Kontrola logu

Zpráva

JirkaL · #1 Příspěvek od **JirkaL** » 30 srp 2010 15:27

Moc prosím o kontrolu logu a pomoc při odvirování PC.Můj provider mě odpojil od internetu s tím,že PC je zavirované.Díky moc.
Tady je log.
Logfile of random's system information tool 1.08 (written by random/random)
Run by legnerj at 2010-08-30 16:15:32
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 104 GB (68%) free of 153 GB
Total RAM: 895 MB (40% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-14 278192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [2010-05-26 814648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
pdfforge Toolbar

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-17 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-07-17 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B922D405-6D13-4A2B-AE89-08A030DA4402} -
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-14 278192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HControl"=C:\WINDOWS\ATK0100\HControl.exe [2006-10-14 110592]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"SMSERIAL"=C:\WINDOWS\sm56hlpr.exe [2006-03-21 544768]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-10-30 16269312]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-05-25 786521]
"Wireless Console 2"=C:\Program Files\Wireless Console 2\wcourier.exe [2005-10-17 987136]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-26 161328]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-10-07 1461080]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-02-21 417792]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2009-11-26 5129128]
"Služba Acronis Scheduler2"=C:\Program Files\Common Files\Acronis\Plán2\schedhlp.exe [2009-11-26 361976]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
""= []
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-05-26 39408]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Documents and Settings\legnerj\Nabídka Start\Programy\Po spuštění
sysrda32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-02-02 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"HideLegacyLogonScripts"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoAutoUpdate"=1
"ForceClassicControlPanel"=1
"DisablePersonalDirChange"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\totalcmd\TOTALCMD.EXE"="C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\totalcmd\TOTALCMD.EXE"="C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"

======File associations======

.scr - open - C:\WINDOWS\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-08-30 16:15:34 ----D---- C:\Program Files\trend micro
2010-08-30 16:15:32 ----D---- C:\rsit
2010-08-30 13:44:19 ----A---- C:\WINDOWS\system32\drivers\OLD2A35.tmp
2010-08-30 13:43:45 ----A---- C:\WINDOWS\system32\drivers\i2omgmt.sys
2010-08-30 13:43:37 ----A---- C:\WINDOWS\system32\drivers\changer.sys
2010-08-30 13:43:35 ----A---- C:\WINDOWS\system32\drivers\lbrtfdc.sys
2010-08-30 13:43:28 ----D---- C:\WINDOWS\LastGood
2010-08-30 13:42:47 ----A---- C:\WINDOWS\system32\drivers\spxysa.sys
2010-08-19 00:09:01 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
2010-08-19 00:08:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2010-08-19 00:05:47 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$
2010-08-19 00:05:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2010-08-19 00:01:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2160329$
2010-08-19 00:01:08 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2010-08-18 23:59:07 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2010-08-18 23:57:24 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2010-08-05 18:59:50 ----ASH---- C:\pagefile.sys
2010-08-05 18:59:50 ----A---- C:\WINDOWS\DUMP466f.tmp
2010-08-05 18:59:50 ----A---- C:\WINDOWS\DUMP4641.tmp
2010-08-05 18:59:50 ----A---- C:\WINDOWS\DUMP3c3d.tmp
2010-08-05 18:59:50 ----A---- C:\WINDOWS\DUMP3ae6.tmp
2010-08-04 06:31:11 ----A---- C:\WINDOWS\system32\javaws.exe
2010-08-04 06:31:11 ----A---- C:\WINDOWS\system32\javaw.exe
2010-08-04 06:31:11 ----A---- C:\WINDOWS\system32\java.exe
2010-08-03 21:59:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$

======List of files/folders modified in the last 1 months======

2010-08-30 16:15:34 ----RD---- C:\Program Files
2010-08-30 15:17:18 ----D---- C:\WINDOWS\Temp
2010-08-30 13:44:53 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-30 13:44:47 ----D---- C:\WINDOWS\system32\drivers
2010-08-30 13:43:28 ----D---- C:\WINDOWS
2010-08-30 13:42:45 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-30 13:42:29 ----D---- C:\WINDOWS\system32
2010-08-30 13:42:20 ----D---- C:\WINDOWS\Prefetch
2010-08-30 06:36:02 ----D---- C:\WINDOWS\Minidump
2010-08-29 23:38:01 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-27 21:04:31 ----D---- C:\Documents and Settings\legnerj\Data aplikací\gtk-2.0
2010-08-27 20:26:17 ----SHD---- C:\WINDOWS\Installer
2010-08-27 20:26:17 ----D---- C:\Config.Msi
2010-08-27 20:26:12 ----D---- C:\Program Files\Zoner
2010-08-27 20:25:39 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-08-27 10:18:14 ----A---- C:\WINDOWS\NeroDigital.ini
2010-08-25 17:03:55 ----A---- C:\WINDOWS\wincmd.ini
2010-08-25 13:08:34 ----SHD---- C:\WINDOWS\CSC
2010-08-19 06:46:57 ----HD---- C:\WINDOWS\inf
2010-08-19 00:10:27 ----RSD---- C:\WINDOWS\assembly
2010-08-19 00:10:00 ----D---- C:\WINDOWS\Microsoft.NET
2010-08-19 00:08:58 ----HD---- C:\WINDOWS\$hf_mig$
2010-08-19 00:08:56 ----A---- C:\WINDOWS\imsins.BAK
2010-08-19 00:08:26 ----A---- C:\WINDOWS\win.ini
2010-08-19 00:04:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-08-19 00:04:25 ----D---- C:\WINDOWS\WinSxS
2010-08-19 00:01:48 ----D---- C:\Program Files\Internet Explorer
2010-08-19 00:01:38 ----D---- C:\WINDOWS\ie8updates
2010-08-18 23:59:11 ----D---- C:\Program Files\Movie Maker
2010-08-05 18:56:25 ----A---- C:\WINDOWS\DUMP3f0c.tmp
2010-08-05 18:55:22 ----A---- C:\WINDOWS\DUMP498c.tmp
2010-08-04 15:57:56 ----A---- C:\WINDOWS\DUMP4239.tmp
2010-08-04 15:56:58 ----A---- C:\WINDOWS\DUMP517b.tmp
2010-08-04 06:30:21 ----D---- C:\Program Files\Java
2010-08-03 20:09:31 ----A---- C:\WINDOWS\system32\MRT.exe
2010-08-02 06:48:30 ----D---- C:\WINDOWS\system32\config
2010-08-02 06:48:01 ----D---- C:\WINDOWS\system32\wbem
2010-08-02 06:47:59 ----D---- C:\WINDOWS\Registration
2010-08-02 06:46:19 ----A---- C:\WINDOWS\ntbtlog.txt
2010-08-02 06:44:41 ----A---- C:\WINDOWS\DUMP469e.tmp
2010-08-02 06:43:40 ----A---- C:\WINDOWS\DUMP4a18.tmp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 snapman;Acronis Snapshots Manager; C:\WINDOWS\system32\DRIVERS\snapman.sys [2010-03-10 158272]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258); C:\WINDOWS\system32\DRIVERS\tdrpm258.sys [2010-03-10 911680]
R0 timounter;Acronis Backup Archive Explorer; C:\WINDOWS\system32\DRIVERS\timntr.sys [2010-03-10 581984]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2009-10-07 54184]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-10-07 35168]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2005-08-01 64896]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-08-06 20747]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-10-07 40824]
R3 afcdp;afcdp; C:\WINDOWS\system32\DRIVERS\afcdp.sys [2010-03-10 160288]
R3 ASNDIS5;ASNDIS5 Protocol Driver; \??\C:\WINDOWS\ATK0100\ASNDIS5.SYS []
R3 AtcL002;NDIS Miniport Driver for Attansic L2 Fast Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\atl02_xp.sys [2006-08-14 27776]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-02-02 1975296]
R3 BCM43XX;Ovladač síťového adaptéru ASUS 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-10-12 604928]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-03 4394496]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2007-08-28 5760]
R3 RTSTOR;USB Mass Stroage Device; C:\WINDOWS\system32\drivers\RTSTOR.SYS [2006-06-10 27520]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2006-03-21 889472]
R3 SynMini;USB2.0 1.3M WebCam; C:\WINDOWS\System32\Drivers\SynMini.sys [2006-08-09 1116544]
R3 SynScan;USB2.0 1.3M WebCam Still Image; C:\WINDOWS\System32\Drivers\SynScan.sys [2006-08-09 7808]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-05-25 193088]
R3 tosporte;Bluetooth Port Driver from Toshiba; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2006-04-19 47488]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-02 17536]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-02 20864]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-18 5888]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 toshidpt;TOSHIBA Bluetooth HID port driver; C:\WINDOWS\system32\drivers\Toshidpt.sys [2005-07-11 3712]
S3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2006-05-18 110976]
S3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2006-03-16 37632]
S3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2006-05-09 62848]
S3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA; C:\WINDOWS\system32\drivers\TosRfSnd.sys [2006-03-15 52864]
S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2006-05-09 40192]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;Nokia USB Serial Port; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-02 8064]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Služba Acronis Scheduler2; C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe [2009-11-26 661008]
R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2010-01-08 380928]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-02-02 446464]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-10-07 472280]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe [2004-07-14 65536]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-17 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe [2004-07-14 1527887]
S2 afcdpsrv;Acronis Nonstop Backup service; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2010-03-10 2480048]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-26 136176]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-12-02 85096]
S3 Autodesk Network Licensing Service;Autodesk Network Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe [2009-09-08 1326232]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-10-07 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-05-26 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Služba Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-03-26 779824]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-26 267824]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **Caroprd111** » 30 srp 2010 16:14

