-F7E9-48F3-A7EE-B49C5447A10E}" = Samsung PC Studio 3
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Altap Salamander 2.51" = Altap Salamander 2.51
"CCleaner" = CCleaner
"Corel Applications" = Corel Applications
"DIGIMAX Home Print Service" = DIGIMAX Home Print Service
"Fleetware_is1" = Fleetware
"GPS Reader_is1" = GPS Reader
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 3.9.0
"KONICA MINOLTA magicolor 2430DL" = KONICA MINOLTA magicolor 2430DL
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"NaviGate_is1" = NaviGate
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Servant Salamander 2.5 beta 11" = Servant Salamander 2.5 beta 11
"ShockwaveFlash" = Macromedia Flash Player 8
"Totalcmd" = Total Commander (Remove or Repair)
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR archivátor
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3056383651-3781826349-1766403218-1142\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1.3.2010 7:53:15 | Computer Name = ZEMANEK | Source = Microsoft Office 11 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Outlook.

Error - 1.3.2010 7:56:28 | Computer Name = ZEMANEK | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace OUTLOOK.EXE, verze 11.0.8312.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 1.3.2010 7:58:06 | Computer Name = ZEMANEK | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace OUTLOOK.EXE, verze 11.0.8312.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 1.3.2010 8:54:18 | Computer Name = ZEMANEK | Source = Microsoft Office 11 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Outlook.

Error - 1.3.2010 9:02:21 | Computer Name = ZEMANEK | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace OUTLOOK.EXE, verze 11.0.8312.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 2.3.2010 2:07:41 | Computer Name = ZEMANEK | Source = Microsoft Office 11 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Outlook.

Error - 2.3.2010 8:19:27 | Computer Name = ZEMANEK | Source = Offline Files | ID = 5
Description = Část mezipaměti pro soubory offline byla poškozena. Restartováním
počítače mezipaměť vyčistět

Error - 12.3.2010 2:06:56 | Computer Name = ZEMANEK | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Outlook.

Error - 12.3.2010 2:20:08 | Computer Name = ZEMANEK | Source = Microsoft Office 11 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Outlook.

Error - 1.4.2010 4:12:01 | Computer Name = ZEMANEK | Source = Microsoft Office 11 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Outlook.

[ Application Events ]
Error - 1.3.2010 7:53:15 | Computer Name = ZEMANEK | Source = Microsoft Office 11 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Outlook.

Error - 1.3.2010 7:56:28 | Computer Name = ZEMANEK | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace OUTLOOK.EXE, verze 11.0.8312.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 1.3.2010 7:58:06 | Computer Name = ZEMANEK | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace OUTLOOK.EXE, verze 11.0.8312.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 1.3.2010 8:54:18 | Computer Name = ZEMANEK | Source = Microsoft Office 11 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Outlook.

Error - 1.3.2010 9:02:21 | Computer Name = ZEMANEK | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace OUTLOOK.EXE, verze 11.0.8312.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 2.3.2010 2:07:41 | Computer Name = ZEMANEK | Source = Microsoft Office 11 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Outlook.

Error - 2.3.2010 8:19:27 | Computer Name = ZEMANEK | Source = Offline Files | ID = 5
Description = Část mezipaměti pro soubory offline byla poškozena. Restartováním
počítače mezipaměť vyčistět

Error - 12.3.2010 2:06:56 | Computer Name = ZEMANEK | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Outlook.

Error - 12.3.2010 2:20:08 | Computer Name = ZEMANEK | Source = Microsoft Office 11 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Outlook.

Error - 1.4.2010 4:12:01 | Computer Name = ZEMANEK | Source = Microsoft Office 11 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Outlook.

[ System Events ]
Error - 21.4.2010 0:42:58 | Computer Name = ZEMANEK | Source = Service Control Manager | ID = 7000
Description = Služba SAMSUNG Mobile USB Modem 1.0 Filter neuspěla při spuštění v
důsledku následující chyby: %%2

Error - 21.4.2010 0:42:59 | Computer Name = ZEMANEK | Source = Service Control Manager | ID = 7000
Description = Služba SAMSUNG Mobile USB Modem 1.0 Drivers neuspěla při spuštění
v důsledku následující chyby: %%2

Error - 21.4.2010 0:42:59 | Computer Name = ZEMANEK | Source = Service Control Manager | ID = 7000
Description = Služba BDA IPSink neuspěla při spuštění v důsledku následující chyby:
%%5

Error - 21.4.2010 0:42:59 | Computer Name = ZEMANEK | Source = Service Control Manager | ID = 7000
Description = Služba Microsoft Kernel GS Wavetable Synthesizer neuspěla při spuštění
v důsledku následující chyby: %%5

Error - 21.4.2010 0:43:00 | Computer Name = ZEMANEK | Source = Service Control Manager | ID = 7000
Description = Služba TM6000 TV Service neuspěla při spuštění v důsledku následující
chyby: %%2

