Prosím o kontrolu Conflicker

[jansams]

Ahoj, prosím o kontrolu logu. PC pro načtení profilů zobrazí červenou stránku o napadení virem Conflicker/Win32+64 ... a chce do 15 min kod který dostanu po odeslání SMS. DĚKUJI PŘEDEM.

------------

Logfile of random's system information tool 1.07 (written by random/random)
Run by Administrator at 2010-05-14 22:17:13
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 2 GB (3%) free of 50 GB
Total RAM: 2047 MB (88% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Norton Security Scan for User.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{44D12977-049C-4C0D-8B68-B88E274F9127}.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{BFABA3BE-B8F9-4E84-A792-A015E7BC232E}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-12-11 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2009-01-28 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\1003291911\ICQToolBar.dll [2010-01-03 1019128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-07-16 16806400]
"Six Engine"=C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe [2008-07-23 5625344]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-06-25 13529088]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-06-25 86016]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"CHotkey"=C:\WINDOWS\mHotkey.exe [2006-12-08 547840]
"RemoteControl"=C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"LGODDFU"=C:\Program Files\lg_fwupdate\fwupdate.exe [2008-12-18 548864]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2010-03-18 2046816]
"USB Storage Toolbox"=C:\WINDOWS\UMStor\Res.EXE [2005-09-14 65536]
"System"=C:\Program Files\System\system32.exe [2010-05-12 31232]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\CTFMON.EXE [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe [2006-07-12 1397760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2008-05-26 123904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-07-31 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\HRY\EA Games\Need for Speed Undercover\nfs.exe"="D:\HRY\EA Games\Need for Speed Undercover\nfs.exe:*:Disabled:Need for Speed Undercover"
"C:\Program Files\TrackMania Sunrise\TmSunrise.exe"="C:\Program Files\TrackMania Sunrise\TmSunrise.exe:*:Enabled:TmSunrise"
"D:\HRY\EA SPORTS\F1 Challenge 99-02\F1 Challenge 99-02.exe"="D:\HRY\EA SPORTS\F1 Challenge 99-02\F1 Challenge 99-02.exe:*:Enabled:F1 Challenge 99-02"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Q3Ademo\quake3.exe"="C:\Q3Ademo\quake3.exe:*:Enabled:quake3"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"D:\HRY\EA Games\Need for Speed Underground 2\speed2.exe"="D:\HRY\EA Games\Need for Speed Underground 2\speed2.exe:*:Enabled:speed2"
"C:\Documents and Settings\User\Plocha\hlavni veci\hl.exe"="C:\Documents and Settings\User\Plocha\hlavni veci\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\HLSW\hlsw.exe"="C:\Program Files\HLSW\hlsw.exe:*:Enabled:HLSW Application"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"D:\Program Files\Counter-Strike Source\hl2.exe"="D:\Program Files\Counter-Strike Source\hl2.exe:*:Enabled:hl2"
"D:\Program Files\Steam\Steam.exe"="D:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"D:\Program Files\Valve\hl.exe"="D:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe"="D:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"D:\Program Files\Counter-Strike Source\srcds.exe"="D:\Program Files\Counter-Strike Source\srcds.exe:*:Enabled:srcds"
"D:\Program Files\TmNationsForever\TmForever.exe"="D:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"

======List of files/folders created in the last 1 months======

2010-05-14 22:17:14 ----D---- C:\Program Files\trend micro
2010-05-14 22:17:13 ----D---- C:\rsit
2010-05-14 22:16:04 ----SD---- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
2010-05-14 22:16:04 ----ASH---- C:\Documents and Settings\Administrator\Data aplikací\desktop.ini
2010-05-14 22:15:36 ----A---- C:\WINDOWS\ntbtlog.txt
2010-05-13 13:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-05-12 19:22:08 ----D---- C:\Program Files\System
2010-05-10 20:42:47 ----D---- C:\Documents and Settings\All Users\Data aplikací\TrackMania
2010-05-06 15:09:54 ----A---- C:\WINDOWS\system32\H@tKeysH@@k.DLL
2010-05-06 14:40:47 ----D---- C:\Program Files\Mafia
2010-04-28 17:25:25 ----D---- C:\WINDOWS\UMStor
2010-04-21 09:03:07 ----N---- C:\WINDOWS\system32\browserchoice.exe

======List of files/folders modified in the last 1 months======

2010-05-14 22:17:14 ----RD---- C:\Program Files
2010-05-14 22:16:39 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-14 22:16:03 ----D---- C:\Documents and Settings
2010-05-14 22:15:36 ----D---- C:\WINDOWS
2010-05-14 22:13:49 ----A---- C:\WINDOWS\lgfwup.ini
2010-05-14 22:13:45 ----D---- C:\WINDOWS\Temp
2010-05-14 22:08:31 ----D---- C:\WINDOWS\system32
2010-05-14 22:08:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-05-14 22:01:57 ----D---- C:\Program Files\lg_fwupdate
2010-05-14 21:59:48 ----D---- C:\WINDOWS\Prefetch
2010-05-14 21:57:17 ----HD---- C:\WINDOWS\inf
2010-05-13 13:36:37 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-05-13 13:36:36 ----D---- C:\Program Files\Outlook Express
2010-05-12 19:31:59 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-12 12:43:42 ----HD---- C:\WINDOWS\$hf_mig$
2010-05-11 12:51:40 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-05-10 20:41:44 ----RSD---- C:\WINDOWS\assembly
2010-05-10 20:41:25 ----D---- C:\WINDOWS\system32\DirectX
2010-05-07 13:16:03 ----D---- C:\WINDOWS\system32\drivers
2010-05-07 12:33:51 ----D---- C:\Program Files\Microsoft Games
2010-05-07 12:33:39 ----SHD---- C:\WINDOWS\Installer
2010-05-07 12:29:59 ----D---- C:\Program Files\FlatOut2
2010-05-07 12:26:33 ----A---- C:\WINDOWS\imsins.BAK
2010-05-06 20:02:02 ----D---- C:\Program Files\Google
2010-05-06 19:59:28 ----SD---- C:\WINDOWS\Tasks
2010-05-06 15:14:39 ----A---- C:\WINDOWS\NeroDigital.ini
2010-05-05 12:02:19 ----HD---- C:\$AVG8.VAULT$
2010-04-30 20:51:06 ----A---- C:\WINDOWS\system32\MRT.exe
2010-04-28 17:25:25 ----D---- C:\WINDOWS\system
2010-04-28 17:25:24 ----HD---- C:\Program Files\InstallShield Installation Information
2010-04-19 17:03:45 ----A---- C:\WINDOWS\win.ini
2010-04-16 22:03:11 ----D---- C:\Program Files\Mozilla Firefox

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-07-08 29696]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2006-07-12 28672]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2007-12-17 12400]
S1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-31 335240]
S1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-07-31 27784]
S1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-04-27 108552]
S1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-09-03 54368]
S3 aipk4n6j;aipk4n6j; C:\WINDOWS\system32\drivers\aipk4n6j.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\TATNEK~1\LOCALS~1\Temp\catchme.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-07-16 4747776]
S3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1e51x86.sys [2008-06-25 36864]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-06-25 6555168]
S3 RT73;RT73 USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys []
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-07-08 99584]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-07-31 908056]
S2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-31 297752]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-06 136176]
S2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
S2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-07-08 871424]
S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-06-25 159812]
S2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-12-24 66872]
S2 sfrem01;SF FrontLine Drivers Auto Removal (v1); C:\WINDOWS\system32\sfrem01.exe [2006-05-10 353912]
S2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-28 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Caroprd111]

Zdravím


Stáhněte OTL http://oldtimer.geekstogo.com/OTL.exe na plochu

• Spusťte, poté do spodního políčka vložte následující skript.