Zdravím

Stáhněte OTL http://oldtimer.geekstogo.com/OTL.exe na plochu

Spusťte, poté do spodního políčka vložte následující skript.

Kód: Vybrat vše

 netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys 
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys 
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys 
cdrom.sys 
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav 
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT

Označte položku Pro všechny uživatele.
Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Klikněte na tlačítko Prohledat
Po dokončení, sem vložte logy OTL.Txt a Extras.txt

JirkaL · #3 Příspěvek od **JirkaL** » 30 srp 2010 17:18

Tak toto je prosím log OTL (druhý log Extras musím poslat zvlášť,je to dohromady moc znaků)

OTL logfile created on: 30.8.2010 17:53:35 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = G:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

895,00 Mb Total Physical Memory | 358,00 Mb Available Physical Memory | 40,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,05 Gb Total Space | 101,21 Gb Free Space | 67,90% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 15,05 Gb Total Space | 4,39 Gb Free Space | 29,17% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: R-NT-LEGNER
Current User Name: legnerj
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.08.30 17:51:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- G:\OTL.exe
PRC - [2010.07.17 05:00:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe
PRC - [2010.01.08 01:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2009.11.26 18:45:54 | 000,361,976 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Plán2\schedhlp.exe
PRC - [2009.11.26 18:45:48 | 000,661,008 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe
PRC - [2009.11.26 18:44:46 | 005,129,128 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2009.10.07 10:16:50 | 000,472,280 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009.10.07 10:15:42 | 001,461,080 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008.05.26 22:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.05.11 03:06:00 | 000,341,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
PRC - [2006.10.14 11:37:40 | 000,110,592 | R--- | M] () -- C:\WINDOWS\ATK0100\HControl.exe
PRC - [2006.08.10 16:08:04 | 002,379,776 | R--- | M] () -- C:\WINDOWS\ATK0100\ATKOSD.exe
PRC - [2006.05.16 11:42:52 | 001,777,664 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2006.04.07 17:36:46 | 000,290,816 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2006.03.21 16:54:22 | 000,544,768 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe
PRC - [2006.01.27 18:17:50 | 000,221,184 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2006.01.23 21:47:32 | 000,073,728 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2005.10.17 17:09:34 | 000,987,136 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2004.07.14 01:05:10 | 001,527,887 | ---- | M] (The Firebird Project) -- C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
PRC - [2004.07.14 01:05:10 | 000,065,536 | ---- | M] (The Firebird Project) -- C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe

========== Modules (SafeList) ==========

MOD - [2010.08.30 17:51:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- G:\OTL.exe
MOD - [2008.04.14 05:19:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010.03.10 16:01:26 | 002,480,048 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010.01.08 01:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2009.12.02 14:38:21 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009.11.26 18:45:48 | 000,661,008 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009.10.07 10:21:14 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009.10.07 10:16:50 | 000,472,280 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2009.09.08 12:13:42 | 001,326,232 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe -- (Autodesk Network Licensing Service)
SRV - [2008.07.29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2004.07.14 01:05:10 | 001,527,887 | ---- | M] (The Firebird Project) [On_Demand | Running] -- C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe -- (FirebirdServerDefaultInstance)
SRV - [2004.07.14 01:05:10 | 000,065,536 | ---- | M] (The Firebird Project) [Auto | Running] -- C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)

========== Driver Services (SafeList) ==========

DRV - [2010.03.10 16:01:31 | 000,160,288 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2010.03.10 16:01:18 | 000,911,680 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258)
DRV - [2010.03.10 16:01:13 | 000,581,984 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010.03.10 16:00:56 | 000,158,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009.10.07 10:18:36 | 000,035,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009.10.07 10:12:22 | 000,054,184 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv)
DRV - [2009.10.07 10:11:10 | 000,040,824 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2008.05.02 11:58:28 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008.05.02 11:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008.05.02 11:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\changer.sys -- (Changer)
DRV - [2008.04.13 20:40:26 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2008.04.13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007.08.28 05:58:00 | 000,005,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2007.02.02 09:03:24 | 001,975,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006.11.03 03:32:30 | 004,394,496 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006.10.12 16:28:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006.08.14 05:40:24 | 000,027,776 | R--- | M] (Attansic Technology corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atl02_xp.sys -- (AtcL002)
DRV - [2006.08.09 08:15:14 | 001,116,544 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynMini.sys -- (SynMini)
DRV - [2006.08.09 08:15:14 | 000,007,808 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynScan.sys -- (SynScan)
DRV - [2006.06.10 00:07:28 | 000,027,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2006.05.25 13:40:58 | 000,193,088 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006.05.18 21:46:16 | 000,110,976 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006.05.09 11:21:54 | 000,040,192 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006.05.09 10:33:54 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2006.04.19 13:57:44 | 000,047,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006.03.21 17:04:24 | 000,889,472 | R--- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2006.03.16 10:45:12 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2006.03.15 10:52:40 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2005.08.01 16:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005.07.11 18:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005.01.06 13:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004.05.28 04:13:04 | 000,016,269 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\ATK0100\ASNDIS5.sys -- (ASNDIS5)
DRV - [2001.08.17 21:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1076763076-4089535954-472526857-2314\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-1076763076-4089535954-472526857-2314\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 96 FF DA 24 F4 31 CA 01 [binary data]
IE - HKU\S-1-5-21-1076763076-4089535954-472526857-2314\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Value error. File not found
IE - HKU\S-1-5-21-1076763076-4089535954-472526857-2314\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2004.08.18 14:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Podpora odkazu pro Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - Reg Error: Value error. File not found
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - Reg Error: Value error. File not found
O3 - HKU\S-1-5-21-1076763076-4089535954-472526857-2314\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Služba Acronis Scheduler2] C:\Program Files\Common Files\Acronis\Plán2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe ()
O4 - HKU\S-1-5-21-1076763076-4089535954-472526857-2314..\Run: [] File not found
O4 - HKU\S-1-5-21-1076763076-4089535954-472526857-2314..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKU\S-1-5-21-1076763076-4089535954-472526857-2314..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\legnerj\Nabídka Start\Programy\Po spuštění\sysrda32.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1076763076-4089535954-472526857-2314\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1076763076-4089535954-472526857-2314\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-1076763076-4089535954-472526857-2314\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-1076763076-4089535954-472526857-2314\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-21-1076763076-4089535954-472526857-2314\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1076763076-4089535954-472526857-2314\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 1
O7 - HKU\S-1-5-21-1076763076-4089535954-472526857-2314\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 1
O7 - HKU\S-1-5-21-1076763076-4089535954-472526857-2314\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1
O7 - HKU\S-1-5-21-1076763076-4089535954-472526857-2314\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\S-1-5-21-1076763076-4089535954-472526857-2314\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 1
O8 - Extra context menu item: WikiKomentáře Google... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net ... plugin.cab (QuickTime Plugin Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 1734278593 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = iss-slavkov.local
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\legnerj\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\legnerj\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.08.06 10:44:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\##server-r2#DATA-VEDENI\Shell\Open(0)\command - "" = V:\Recycled\ctfmon.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.a3d - C:\WINDOWS\System32\a3d.dll (Aureal Semiconductor)
Drivers32: msacm.divxa - C:\WINDOWS\System32\divxa32.acm (build Pinky.cz)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3radius - C:\WINDOWS\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ogg - C:\WINDOWS\System32\ogg.dll ()
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.dll ()
Drivers32: msacm.vorbisenc - C:\WINDOWS\System32\vorbisenc.dll ()
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.div3 - C:\WINDOWS\System32\divxc32.dll (build Pinky.cz)
Drivers32: vidc.div4 - C:\WINDOWS\System32\divxc32f.dll (Pinky.cz)
Drivers32: vidc.DIVF - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.divx - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.mp43 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvid.dll ()
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54619756233228288)