Error - 21.4.2010 0:43:00 | Computer Name = ZEMANEK | Source = Service Control Manager | ID = 7000
Description = Služba Ovladač skeneru USB neuspěla při spuštění v důsledku následující
chyby: %%5

Error - 21.4.2010 0:43:00 | Computer Name = ZEMANEK | Source = Service Control Manager | ID = 7000
Description = Služba Ovladač velkokapacitního paměťového zařízení USB neuspěla při
spuštění v důsledku následující chyby: %%5

Error - 21.4.2010 0:43:03 | Computer Name = ZEMANEK | Source = Service Control Manager | ID = 7000
Description = Služba Dálnopisný kodek světového standardu neuspěla při spuštění
v důsledku následující chyby: %%5

Error - 21.4.2010 0:43:04 | Computer Name = ZEMANEK | Source = Service Control Manager | ID = 7000
Description = Služba Windows Driver Foundation - User-mode Driver Framework Platform
Driver neuspěla při spuštění v důsledku následující chyby: %%2

Error - 21.4.2010 0:43:04 | Computer Name = ZEMANEK | Source = Service Control Manager | ID = 7000
Description = Služba Windows Driver Foundation - User-mode Driver Framework Reflector
neuspěla při spuštění v důsledku následující chyby: %%2


< End of report >

[Caroprd111]

Spusťte OTL a do spodního okna vložte následující skript.

Kód: Vybrat vše

:OTL
O3 - HKU\S-1-5-21-3056383651-3781826349-1766403218-1142\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3056383651-3781826349-1766403218-1142\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\zemanek\*.tmp files -> C:\Documents and Settings\zemanek\*.tmp -> ]
[2010.04.21 19:38:58 | 000,802,304 | ---- | M] () -- C:\WINDOWS\System32\drivers\mlvzhv.sys
[2008.04.04 06:17:47 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\zemanek\Data aplikací\inst.exe

:Commands
[EMPTYTEMP] 
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[CREATERESTOREPOINT]

Poté klikněte na Opravit, PC se restartuje, log vložte sem.



Tohle otestujte na http://www.virustotal.com/cs/
C:\WINDOWS\System32\irisco32.dll
C:\WINDOWS\System32\MSHRES_U.DLL

(Soubor nehledejte, jenom vložíte tučně označenou cestu, v případě hlášky "Soubor již byl testován" dejte otestovat znovu. Výsledek analýzy sem v podobě odkazu vložte.)

[vhanus]

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-3056383651-3781826349-1766403218-1142\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-3056383651-3781826349-1766403218-1142\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
C:\WINDOWS\System32\SETEB.tmp deleted successfully.
C:\WINDOWS\System32\SETA7.tmp deleted successfully.
C:\WINDOWS\System32\SET1B9.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET106.tmp deleted successfully.
C:\Documents and Settings\zemanek\~AB4.tmp deleted successfully.
File C:\WINDOWS\System32\drivers\mlvzhv.sys not found.
C:\Documents and Settings\zemanek\Data aplikací\inst.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2469512 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: Mullerpharma
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 470850 bytes

User: zemanek
->Temp folder emptied: 29941507 bytes
->Temporary Internet Files folder emptied: 2740513 bytes
->Java cache emptied: 8199 bytes
->FireFox cache emptied: 22450199 bytes
->Google Chrome cache emptied: 38111893 bytes
->Flash cache emptied: 1371 bytes

User: Administrator.MULLERPHARMA
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: kankova
->Temp folder emptied: 249564 bytes
->Temporary Internet Files folder emptied: 1014469 bytes
->FireFox cache emptied: 3434858 bytes
->Flash cache emptied: 405 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 10452964 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34306 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 106,00 mb


[EMPTYFLASH]

User: Default User

User: All Users

User: NetworkService

User: LocalService

User: Administrator

User: Mullerpharma

User: zemanek
->Flash cache emptied: 0 bytes

User: Administrator.MULLERPHARMA

User: kankova
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

Restore points cleared and new OTL Restore Point set!
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

OTL by OldTimer - Version 3.2.1.3 log created on 04212010_203110

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

[Caroprd111]

Ok, ještě ten virustotal.

[vhanus]

kontrola obou souborů proběhla úspěšně. Zdá se, že jsou ok

[Caroprd111]

Jak to vypadá s PC

[vhanus]

omlouvám se, stále beze změny. Karanténa se stále plní

[Caroprd111]

Napište mi prosím cesty k souborům, které NOD32 dává do karantény.