Kód: Vybrat vše

 netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys 
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys 
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys 
cdrom.sys 
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav 
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT 

• Označte položku Pro všechny uživatele.
• Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
• Klikněte na tlačítko Prohledat
• Po dokončení, sem vložte logy OTL.Txt a Extras.txt

[jansams]

Tak trvalo to poměrně dlouho, zde jsou logy:

OTL logfile created on: 14.5.2010 22:35:39 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Administrator\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 87,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 98,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 1,60 Gb Free Space | 3,27% Space Free | Partition Type: NTFS
Drive D: | 416,93 Gb Total Space | 377,26 Gb Free Space | 90,48% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 1,94 Gb Total Space | 1,94 Gb Free Space | 99,97% Space Free | Partition Type: FAT32

Computer Name: PC
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.05.14 22:32:22 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
PRC - [2008.04.14 09:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010.05.14 22:32:22 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
MOD - [2008.04.14 09:49:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010.01.03 17:07:48 | 000,246,520 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.07.31 09:37:58 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009.07.31 09:37:48 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2008.07.29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2006.05.10 11:59:04 | 000,353,912 | ---- | M] (Protection Technology (StarForce)) [Auto | Stopped] -- C:\WINDOWS\System32\sfrem01.exe -- (sfrem01) SF FrontLine Drivers Auto Removal (v1)
SRV - [2005.11.14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005.07.08 18:24:46 | 000,871,424 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)


========== Driver Services (SafeList) ==========

DRV - [2009.07.31 09:38:02 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009.07.31 09:38:02 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009.04.27 15:19:36 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009.04.27 15:19:25 | 000,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2009.02.18 19:55:42 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.07.16 12:52:00 | 004,747,776 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.06.25 21:57:00 | 006,555,168 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008.06.25 18:47:00 | 000,036,864 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2008.04.14 01:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Ovladač zvukové karty USB (WDM)
DRV - [2008.04.13 23:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007.12.17 11:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2007.01.12 20:09:53 | 000,082,296 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2006.07.12 11:58:02 | 000,028,672 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDrm.sys -- (incdrm)
DRV - [2006.07.10 18:19:58 | 000,027,032 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2006.07.05 14:46:06 | 000,063,352 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01a.sys -- (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a)
DRV - [2006.06.14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005.07.08 18:17:54 | 000,099,584 | ---- | M] (Nero AG) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005.07.08 18:17:36 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2004.09.03 19:23:10 | 000,115,680 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004.09.03 19:19:07 | 000,054,368 | ---- | M] (Protection Technology) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2004.08.13 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004.07.19 16:49:54 | 000,007,040 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1)
DRV - [2003.12.01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\1003291911\ICQToolBar.dll (ICQ)


IE - HKU\.DEFAULT\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\1003291911\ICQToolBar.dll (ICQ)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\1003291911\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-329068152-854245398-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009.12.22 09:40:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.16 22:03:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.16 22:03:07 | 000,000,000 | ---D | M]

[2010.05.12 19:13:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.03.09 20:23:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.04.16 22:03:03 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.04.16 22:03:03 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.04.16 22:03:03 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.04.16 22:03:03 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.04.16 22:03:03 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2008.12.18 05:03:23 | 000,290,280 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 9998 more lines...
O2 - BHO: (Podpora odkazu pro Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\1003291911\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\mHotkey.exe ()
O4 - HKLM..\Run: [LGODDFU] C:\Program Files\lg_fwupdate\fwupdate.exe (BL)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [Six Engine] C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe ()
O4 - HKLM..\Run: [System] C:\Program Files\System\system32.exe (Norris)
O4 - HKLM..\Run: [USB Storage Toolbox] C:\WINDOWS\UMStor\Res.exe (ali)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-329068152-854245398-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 9557322890 (WUWebControl Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdat ... /opuc4.cab (Office Update Installation Engine)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.200
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.12.17 23:42:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008.12.18 07:23:10 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.divxa32 - C:\WINDOWS\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Ligos Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)

CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 30 Days ==========

[2010.05.14 22:34:43 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
[2010.05.14 22:17:14 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.05.14 22:17:13 | 000,000,000 | ---D | C] -- C:\rsit
[2010.05.14 22:16:04 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
[2010.05.14 22:16:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2010.05.14 22:16:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Data aplikací
[2010.05.14 22:16:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Nabídka Start
[2010.05.14 22:16:04 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010.05.14 22:16:04 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2010.05.14 22:16:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Šablony
[2010.05.14 22:16:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010.05.14 22:16:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Okolní tiskárny
[2010.05.14 22:16:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Okolní síť
[2010.05.14 22:16:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2010.05.14 22:16:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Plocha
[2010.05.14 22:16:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Oblíbené položky
[2010.05.14 22:16:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Microsoft
[2010.05.14 22:16:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dokumenty
[2010.05.12 19:22:08 | 000,000,000 | ---D | C] -- C:\Program Files\System
[2010.05.10 20:42:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\TrackMania
[2010.05.06 20:03:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Google
[2010.05.06 19:59:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Google
[2010.05.06 14:40:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mafia
[2010.04.28 17:25:25 | 000,201,736 | ---- | C] (USB Compliance) -- C:\WINDOWS\System32\drivers\UMSTOR.sys
[2010.04.28 17:25:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\UMStor
[2010.04.28 17:25:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System\iosubsys
[2010.04.21 09:03:07 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.05.14 22:34:46 | 000,524,288 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010.05.14 22:32:22 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
[2010.05.14 22:19:53 | 000,461,624 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.05.14 22:19:53 | 000,444,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.05.14 22:19:53 | 000,091,736 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.05.14 22:19:53 | 000,071,904 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.05.14 22:19:52 | 001,085,524 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.05.14 22:16:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.05.14 22:16:06 | 000,000,020 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010.05.14 22:15:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.05.14 22:13:49 | 000,000,322 | ---- | M] () -- C:\WINDOWS\lgfwup.ini
[2010.05.14 22:13:46 | 000,000,104 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.05.14 22:13:00 | 000,000,464 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BFABA3BE-B8F9-4E84-A792-A015E7BC232E}.job
[2010.05.14 22:12:20 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.05.14 22:12:02 | 000,824,681 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\RSIT.exe
[2010.05.14 22:11:00 | 000,000,470 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{44D12977-049C-4C0D-8B68-B88E274F9127}.job
[2010.05.14 22:04:23 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.05.13 13:36:03 | 059,932,514 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010.05.12 19:04:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.05.12 18:00:00 | 000,000,556 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for User.job
[2010.05.11 14:53:44 | 000,000,499 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Counter-Strike 1.6.lnk
[2010.05.11 12:51:47 | 000,138,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010.05.10 20:41:17 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\TmNationsForever.lnk
[2010.05.07 13:35:51 | 000,000,010 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2010.05.07 12:26:33 | 000,001,891 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.05.06 20:02:19 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Google Chrome.lnk
[2010.05.06 20:01:47 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Google Earth.lnk
[2010.05.06 15:14:39 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.05.06 15:10:10 | 000,020,480 | ---- | M] () -- C:\WINDOWS\System32\H@tKeysH@@k.DLL
[2010.04.19 17:03:45 | 000,000,624 | ---- | M] () -- C:\WINDOWS\win.ini
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.05.14 22:16:06 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010.05.14 22:16:04 | 000,524,288 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010.05.14 22:16:04 | 000,282,624 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT.LOG
[2010.05.14 22:15:46 | 000,824,681 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\RSIT.exe
[2010.05.11 14:53:44 | 000,000,499 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Counter-Strike 1.6.lnk
[2010.05.10 20:41:17 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\TmNationsForever.lnk
[2010.05.06 20:02:19 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Google Chrome.lnk
[2010.05.06 20:01:47 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Google Earth.lnk
[2010.05.06 19:59:28 | 000,000,888 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.05.06 19:59:28 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.05.06 15:09:54 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\H@tKeysH@@k.DLL
[2010.03.04 10:05:26 | 000,000,324 | ---- | C] () -- C:\WINDOWS\game.ini
[2009.06.19 21:06:22 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2009.02.18 20:02:35 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009.02.18 19:55:42 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.01.26 14:36:28 | 000,056,320 | R--- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2009.01.20 17:09:44 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008.12.29 20:50:23 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.12.19 12:02:28 | 000,138,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008.12.18 01:41:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008.12.18 00:52:31 | 000,000,291 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2008.12.18 00:50:33 | 000,000,322 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2008.12.18 00:44:06 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.12.18 00:29:48 | 000,294,912 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2008.12.18 00:29:48 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2008.12.18 00:29:48 | 000,000,490 | ---- | C] () -- C:\WINDOWS\Instit.ini
[2008.12.18 00:26:20 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2008.12.18 00:01:16 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2008.12.18 00:01:16 | 000,012,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2008.12.18 00:00:03 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2008.12.18 00:00:03 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2008.12.17 23:50:24 | 000,030,534 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2008.12.17 23:50:00 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008.12.17 23:49:44 | 000,030,151 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008.12.17 23:49:44 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008.06.25 21:57:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008.06.25 21:57:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008.06.25 21:57:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008.06.25 21:57:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008.06.25 21:57:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008.05.26 23:22:14 | 000,015,552 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008.05.26 23:22:10 | 000,021,464 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008.05.26 23:22:04 | 000,014,910 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008.02.04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2003.04.09 16:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009.02.18 19:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
[2009.12.25 14:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Electronic Arts
[2010.03.29 19:11:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2009.12.07 19:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2010.05.12 13:32:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TrackMania
[2009.03.05 15:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maminka\Data aplikací\DAEMON Tools
[2009.03.05 15:53:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maminka\Data aplikací\DAEMON Tools Lite
[2009.03.07 11:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maminka\Data aplikací\DAEMON Tools Pro
[2010.04.01 18:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maminka\Data aplikací\ICQ
[2009.02.17 18:10:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maminka\Data aplikací\InterVideo
[2008.12.26 13:57:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maminka\Data aplikací\Windows Desktop Search
[2009.09.14 20:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maminka\Data aplikací\Windows Search
[2009.02.18 19:59:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tatínek\Data aplikací\DAEMON Tools
[2009.02.18 20:00:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tatínek\Data aplikací\DAEMON Tools Lite
[2009.02.18 19:59:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tatínek\Data aplikací\DAEMON Tools Pro
[2009.06.05 19:04:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tatínek\Data aplikací\ICQ
[2008.12.26 13:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tatínek\Data aplikací\Windows Desktop Search
[2010.04.09 15:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tatínek\Data aplikací\Windows Search
[2009.03.10 20:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\DAEMON Tools
[2009.03.10 20:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\DAEMON Tools Lite
[2009.03.10 20:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\DAEMON Tools Pro
[2009.08.26 18:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\ICQ
[2008.12.26 16:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\InterVideo
[2008.12.19 11:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Leadertech
[2008.12.18 02:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\OfficeUpdate12
[2008.12.18 04:00:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Windows Desktop Search
[2009.07.02 10:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Windows Search
[2010.05.14 22:11:00 | 000,000,470 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{44D12977-049C-4C0D-8B68-B88E274F9127}.job
[2010.05.14 22:13:00 | 000,000,464 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{BFABA3BE-B8F9-4E84-A792-A015E7BC232E}.job

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\CTFMON.EXE -- [2008.04.14 09:52:18 | 000,015,360 | ---- | M] (Microsoft Corporation)

< c:\windows\*.* /U >
[8 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010.05.14 22:16:06 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft

< %APPDATA%\*.exe /s >


< MD5 for: AGP440.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\system32\DRIVERS\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: CDROM.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.14 01:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.14 01:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004.08.03 22:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2004.08.17 15:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 09:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 09:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 09:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 09:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2004.08.17 15:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 09:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 09:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: HAL.DLL >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.14 01:01:30 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\HAL.DLL
[2008.04.14 01:01:34 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2004.08.03 22:59:14 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll

< MD5 for: CHANGER.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.14 01:11:00 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys

< MD5 for: ISAPNP.SYS >
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2001.10.24 12:44:12 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
[2001.10.25 16:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\drivers\system32\DRIVERS\isapnp.sys
[2001.10.25 16:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\isapnp.sys
[2008.04.14 08:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 08:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2004.08.17 15:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 09:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 09:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.14 01:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.14 01:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2004.08.17 15:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 09:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 09:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004.08.17 15:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 09:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 09:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.17 15:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2004.08.17 15:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2008.04.14 09:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 09:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 09:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 09:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2004.08.17 15:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.04.14 01:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.14 01:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004.08.03 23:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 09:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 09:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2004.08.17 15:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 09:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 09:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2004.08.17 15:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008.04.14 09:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 09:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009.02.18 19:55:42 | 000,717,296 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2008.12.18 07:25:29 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008.12.18 07:25:29 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008.12.18 07:25:29 | 000,487,424 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2010.05.14 22:13:46 | 000,000,104 | ---- | M] () -- C:\WINDOWS\system32\nvapps.xml
[2010.05.14 22:19:53 | 000,091,736 | ---- | M] () -- C:\WINDOWS\system32\perfc005.dat
[2010.05.14 22:19:53 | 000,071,904 | ---- | M] () -- C:\WINDOWS\system32\perfc009.dat
[2010.05.14 22:19:53 | 000,461,624 | ---- | M] () -- C:\WINDOWS\system32\perfh005.dat
[2010.05.14 22:19:53 | 000,444,028 | ---- | M] () -- C:\WINDOWS\system32\perfh009.dat
[2010.05.14 22:19:52 | 001,085,524 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI
[2010.05.14 22:16:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

========== Alternate Data Streams ==========

@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:9494338C
< End of report >

[jansams]