========== Files/Folders - Created Within 30 Days ==========

[2010.08.30 16:15:34 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.08.30 16:15:32 | 000,000,000 | ---D | C] -- C:\rsit
[2010.08.30 13:43:45 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
[2010.08.30 13:43:37 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\changer.sys
[2010.08.30 13:43:37 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2010.08.30 13:43:35 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys
[2010.08.30 13:43:35 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2010.08.30 13:43:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010.08.22 09:56:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\legnerj\Dokumenty\gegl-0.0
[2010.08.04 06:31:12 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010.08.04 06:31:11 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.08.04 06:31:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.08.04 06:31:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[117 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.08.30 17:56:28 | 000,757,248 | ---- | M] () -- C:\WINDOWS\System32\drivers\spxysa.sys
[2010.08.30 17:51:45 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.30 15:22:46 | 004,718,592 | ---- | M] () -- C:\Documents and Settings\legnerj\ntuser.dat
[2010.08.30 15:17:01 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.30 13:41:46 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\legnerj\Data aplikací\avdrn.dat
[2010.08.30 06:36:23 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.08.30 06:36:05 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.08.30 06:36:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.08.29 23:37:46 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\legnerj\ntuser.ini
[2010.08.29 23:37:10 | 005,361,970 | -H-- | M] () -- C:\Documents and Settings\legnerj\Local Settings\Data aplikací\IconCache.db
[2010.08.29 10:17:53 | 000,030,086 | ---- | M] () -- C:\Documents and Settings\legnerj\Plocha\index-aqua.png
[2010.08.27 21:53:19 | 000,013,793 | ---- | M] () -- C:\Documents and Settings\legnerj\.recently-used.xbel
[2010.08.27 20:40:56 | 000,000,280 | ---- | M] () -- C:\WINDOWS\emm386n.dl
[2010.08.27 10:18:14 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.08.25 17:03:55 | 000,003,961 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010.08.25 14:46:56 | 000,013,312 | ---- | M] () -- C:\Documents and Settings\legnerj\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.19 06:49:21 | 000,385,608 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.08.19 00:08:56 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.08.19 00:08:26 | 000,000,675 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.08.19 00:04:59 | 000,531,296 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.08.19 00:04:59 | 000,514,194 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.08.19 00:04:59 | 000,128,978 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.08.19 00:04:59 | 000,102,344 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.08.19 00:04:58 | 001,254,218 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[117 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.08.30 13:42:47 | 000,757,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\spxysa.sys
[2010.08.30 13:41:46 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\legnerj\Data aplikací\avdrn.dat
[2010.08.29 10:24:44 | 000,030,086 | ---- | C] () -- C:\Documents and Settings\legnerj\Plocha\index-aqua.png
[2010.08.27 21:53:19 | 000,013,793 | ---- | C] () -- C:\Documents and Settings\legnerj\.recently-used.xbel
[2010.08.27 20:40:56 | 000,000,280 | ---- | C] () -- C:\WINDOWS\emm386n.dl
[2010.08.01 09:03:33 | 004,718,592 | ---- | C] () -- C:\Documents and Settings\legnerj\ntuser.dat
[2010.03.04 17:43:00 | 000,000,098 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2009.11.25 14:04:02 | 000,000,133 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2009.11.11 10:23:57 | 000,043,008 | ---- | C] () -- C:\WINDOWS\System32\winbri21.dll
[2009.10.20 13:37:15 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\legnerj\Local Settings\Data aplikací\fusioncache.dat
[2009.10.20 13:36:57 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009.10.02 18:48:57 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\legnerj\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.05.26 22:22:14 | 000,015,552 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008.05.26 22:22:10 | 000,021,464 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008.05.26 22:22:04 | 000,014,910 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007.12.21 08:21:56 | 000,035,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\epfwtdir.sys
[2007.10.24 15:52:56 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.08.23 11:08:24 | 000,003,961 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2007.08.23 10:39:23 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.08.16 06:53:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007.08.06 12:06:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2007.08.06 11:45:25 | 000,014,848 | R--- | C] () -- C:\WINDOWS\System32\drivers\SynSam.sys
[2007.08.06 11:45:25 | 000,007,808 | R--- | C] () -- C:\WINDOWS\System32\drivers\SynScan.sys
[2007.08.06 11:45:22 | 000,498,688 | R--- | C] () -- C:\WINDOWS\System32\drivers\SynPin.sys
[2007.08.06 11:45:22 | 000,028,800 | R--- | C] () -- C:\WINDOWS\System32\drivers\SynCamd.sys
[2007.08.06 11:45:21 | 001,116,544 | R--- | C] () -- C:\WINDOWS\System32\drivers\SynMini.sys
[2007.08.06 11:03:57 | 000,005,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys
[2007.08.06 11:03:46 | 000,007,424 | R--- | C] () -- C:\WINDOWS\System32\drivers\MMIOPORT.SYS
[2005.10.14 11:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 11:56:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.09.02 14:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005.07.22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2005.01.05 20:11:11 | 000,202,752 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.01.05 20:11:10 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.01.05 20:11:10 | 000,105,472 | ---- | C] () -- C:\WINDOWS\System32\oggds.dll
[2005.01.05 20:11:10 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.01.05 20:11:10 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2005.01.05 20:11:09 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2005.01.05 20:11:09 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2004.07.20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004.01.15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003.05.16 00:18:28 | 000,000,118 | ---- | C] () -- C:\WINDOWS\DivFix.ini
[2003.04.09 15:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.05.17 22:18:30 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[1993.07.23 18:31:02 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll

========== LOP Check ==========

[2009.08.31 20:50:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Windows Desktop Search
[2009.12.02 14:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator.ISS-SLAVKOV\Data aplikací\Autodesk
[2009.12.02 14:41:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator.ISS-SLAVKOV\Data aplikací\Search Settings
[2009.09.10 10:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator.ISS-SLAVKOV\Data aplikací\Windows Desktop Search
[2010.03.10 16:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Acronis
[2009.12.02 14:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Autodesk
[2008.04.17 07:05:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\avg7
[2008.04.17 07:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2007.09.09 16:04:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\LightScribe
[2009.08.31 19:34:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\legner\Data aplikací\Windows Desktop Search
[2010.03.11 15:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\legnerj\Data aplikací\Acronis
[2009.12.04 14:10:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\legnerj\Data aplikací\Autodesk
[2009.11.25 14:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\legnerj\Data aplikací\Easy Thumbnails
[2010.08.27 21:04:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\legnerj\Data aplikací\gtk-2.0
[2009.10.21 07:08:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\legnerj\Data aplikací\pdfforge
[2009.10.21 07:08:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\legnerj\Data aplikací\Search Settings
[2009.08.31 08:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\legnerj\Data aplikací\Windows Desktop Search
[2009.10.07 08:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\legnerj\Data aplikací\Windows Search
[2010.07.26 13:13:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\legnerj\Data aplikací\Zoner
[2007.08.23 13:13:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\AVG7
[2008.04.10 10:16:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NT_Rousinov\Data aplikací\AVG7
[2009.08.31 14:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NT_Rousinov\Data aplikací\Windows Desktop Search
[2007.08.23 11:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NT_Rousinov\Data aplikací\Zoner
[2009.09.30 06:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\otahals\Data aplikací\Windows Desktop Search
[2009.09.30 06:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\otahals\Data aplikací\Windows Search