[vhanus]

C:\WINDOWS\system32\drivers\3486600723.sys Win32/Bubnix.AB trojský kůň vyléčen smazáním - uložen do karantény
C:\WINDOWS\system32\drivers\xwved.sys Win32/Bubnix.AB trojský kůň vyléčen smazáním - uložen do karantény
C:\WINDOWS\system32\drivers\wudfrd.sys Win32/Bubnix.AB trojský kůň vyléčen smazáním - uložen do karantény
C:\WINDOWS\system32\drivers\wudfpf.sys Win32/Bubnix.AB trojský kůň vyléčen smazáním - uložen do karantény
C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\drivers\wstcodec.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\drivers\wdmaud.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\drivers\wdmaud.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\drivers\WDICA.sys Win32/Bubnix.AB trojský kůň vyléčen smazáním - uložen do karantény
C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\drivers\usbstor.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\DRIVERS\usbscan.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\drivers\usbscan.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\drivers\tridvid.sys Win32/Bubnix.AB trojský kůň vyléčen smazáním - uložen do karantény
C:\WINDOWS\System32\Drivers\TDPIPE.SYS Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\drivers\TDPIPE.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\drivers\sysaudio.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\drivers\sysaudio.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\drivers\swmidi.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\drivers\swmidi.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\DRIVERS\StreamIP.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\drivers\streamip.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\drivers\ss_mdm.sys Win32/Bubnix.AB trojský kůň vyléčen smazáním - uložen do karantény
C:\WINDOWS\system32\drivers\ss_mdfl.sys Win32/Bubnix.AB trojský kůň vyléčen smazáním - uložen do karantény
C:\WINDOWS\system32\drivers\ss_bus.sys Win32/Bubnix.AB trojský kůň vyléčen smazáním - uložen do karantény
C:\WINDOWS\system32\drivers\splitter.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\drivers\splitter.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\DRIVERS\SLIP.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\drivers\slip.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\System32\Drivers\Sfloppy.SYS Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\drivers\Sfloppy.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\drivers\secdrv.sys Win32/Bubnix.AB trojský kůň vyléčen smazáním - uložen do karantény
C:\WINDOWS\system32\drivers\PDRFRAME.sys Win32/Bubnix.AB trojský kůň vyléčen smazáním - uložen do karantény
C:\WINDOWS\system32\drivers\PDRELI.sys Win32/Bubnix.AB trojský kůň vyléčen smazáním - uložen do karantény
C:\WINDOWS\system32\drivers\PDFRAME.sys Win32/Bubnix.AB trojský kůň vyléčen smazáním - uložen do karantény
C:\WINDOWS\system32\drivers\PDCOMP.sys Win32/Bubnix.AB trojský kůň vyléčen smazáním - uložen do karantény
C:\WINDOWS\system32\drivers\pcouffin.sys Win32/Bubnix.AB trojský kůň vyléčen smazáním - uložen do karantény
C:\WINDOWS\system32\drivers\PCIDump.sys Win32/Bubnix.AB trojský kůň vyléčen smazáním - uložen do karantény
C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\drivers\nwlnkfwd.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\drivers\nwlnkflt.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\DRIVERS\NdisIP.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\drivers\ndisip.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\drivers\nabtsfec.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\drivers\MSTEE.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\drivers\mstee.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\drivers\MSPQM.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\drivers\mspqm.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\drivers\MSPCLOCK.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\drivers\mspclock.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\drivers\MSKSSRV.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\drivers\mskssrv.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\DRIVERS\MPE.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\drivers\mpe.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\DRIVERS\mouhid.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\drivers\mouhid.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\System32\Drivers\Modem.SYS Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\drivers\Modem.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\System32\Drivers\lbrtfdc.SYS Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\drivers\lbrtfdc.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\drivers\kmixer.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\drivers\kmixer.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\DRIVERS\irenum.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\drivers\irenum.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\DRIVERS\ipinip.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\drivers\ipinip.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\drivers\ipfltdrv.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\drivers\ip6fw.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\System32\Drivers\HTTP.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\drivers\http.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\drivers\hdaudio.sys Win32/Bubnix.AB trojský kůň vyléčen smazáním - uložen do karantény
C:\WINDOWS\system32\drivers\drmkaud.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\drivers\drmkaud.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\drivers\DMusic.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\drivers\dmusic.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\System32\Drivers\Changer.SYS Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\drivers\Changer.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\System32\Drivers\Cdaudio.SYS Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\drivers\Cdaudio.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\DRIVERS\CCDECODE.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\drivers\ccdecode.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\DRIVERS\atmarpc.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\drivers\atmarpc.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\drivers\aspi32.sys Win32/Bubnix.AB trojský kůň vyléčen smazáním - uložen do karantény
C:\WINDOWS\system32\drivers\aec.sys Win32/Bubnix.AB trojský kůň nelze léčit
C:\WINDOWS\system32\drivers\aec.sys Win32/Bubnix.AB trojský kůň nelze léčit


Řekl bych, že to zavání reinstalací
Asi to bude nejjednodušší

[Caroprd111]

Zkuste opravu systému z instalačního CD Vaší verze Windows.

[vhanus]

zkusím a uvidíme.

Zatím děkuji

[Caroprd111]

OK