OTL Extras logfile created on: 14.5.2010 22:35:39 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Administrator\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 87,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 98,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 1,60 Gb Free Space | 3,27% Space Free | Partition Type: NTFS
Drive D: | 416,93 Gb Total Space | 377,26 Gb Free Space | 90,48% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 1,94 Gb Total Space | 1,94 Gb Free Space | 99,97% Space Free | Partition Type: FAT32

Computer Name: PC
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\ICQ7.1\ICQ.exe" = C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1 -- (ICQ, LLC.)
"C:\Program Files\ICQ7.1\aolload.exe" = C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\HRY\EA Games\Need for Speed Undercover\nfs.exe" = D:\HRY\EA Games\Need for Speed Undercover\nfs.exe:*:Disabled:Need for Speed Undercover -- (Electronic Arts)
"C:\Program Files\TrackMania Sunrise\TmSunrise.exe" = C:\Program Files\TrackMania Sunrise\TmSunrise.exe:*:Enabled:TmSunrise -- ()
"D:\HRY\EA SPORTS\F1 Challenge 99-02\F1 Challenge 99-02.exe" = D:\HRY\EA SPORTS\F1 Challenge 99-02\F1 Challenge 99-02.exe:*:Enabled:F1 Challenge 99-02 -- File not found
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\Q3Ademo\quake3.exe" = C:\Q3Ademo\quake3.exe:*:Enabled:quake3 -- File not found
"C:\Program Files\Valve\hl.exe" = C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher -- File not found
"D:\HRY\EA Games\Need for Speed Underground 2\speed2.exe" = D:\HRY\EA Games\Need for Speed Underground 2\speed2.exe:*:Enabled:speed2 -- ()
"C:\Documents and Settings\User\Plocha\hlavni veci\hl.exe" = C:\Documents and Settings\User\Plocha\hlavni veci\hl.exe:*:Enabled:Half-Life Launcher -- File not found
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- File not found
"C:\Program Files\HLSW\hlsw.exe" = C:\Program Files\HLSW\hlsw.exe:*:Enabled:HLSW Application -- File not found
"C:\Program Files\ICQ7.1\ICQ.exe" = C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1 -- (ICQ, LLC.)
"C:\Program Files\ICQ7.1\aolload.exe" = C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"D:\Program Files\Counter-Strike Source\hl2.exe" = D:\Program Files\Counter-Strike Source\hl2.exe:*:Enabled:hl2 -- ()
"D:\Program Files\Steam\Steam.exe" = D:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"D:\Program Files\Valve\hl.exe" = D:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"D:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe" = D:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC -- ()
"D:\Program Files\Counter-Strike Source\srcds.exe" = D:\Program Files\Counter-Strike Source\srcds.exe:*:Enabled:srcds -- ()
"D:\Program Files\TmNationsForever\TmForever.exe" = D:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever -- ()
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- (Electronic Arts)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2DD388FF-6422-43C9-86A1-C7A99C83E946}" = ASUS nVidia Driver
"{2DF7B278-D3B6-40A4-B25C-0E7149F439EA}" = 3DMark05
"{2EB6729C-A255-4BC6-90B3-B29F9924C6F5}" = SHReK the THiRD(TM)
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E2E658F-0EA4-4530-A9E0-F295EF38CD40}" = El Matador
"{4F896DE0-EF26-11D5-BBEC-00D0B740900A}" = Multimedia keyboard driver
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{5E65E94D-69F2-4850-9E93-6459C53A0F50}" = Microsoft .NET Framework 1.1 Czech Language Pack
"{5F055711-2CAF-4323-8443-BEE4913FC7E6}" = Shade: Hněv andělů
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{6734CA10-8FB8-4C7F-B8C7-75317C617DC5}" = Call of Duty(R) 4 - Modern Warfare(TM) Demo
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{79C46DD8-C395-11D9-AB9E-0080C8D5ACDA}" = London Taxi Rushour
"{7F947BFE-C2DF-4779-9909-5BEE746BD0C4}" = Microsoft .NET Framework 2.0 Language Pack - CSY
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{977CD9E4-2CE7-46AC-BBEC-FC2B9696464B}" = Marine Park Empire
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD 4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6F873F6-F266-4CE4-945D-DFC06388F2CC}" = Hledá se Nemo
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-A81200000003}" = Adobe Reader 8 - Czech
"{ADE91A13-434D-4229-00BC-182BAD607303}" = Need for Speed™ Most Wanted
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{BCECC8FA-31AD-487A-A8C4-1C9C5454F9C6}_is1" = Mockba to Berlin
"{BF5EE349-90CD-4422-A43B-661778180173}" = USB Disk Win98 Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C72D7008-266D-4DD8-BF3C-296B736127F6}" = Mafia
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFA21350-5CC1-46E5-BDEF-7B35837E26E6}_is1" = The Stalin Subway
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{D-Day}" = D-Day
"{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}" = Need for Speed™ Undercover
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{TrackMania_2A3S14E11AD34}" = Track Mania
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AVG8Uninstall" = AVG 8.5
"CCleaner" = CCleaner (remove only)
"City Life_is1" = City Life
"Counter-strike 1.6 CZ" = Counter-strike 1.6 CZ
"Counter-Strike: Source" = Counter-Strike: Source
"Counter-strike: Source CZ" = Counter-strike: Source CZ
"EADM" = EA Download Manager
"GOM Player" = GOM Player
"Google Chrome" = Google Chrome
"GUMBOY: CRAZY ADVENTURES DX_is1" = GUMBOY: CRAZY ADVENTURES 1.21 DX
"Herkules_Czech" = Herkules
"HijackThis" = HijackThis 2.0.2
"ICQToolbar" = ICQ Toolbar
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InCD!UninstallKey" = InCD
"InstallShield_{2EB6729C-A255-4BC6-90B3-B29F9924C6F5}" = SHReK the THiRD(TM)
"InstallShield_{6734CA10-8FB8-4C7F-B8C7-75317C617DC5}" = Call of Duty(R) 4 - Modern Warfare(TM) Demo
"InstallShield_{977CD9E4-2CE7-46AC-BBEC-FC2B9696464B}" = Marine Park Empire
"InstallShield_{A6F873F6-F266-4CE4-945D-DFC06388F2CC}" = Hledá se Nemo
"King" = King
"Lexicon 3.0" = Lingea Lexicon 2000
"Mafia 1.0 patch" = Mafia 1.0 patch
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - CSY" = Microsoft .NET Framework 2.0 Language Pack - CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"Polda IV_is1" = Polda IV
"Pranksters" = Uličníci
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Tetris " = Tetris
"Tetris Navždy" = Tetris Navždy
"TmNations_is1" = TrackMania Nations ESWC 0.1.7.9
"TmNationsForever_is1" = TmNationsForever
"TmSunrise_is1" = TrackMania Sunrise Extreme 1.5.1
"Wincmd" = Windows Commander (Remove or Repair)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Zoo Empire_is1" = Zoo Empire 1.21

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11.5.2010 7:43:35 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Chybující aplikace game.exe, verze 1.0.0.0, chybující modul unknown,
verze 0.0.0.0, adresa chyby 0x00000462.

Error - 11.5.2010 7:43:55 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Chybující aplikace game.exe, verze 1.0.0.0, chybující modul unknown,
verze 0.0.0.0, adresa chyby 0x00000462.