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 05:22:17 | 000,015,360 | ---- | M] (Microsoft Corporation)
"" =
"StartCCC" = C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe -- [2006.11.10 12:35:24 | 000,090,112 | ---- | M] ()
"swg" = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -- [2010.05.26 15:12:03 | 000,039,408 | ---- | M] (Google Inc.)
"MSMSGS" = "C:\Program Files\Messenger\msmsgs.exe" /background -- [2008.04.14 05:22:36 | 001,695,232 | ---- | M] (Microsoft Corporation)

< c:\windows\*.* /U >
[117 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010.03.11 15:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\legnerj\Data aplikací\Acronis
[2009.09.14 07:08:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\legnerj\Data aplikací\Adobe
[2009.09.10 10:46:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\legnerj\Data aplikací\ATI
[2009.12.04 14:10:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\legnerj\Data aplikací\Autodesk
[2009.09.22 13:02:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\legnerj\Data aplikací\CyberLink
[2009.11.25 14:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\legnerj\Data aplikací\Easy Thumbnails
[2010.05.28 19:39:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\legnerj\Data aplikací\Google
[2010.08.27 21:04:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\legnerj\Data aplikací\gtk-2.0
[2009.09.10 13:42:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\legnerj\Data aplikací\Help
[2009.08.31 07:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\legnerj\Data aplikací\Identities
[2009.09.14 07:10:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\legnerj\Data aplikací\Macromedia
[2010.04.21 08:12:43 | 000,000,000 | --SD | M] -- C:\Documents and Settings\legnerj\Data aplikací\Microsoft
[2009.10.21 07:08:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\legnerj\Data aplikací\pdfforge
[2009.10.21 07:08:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\legnerj\Data aplikací\Search Settings
[2009.12.12 22:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\legnerj\Data aplikací\Sun
[2009.08.31 08:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\legnerj\Data aplikací\Windows Desktop Search
[2009.10.07 08:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\legnerj\Data aplikací\Windows Search
[2009.10.02 19:24:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\legnerj\Data aplikací\WinRAR
[2010.07.26 13:13:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\legnerj\Data aplikací\Zoner

< %APPDATA%\*.exe /s >

< MD5 for: AGP440.SYS >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.09.16 08:42:02 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.09.16 08:42:02 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.09.16 08:42:02 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.09.16 08:42:02 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.18 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: CDROM.SYS >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.09.16 08:42:02 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.09.16 08:42:02 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004.08.18 14:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2004.08.18 14:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2004.08.18 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004.08.18 14:00:00 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007.06.13 15:11:59 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=9B32416BD5988C97B6397CE0B02CAF97 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007.06.13 15:23:39 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=ED7B460B142A32097B8A8F6ECC941815 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: HAL.DLL >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.09.16 08:42:02 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.09.16 08:42:02 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 20:31:28 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\HAL.DLL
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2004.08.18 14:00:00 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll

< MD5 for: CHANGER.SYS >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008.09.16 08:42:02 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2008.09.16 08:42:02 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\system32\dllcache\changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\system32\drivers\changer.sys

< MD5 for: ISAPNP.SYS >
[2008.09.16 08:42:02 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.09.16 08:42:02 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2004.08.18 14:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2004.08.18 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004.08.18 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2004.08.18 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004.08.18 14:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.18 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2004.08.18 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2006.04.20 13:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2007.10.30 18:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2007.10.30 19:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004.08.18 14:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006.04.20 14:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2004.08.18 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.18 14:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2004.08.18 14:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.08.30 18:03:34 | 000,757,248 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\spxysa.sys
[1 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]

< %systemroot%\System32\config\*.sav >
[2007.08.06 12:26:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007.08.06 12:26:48 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007.08.06 12:26:48 | 000,479,232 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >
[2010.08.30 18:04:55 | 000,757,248 | ---- | M] () -- C:\WINDOWS\system32\drivers\spxysa.sys
[1 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]

< %systemroot%\system32\*.* /3 >
[2010.08.30 06:36:23 | 000,012,598 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report >

JirkaL · #4 Příspěvek od **JirkaL** » 30 srp 2010 17:20

A ještě druhý log extras

OTL Extras logfile created on: 30.8.2010 17:53:36 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = G:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