Error - 11.5.2010 7:44:13 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Chybující aplikace game.exe, verze 1.0.0.0, chybující modul unknown,
verze 0.0.0.0, adresa chyby 0x00000462.

Error - 11.5.2010 7:47:07 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Chybující aplikace game.exe, verze 1.0.0.0, chybující modul unknown,
verze 0.0.0.0, adresa chyby 0x0000070f.

Error - 11.5.2010 8:58:18 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Chybující aplikace game.exe, verze 1.0.0.0, chybující modul ls3df.dll,
verze 0.0.0.0, adresa chyby 0x0005ac2e.

Error - 11.5.2010 9:26:54 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Chybující aplikace hl.exe, verze 1.1.1.1, chybující modul unknown,
verze 0.0.0.0, adresa chyby 0x00fbc940.

Error - 11.5.2010 14:21:18 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Chybující aplikace game.exe, verze 1.0.0.0, chybující modul unknown,
verze 0.0.0.0, adresa chyby 0x0000062d.

Error - 11.5.2010 14:30:16 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Chybující aplikace game.exe, verze 1.0.0.0, chybující modul ls3df.dll,
verze 0.0.0.0, adresa chyby 0x0005ac2e.

Error - 12.5.2010 8:30:53 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Chybující aplikace game.exe, verze 1.0.0.0, chybující modul game.exe,
verze 1.0.0.0, adresa chyby 0x000a2939.

Error - 12.5.2010 13:13:26 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Chybující aplikace game.exe, verze 1.0.0.0, chybující modul ls3df.dll,
verze 0.0.0.0, adresa chyby 0x0005ac2e.

[ System Events ]
Error - 28.4.2010 11:23:53 | Computer Name = PC | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk1\D.

Error - 7.5.2010 6:20:30 | Computer Name = PC | Source = sr | ID = 1
Description = Filtr nástroje Obnovení systému zjistil neočekávanou chybu 0xC000007F
při zpracování souboru lgfwup.ini na svazku HarddiskVolume1. Sledování svazku
bylo ukončeno.

Error - 14.5.2010 16:15:47 | Computer Name = PC | Source = sfsync02 | ID = 262156
Description =

Error - 14.5.2010 16:16:26 | Computer Name = PC | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby EventSystem
s argumenty za účelem spuštění serveru: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 14.5.2010 16:16:28 | Computer Name = PC | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby netman
s argumenty za účelem spuštění serveru: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 14.5.2010 16:17:07 | Computer Name = PC | Source = Service Control Manager | ID = 7001
Description = Služba Klient DHCP závisí na službě Rozhraní NetBios nad protokolem
TCP/IP, která neuspěla při spuštění v důsledku následující chyby: %%31

Error - 14.5.2010 16:17:07 | Computer Name = PC | Source = Service Control Manager | ID = 7001
Description = Služba Klient DNS závisí na službě Ovladač protokolu TCP/IP, která
neuspěla při spuštění v důsledku následující chyby: %%31

Error - 14.5.2010 16:17:07 | Computer Name = PC | Source = Service Control Manager | ID = 7001
Description = Služba Podpora rozhraní NetBIOS nad protokolem TCP/IP závisí na službě
AFD, která neuspěla při spuštění v důsledku následující chyby: %%31

Error - 14.5.2010 16:17:07 | Computer Name = PC | Source = Service Control Manager | ID = 7001
Description = Služba Služby IPSEC závisí na službě Ovladač IPSEC, která neuspěla
při spuštění v důsledku následující chyby: %%31

Error - 14.5.2010 16:17:07 | Computer Name = PC | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: AFD AsIO AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT
prodrv06
RasAcd
Rdbss
Tcpip


< End of report >

[Caroprd111]

Spusťte OTL a do spodního okna vložte následující skript.

Kód: Vybrat vše

:OTL
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: - Reg Error: Key error. File not found
O4 - HKLM..\Run: [System] C:\Program Files\System\system32.exe (Norris)
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2008.12.18 00:26:20 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:9494338C

:Commands
[EMPTYTEMP] 
[EMPTYFLASH]
[RESETHOSTS] 

Poté klikněte na Opravit, PC se restartuje, log vložte sem.

[jansams]

tak to proběhlo a zde je log:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\System deleted successfully.
C:\Program Files\System\system32.exe moved successfully.
C:\WINDOWS\002689_.tmp deleted successfully.
C:\WINDOWS\DD1865F0AD7340FBB23E1822E02396FF.TMP\WiseCustomCalla.dll deleted successfully.
C:\WINDOWS\DD1865F0AD7340FBB23E1822E02396FF.TMP folder deleted successfully.
C:\WINDOWS\SET1A.tmp deleted successfully.
C:\WINDOWS\SET1D.tmp deleted successfully.
C:\WINDOWS\SET29.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\system32\drivers\PciBus.sys moved successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:9494338C deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: dala

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: KaTa

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 116701 bytes

User: Maminka
->Temp folder emptied: 308635096 bytes
->Temporary Internet Files folder emptied: 49478027 bytes
->FireFox cache emptied: 99420762 bytes
->Google Chrome cache emptied: 6067163 bytes
->Flash cache emptied: 110411 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32969 bytes

User: Tatínek
->Temp folder emptied: 954142969 bytes
->Temporary Internet Files folder emptied: 59440229 bytes
->FireFox cache emptied: 94229001 bytes
->Flash cache emptied: 34991 bytes

User: User
->Temp folder emptied: 956973152 bytes
->Temporary Internet Files folder emptied: 13787896 bytes
->FireFox cache emptied: 93604037 bytes
->Flash cache emptied: 27253 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 173958 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23918708 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2 537,00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: dala

User: Default User

User: KaTa

User: LocalService

User: Maminka
->Flash cache emptied: 0 bytes

User: NetworkService

User: Tatínek
->Flash cache emptied: 0 bytes

User: User
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.4.1 log created on 05142010_232832

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

[Caroprd111]

Složku C:\_OTL\MovedFiles zazipujte a někam uložte. Odkaz na soubor mi pošlete přes soukromou zprávu.

Děkuji



Odinstalujte všechny emulátory virtuálních mechanik.

Stáhněte SPTD http://www.duplexsecure.com/en/downloads

• Vyberte verzi podle svého operačního systému (64 & 32b). Uložte na plochu a spusťte.
• zvolte možnost Uninstall a restartujte PC.

Stáhněte a spusťte http://www.jpshortstuff.247fixes.com/Defogger.exe

• Klikněte na "Disable" a restartujte PC.

Stáhněte MBR na plochu http://www2.gmer.net/mbr/mbr.exe

Start > Spustit (Win + R)

• Vyskočí okénko, zkopírujte do něj:

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

• Klikněte na OK

• Vytvoří se log s názvem mbr.log, vložte ho sem.