895,00 Mb Total Physical Memory | 358,00 Mb Available Physical Memory | 40,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,05 Gb Total Space | 101,21 Gb Free Space | 67,90% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 15,05 Gb Total Space | 4,39 Gb Free Space | 29,17% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: R-NT-LEGNER
Current User Name: legnerj
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\totalcmd\TOTALCMD.EXE" = C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows -- (C. Ghisler & Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\totalcmd\TOTALCMD.EXE" = C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows -- (C. Ghisler & Co.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01FF2C26-DBCE-DADA-BEE5-0928E0F8F623}" = CCC Help German
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05F4ABAC-8697-2291-16D8-4BFD7DD78B59}" = CCC Help Japanese
"{07C85A90-668F-A807-5C67-975E0777A9E8}" = Catalyst Control Center Localization Russian
"{0EA06F05-4320-E4DC-4374-E6C0986C964D}" = Catalyst Control Center Localization Finnish
"{137C5C08-8B6F-497A-1529-502359B3BA88}" = Catalyst Control Center Localization Polish
"{17EE76BB-5264-8946-DA8F-D564ED25EDDD}" = CCC Help English
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F698102-5739-441E-96F0-74F4EA540F06}" = Attansic Giga Ethernet Utility
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 21
"{27599825-6BD9-1081-D1CC-0BFC01157204}" = CCC Help Hungarian
"{2E13776F-DEAF-7C83-C2A9-3BF073D51BFD}" = Catalyst Control Center Localization Swedish
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{2EE90F26-20B3-4423-81DE-E57E5D2E4FEF}" = Zoner GIF Animator 5
"{31FEA631-B78A-4695-859E-D33CD5CF4BE4}" = ESET NOD32 Antivirus
"{3482A5D0-F16D-A6C9-397F-8D85EA61BF93}" = Catalyst Control Center Localization Norwegian
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3C3CA756-9FB1-60D9-4435-6D9FEB42C637}" = Catalyst Control Center Localization Dutch
"{3E4039F8-5DA8-0414-B7E1-8DA8C8FC1565}" = Catalyst Control Center Localization Thai
"{450063AA-643B-417C-8CF5-405BA3F4EF40}" = Autodesk Design Review 2009
"{47EBA146-E19F-498A-86C3-6C1225E80903}" = Systém agend pro školy 6.5
"{48D4215F-414F-1554-8534-E3D8156C0666}" = Skins
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A0FAC3C-852D-C0A3-1715-6F844C184CF0}" = CCC Help Portuguese
"{4B29B49E-F274-58CE-25D2-791570F1619A}" = CCC Help French
"{4B546AE5-DF17-6D39-A846-A9ECD0153C9A}" = Catalyst Control Center Localization Greek
"{4F62B1AE-E778-49E2-9C57-C1C65A122098}" = Zoner Callisto 5
"{546C143E-68DC-314D-97BC-1E454E3BA429}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CSY
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5783F2D7-7001-0405-0002-0060B0CE6BBA}" = AutoCAD 2009 - český
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{57EF4BC7-0C52-1872-C0CE-AEAB996E5626}" = Catalyst Control Center Localization Korean
"{5B701396-48C3-A3FA-43DB-FF975446759C}" = Catalyst Control Center Localization French
"{5E65E94D-69F2-4850-9E93-6459C53A0F50}" = Microsoft .NET Framework 1.1 Czech Language Pack
"{5ECA8F33-8F8E-1042-2082-5F02E64D6140}" = CCC Help Polish
"{64761110-6210-416E-8C8F-6E4394401FD4}" = Testy Autoškola
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis True Image Home
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68B84920-CD46-8C5B-DABE-EC0FF6F0C703}" = Catalyst Control Center Localization German
"{6AF75C96-2093-51F4-0412-501CB317A7F9}" = CCC Help Thai
"{6D219284-A368-A0A5-AA55-8BAAE9EA60CC}" = Catalyst Control Center Localization Japanese
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{732442CA-AFFC-E75D-C586-2A3C71D8CFFE}" = CCC Help Finnish
"{767EE8DA-A2AA-00A9-1A21-9584E00867B8}" = Catalyst Control Center Core Implementation
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{815B5312-F7B5-EDD5-A899-B0228C3C7F3A}" = CCC Help Turkish
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{857D4360-762B-978B-76AD-491AA719E47A}" = ccc-core-static
"{86552A3A-0437-319B-46C5-569FC9F7ACA9}" = ccc-utility
"{87F8B643-D883-409E-AC4C-23DB3156A20D}" = Encyklopedie historie - síťová verze
"{89EAD7B4-1CAC-CC9E-F040-FE041A2EA77C}" = Catalyst Control Center Localization Spanish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BE3174F-3BFE-8822-4493-A0519D1E4E94}" = Catalyst Control Center Localization Portuguese
"{8F722FA9-B994-4C9B-B292-FD32D6206EDF}" = ASUS WLAN Card Utilities/Driver
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{97F32DF8-D66E-446A-A425-C1D7B45C1029}" = Nero 7 Essentials
"{9D7802F0-3C39-ED52-10D9-AE8A7FB5A94C}" = Catalyst Control Center Localization Hungarian
"{9F303CF8-2998-4541-C9F7-C3AAEC2B88B0}" = Catalyst Control Center Graphics Full Existing
"{A042FD6F-D051-ECE5-71C9-52ABFE36EBF9}" = Catalyst Control Center Localization Czech
"{A125DDDB-E0C0-08E0-F04C-7B5409DFFC79}" = Catalyst Control Center Graphics Light
"{A2C9CD1B-2551-3AED-B244-6698FB929FA6}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CSY
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB1E9EC2-42E4-E801-83BB-AAFF86DDEC7E}" = CCC Help Czech
"{AC76BA86-7AD7-1029-7B44-A81200000003}" = Adobe Reader 8 - Czech
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B02A3921-F7B7-C73F-395B-8172C9EE4006}" = Catalyst Control Center Localization Italian
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{BD17DEF2-8970-E4F5-337A-C10DE4D33F29}" = CCC Help Korean
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5A2542D-CF79-3EE6-7673-2CEDA2338172}" = CCC Help Greek
"{C69B9631-B617-B714-7FE2-6FCD5B891ACD}" = Catalyst Control Center Localization Chinese Traditional
"{C6D7BC96-A608-0908-F6E7-53C118423087}" = CCC Help Chinese Standard
"{C8A4038E-4DA5-879D-A353-7443FC3EE22C}" = CCC Help Spanish
"{C9B7D4A2-7A42-96BC-DE77-6EB23F1116A8}" = CCC Help Swedish
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE344E77-B015-C6D0-9A1B-0EA0043E7A52}" = CCC Help Russian
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows
"{D9D45F79-D38C-9BCA-4023-6F3E365D5D25}" = CCC Help Dutch
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DCE907E3-4D72-4CD3-A08A-BEFC8C7A5869}" = Branding
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{E4BCF2E7-B181-C240-B6EC-04A8FA633EEF}" = Catalyst Control Center Graphics Full New
"{E91EBA1F-DA25-58B2-365F-FB76BDC81F86}" = Catalyst Control Center Localization Turkish
"{EA2F03AD-BF9D-EECC-F24C-549046AEC17A}" = Catalyst Control Center Localization Danish
"{EE78C2A7-1413-105B-DC86-3F9FA6B10C2F}" = CCC Help Danish
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2AAE965-966C-104E-ECCD-9F111A83139C}" = CCC Help Italian
"{F3AEE6A8-5FA3-F9AA-8CA7-D1AAD6352065}" = Catalyst Control Center Localization Chinese Standard
"{F7F564DD-A790-D01A-5390-6D1386AA5621}" = CCC Help Norwegian
"{FBC2DD8F-A7DE-4CA3-B793-E50A7BA25AF0}_is1" = Kodek 0.13 CZ
"{FD9B0D38-7B82-5A3A-E046-D8DBF3F06A93}" = CCC Help Chinese Traditional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"All ATI Software" = Softarová utilita ATI - Odinstalovat
"ATI Display Driver" = ATI Display Driver
"AutoCAD 2009 - český" = AutoCAD 2009 - český
"Autodesk Design Review 2009" = Autodesk Design Review 2009
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.2.3
"Easy Thumbnails_is1" = Easy Thumbnails (Remove only)
"FBDBServer_1_5_is1" = Firebird 1.5.1.4481
"HControl" = ATK0100 ACPI UTILITY
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite CodecPack
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhotoFiltre Studio" = PhotoFiltre Studio
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Totalcmd" = Total Commander (Remove or Repair)
"USB2.0 1.3M WebCam" = USB2.0 1.3M WebCam
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 29.8.2010 1:21:22 | Computer Name = R-NT-LEGNER | Source = Userenv | ID = 1054
Description = Systém Windows nemůže získat název řadiče domény vaší sítě. (Zadaná
doména neexistuje nebo není k dispozici. ). Zpracovávání zásad skupin bylo zastaveno.

Error - 29.8.2010 1:21:23 | Computer Name = R-NT-LEGNER | Source = AutoEnrollment | ID = 15
Description = Automatickému zápisu certifikátu pro Local System se nezdařilo kontaktovat
adresář Active Directory(0x8007054b). Zadaná doména neexistuje nebo není k dispozici.

Zápis nebude proveden.

Error - 29.8.2010 1:21:46 | Computer Name = R-NT-LEGNER | Source = Userenv | ID = 1054
Description = Systém Windows nemůže získat název řadiče domény vaší sítě. (Zadaná
doména neexistuje nebo není k dispozici. ). Zpracovávání zásad skupin bylo zastaveno.

Error - 29.8.2010 10:16:58 | Computer Name = R-NT-LEGNER | Source = AutoEnrollment | ID = 15
Description = Automatickému zápisu certifikátu pro Local System se nezdařilo kontaktovat
adresář Active Directory(0x8007054b). Zadaná doména neexistuje nebo není k dispozici.

Zápis nebude proveden.

Error - 30.8.2010 0:36:05 | Computer Name = R-NT-LEGNER | Source = Userenv | ID = 1054
Description = Systém Windows nemůže získat název řadiče domény vaší sítě. (Zadaná
doména neexistuje nebo není k dispozici. ). Zpracovávání zásad skupin bylo zastaveno.

Error - 30.8.2010 0:36:06 | Computer Name = R-NT-LEGNER | Source = AutoEnrollment | ID = 15
Description = Automatickému zápisu certifikátu pro Local System se nezdařilo kontaktovat
adresář Active Directory(0x8007054b). Zadaná doména neexistuje nebo není k dispozici.

Zápis nebude proveden.

Error - 30.8.2010 0:36:21 | Computer Name = R-NT-LEGNER | Source = Userenv | ID = 1054
Description = Systém Windows nemůže získat název řadiče domény vaší sítě. (Zadaná
doména neexistuje nebo není k dispozici. ). Zpracovávání zásad skupin bylo zastaveno.

Error - 30.8.2010 8:36:07 | Computer Name = R-NT-LEGNER | Source = AutoEnrollment | ID = 15
Description = Automatickému zápisu certifikátu pro Local System se nezdařilo kontaktovat
adresář Active Directory(0x8007054b). Zadaná doména neexistuje nebo není k dispozici.

Zápis nebude proveden.

Error - 30.8.2010 9:18:50 | Computer Name = R-NT-LEGNER | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace iexplore.exe, verze 8.0.6001.18702, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 30.8.2010 11:51:45 | Computer Name = R-NT-LEGNER | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 30.8.2010 7:44:34 | Computer Name = R-NT-LEGNER | Source = Service Control Manager | ID = 7000
Description = Služba Dálnopisný kodek světového standardu neuspěla při spuštění
v důsledku následující chyby: %%5

Error - 30.8.2010 7:44:35 | Computer Name = R-NT-LEGNER | Source = Service Control Manager | ID = 7000
Description = Služba Windows Driver Foundation - User-mode Driver Framework Reflector
neuspěla při spuštění v důsledku následující chyby: %%2

Error - 30.8.2010 7:52:12 | Computer Name = R-NT-LEGNER | Source = W32Time | ID = 39452701
Description = Klient NTP zprostředkovatele časových údajů je konfigurován pro získávání
časových údajů z jednoho nebo více zdrojů času. Žádný z těchto zdrojů však není
aktuálně k dispozici. Po dobu 59 minut nebude proveden žádný pokus o kontaktování
zdroje. Klient NTP nemá k dispozici žádný zdroj času.

Error - 30.8.2010 8:53:02 | Computer Name = R-NT-LEGNER | Source = W32Time | ID = 39452701
Description = Klient NTP zprostředkovatele časových údajů je konfigurován pro získávání
časových údajů z jednoho nebo více zdrojů času. Žádný z těchto zdrojů však není
aktuálně k dispozici. Po dobu 15 minut nebude proveden žádný pokus o kontaktování
zdroje. Klient NTP nemá k dispozici žádný zdroj času.

Error - 30.8.2010 8:53:04 | Computer Name = R-NT-LEGNER | Source = W32Time | ID = 39452701
Description = Klient NTP zprostředkovatele časových údajů je konfigurován pro získávání
časových údajů z jednoho nebo více zdrojů času. Žádný z těchto zdrojů však není
aktuálně k dispozici. Po dobu 15 minut nebude proveden žádný pokus o kontaktování
zdroje. Klient NTP nemá k dispozici žádný zdroj času.

Error - 30.8.2010 9:09:00 | Computer Name = R-NT-LEGNER | Source = W32Time | ID = 39452701
Description = Klient NTP zprostředkovatele časových údajů je konfigurován pro získávání
časových údajů z jednoho nebo více zdrojů času. Žádný z těchto zdrojů však není
aktuálně k dispozici. Po dobu 15 minut nebude proveden žádný pokus o kontaktování
zdroje. Klient NTP nemá k dispozici žádný zdroj času.

Error - 30.8.2010 9:15:54 | Computer Name = R-NT-LEGNER | Source = W32Time | ID = 39452701
Description = Klient NTP zprostředkovatele časových údajů je konfigurován pro získávání
časových údajů z jednoho nebo více zdrojů času. Žádný z těchto zdrojů však není
aktuálně k dispozici. Po dobu 14 minut nebude proveden žádný pokus o kontaktování
zdroje. Klient NTP nemá k dispozici žádný zdroj času.

Error - 30.8.2010 9:30:57 | Computer Name = R-NT-LEGNER | Source = W32Time | ID = 39452701
Description = Klient NTP zprostředkovatele časových údajů je konfigurován pro získávání
časových údajů z jednoho nebo více zdrojů času. Žádný z těchto zdrojů však není
aktuálně k dispozici. Po dobu 29 minut nebude proveden žádný pokus o kontaktování
zdroje. Klient NTP nemá k dispozici žádný zdroj času.

Error - 30.8.2010 10:11:42 | Computer Name = R-NT-LEGNER | Source = W32Time | ID = 39452701
Description = Klient NTP zprostředkovatele časových údajů je konfigurován pro získávání
časových údajů z jednoho nebo více zdrojů času. Žádný z těchto zdrojů však není
aktuálně k dispozici. Po dobu 14 minut nebude proveden žádný pokus o kontaktování
zdroje. Klient NTP nemá k dispozici žádný zdroj času.

Error - 30.8.2010 11:51:44 | Computer Name = R-NT-LEGNER | Source = NETLOGON | ID = 5719
Description = V doméně ISS-SLAVKOV není k dispozici žádný řadič domény z důvodu:
%%1311. Přesvědčte se, zda je počítač připojen k síti a akci opakujte. Pokud budou
potíže trvat, obraťte se na správce domény.

< End of report >

Moc děkuji za další postup

#5 Příspěvek od **Caroprd111** » 30 srp 2010 17:35

Stáhněte na plochu UsbFix http://pagesperso-orange.fr/NosTools/Ch ... UsbFix.exe

Spusťte, poté klikněte na Deletion.
Po dokončení na Vás vyskočí log, vložte mi ho sem, případně ho najdete v C:\UsbFix.txt

Spusťte OTL a do spodního okna vložte následující skript.

Kód: Vybrat vše

:Commands
[EMPTYTEMP] 
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]

:OTL
IE - HKU\S-1-5-21-1076763076-4089535954-472526857-2314\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Value error. File not found
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - Reg Error: Value error. File not found
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - Reg Error: Value error. File not found
O4 - HKU\S-1-5-21-1076763076-4089535954-472526857-2314..\Run: [] File not found
O4 - Startup: C:\Documents and Settings\legnerj\Nabídka Start\Programy\Po spuštění\sysrda32.exe ()
O33 - MountPoints2\##server-r2#DATA-VEDENI\Shell\Open(0)\command - "" = V:\Recycled\ctfmon.exe -- File not found
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[117 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[2010.08.30 17:56:28 | 000,757,248 | ---- | M] () -- C:\WINDOWS\System32\drivers\spxysa.sys
[2010.08.30 13:41:46 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\legnerj\Data aplikací\avdrn.dat
[2010.08.27 20:40:56 | 000,000,280 | ---- | C] () -- C:\WINDOWS\emm386n.dl
[2009.12.02 14:41:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator.ISS-SLAVKOV\Data aplikací\Search Settings
[2009.10.21 07:08:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\legnerj\Data aplikací\Search Settings

Klikněte na Opravit, PC se restartuje, log vložte sem.

Obrázek

Následující soubor/y otestujte na http://www.virustotal.com
C:\WINDOWS\System32\winbri21.dll

(Soubor/y nehledejte, jenom vložíte tučně označenou cestu, v případě hlášky "File already submitted:" dejte Reanalyse. Výsledek analýzy sem v podobě odkazu vložte.)

JirkaL · #6 Příspěvek od **JirkaL** » 30 srp 2010 18:27

provedl jsem všechny tři akce,takže

log Usbfix je zde
############################## | UsbFix 7.022 | [Deletion]

User: legnerj (Administrator) # R-NT-LEGNER [ ]
Updated 29/08/10 by El Desaparecido / C_XX
Started at 18:42:30 | 30/08/2010
Website: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com

CPU: Genuine Intel(R) CPU T2130 @ 1.86GHz
CPU 2: Genuine Intel(R) CPU T2130 @ 1.86GHz
Systém Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 8.0.6001.18702

Windows Firewall: Enabled
Antivirus: ESET NOD32 Antivirus 3.0 3.0 [Enabled | Updated]
RAM -> 895 Mb
C:\ (%systemdrive%) -> Fixed drive # 149 Gb (101 Mb free - 68%) [] # NTFS
D:\ -> CD-ROM
G:\ -> Removable drive # 15 Gb (4 Mb free - 29%) [CORSAIR] # FAT32

################## | Files # Infected Folders |

Not deleted ! C:\Documents and Settings\legnerj\Nabídka Start\Programy\Po spuštění\sysrda32.exe
Deleted ! G:\log.txt
Deleted ! G:\PRVA