Dejte log z Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878

[jansams]

teda z toho Gmeru mě to trvalo hrozně dlouho a 3x mě to spadlo. Takže se zpožděním ale přece

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys sfsync02.sys atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

---------------------------------------

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-16 12:30:58
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxtdapow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9B9D360, 0x3738AD, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[256] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\prodrv06 \Device\ProDrv06 E1A48488
Device \Driver\atapi \Device\Ide\IdePort0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-a prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort3 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort4 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort5 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-12 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\USBSTOR \Device\00000080 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\USBSTOR \Device\00000081 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\USBSTOR \Device\00000082 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\prohlp02 \Device\ProHlp02 E156C390
Device \Driver\USBSTOR \Device\00000083 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\USBSTOR \Device\0000007f sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\AvgLdx86@RenameOnShutdown ????pd???J?Kld??PNP_TDI?????fdc???????????????????????????????????6?????????5?????????3???????????????????3???????????????n? ????????????l??.NT??????????????????c???????S??C:\Program Files\AVG\AVG8????????????????????F?F?F?F?F???<??????????????????????????????????????????????????????????????????????????d?????d?????????????????????????????????????d?????2???????????@??????????????2????????????????????????????N?????????????????{8ECC055D-047F-11D1-A537-0000F8753ED1}?11D??? ??????F?????D1}??Spr?va aplikac??X????????????????????????F?F?F?F?F?F?F???*?<?<??.NT?06???????????6??????????MEDIA?????`??????6??????MTsensor?????????adi?e sb?rnice USB??????????????????????????????????????K?K?K??.NT??????????????(???1?????1?1??usb.inf??.???????????????h??.NT?????????????????????????????Mouse?????(??????????????????????????????????????????????????????s????L??3??????????MmSys.Cpl,MediaPropPageProvider?27????>??????1?????208??storprop.dll,DvdClassInstaller?:\W??? ??1????\??????l1??????????????????????????????s???HIDClass????1??
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF9 0x11 0x28 0x9C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x76 0x2F 0xD1 0x6A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x8E 0x15 0x1C 0xEC ...
Reg HKLM\SYSTEM\ControlSet003\Services\AvgLdx86@RenameOnShutdown ???Cx????C??{8ECC055D-047F-11D1-A537-0000F8753ED1}??bu??? ???????C????????????????????????????????????s??????????C???????h?????C???????C?????C??? ???????D???????????C????????????????#?In???????&?0?&?D?&ov? ????6??D???B????????????.??I???v???t??? ???????C????????????????????????????????????s?????? ???????C???????????C????????"?h????????f????h??C ???????????r?????h???????????????????????????????????????????????????????\Device\NetBT_Tcpip_{CAB88EBB-6B30-4CB5-826D-341D1D8432C5}?\Device\NetBT_Tcpip_{A1607B0D-EAAD-442B-B6C9-D861107F94E6}?\Device\NetBT_Tcpip_{DD337177-1CFC-4F01-A25C-3B116DEAC96D}??Device\NetBT_Tcpip_{DD337177-1CFC-4F01-A25C-3B116DEAC96D}??t???C???????C???E???h??? ???????1?????(?? ??G????"????????????????????????????????????s????? ???????C?????C????????????????????'????????????????????3??? ???????C?????A?? ??I????"???&??????????????0??HID\Vid_046d&Pid_c517&Rev_3810&MI_01&Col02?HID\Vid_046d&Pid_c517&MI_01&Col02?HID_DEVICE_SYSTEM_CONSUMER?HID_DEVICE_UP:000C_U:0001?HID_DEVICE????? ???????C??????s???USB
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF9 0x11 0x28 0x9C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x76 0x2F 0xD1 0x6A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x8E 0x15 0x1C 0xEC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{16453F0B-9C0C-163A-BC41-0712BDB71323}\InprocServer32@ C:\WINDOWS\system32\scrobj.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{16453F0B-9C0C-163A-BC41-0712BDB71323}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{16453F0B-9C0C-163A-BC41-0712BDB71323}\ProgID@ script

---- EOF - GMER 1.0.15 ----

[Caroprd111]

Jak se chová PC

[jansams]

no ten hlavní problém je samozřejmě odstraněn. Jinak mě příjde celkem pomalé, ale možná je to tím, že už ten systém nějaký pátek pracuje bez reinstallu a taky tím, že je PC plný různýho marastu (gamesky, utility, dema ...) Jinak nic podezdřelého, mám ho nechat projevit ???

[Caroprd111]

Vložte do PC všechny flash disky, které používáte.

Stáhněte na plochu UsbFix http://pagesperso-orange.fr/NosTools/Ch ... UsbFix.exe

• Spusťte, poté zvolte jazyk E - Enter
• Zvolte 1 - Enter
• Po dokončení na Vás vyskočí log, vložte mi ho sem, případně ho najdete v C:\UsbFix.txt

Dejte nový log z RSIT.

[jansams]

############################## | UsbFix V6.113 |

User : Administrator (Administrators) # PC
Update on 13/05/2010 by El Desaparecido , C_XX & Chimay8
Start at: 13:58:10 | 16.5.2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Systém Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AVG Anti-Virus Network Edition 8.5 [ Enabled | Updated ]

A:\ -> Disketová jednotka 3 1/2"
C:\ -> Místní pevný disk # 48,83 Go (4,18 Go free) # NTFS
D:\ -> Místní pevný disk # 416,93 Go (377,29 Go free) [Nový svazek] # NTFS
E:\ -> Disk CD-ROM
F:\ -> Vyměnitelný disk
G:\ -> Vyměnitelný disk
H:\ -> Vyměnitelný disk
I:\ -> Vyměnitelný disk
J:\ -> Vyměnitelný disk # 1,94 Go (1,94 Go free) [HOPPY LABEL] # FAT32

################## | Files # Infected Folders |

C:\Program Files\System
D:\msvcr71.dll

################## | Registry |

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

################## | Mountpoints2 |


################## | Vaccin |

(!) This computer is not vaccinated!

################## | ! End of report # UsbFix V6.113 ! |

´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´
´Logfile of random's system information tool 1.07 (written by random/random)
Run by Administrator at 2010-05-16 14:00:00
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 4 GB (9%) free of 50 GB
Total RAM: 2047 MB (76% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{44D12977-049C-4C0D-8B68-B88E274F9127}.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{BFABA3BE-B8F9-4E84-A792-A015E7BC232E}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-12-11 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2009-01-28 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\1003291911\ICQToolBar.dll [2010-01-03 1019128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-07-16 16806400]
"Six Engine"=C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe [2008-07-23 5625344]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-06-25 13529088]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-06-25 86016]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"CHotkey"=C:\WINDOWS\mHotkey.exe [2006-12-08 547840]
"RemoteControl"=C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2010-03-18 2046816]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe [2006-07-12 1397760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2008-05-26 123904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-07-31 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\HRY\EA Games\Need for Speed Undercover\nfs.exe"="D:\HRY\EA Games\Need for Speed Undercover\nfs.exe:*:Disabled:Need for Speed Undercover"
"C:\Program Files\TrackMania Sunrise\TmSunrise.exe"="C:\Program Files\TrackMania Sunrise\TmSunrise.exe:*:Enabled:TmSunrise"
"D:\HRY\EA SPORTS\F1 Challenge 99-02\F1 Challenge 99-02.exe"="D:\HRY\EA SPORTS\F1 Challenge 99-02\F1 Challenge 99-02.exe:*:Enabled:F1 Challenge 99-02"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Q3Ademo\quake3.exe"="C:\Q3Ademo\quake3.exe:*:Enabled:quake3"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"D:\HRY\EA Games\Need for Speed Underground 2\speed2.exe"="D:\HRY\EA Games\Need for Speed Underground 2\speed2.exe:*:Enabled:speed2"
"C:\Documents and Settings\User\Plocha\hlavni veci\hl.exe"="C:\Documents and Settings\User\Plocha\hlavni veci\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\HLSW\hlsw.exe"="C:\Program Files\HLSW\hlsw.exe:*:Enabled:HLSW Application"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"D:\Program Files\Counter-Strike Source\hl2.exe"="D:\Program Files\Counter-Strike Source\hl2.exe:*:Enabled:hl2"
"D:\Program Files\Steam\Steam.exe"="D:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"D:\Program Files\Valve\hl.exe"="D:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe"="D:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"D:\Program Files\Counter-Strike Source\srcds.exe"="D:\Program Files\Counter-Strike Source\srcds.exe:*:Enabled:srcds"
"D:\Program Files\TmNationsForever\TmForever.exe"="D:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"

======List of files/folders created in the last 1 months======

2010-05-16 13:58:09 ----A---- C:\UsbFix.txt
2010-05-16 13:57:06 ----D---- C:\UsbFix
2010-05-15 11:22:43 ----A---- C:\WINDOWS\DelToolbox.bat
2010-05-14 23:33:33 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Identities
2010-05-14 23:33:33 ----A---- C:\WINDOWS\OEWABLog.txt
2010-05-14 23:28:32 ----D---- C:\_OTL
2010-05-14 22:17:14 ----D---- C:\Program Files\trend micro
2010-05-14 22:17:13 ----D---- C:\rsit
2010-05-14 22:16:04 ----SD---- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
2010-05-14 22:16:04 ----ASH---- C:\Documents and Settings\Administrator\Data aplikací\desktop.ini
2010-05-14 22:15:36 ----A---- C:\WINDOWS\ntbtlog.txt
2010-05-13 13:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-05-12 19:22:08 ----D---- C:\Program Files\System
2010-05-10 20:42:47 ----D---- C:\Documents and Settings\All Users\Data aplikací\TrackMania
2010-05-06 15:09:54 ----A---- C:\WINDOWS\system32\H@tKeysH@@k.DLL
2010-05-06 14:40:47 ----D---- C:\Program Files\Mafia
2010-04-21 09:03:07 ----N---- C:\WINDOWS\system32\browserchoice.exe

======List of files/folders modified in the last 1 months======

2010-05-16 13:59:19 ----D---- C:\WINDOWS\system32
2010-05-16 13:59:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-05-16 13:58:09 ----D---- C:\WINDOWS\Temp
2010-05-16 13:55:34 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-16 12:42:33 ----A---- C:\WINDOWS\NeroDigital.ini
2010-05-16 12:41:19 ----D---- C:\Data aplikací
2010-05-15 11:27:54 ----D---- C:\WINDOWS
2010-05-15 11:27:30 ----RD---- C:\Program Files
2010-05-15 11:24:33 ----D---- C:\WINDOWS\system32\drivers
2010-05-15 11:23:47 ----RSD---- C:\WINDOWS\Fonts
2010-05-15 11:22:44 ----HD---- C:\WINDOWS\inf
2010-05-15 11:22:22 ----SHD---- C:\WINDOWS\Installer
2010-05-15 11:21:21 ----D---- C:\Documents and Settings\All Users\Data aplikací\Norton
2010-05-15 11:21:19 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-05-15 11:21:18 ----SD---- C:\WINDOWS\Tasks
2010-05-15 11:20:51 ----HD---- C:\Program Files\InstallShield Installation Information
2010-05-15 11:20:51 ----A---- C:\WINDOWS\lgfwup.ini
2010-05-15 11:18:58 ----D---- C:\WINDOWS\Prefetch
2010-05-15 11:15:08 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-14 23:33:23 ----D---- C:\Program Files\Windows Media Player
2010-05-14 23:29:28 ----SHD---- C:\RECYCLER
2010-05-14 22:16:03 ----D---- C:\Documents and Settings
2010-05-13 13:36:37 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-05-13 13:36:36 ----D---- C:\Program Files\Outlook Express
2010-05-12 12:43:42 ----HD---- C:\WINDOWS\$hf_mig$
2010-05-11 12:51:40 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-05-10 20:41:44 ----RSD---- C:\WINDOWS\assembly
2010-05-10 20:41:25 ----D---- C:\WINDOWS\system32\DirectX
2010-05-07 12:33:51 ----D---- C:\Program Files\Microsoft Games
2010-05-07 12:29:59 ----D---- C:\Program Files\FlatOut2
2010-05-07 12:26:33 ----A---- C:\WINDOWS\imsins.BAK
2010-05-06 20:02:02 ----D---- C:\Program Files\Google
2010-05-05 12:02:19 ----HD---- C:\$AVG8.VAULT$
2010-04-30 20:51:06 ----A---- C:\WINDOWS\system32\MRT.exe
2010-04-28 17:25:25 ----D---- C:\WINDOWS\system
2010-04-19 17:03:45 ----A---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-31 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-07-31 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-04-27 108552]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-07-08 29696]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2006-07-12 28672]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-09-03 54368]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-07-16 4747776]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1e51x86.sys [2008-06-25 36864]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-06-25 6555168]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-07-08 99584]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 catchme;catchme; \??\C:\DOCUME~1\TATNEK~1\LOCALS~1\Temp\catchme.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 RT73;RT73 USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys []
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-07-31 908056]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-31 297752]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-07-08 871424]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-06-25 159812]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-12-24 66872]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-06 136176]
S2 sfrem01;SF FrontLine Drivers Auto Removal (v1); C:\WINDOWS\system32\sfrem01.exe [2006-05-10 353912]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-28 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Caroprd111]

Vložte do PC všechny flash disky, které používáte.

Stáhněte na plochu UsbFix http://pagesperso-orange.fr/NosTools/Ch ... UsbFix.exe

• Spusťte, poté zvolte jazyk E - Enter
• Zvolte 2 - Enter (je možný restart PC)
• Po dokončení na Vás vyskočí log, vložte mi ho sem, případně ho najdete v C:\UsbFix.txt

[jansams]

############################## | UsbFix V6.113 |

User : Administrator (Administrators) # PC
Update on 13/05/2010 by El Desaparecido , C_XX & Chimay8
Start at: 20:35:54 | 16.5.2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Systém Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AVG Anti-Virus Network Edition 8.5 [ Enabled | Updated ]

A:\ -> Disketová jednotka 3 1/2"
C:\ -> Místní pevný disk # 48,83 Go (4,11 Go free) # NTFS
D:\ -> Místní pevný disk # 416,93 Go (377,29 Go free) [Nový svazek] # NTFS
E:\ -> Disk CD-ROM
F:\ -> Vyměnitelný disk
G:\ -> Vyměnitelný disk
H:\ -> Vyměnitelný disk
I:\ -> Vyměnitelný disk
J:\ -> Vyměnitelný disk # 1,94 Go (1,94 Go free) [HOPPY LABEL] # FAT32

################## | Files # Infected Folders |

Deleted ! C:\Program Files\System
Deleted ! C:\Recycler\S-1-5-21-329068152-854245398-725345543-1003
Deleted ! C:\Recycler\S-1-5-21-329068152-854245398-725345543-1006
Deleted ! C:\Recycler\S-1-5-21-329068152-854245398-725345543-1007
Deleted ! C:\Recycler\S-1-5-21-329068152-854245398-725345543-1008
Deleted ! C:\Recycler\S-1-5-21-329068152-854245398-725345543-1010
Deleted ! C:\Recycler\S-1-5-21-329068152-854245398-725345543-500
Deleted ! D:\msvcr71.dll
Deleted ! D:\Recycler\S-1-5-21-329068152-854245398-725345543-1003
Deleted ! D:\Recycler\S-1-5-21-329068152-854245398-725345543-1006
Deleted ! D:\Recycler\S-1-5-21-329068152-854245398-725345543-1007
Deleted ! D:\Recycler\S-1-5-21-329068152-854245398-725345543-1008
Deleted ! D:\Recycler\S-1-5-21-329068152-854245398-725345543-1010
Deleted ! D:\Recycler\S-1-5-21-329068152-854245398-725345543-500
Deleted ! J:\log.txt

################## | Registry |

Deleted ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

################## | Mountpoints2 |


################## | Listing of the present files |

[02.03.2010 19:19|--a------|0] C:\AILog.txt
[17.12.2008 23:42|--a------|0] C:\AUTOEXEC.BAT
[17.12.2008 23:38|--a------|211] C:\Boot.bak
[07.10.2009 16:03|-rahs----|281] C:\boot.ini
[25.10.2001 16:00|-rahs----|4952] C:\Bootfont.bin
[03.08.2004 23:00|--a------|261312] C:\cmldr
[17.12.2008 23:42|--a------|0] C:\CONFIG.SYS
[20.01.2009 17:07|--a------|112] C:\htsetup.err
[17.12.2008 23:42|-rahs----|0] C:\IO.SYS
[17.12.2008 23:42|-rahs----|0] C:\MSDOS.SYS
[03.08.2004 22:38|-rahs----|47564] C:\NTDETECT.COM
[18.12.2008 00:32|-rahs----|250576] C:\ntldr
[?|?|?] C:\pagefile.sys
[17.12.2008 23:59|--a------|581] C:\RHDSetup.log
[16.05.2010 20:40|--a------|2736] C:\UsbFix.txt
[18.07.2009 15:22|--a------|59012] D:\AgencyB.TTF
[18.07.2009 15:22|--a------|49152] D:\Amhooker.dll
[18.07.2009 15:22|--a------|52160] D:\BAKER.TTF
[18.07.2009 15:22|--a------|35396] D:\Baker2.ttf
[18.07.2009 15:22|--a------|338944] D:\binkw32.dll
[18.07.2009 15:22|--a------|807696] D:\browseui.dll
[18.07.2009 15:22|--a------|233744] D:\cscui.dll
[18.07.2009 15:22|--a------|59] D:\D-Day - Editor Mode.bat
[18.07.2009 15:22|--a------|413696] D:\D-Day Editor v1.00.0.doc
[18.07.2009 15:22|--a------|404480] D:\D-Day Editor_v100.doc
[18.07.2009 15:22|--a------|6174] D:\D-Day.bmp
[18.07.2009 15:22|--a------|10038784] D:\D-Day.exe
[18.07.2009 15:22|--a------|106566] D:\DM.DLL
[18.07.2009 15:22|--a------|52] D:\Game Website.url
[18.07.2009 15:22|--a------|1078] D:\gamespy.ico
[18.07.2009 15:22|--a------|7058] D:\gamespy.txt
[18.07.2009 15:26|--a------|213248] D:\Install.log
[18.07.2009 15:22|--a------|4062] D:\Local Settings.setting
[18.07.2009 15:22|--a------|974848] D:\mfc70.dll
[18.07.2009 15:22|--a------|1060864] D:\MFC71.dll
[18.07.2009 15:22|--a------|184320] D:\MSDIS110.DLL
[18.07.2009 15:22|--a------|1994240] D:\msi.dll
[18.07.2009 15:22|--a------|372736] D:\mss32.dll
[18.07.2009 15:22|--a------|401462] D:\MSVCP60.DLL
[18.07.2009 15:22|--a------|487424] D:\msvcp70.dll
[18.07.2009 15:22|--a------|499712] D:\msvcp71.dll
[18.07.2009 15:22|--a------|344064] D:\msvcr70.dll
[18.07.2009 15:22|--a------|544768] D:\msvcr71d.dll
[18.07.2009 15:22|--a------|434252] D:\MSVCRTD.DLL
[18.07.2009 15:22|--a------|8074] D:\Readme.txt
[18.07.2009 15:22|--a------|46166832] D:\resource1.dat
[18.07.2009 15:22|--a------|16371] D:\Settings.setting
[18.07.2009 15:22|--a------|1104144] D:\shdocvw.dll
[18.07.2009 15:22|--a------|1298432] D:\ShortcutEditor.exe
[18.07.2009 15:22|--a------|216056] D:\SPLASH.BMP
[18.07.2009 15:22|--a------|7757593] D:\tengine.dll
[18.07.2009 15:22|--a------|28746] D:\TLN0T.DLL
[18.07.2009 15:22|--a------|46] D:\Topcd.url
[18.07.2009 15:22|--a------|245408] D:\unicows.dll
[18.07.2009 15:22|--a------|162816] D:\Uninstall.exe
[18.07.2009 15:22|--a------|2433024] D:\UT.dll
[18.07.2009 15:22|--a------|419488] D:\Vsflex7L.ocx
[18.07.2009 15:22|--a------|3262] D:\WebShortcut.ico
[15.05.2010 11:31|--a------|324] J:\mbr.log
[16.05.2010 12:31|--a------|10178] J:\gmer.log
[16.05.2010 13:59|--a------|1303] J:\UsbFix.txt

################## | Vaccination |

# C:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).
# D:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).
# J:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).

################## | Upload |

Please send the file : C:\UsbFix_Upload_Me_PC.zip : http://chiquitine.changelog.fr/Sample/Upload.php
Thank you for your contribution .

################## | ! End of report # UsbFix V6.113 ! |

[Caroprd111]

Doporučuji odinstalovat (pokud nepoužíváte) toolbary (lišty) v Přidat nebo odebrat programy.


Doporučuji odinstalovat Spybot - Search & Destroy.


Znovu spusťte UsbFix a zvolte možnost 6.


Stáhněte TFC http://oldtimer.geekstogo.com/TFC.exe

• Spusťte.
• Klikněte na "Start". Potvrďte hlášku kliknutím na "Ok" (Bude následovat restart)

Stáhněte OTC http://oldtimer.geekstogo.com/OTC.exe

• Spusťte.
• Klikněte na "CleanUp!". Potvrďte hlášky kliknutím na "Yes" (Bude následovat restart)

Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478

• Nainstalujte a v průběhu instalace odškrtněte, že chcete instalovat yahoo toolbar.
  
  Záložka Čistič
• Dejte analyzovat, po dokončení dejte Spustit Ccleaner.
  
  Záložka Registry
• Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, potom dejte Opravit všechny problémy.
  OK Zavřít

Dejte nový log z RSIT.