################## | Registry |

################## | Mountpoints2 |

Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\##server-r2#DATA-VEDENI

################## | Listing |

[25/05/2010 - 08:14:39 | D ] C:\a9eab71e4ee046c14a7b
[22/03/2010 - 11:09:07 | A | 187] C:\ASWL2K.ini
[06/08/2007 - 10:44:04 | A | 0] C:\AUTOEXEC.BAT
[23/08/2007 - 09:10:02 | RASH | 211] C:\boot.ini
[18/08/2004 - 14:00:00 | RASH | 4952] C:\Bootfont.bin
[25/05/2010 - 08:14:39 | D ] C:\c7eedd7d622d57695bcc71b849e7a608
[24/04/2009 - 10:13:46 | D ] C:\ceda02180a56e18fc76d679e132d07
[27/08/2010 - 20:26:17 | D ] C:\Config.Msi
[06/08/2007 - 10:44:04 | A | 0] C:\CONFIG.SYS
[25/05/2010 - 08:14:39 | D ] C:\Documents and Settings
[25/06/2010 - 14:07:28 | D ] C:\Google
[18/03/2010 - 10:57:45 | D ] C:\Instal
[06/08/2007 - 10:44:04 | RASH | 0] C:\IO.SYS
[06/08/2007 - 10:44:04 | RASH | 0] C:\MSDOS.SYS
[08/06/2010 - 11:05:58 | D ] C:\NOVE
[18/08/2004 - 14:00:00 | RASH | 47564] C:\NTDETECT.COM
[16/09/2008 - 08:46:24 | RASH | 250576] C:\ntldr
[30/08/2010 - 06:35:30 | ASH | 1409286144] C:\pagefile.sys
[30/08/2010 - 16:15:34 | RD ] C:\Program Files
[30/08/2010 - 18:55:51 | SHD ] C:\RECYCLER
[30/08/2010 - 16:15:40 | D ] C:\rsit
[09/05/2010 - 22:21:16 | A | 1436526592] C:\Souboj titanu ceske titulky ve filmu..avi
[28/09/2007 - 13:08:16 | A | 1466877] C:\svp-prodavac.pdf
[23/08/2007 - 09:10:08 | SHD ] C:\System Volume Information
[30/08/2010 - 18:55:51 | D ] C:\UsbFix
[30/08/2010 - 18:55:52 | A | 978] C:\UsbFix.txt
[30/08/2010 - 13:43:28 | D ] C:\WINDOWS
[25/05/2010 - 08:15:02 | D ] C:\zaloha
[25/05/2010 - 08:14:39 | D ] C:\zastupování program
[30/08/2010 - 16:11:34 | A | 339991] G:\RSIT.exe
[30/08/2010 - 17:51:26 | A | 574976] G:\OTL.exe
[30/08/2010 - 18:42:02 | A | 3200] G:\OTL.txt
[30/08/2010 - 18:10:24 | A | 42796] G:\Extras.Txt
[30/08/2010 - 18:40:42 | A | 1208952] G:\UsbFix.exe
[26/05/2010 - 15:27:20 | D ] G:\Informatika IIa
[26/05/2010 - 15:28:10 | D ] G:\jirkova flash
[26/05/2010 - 15:28:16 | D ] G:\Prezentace
[28/03/2010 - 17:08:50 | A | 22948] G:\__studenti.gykovy.cz_~eskola_seminare_student_vypis-potvr.pdf
[14/03/2010 - 11:01:08 | A | 677355520] G:\Hlidac c.47-Cesky film.avi
[09/04/2010 - 12:49:14 | A | 213504] G:\Inventury.xls
[19/04/2010 - 06:55:06 | A | 1738] G:\Kohoutkovice + úvaha.txt
[01/04/2010 - 11:51:42 | A | 1560438784] G:\Proklety ostrov 2010 CZtit_horor_thriller_OK zvuk i obraz .avi
[08/02/2010 - 12:38:20 | A | 98816] G:\Seminář z ICT-Legner.doc
[09/05/2010 - 22:21:18 | A | 1436526592] G:\Souboj titanu ceske titulky ve filmu..avi
[22/04/2010 - 10:29:02 | A | 979920168] G:\terminator-4-salvation-2009.avi
[02/04/2010 - 12:24:20 | A | 675840] G:\Vnitřní kontrolní systém 2010(8)-1.doc
[02/06/2010 - 08:55:02 | A | 93655040] G:\SAS6.FBD
[02/06/2010 - 09:04:30 | A | 7477214] G:\sas6_2010-06-02_09-02-47.zsas
[02/06/2010 - 11:54:38 | A | 26611616] G:\K-Lite_Codec_Pack_600_Mega.exe
[04/06/2010 - 16:15:56 | D ] G:\tisk
[17/06/2010 - 08:46:52 | A | 2577] G:\Popisy výstava Stará radnice.zmf
[17/06/2010 - 08:48:44 | A | 2471] G:\Popisy výstava Stará radnice1.zmf
[17/06/2010 - 08:52:10 | A | 2441] G:\Popisy výstava Stará radnice2.zmf
[17/06/2010 - 08:53:50 | A | 2491] G:\Popisy výstava Stará radnice3.zmf
[17/06/2010 - 08:57:32 | A | 2552] G:\Popisy výstava Stará radnice4.zmf
[17/06/2010 - 08:58:04 | A | 2579] G:\Popisy výstava Stará radnice5.zmf
[17/06/2010 - 08:59:14 | A | 2465] G:\Popisy výstava Stará radnice6.zmf
[17/06/2010 - 09:00:52 | A | 2102] G:\Popisy výstava Stará radnice7.zmf
[20/06/2010 - 08:25:42 | A | 9666214] G:\BANKA_PRACOVNICH_LISTU–CESKY_JAZYK_A_LITERATURA-verze5.zip
[22/06/2010 - 17:46:00 | D ] G:\ZU Pohorelice
[04/07/2010 - 12:54:24 | D ] G:\s1utch4kh
[09/07/2010 - 14:40:30 | D ] G:\Dovolená
[19/07/2010 - 19:24:14 | D ] G:\PR_fotky_16_kandi
[19/07/2010 - 18:41:58 | A | 1148050866] G:\Nahodny milionar..avi
[13/07/2010 - 21:44:38 | A | 723621704] G:\Pěst plná hněvu.avi
[22/07/2010 - 22:58:56 | A | 734011392] G:\2Bobule CZ.avi
[07/08/2010 - 13:03:18 | D ] G:\Muzika - novy
[07/08/2010 - 13:10:26 | D ] G:\Hry- nové
[11/08/2010 - 12:31:42 | A | 732243968] G:\Na sever severozápadní linkou část.1.avi
[11/08/2010 - 14:19:22 | A | 735473664] G:\Na sever severozápadní linkou část.2.avi
[11/08/2010 - 20:00:22 | D ] G:\North-by-Northwest(0000149789)
[11/08/2010 - 13:01:52 | A | 59141] G:\North by Northwest CD1.srt
[11/08/2010 - 13:01:52 | A | 50012] G:\North by Northwest CD2.srt
[25/08/2010 - 14:46:42 | A | 838594560] G:\Princ z Persie - písky času - cz .avi

################## | Vaccin |

C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
G:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)

################## | Upload |

Please send the file: C:\UsbFix_Upload_Me_R-NT-LEGNER.zip
http://chiquitine.changelog.fr/Sample/Upload.php
Thank you for your contribution.

################## | E.O.F |

log OTL je zde

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 590581 bytes
->Temporary Internet Files folder emptied: 2065844 bytes
->Java cache emptied: 0 bytes

User: administrator.ISS-SLAVKOV
->Temp folder emptied: 30753994 bytes
->Temporary Internet Files folder emptied: 2228329 bytes
->Java cache emptied: 12118713 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: legner
->Temp folder emptied: 2039736 bytes
->Temporary Internet Files folder emptied: 14887707 bytes

User: legnerj
->Temp folder emptied: 2561919 bytes
->Temporary Internet Files folder emptied: 7534175 bytes
->Java cache emptied: 43247881 bytes
->Flash cache emptied: 62890 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes

User: NT_Rousinov
->Temp folder emptied: 607309540 bytes
->Temporary Internet Files folder emptied: 127749755 bytes

User: otahals
->Temp folder emptied: 587304 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 12316809 bytes
%systemroot%\System32 .tmp files removed: 334792 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 6272 bytes
Windows Temp folder emptied: 37443271 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 53558000 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33438 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 913,00 mb

[EMPTYFLASH]

User: Administrator

User: administrator.ISS-SLAVKOV

User: All Users

User: Default User

User: legner

User: legnerj
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: NT_Rousinov

User: otahals

Total Flash Files Cleaned = 0,00 mb

Restore points cleared and new OTL Restore Point set!
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1076763076-4089535954-472526857-2314\Software\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
Registry value HKEY_USERS\S-1-5-21-1076763076-4089535954-472526857-2314\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
File move failed. C:\Documents and Settings\legnerj\Nabídka Start\Programy\Po spuštění\sysrda32.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##server-r2#DATA-VEDENI\ not found.
File V:\Recycled\ctfmon.exe not found.
File move failed. C:\WINDOWS\system32\drivers\spxysa.sys scheduled to be moved on reboot.
C:\Documents and Settings\legnerj\Data aplikací\avdrn.dat moved successfully.
C:\WINDOWS\emm386n.dl moved successfully.
C:\Documents and Settings\administrator.ISS-SLAVKOV\Data aplikací\Search Settings\kb128\temp folder moved successfully.
C:\Documents and Settings\administrator.ISS-SLAVKOV\Data aplikací\Search Settings\kb128 folder moved successfully.
C:\Documents and Settings\administrator.ISS-SLAVKOV\Data aplikací\Search Settings folder moved successfully.
C:\Documents and Settings\legnerj\Data aplikací\Search Settings\kb128\temp folder moved successfully.
C:\Documents and Settings\legnerj\Data aplikací\Search Settings\kb128 folder moved successfully.
C:\Documents and Settings\legnerj\Data aplikací\Search Settings folder moved successfully.

OTL by OldTimer - Version 3.2.11.0 log created on 08302010_185828

Files\Folders moved on Reboot...
C:\Documents and Settings\legnerj\Nabídka Start\Programy\Po spuštění\sysrda32.exe moved successfully.
File move failed. C:\WINDOWS\system32\drivers\spxysa.sys scheduled to be moved on reboot.

Registry entries deleted on Reboot...

a poslední log virustotal:
AhnLab-V3 2010.08.30.00 2010.08.30 -
AntiVir 8.2.4.46 2010.08.30 -
Antiy-AVL 2.0.3.7 2010.08.30 -
Authentium 5.2.0.5 2010.08.30 -
Avast 4.8.1351.0 2010.08.29 -
Avast5 5.0.594.0 2010.08.29 -
AVG 9.0.0.851 2010.08.30 -
BitDefender 7.2 2010.08.30 -
CAT-QuickHeal 11.00 2010.08.30 -
ClamAV 0.96.2.0-git 2010.08.30 -
Comodo 5912 2010.08.30 -
DrWeb 5.0.2.03300 2010.08.30 -
Emsisoft 5.0.0.37 2010.08.30 -
eSafe 7.0.17.0 2010.08.30 -
eTrust-Vet 36.1.7826 2010.08.30 -
F-Prot 4.6.1.107 2010.08.30 -
F-Secure 9.0.15370.0 2010.08.30 -
Fortinet 4.1.143.0 2010.08.30 -
GData 21 2010.08.30 -
Ikarus T3.1.1.88.0 2010.08.30 -
Jiangmin 13.0.900 2010.08.30 -
K7AntiVirus 9.63.2396 2010.08.30 -
Kaspersky 7.0.0.125 2010.08.30 -
McAfee 5.400.0.1158 2010.08.30 -
McAfee-GW-Edition 2010.1B 2010.08.30 -
Microsoft 1.6103 2010.08.30 -
NOD32 5409 2010.08.30 -
Norman 6.05.11 2010.08.30 -
nProtect 2010-08-30.01 2010.08.30 -
Panda 10.0.2.7 2010.08.30 -
PCTools 7.0.3.5 2010.08.30 -
Prevx 3.0 2010.08.30 -
Rising 22.63.00.03 2010.08.30 -
Sophos 4.56.0 2010.08.30 -
Sunbelt 6813 2010.08.30 -
SUPERAntiSpyware 4.40.0.1006 2010.08.30 -
Symantec 20101.1.1.7 2010.08.30 -
TheHacker 6.5.2.1.359 2010.08.30 -
TrendMicro 9.120.0.1004 2010.08.30 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.30 -
VBA32 3.12.14.0 2010.08.30 -
ViRobot 2010.8.9.3978 2010.08.30 -
VirusBuster 5.0.27.0 2010.08.30 -
Additional informationShow all
MD5 : f7c7967f87119a64cdb23def76222881
SHA1 : 8c40f9cf591ebb46542db77bf2cfa8468648dd18
SHA256: 5b3fe24b4743d86c65fc93f92a983fa620c409caad6792f1ad5121f071b34f16
ssdeep: 768:8NlnMDaTj0MmVCj/VRFgJIXXXXXXXXXXXXXXXXXSYXXXXXXXXXXXXXXXXXXXX:8NkKXmARg
J
File size : 43008 bytes
First seen: 2010-08-30 17:12:19
Last seen : 2010-08-30 17:12:19
TrID:
Win32 Executable MS Visual C++ 4.x (69.2%)
Win32 Executable MS Visual C++ (generic) (19.3%)
Win32 Executable Generic (4.3%)
Win32 Dynamic Link Library (generic) (3.8%)
Win16/32 Executable Delphi generic (1.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x1130
timedatestamp....: 0x3FA62C49 (Mon Nov 03 10:22:01 2003)
machinetype......: 0x14c (I386)

[[ 6 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x3300, 0x3400, 6.35, 1acad69ce3dc8a69ba5914e8a63de0ff
.rdata, 0x5000, 0x333, 0x400, 4.40, 2360fb549c8b2a44489964ab9f752b21
.data, 0x6000, 0x3CD8, 0x2800, 0.42, 6a07634a4bf58bc4b79c0705440f0868
.idata, 0xA000, 0x4EC, 0x600, 4.40, 088bbc1a18406362cc9711bdee6c5bfc
.rsrc, 0xB000, 0x3790, 0x3800, 6.97, 844ec7de370fb62fda5fb6c3f65458fd
.reloc, 0xF000, 0x546, 0x600, 5.08, a18268dd29984de17ac591ffb1a5fda0

[[ 1 import(s) ]]
KERNEL32.dll: GetCommandLineA, GetVersion, ExitProcess, TerminateProcess, GetCurrentProcess, GetCurrentThreadId, TlsSetValue, TlsAlloc, TlsFree, SetLastError, TlsGetValue, GetLastError, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, DeleteCriticalSection, GetModuleFileNameA, GetCPInfo, GetACP, GetOEMCP, FreeEnvironmentStringsA, MultiByteToWideChar, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, WideCharToMultiByte, HeapDestroy, HeapCreate, VirtualFree, WriteFile, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, HeapAlloc, HeapFree, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, VirtualAlloc, GetProcAddress, LoadLibraryA, FlushFileBuffers, CloseHandle, SetStdHandle, SetFilePointer

Symantec reputation:Suspicious.Insight

VT Community

0
This file has never been reviewed by any VT Community member. Be the first one to comment on it!
VirusTotal Team

ještě jednou dík, čekám na další postup

#7 Příspěvek od **Caroprd111** » 30 srp 2010 19:08

Jak se chová PC

JirkaL · #8 Příspěvek od **JirkaL** » 30 srp 2010 19:31

myslím,že úplně normálně,žádné zpomalení nebo něco jiného podezřelého nevidím.

#9 Příspěvek od **Caroprd111** » 30 srp 2010 19:56

Znovu spusťte UsbFix a klikněte na Uninstall

Obrázek

Stáhněte T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe

Spusťte, pro potvrzení volby mačkejte klávesu A, Enter
Po použití program vymažte. Pozor, antiviry ho mohou falešně označit za vir.

Stáhněte TFC http://oldtimer.geekstogo.com/TFC.exe

Spusťte.
Klikněte na "Start". Potvrďte hlášku kliknutím na "Ok" (Bude následovat restart)

Stáhněte OTC http://oldtimer.geekstogo.com/OTC.exe

Spusťte.
Klikněte na "CleanUp!". Potvrďte hlášky kliknutím na "Yes" (Bude následovat restart)

Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478

Nainstalujte a v průběhu instalace odškrtněte, že chcete instalovat yahoo toolbar.

Záložka Čistič
Dejte analyzovat, po dokončení dejte Spustit Ccleaner.

Záložka Registry
Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, potom dejte Opravit všechny problémy.
OK Zavřít

V logu nevidím firewall, doinstalujte

Přehled: http://www.viry.cz/forum/viewtopic.php?f=41&t=6523

Obrázek

Dejte nový log z RSIT.

JirkaL · #10 Příspěvek od **JirkaL** » 30 srp 2010 20:28

no tak průser,po restartu po proceduře TFC mě vůbec nebootuje op.systém.Prostě černá obrazovka,žádná hláška,nic.Co teď?

#11 Příspěvek od **Caroprd111** » 30 srp 2010 20:38

Funguje nouzový režim

JirkaL · #12 Příspěvek od **JirkaL** » 30 srp 2010 20:40

ne,zapnu,poskočí kurzor a konec

#13 Příspěvek od **Caroprd111** » 30 srp 2010 21:11

Zkuste Poslední známou funkční konfiguraci.

JirkaL · #14 Příspěvek od **JirkaL** » 30 srp 2010 21:23

jak se dostanu do nouzového režimu?Automaticky nenaskočí.Vím,že to byla nějaká kombinace kláves při startu PC.Poradíte jaká?

#15 Příspěvek od **Caroprd111** » 30 srp 2010 21:55

Po restartu mačkejte F8 a vyberte možnost Poslední známá funkční konfigurace.

VIRY.CZ

Kontrola logu

Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu