VIRY.CZ

Zdravím, prosila bych o kontrolu:). Zde je log:

Logfile of random's system information tool 1.09 (written by random/random)
Run by БАВ at 2012-09-14 01:32:20
Microsoft Windows XP Professional Service Pack 3
System drive C: has 27 GB (67%) free of 40 GB
Total RAM: 502 MB (11% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:32:26, on 14.09.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fujitsu Siemens\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\emaudsv.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\AlpsPoint\ApMain.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Fujitsu\Utils\FjDspMon.exe
C:\Program Files\Fujitsu\Utils\fjevents.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Fujitsu Siemens\Bluetooth Software\BTTray.exe
C:\PROGRA~1\FUJITS~1\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\O2\O2CZ\EMMSN.exe
C:\Program Files\O2\Nori\Nori.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\БАВ\Desktop\RSIT.exe
C:\Program Files\trend micro\БАВ.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\БАВ\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\БАВ\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [ApMain] C:\Program Files\AlpsPoint\ApMain.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [FjDspMon] C:\Program Files\Fujitsu\Utils\FjDspMon.exe
O4 - HKLM\..\Run: [FjEvents] C:\Program Files\Fujitsu\Utils\fjevents.exe
O4 - HKLM\..\Run: [Fujitsu Menu] C:\Program Files\Fujitsu\Utils\FjMnuIco.exe
O4 - HKLM\..\Run: [KAVWks50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kav.exe" /minimize /chkas
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Infium] "C:\Program Files\QIP 2010\qip.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AntSwitch.lnk = C:\WINDOWS\AntSwitch.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Fujitsu Siemens\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Справочные материалы - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Fujitsu Siemens\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Fujitsu Siemens\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9251232634
O17 - HKLM\System\CCS\Services\Tcpip\..\{102475C4-4781-457D-B28F-28888A55AB89}: NameServer = 160.218.161.60 194.228.211.33
O17 - HKLM\System\CS1\Services\Tcpip\..\{102475C4-4781-457D-B28F-28888A55AB89}: NameServer = 160.218.161.60 194.228.211.33
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Fujitsu Siemens\Bluetooth Software\bin\btwdins.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: E-MU Audio Service (emaudsv) - E-MU Systems - C:\WINDOWS\system32\emaudsv.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Служба Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Служба Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kavsvc.exe

--
End of file - 8902 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{724051C5-0748-4BAD-AE23-F4ADEC853BF7}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Documents and Settings\БАВ\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll [2011-04-04 141184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-29 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-11-29 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TabletWizard"=C:\WINDOWS\help\SplshWrp.exe [2008-04-14 16384]
"TabletTip"=C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe [2008-04-14 271872]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-07-27 68096]
"GhostStartTrayApp"=C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe [2002-08-15 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-07-19 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-07-19 114688]
"ATSwpNav"=C:\Program Files\Fingerprint Sensor\ATSwpNav -run []
"ApMain"=C:\Program Files\AlpsPoint\ApMain.exe [2005-06-23 61440]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-06-10 88203]
""= []
"FjDspMon"=C:\Program Files\Fujitsu\Utils\FjDspMon.exe [2005-08-26 20480]
"FjEvents"=C:\Program Files\Fujitsu\Utils\fjevents.exe [2005-09-09 20480]
"Fujitsu Menu"=C:\Program Files\Fujitsu\Utils\FjMnuIco.exe [2005-08-26 32768]
"KAVWks50"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kav.exe [2006-07-12 98407]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-11-29 148888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-09-02 13351304]
"Infium"=C:\Program Files\QIP 2010\qip.exe [2011-07-18 6812032]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
AntSwitch.lnk - C:\WINDOWS\AntSwitch.exe
BTTray.lnk - C:\Program Files\Fujitsu Siemens\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-07-19 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\loginkey]
C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll [2008-04-14 47104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\TabBtnWL]
C:\WINDOWS\system32\TabBtnWL.dll [2002-08-29 11776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpgwlnotify]
C:\WINDOWS\system32\tpgwlnot.dll [2008-04-14 32256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\QIP 2010\qip.exe"="C:\Program Files\QIP 2010\qip.exe:*:Enabled:QIP 2010"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"vidc.DIVX"=divx.dll
"vidc.XVID"=xvidvfw.dll
"msacm.lameacm"=lameACM.acm
"vidc.3iv2"=3ivxVfWCodec.dll
"VIDC.HFYU"=huffyuv.dll
"VIDC.wmv3"=wmv9vcm.dll
"VIDC.VP60"=vp6vfw.dll
"VIDC.VP61"=vp6vfw.dll
"VIDC.VP62"=vp6vfw.dll
"VIDC.VP31"=vp31vfw.dll
"vidc.MPG4"=Mpg4c32.dll
"vidc.MP42"=Mpg4c32.dll
"vidc.MP43"=Mpg4c32.dll
"msacm.ac3acm"=ac3acm.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux1"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux2"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux3"=wdmaud.drv

======List of files/folders created in the last 1 month======

2012-09-14 01:29:57 ----D---- C:\Program Files\trend micro
2012-09-14 01:29:53 ----D---- C:\rsit
2012-09-12 23:38:39 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe

======List of files/folders modified in the last 1 month======

2012-09-14 01:30:40 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt
2012-09-14 01:30:14 ----D---- C:\WINDOWS\Prefetch
2012-09-14 01:29:57 ----RD---- C:\Program Files
2012-09-14 01:15:02 ----D---- C:\WINDOWS\Temp
2012-09-14 01:14:23 ----D---- C:\Documents and Settings\БАВ\Application Data\Skype
2012-09-14 01:14:00 ----D---- C:\WINDOWS
2012-09-14 01:13:59 ----D---- C:\Program Files\QIP 2010
2012-09-14 00:07:41 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-09-12 23:52:17 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #2.txt
2012-09-12 23:42:32 ----SHD---- C:\WINDOWS\Installer
2012-09-12 23:38:44 ----SD---- C:\WINDOWS\Tasks
2012-09-12 23:38:39 ----D---- C:\WINDOWS\system32

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 BTKRNL;Bluetooth Protocol Stack; C:\WINDOWS\system32\drivers\btkrnl.sys [2004-04-02 1240186]
R0 risdptsk;risdptsk; C:\WINDOWS\system32\DRIVERS\risdptsk.sys [2005-10-18 33280]
R1 GhPciScan;GhostPciScanner; \??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 klif;KLIF driver; C:\WINDOWS\System32\drivers\klif.sys [2006-07-12 139024]
R1 klmc;KLMC driver; C:\WINDOWS\System32\drivers\klmc.sys [2006-07-12 14803]
R1 NetworkX;NetworkX; C:\WINDOWS\system32\ckldrv.sys [2000-02-03 24608]
R1 tidnet;TID NDIS Protocol Driver; C:\WINDOWS\system32\DRIVERS\tidnet.sys [2009-09-15 19200]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-08-15 17005]
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\system32\drivers\btserial.sys []
R2 BTSLBCSP;Bluetooth Port Client Driver; \??\C:\WINDOWS\system32\drivers\btslbcsp.sys []
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-04 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-04 55936]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-06-16 1094400]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-08-02 635281]
R3 ApPS2;Alps Pointing-device Driver; C:\WINDOWS\system32\DRIVERS\ApPS2.sys [2005-01-08 36428]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (AES2500); C:\WINDOWS\System32\Drivers\ATSwpDrv.sys [2005-03-30 116594]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2004-04-02 16896]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2004-04-02 30235]
R3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2004-04-02 147864]
R3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2004-04-02 43603]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2004-04-02 53336]
R3 Fjbtndrv;Fujitsu Button Driver; C:\WINDOWS\system32\DRIVERS\Fjbtndrv.sys [2005-09-02 11392]
R3 FUJ02B1;Fujitsu FUJ02B1 Device Driver; C:\WINDOWS\system32\DRIVERS\FUJ02B1.sys [2001-08-02 5248]
R3 FUJ02E1;%FUJ02E1.DeviceDesc%; C:\WINDOWS\System32\Drivers\FUJ02E1.sys [2004-10-19 5632]
R3 FujitsuPen;Fujitsu Serial Pen HID Driver; C:\WINDOWS\system32\DRIVERS\Fujpen.sys [2005-08-18 11904]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\WINDOWS\system32\DRIVERS\ewdcsc.sys [2009-12-15 24448]
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2009-12-15 102528]
R3 hwusbdev;Huawei DataCard USB PNP Device; C:\WINDOWS\system32\DRIVERS\ewusbdev.sys [2009-12-15 100736]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-07-19 1049180]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 rtl8139;Realtek RTL8139/810x Family Fast Etnernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-10-14 46080]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Intel(R) PRO/Wireless 2915ABG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-10-30 3222784]
S2 DgiVecp;Team MFP Comm Driver; C:\WINDOWS\System32\Drivers\DgiVecp.sys [2003-07-29 40448]
S2 ldevusb;L-Card USB class driver; C:\WINDOWS\System32\Drivers\ldevusb.sys []
S2 ldevusbu;ldevusbu.sys LComp compatible USB WDM driver; C:\WINDOWS\System32\Drivers\ldevusbu.sys [2007-03-22 39296]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 emusba10;E-MU USB-Audio 1.0 Driver; C:\WINDOWS\system32\DRIVERS\emusba10.sys [2007-11-26 163352]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1; C:\WINDOWS\system32\DRIVERS\libusb0.sys [2007-03-20 28672]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver; C:\WINDOWS\system32\DRIVERS\silabenm.sys [2009-11-12 17920]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver; C:\WINDOWS\system32\DRIVERS\silabser.sys [2009-11-12 62592]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USB_RNDIS;USB Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023k.sys [2002-08-12 11136]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WacomPen;Wacom Serial Pen HID Driver; C:\WINDOWS\system32\DRIVERS\wacompen.sys [2008-04-13 14208]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 zlportio;zlportio; \??\C:\Documents and Settings\БАВ\Desktop\Для USB\VNWA30.5\zlportio.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 btwdins;Bluetooth Service; C:\Program Files\Fujitsu Siemens\Bluetooth Software\bin\btwdins.exe [2004-04-02 163840]
R2 Crypkey License;Crypkey License; C:\WINDOWS\system32\crypserv.exe [2000-06-29 52224]
R2 emaudsv;E-MU Audio Service; C:\WINDOWS\system32\emaudsv.exe [2007-11-26 20992]
R2 GhostStartService;GhostStartService; C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe [2002-08-15 200704]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-11-29 152984]
R2 kavsvc;Kaspersky Anti-Virus Service; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kavsvc.exe [2006-07-12 1138794]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S2 gupdate;Служба Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-13 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-12 250568]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 gupdatem;Служба Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-13 136176]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

Zdravim

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
• Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
• Zaskrtnete okenko Pro vsechny uzivatele
• Zaskrtnete okenko Kontrola na havet "LOP"
• Zaskrtnete okenko Kontrola na havet "Purity"
• Stari souboru zmente z 30 dnu na 7 dnu
• Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

• Kód: Vybrat vše

  CREATERESTOREPOINT
  
  netsvcs
  drivers32
  savembr:0
  
  /md5start
  atapi.sys
  autochk.exe
  cdrom.sys
  explorer.exe
  hal.dll
  scecli.dll
  services.exe
  svchost.exe
  tcpip.sys
  userinit.exe
  winlogon.exe
  /md5stop
  
  %systemroot%*.* /U /s
  %SYSTEMDRIVE%\*.exe
  %ALLUSERSPROFILE%\Application Data\*.
  %ALLUSERSPROFILE%\Application Data\*.exe /s
  %APPDATA%\*.
  %APPDATA%\*.exe /s
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\system32\drivers\*.sys /3
  %systemroot%\system32\*.* /3
  %SYSTEMDRIVE%\*.exe
  
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
  
  %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
  %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
  %PROGRAMFILES%\Opera\opera.exe /md5
  %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5
  
  %SystemDrive%\PhysicalMBR.bin /md5 
  
  *crack* /s
  *keygen* /s
  *loader* /s

• Kliknete na tlacitko Prohledat
• Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
• Pokud budou logy dlouhe (forum bude kricet o prekroceni maximalniho poctu znaku), tak je rozdelte do vice prispevku[

[/list]

Tak zde je OTL.Txt

OTL logfile created on: 15.09.2012 0:06:06 - Run 1
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Documents and Settings\БАВ\Desktop
Windows XP Tablet PC Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000419 | Country: Russia | Language: RUS | Date Format: dd.MM.yyyy

501,98 Mb Total Physical Memory | 123,20 Mb Available Physical Memory | 24,54% Memory free
1,20 Gb Paging File | 0,56 Gb Available in Paging File | 46,52% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39,02 Gb Total Space | 23,88 Gb Free Space | 61,20% Space Free | Partition Type: NTFS
Drive D: | 16,85 Gb Total Space | 16,79 Gb Free Space | 99,62% Space Free | Partition Type: NTFS

Computer Name: NOUT | User Name: БАВ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2012.09.14 23:56:44 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\БАВ\Desktop\OTL.exe
PRC - [2009.11.30 11:41:36 | 004,050,632 | ---- | M] (Telefónica I+D) -- C:\Program Files\O2\O2CZ\EMMSN.exe
PRC - [2009.09.18 13:20:08 | 000,347,272 | ---- | M] (Telefónica I+D) -- C:\Program Files\O2\Nori\Nori.exe
PRC - [2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.11.26 17:10:08 | 000,020,992 | R--- | M] (E-MU Systems) -- C:\WINDOWS\system32\emaudsv.exe
PRC - [2005.09.09 10:34:46 | 000,020,480 | R--- | M] (Fujitsu Computer Systems Corporation) -- C:\Program Files\Fujitsu\Utils\FjEvents.exe
PRC - [2005.08.26 14:38:52 | 000,020,480 | R--- | M] (Fujitsu PC Corporation) -- C:\Program Files\Fujitsu\Utils\FjDspMon.exe
PRC - [2005.08.26 11:13:42 | 000,032,768 | R--- | M] () -- C:\Program Files\Fujitsu\Utils\FjMnuIco.exe
PRC - [2005.06.23 12:47:52 | 000,061,440 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\AlpsPoint\ApMain.exe
PRC - [2005.06.02 20:01:02 | 000,032,768 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
PRC - [2005.01.22 03:16:48 | 001,102,336 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
PRC - [2004.09.21 08:44:28 | 001,245,274 | ---- | M] (WIDCOMM, Inc.) -- C:\Program Files\Fujitsu Siemens\Bluetooth Software\BTStackServer.exe
PRC - [2004.09.21 08:41:58 | 000,557,123 | ---- | M] (WIDCOMM, Inc.) -- C:\Program Files\Fujitsu Siemens\Bluetooth Software\BTTray.exe
PRC - [2004.07.27 10:01:36 | 000,068,096 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004.04.02 13:49:52 | 000,163,840 | ---- | M] (WIDCOMM, Inc.) -- C:\Program Files\Fujitsu Siemens\Bluetooth Software\bin\btwdins.exe
PRC - [2002.08.15 01:21:28 | 000,094,208 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
PRC - [2002.08.15 01:21:16 | 000,200,704 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
PRC - [2000.06.29 10:45:10 | 000,052,224 | ---- | M] (Kenonic Controls Ltd.) -- C:\WINDOWS\system32\Crypserv.exe


========== Modules (No Company Name) ==========

MOD - [2010.11.09 03:03:52 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2010.11.09 02:19:03 | 001,179,648 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.3300.0__b77a5c561934e089\system.dll
MOD - [2010.11.09 02:14:29 | 000,110,592 | ---- | M] () -- c:\windows\assembly\gac\sklibrary\1.7.2600.5512__31bf3856ad364e35\sklibrary.dll
MOD - [2010.11.09 02:14:29 | 000,012,800 | ---- | M] () -- c:\windows\assembly\gac\softkeyboardlogic\1.7.2600.5512__31bf3856ad364e35\softkeyboardlogic.dll
MOD - [2010.11.09 02:14:28 | 000,009,216 | ---- | M] () -- c:\windows\assembly\gac\interop.softkeyboardinterface\1.7.2600.5512__31bf3856ad364e35\interop.softkeyboardinterface.dll
MOD - [2010.02.05 20:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2010.01.13 18:18:32 | 000,013,312 | ---- | M] () -- C:\Program Files\O2\O2CZ\langs\cz_CZ_md.dll
MOD - [2009.11.30 11:41:36 | 000,119,296 | ---- | M] () -- C:\Program Files\O2\O2CZ\AgendaLib.dll
MOD - [2009.09.18 13:20:08 | 000,334,336 | ---- | M] () -- C:\Program Files\O2\Nori\legplgs\plgsie.dll
MOD - [2009.09.18 13:20:08 | 000,286,720 | ---- | M] () -- C:\Program Files\O2\Nori\legplgs\plgnvt.dll
MOD - [2009.09.18 13:20:08 | 000,237,568 | ---- | M] () -- C:\Program Files\O2\Nori\legplgs\plghwi.dll
MOD - [2009.09.18 13:20:08 | 000,187,392 | ---- | M] () -- C:\Program Files\O2\Nori\legplgs\plgopt.dll
MOD - [2009.09.18 13:20:08 | 000,186,368 | ---- | M] () -- C:\Program Files\O2\Nori\legplgs\plgzte.dll
MOD - [2009.09.18 13:20:08 | 000,186,368 | ---- | M] () -- C:\Program Files\O2\Nori\legplgs\plgser.dll
MOD - [2009.09.18 13:20:08 | 000,185,856 | ---- | M] () -- C:\Program Files\O2\Nori\legplgs\plgati.dll
MOD - [2009.09.15 11:51:04 | 000,503,202 | ---- | M] () -- C:\Program Files\O2\O2CZ\sqlite3.dll
MOD - [2008.04.14 02:12:03 | 000,386,048 | ---- | M] () -- C:\WINDOWS\system32\qdvd.dll
MOD - [2008.04.14 02:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007.04.02 14:49:20 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2005.08.26 11:13:42 | 000,032,768 | R--- | M] () -- C:\Program Files\Fujitsu\Utils\FjMnuIco.exe
MOD - [2005.04.27 17:10:25 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2005.04.27 17:10:24 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2005.04.27 17:10:24 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2005.04.27 17:05:44 | 000,007,680 | ---- | M] () -- c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll
MOD - [2004.12.20 08:10:50 | 000,061,440 | ---- | M] () -- C:\WINDOWS\system32\xvid.ax
MOD - [2004.08.13 18:00:22 | 000,045,056 | ---- | M] () -- c:\windows\assembly\gac\interop.tipcomponents\1.7.2600.2180__31bf3856ad364e35\interop.tipcomponents.dll
MOD - [2004.04.02 11:05:42 | 000,053,248 | ---- | M] () -- C:\Program Files\Fujitsu Siemens\Bluetooth Software\BTKeyInd.dll


========== Services (SafeList) ==========

SRV - [2012.09.12 23:38:41 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2007.11.26 17:10:08 | 000,020,992 | R--- | M] (E-MU Systems) [Auto | Running] -- C:\WINDOWS\system32\emaudsv.exe -- (emaudsv)
SRV - [2006.07.12 17:18:26 | 001,138,794 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kavsvc.exe -- (kavsvc)
SRV - [2004.04.02 13:49:52 | 000,163,840 | ---- | M] (WIDCOMM, Inc.) [Auto | Running] -- C:\Program Files\Fujitsu Siemens\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2002.08.15 01:21:16 | 000,200,704 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe -- (GhostStartService)
SRV - [2000.06.29 10:45:10 | 000,052,224 | ---- | M] (Kenonic Controls Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\БАВ\Desktop\Для USB\VNWA30.5\zlportio.sys -- (zlportio)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- System32\Drivers\ldevusb.sys -- (ldevusb)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2010.11.26 18:02:52 | 000,014,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2009.12.15 14:05:42 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.12.15 14:05:42 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009.12.15 14:05:42 | 000,024,448 | ---- | M] (Huawei Tech. Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewdcsc.sys -- (Huawei)
DRV - [2009.11.12 19:25:40 | 000,062,592 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\silabser.sys -- (silabser)
DRV - [2009.11.12 19:25:40 | 000,017,920 | ---- | M] (Silicon Laboratories, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\silabenm.sys -- (silabenm)
DRV - [2009.09.15 11:51:04 | 000,019,200 | ---- | M] (Telefónica I+D) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tidnet.sys -- (tidnet)
DRV - [2008.04.13 20:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2007.11.26 17:14:54 | 000,163,352 | R--- | M] (E-MU Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emusba10.sys -- (emusba10)
DRV - [2007.03.22 14:55:40 | 000,039,296 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ldevusbu.sys -- (ldevusbu)
DRV - [2007.03.20 09:33:28 | 000,028,672 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2006.07.12 17:23:20 | 000,014,803 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\klmc.sys -- (klmc)
DRV - [2006.07.12 17:23:16 | 000,139,024 | ---- | M] (Kaspersky Labs) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (klif)
DRV - [2005.10.18 22:08:50 | 000,033,280 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2005.09.02 16:38:02 | 000,011,392 | R--- | M] (Fujitsu PC Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\FjBtndrv.sys -- (Fjbtndrv)
DRV - [2005.08.18 17:55:22 | 000,011,904 | ---- | M] (Fujitsu Component Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Fujpen.sys -- (FujitsuPen)
DRV - [2005.06.16 01:03:54 | 001,094,400 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005.03.30 04:02:22 | 000,116,594 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATSwpDrv.sys -- (ATSWPDRV)
DRV - [2005.01.08 20:06:24 | 000,036,428 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ApPS2.sys -- (ApPS2)
DRV - [2004.10.30 04:48:10 | 003,222,784 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51)
DRV - [2004.10.19 02:08:00 | 000,005,632 | ---- | M] (Fujitsu Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\FUJ02E1.sys -- (FUJ02E1)
DRV - [2004.10.14 14:37:22 | 000,046,080 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004.08.04 14:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004.08.04 14:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004.08.02 14:09:18 | 000,635,281 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2004.04.02 10:36:12 | 000,016,896 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2004.04.02 10:34:46 | 000,023,239 | ---- | M] (WIDCOMM, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2004.04.02 10:34:34 | 000,222,844 | ---- | M] (WIDCOMM, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btslbcsp.sys -- (BTSLBCSP)
DRV - [2004.04.02 10:31:56 | 001,240,186 | ---- | M] (WIDCOMM, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2004.04.02 10:28:14 | 000,147,864 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2004.04.02 10:25:44 | 000,030,235 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2004.04.02 10:24:58 | 000,043,603 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2004.04.02 10:23:54 | 000,053,336 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2004.02.24 04:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003.07.29 09:57:20 | 000,040,448 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\Dgivecp.Sys -- (DgiVecp)
DRV - [2002.08.15 01:11:16 | 000,005,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec\Norton Ghost 2003\GhPciScan.sys -- (GhPciScan)
DRV - [2002.08.15 01:03:36 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2002.08.12 14:20:22 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023k.sys -- (USB_RNDIS)
DRV - [2001.08.17 14:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001.08.02 17:00:22 | 000,005,248 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fuj02b1.sys -- (FUJ02B1)
DRV - [2000.02.03 21:53:12 | 000,024,608 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\Ckldrv.sys -- (NetworkX)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {95289393-33EA-4F8D-B952-483415B9C955}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={ ... rer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7
IE - HKLM\..\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}: "URL" = http://search.qip.ru/?query={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3501509324-2753180644-3599257674-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
IE - HKU\S-1-5-21-3501509324-2753180644-3599257674-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKU\S-1-5-21-3501509324-2753180644-3599257674-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
IE - HKU\S-1-5-21-3501509324-2753180644-3599257674-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKU\S-1-5-21-3501509324-2753180644-3599257674-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
IE - HKU\S-1-5-21-3501509324-2753180644-3599257674-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKU\S-1-5-21-3501509324-2753180644-3599257674-1005\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-3501509324-2753180644-3599257674-1005\..\URLSearchHook: {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\БАВ\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKU\S-1-5-21-3501509324-2753180644-3599257674-1005\..\SearchScopes,DefaultScope = {95289393-33EA-4F8D-B952-483415B9C955}
IE - HKU\S-1-5-21-3501509324-2753180644-3599257674-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-3501509324-2753180644-3599257674-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co.uk/search?q={searc ... PT_ruCZ418
IE - HKU\S-1-5-21-3501509324-2753180644-3599257674-1005\..\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}: "URL" = http://search.qip.ru/?query={searchTerms}
IE - HKU\S-1-5-21-3501509324-2753180644-3599257674-1005\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = http://search.qip.ru/search?query={searchTerms}&from=IE
IE - HKU\S-1-5-21-3501509324-2753180644-3599257674-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)



O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (QIPBHO Class) - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\БАВ\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O3 - HKU\S-1-5-21-3501509324-2753180644-3599257674-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApMain] C:\Program Files\AlpsPoint\ApMain.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ATSwpNav] C:\Program Files\Fingerprint Sensor\ATSwpNav.exe (AuthenTec, Inc.)
O4 - HKLM..\Run: [FjDspMon] C:\Program Files\Fujitsu\Utils\FjDspMon.exe (Fujitsu PC Corporation)
O4 - HKLM..\Run: [FjEvents] C:\Program Files\Fujitsu\Utils\FjEvents.exe (Fujitsu Computer Systems Corporation)
O4 - HKLM..\Run: [Fujitsu Menu] C:\Program Files\Fujitsu\Utils\FjMnuIco.exe ()
O4 - HKLM..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [KAVWks50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kav.exe (Kaspersky Lab)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-19..\Run: [TabletWizard] %windir%\help\wizard.hta File not found
O4 - HKU\S-1-5-20..\Run: [TabletWizard] %windir%\help\wizard.hta File not found
O4 - HKU\S-1-5-21-3501509324-2753180644-3599257674-1005..\Run: [Infium] C:\Program Files\QIP 2010\qip.exe (QIP)
O4 - HKU\S-1-5-21-3501509324-2753180644-3599257674-1005..\Run: [NETGATERegistryCleaner] C:\Program Files\NETGATE\Registry Cleaner\RegistryCleaner.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AntSwitch.lnk = C:\WINDOWS\AntSwitch.exe (Fujitsu Siemens Computers)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk = C:\Program Files\Fujitsu Siemens\Bluetooth Software\BTTray.exe (WIDCOMM, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3501509324-2753180644-3599257674-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Fujitsu Siemens\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Fujitsu Siemens\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Fujitsu Siemens\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 9251232634 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{102475C4-4781-457D-B28F-28888A55AB89}: NameServer = 160.218.161.60 194.228.211.33
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (WIDCOMM, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\БАВ\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\БАВ\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.02.03 15:28:15 | 000,000,095 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{186a2f40-3f6b-11e0-a1fd-000b5da43841}\Shell - "" = AutoRun
O33 - MountPoints2\{186a2f40-3f6b-11e0-a1fd-000b5da43841}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.3iv2 - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx.com)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: VIDC.HFYU - C:\WINDOWS\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.VP31 - C:\WINDOWS\System32\vp31vfw.dll (On2.com)
Drivers32: VIDC.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.wmv3 - C:\WINDOWS\System32\WMV9VCM.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2012.09.15 00:00:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.09.14 23:56:34 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\БАВ\Desktop\OTL.exe
[2012.09.14 01:59:38 | 000,029,528 | ---- | C] (IObit) -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2012.09.14 01:59:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\БАВ\Application Data\IObit
[2012.09.14 01:59:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Smart Defrag 2
[2012.09.14 01:58:54 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2012.09.14 01:57:39 | 006,066,648 | ---- | C] (IObit ) -- C:\Documents and Settings\БАВ\Desktop\defragsetup.exe
[2012.09.14 01:29:57 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2012.09.14 01:29:53 | 000,000,000 | ---D | C] -- C:\rsit
[2012.09.12 23:38:39 | 000,696,520 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.09.12 23:38:39 | 000,073,416 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2012.09.15 00:12:30 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012.09.14 23:56:44 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\БАВ\Desktop\OTL.exe
[2012.09.14 23:47:17 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.14 23:47:14 | 000,000,950 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.14 23:27:00 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.09.14 21:32:04 | 000,042,496 | ---- | M] () -- C:\Documents and Settings\БАВ\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.14 21:30:50 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
[2012.09.14 21:25:52 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{724051C5-0748-4BAD-AE23-F4ADEC853BF7}.job
[2012.09.14 21:21:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.09.14 21:21:44 | 526,438,400 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.14 01:59:04 | 000,000,829 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Smart Defrag 2.lnk
[2012.09.14 01:57:39 | 006,066,648 | ---- | M] (IObit ) -- C:\Documents and Settings\БАВ\Desktop\defragsetup.exe
[2012.09.14 01:27:25 | 000,781,383 | ---- | M] () -- C:\Documents and Settings\БАВ\Desktop\RSIT.exe
[2012.09.12 23:38:39 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.09.12 23:38:39 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.09.12 23:31:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.09.15 00:12:30 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012.09.14 01:59:39 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
[2012.09.14 01:59:06 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2012.09.14 01:59:04 | 000,000,829 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Smart Defrag 2.lnk
[2012.09.14 01:27:14 | 000,781,383 | ---- | C] () -- C:\Documents and Settings\БАВ\Desktop\RSIT.exe
[2012.09.12 23:38:44 | 000,000,896 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.03.30 19:23:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\setup.INI
[2011.02.14 00:00:50 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2006.06.21 23:50:19 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\БАВ\Local Settings\Application Data\fusioncache.dat
[2006.06.21 17:12:07 | 000,042,496 | ---- | C] () -- C:\Documents and Settings\БАВ\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2006.11.18 16:19:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus for Windows Workstations
[2011.10.03 12:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\БАВ\Application Data\Audacity
[2012.09.14 01:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\БАВ\Application Data\IObit
[2011.02.23 18:40:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\БАВ\Application Data\Telefónica Móviles
[2012.09.14 21:30:50 | 000,000,276 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag_Startup.job
[2012.09.14 21:25:52 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{724051C5-0748-4BAD-AE23-F4ADEC853BF7}.job

========== Purity Check ==========



========== Custom Scans ==========

< >

< >

< MD5 for: ATAPI.SYS >
[2004.08.04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010.11.09 01:45:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004.08.04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2010.11.09 01:45:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2010.11.09 01:45:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution.bak\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution.bak\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.04.14 02:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008.04.14 02:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\SoftwareDistribution.bak\Download\9866fb57abdc0ea2f5d4e132d055ba4e\autochk.exe
[2008.04.14 02:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
[2004.08.04 14:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe
[2004.08.04 14:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\I386\AUTOCHK.EXE

< MD5 for: CDROM.SYS >
[2004.08.04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2010.11.09 01:45:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2004.08.04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:cdrom.sys
[2010.11.09 01:45:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2010.11.09 01:45:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution.bak\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\SoftwareDistribution.bak\Download\9866fb57abdc0ea2f5d4e132d055ba4e\cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004.08.04 14:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution.bak\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
[2004.08.04 14:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: HAL.DLL >
[2004.08.04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2010.11.09 01:45:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2004.08.04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:hal.dll
[2010.11.09 01:45:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2010.11.09 01:45:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution.bak\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:hal.dll
[2004.08.04 14:00:00 | 000,081,280 | ---- | M] (Microsoft Corporation) MD5=4AF58CA3425F28FC5E3DB47DC122F722 -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\SoftwareDistribution.bak\Download\9866fb57abdc0ea2f5d4e132d055ba4e\hal.dll
[2008.04.13 20:31:27 | 000,081,152 | ---- | M] (Microsoft Corporation) MD5=C4BA879B581BE34536FE01F79AC28631 -- C:\WINDOWS\system32\HAL.DLL

< MD5 for: SCECLI.DLL >
[2004.08.04 14:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 02:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 02:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution.bak\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll
[2008.04.14 02:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SERVICES.EXE >
[2009.02.06 13:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2009.02.06 13:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\SoftwareDistribution.bak\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\services.exe
[2008.04.14 02:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008.04.14 02:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2008.04.14 02:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\SoftwareDistribution.bak\Download\9866fb57abdc0ea2f5d4e132d055ba4e\services.exe
[2009.02.06 19:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- C:\WINDOWS\SoftwareDistribution.bak\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\services.exe
[2009.02.06 12:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009.02.06 12:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\SoftwareDistribution.bak\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\services.exe
[2009.02.06 13:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009.02.06 13:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\SoftwareDistribution.bak\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\services.exe
[2009.02.06 13:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009.02.06 13:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004.08.04 14:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtUninstallKB956572_0$\services.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution.bak\Download\9866fb57abdc0ea2f5d4e132d055ba4e\svchost.exe
[2008.04.14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004.08.04 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2005.05.25 21:07:12 | 000,359,936 | ---- | M] (Microsoft Corporation) MD5=63FDFEA54EB53DE2D863EE454937CE1E -- C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[2005.05.25 21:07:12 | 000,359,936 | ---- | M] (Microsoft Corporation) MD5=63FDFEA54EB53DE2D863EE454937CE1E -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\SoftwareDistribution.bak\Download\ad744bdeedce85bf37a096f34577ff3a\sp2qfe\tcpip.sys
[2005.05.25 21:04:02 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=88763A98A4C26C409741B4AA162720C9 -- C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\SoftwareDistribution.bak\Download\9866fb57abdc0ea2f5d4e132d055ba4e\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\SoftwareDistribution.bak\Download\ad744bdeedce85bf37a096f34577ff3a\sp3gdr\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\SoftwareDistribution.bak\Download\ad744bdeedce85bf37a096f34577ff3a\sp3qfe\tcpip.sys

< MD5 for: USERINIT.EXE >
[2004.08.04 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008.04.14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution.bak\Download\9866fb57abdc0ea2f5d4e132d055ba4e\userinit.exe
[2008.04.14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.21 20:39:51 | 000,502,784 | ---- | M] (Microsoft Corporation) MD5=011B9BE87FE92821F06FFB1F3765E92C -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution.bak\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe
[2008.04.14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< >

< %systemroot%*.* /U /s >
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\CSC\*.tmp files -> C:\WINDOWS\CSC\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution.bak\Download\d27c2900aa2705e008389ddae7c985e9\*.tmp files -> C:\WINDOWS\SoftwareDistribution.bak\Download\d27c2900aa2705e008389ddae7c985e9\*.tmp -> ]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[1 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CLR Security Config\v1.1.4322\*.tmp files -> C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CLR Security Config\v1.1.4322\*.tmp -> ]
[2 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >
[2006.06.21 23:40:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2006.06.21 23:48:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Corel
[2012.03.15 02:23:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2006.11.18 16:19:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus for Windows Workstations
[2011.09.19 10:11:09 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2011.02.13 23:55:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2006.01.04 05:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010.11.08 23:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2011.12.07 12:48:09 | 000,526,512 | ---- | M] (Google Inc.) -- C:\Documents and Settings\All Users\Application Data\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe
[2012.02.03 16:05:50 | 002,756,480 | ---- | M] (EasyBits Software AS) -- C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\F57B48ADF2224F088EDD1A2B9BAD84E8\Games\8009C35017684284B0BE39D6E4E53955\goxn.exe
[2002.08.15 01:03:36 | 000,065,536 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\aspiinst.exe
[2002.08.15 01:03:12 | 000,202,517 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS.EXE
[2002.08.15 01:03:14 | 000,374,038 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS16.EXE
[2002.08.15 01:03:14 | 000,056,821 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\E.EXE
[2002.08.15 01:03:14 | 000,032,396 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\GUEST.EXE
[2002.08.15 01:03:14 | 000,021,180 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MSCDEX.EXE
[2002.08.15 01:03:14 | 000,354,263 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Net.exe
[2002.08.15 01:03:14 | 000,129,240 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OHCI.EXE
[2002.08.15 01:03:16 | 000,013,770 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\PROTMAN.EXE
[2002.08.15 01:03:16 | 000,130,980 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\UHCI.EXE
[2002.08.15 01:03:22 | 000,050,795 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX\Cbendis.exe
[2002.08.15 01:03:22 | 000,052,225 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet 10-100 + Modem\Cbendis.exe
[2002.08.15 01:03:24 | 000,048,641 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS\Xpsndis.exe
[2002.08.15 01:03:24 | 000,033,860 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom PE3-10Bx\Pe3ndis.exe
[2002.08.15 01:03:24 | 000,050,175 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Re-100Btx + Ce3B-100Btx\Ce3ndis.exe
[2002.08.15 01:03:24 | 000,048,491 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10BT\Ce3ndis.exe

< %APPDATA%\*. >
[2008.08.30 21:38:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\БАВ\Application Data\Adobe
[2006.07.04 23:43:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\БАВ\Application Data\AdobeUM
[2011.10.03 12:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\БАВ\Application Data\Audacity
[2006.06.22 02:51:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\БАВ\Application Data\Corel
[2011.02.28 09:16:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\БАВ\Application Data\Google
[2007.12.11 10:30:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\БАВ\Application Data\Help
[2004.08.13 18:09:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\БАВ\Application Data\Identities
[2012.09.14 01:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\БАВ\Application Data\IObit
[2006.12.06 18:30:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\БАВ\Application Data\Macromedia
[2006.06.21 17:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\БАВ\Application Data\Media Player Classic
[2008.08.30 20:59:40 | 000,000,000 | --SD | M] -- C:\Documents and Settings\БАВ\Application Data\Microsoft
[2012.09.14 21:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\БАВ\Application Data\Skype
[2012.02.10 16:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\БАВ\Application Data\skypePM
[2006.10.25 08:18:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\БАВ\Application Data\Sun
[2006.01.04 05:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\БАВ\Application Data\Symantec
[2011.02.23 18:40:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\БАВ\Application Data\Telefónica Móviles

< %APPDATA%\*.exe /s >
[2011.02.14 01:13:18 | 002,871,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\БАВ\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
[2006.01.04 05:39:29 | 000,016,158 | R--- | M] () -- C:\Documents and Settings\БАВ\Application Data\Microsoft\Installer\{E1D78C08-3477-470B-82B7-61BD4F63110B}\ARPPRODUCTICON.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job >
[2012.09.15 00:27:05 | 000,000,896 | ---- | M] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2012.09.14 23:47:17 | 000,000,946 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2012.09.15 00:47:04 | 000,000,950 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2012.09.14 21:30:50 | 000,000,276 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag_Startup.job
[2012.09.14 21:25:52 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{724051C5-0748-4BAD-AE23-F4ADEC853BF7}.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004.08.13 10:47:44 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004.08.13 10:47:44 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004.08.13 10:47:44 | 000,880,640 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2012.09.12 23:38:39 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\system32\FlashPlayerApp.exe
[2012.09.12 23:38:39 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
[2012.09.12 23:31:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 02:12:16 | 000,015,360 | ---- | M] (Microsoft Corporation)
"MSMSGS" = "C:\Program Files\Messenger\msmsgs.exe" /background -- [2008.04.14 02:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation)
"Skype" = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized -- [2010.09.02 13:15:04 | 013,351,304 | R--- | M] (Skype Technologies S.A.)
"Infium" = "C:\Program Files\QIP 2010\qip.exe" /autorun -- [2011.07.18 13:26:46 | 006,812,032 | ---- | M] (QIP)
"NETGATERegistryCleaner" = C:\Program Files\NETGATE\Registry Cleaner\RegistryCleaner.exe

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2009.03.08 12:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Program Files\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2012.09.15 00:12:30 | 000,000,512 | ---- | M] () MD5=7E71477C6A706E886781D8E2F91CEF53 -- C:\PhysicalMBR.bin

< >

< *crack* /s >

< *keygen* /s >

< *loader* /s >
[2012.02.03 16:05:59 | 000,009,828 | ---- | M] () -- \Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\F57B48ADF2224F088EDD1A2B9BAD84E8\Games\8009C35017684284B0BE39D6E4E53955\Loader_50.gif
[2008.08.30 23:03:21 | 000,003,500 | ---- | M] () -- \Documents and Settings\БАВ\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\InformLoader.class-5410638c-3fb232a7.class
[2008.08.30 23:03:21 | 000,000,282 | ---- | M] () -- \Documents and Settings\БАВ\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\InformLoader.class-5410638c-3fb232a7.idx
[2006.11.01 08:57:03 | 000,003,500 | ---- | M] () -- \Documents and Settings\БАВ\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\InformLoader.class-668fa113-7e9e9421.class
[2006.11.01 08:57:03 | 000,000,327 | ---- | M] () -- \Documents and Settings\БАВ\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\InformLoader.class-668fa113-7e9e9421.idx
[2011.12.20 18:45:14 | 001,015,128 | ---- | M] () -- \Program Files\IObit\Smart Defrag 2\Freeware\ASC_FreeSoftwareDownloader.exe
[2011.10.19 22:16:30 | 001,015,128 | ---- | M] () -- \Program Files\IObit\Smart Defrag 2\Freeware\SD_FreeSoftwareDownloader.exe
[2006.07.12 17:15:12 | 000,108,140 | ---- | M] () -- \Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\prloader.dll
[2006.09.14 01:06:10 | 000,044,032 | ---- | M] () -- \Program Files\WinRAR\RarExtLoader.exe
[2004.08.04 14:00:00 | 000,035,840 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\dmloader.dll
[2004.08.04 14:00:00 | 000,017,423 | ---- | M] () -- \WINDOWS\I386\DMLOADER.DL_
[2004.08.04 14:00:00 | 000,114,717 | ---- | M] () -- \WINDOWS\I386\OSLOADER.EX_
[2004.08.04 14:00:00 | 000,132,317 | ---- | M] () -- \WINDOWS\I386\OSLOADER.NT_
[2001.09.26 14:00:00 | 000,003,631 | ---- | M] () -- \WINDOWS\mui\BR.MUI\I386\OSLOADER.EXE.MU_
[2001.12.05 14:00:00 | 000,003,789 | ---- | M] () -- \WINDOWS\mui\CS.MUI\I386\OSLOADER.EXE.MU_
[2001.12.05 14:00:00 | 000,004,075 | ---- | M] () -- \WINDOWS\mui\EL.MUI\I386\OSLOADER.EXE.MU_
[2001.10.19 22:54:56 | 000,010,752 | ---- | M] () -- \WINDOWS\mui\FALLBACK\0419\osloader.exe.mui
[2001.12.05 14:00:00 | 000,003,487 | ---- | M] () -- \WINDOWS\mui\FI.MUI\I386\OSLOADER.EXE.MU_
[2001.12.05 14:00:00 | 000,003,785 | ---- | M] () -- \WINDOWS\mui\PL.MUI\I386\OSLOADER.EXE.MU_
[2001.12.05 14:00:00 | 000,003,973 | ---- | M] () -- \WINDOWS\mui\RU.MUI\I386\OSLOADER.EXE.MU_
[2002.03.04 14:00:00 | 000,003,467 | ---- | M] () -- \WINDOWS\mui\SK.MUI\I386\OSLOADER.EXE.MU_
[2002.03.04 14:00:00 | 000,003,465 | ---- | M] () -- \WINDOWS\mui\SL.MUI\I386\OSLOADER.EXE.MU_
[2001.12.05 14:00:00 | 000,003,613 | ---- | M] () -- \WINDOWS\mui\TR.MUI\I386\OSLOADER.EXE.MU_
[2008.04.14 02:11:52 | 000,035,840 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\dmloader.dll
[2008.04.13 20:31:43 | 000,230,400 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.exe
[2008.04.13 20:31:44 | 000,278,016 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.ntd
[2008.04.14 02:11:52 | 000,035,840 | ---- | M] () -- \WINDOWS\SoftwareDistribution.bak\Download\9866fb57abdc0ea2f5d4e132d055ba4e\dmloader.dll
[2008.04.13 20:31:43 | 000,230,400 | ---- | M] () -- \WINDOWS\SoftwareDistribution.bak\Download\9866fb57abdc0ea2f5d4e132d055ba4e\osloader.exe
[2008.04.13 20:31:44 | 000,278,016 | ---- | M] () -- \WINDOWS\SoftwareDistribution.bak\Download\9866fb57abdc0ea2f5d4e132d055ba4e\osloader.ntd
[2008.04.14 02:11:52 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dmloader.dll
[1 \WINDOWS\system32\*.tmp files -> \WINDOWS\system32\*.tmp -> ]
[2011.03.14 17:04:20 | 000,005,167 | ---- | M] () -- \WINDOWS\Temporary Internet Files\Content.IE5\0X2FGHMN\loader[1].js
[2011.02.14 01:14:07 | 000,008,539 | ---- | M] () -- \WINDOWS\Temporary Internet Files\Content.IE5\0X2FGHMN\WidgetMainLoader[1].swf

< End of report >

A zde Extras.txt

OTL Extras logfile created on: 15.09.2012 0:06:06 - Run 1
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Documents and Settings\БАВ\Desktop
Windows XP Tablet PC Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000419 | Country: Russia | Language: RUS | Date Format: dd.MM.yyyy

501,98 Mb Total Physical Memory | 123,20 Mb Available Physical Memory | 24,54% Memory free
1,20 Gb Paging File | 0,56 Gb Available in Paging File | 46,52% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39,02 Gb Total Space | 23,88 Gb Free Space | 61,20% Space Free | Partition Type: NTFS
Drive D: | 16,85 Gb Total Space | 16,79 Gb Free Space | 99,62% Space Free | Partition Type: NTFS

Computer Name: NOUT | User Name: БАВ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\QIP 2010\qip.exe" = C:\Program Files\QIP 2010\qip.exe:*:Enabled:QIP 2010 -- (QIP)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
" " =
"{0510E9B6-C4C9-4C1D-8FE9-89EDDAA54958}" = Microsoft Reader
"{0CAD092C-5D1E-48AD-A845-E1EBA9AF1AF8}" = Tablet PC Tutorials for Microsoft Windows XP SP2
"{0D48BC29-1FD5-4491-BD55-D4279D109B37}" = Антивирус Касперского для Windows Workstations
"{11AEA686-CD61-4C11-B410-330119375147}" = WiDESYNC 2.0
"{14081443-583A-4605-BB91-83D38ADAC939}" = Microsoft Windows XP Tablet PC Edition 2005 Recognizer Pack
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{5BE3BF62-D432-4D47-A712-CD4DF91CABFB}" = ZyXEL USB ADSL Modem/Router
"{6975E810-C92F-45F0-0BFD-187B312F10E8}" = Norton Ghost
"{76340940-B6BF-4D58-A5F9-9886B8B487A8}" = Corel Grafigo
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{90110419-6000-11D3-8CFE-0150048383C9}" = Microsoft Office - профессиональный выпуск версии 2003
"{90535871-81B9-4D99-8A13-A7EE97F2D7FE}" = Fujitsu Siemens Computers Bluetooth Software
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-0000-7EC8-7489-000000000702}" = Adobe Acrobat 7.0.1 and Reader 7.0.1 Update
"{AC76BA86-0000-7EC8-7489-000000000703}" = Adobe Acrobat 7.0.2 and Reader 7.0.2 Update
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B18E4A35-1B91-44C9-963D-60CD0E730C3E}" = USBscope50 Java Software
"{B8BC806D-0703-11D4-BB23-006008676AF8}" = Sony Ericsson Communications Suite
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBBD106F-6DB3-4B60-87C3-361E66F086AE}" = Quarta Russian Enhancement Pack for Tablet PC
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D4075EE9-BB9E-4012-9189-1211530C21F7}" = Fujitsu Button Driver Component
"{E1D78C08-3477-470B-82B7-61BD4F63110B}" = Fingerprint Sensor Minimum Install
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EFA2630A-CB41-4CAC-8458-7D4EDC9A00E0}" = Tablet PC Edition 2005 Multilingual User Interface (MUI) Pack
"{F94FD9EE-B0A7-47BE-8C96-72F693BE4299}" = Fujitsu Button Utilities
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"Alps Pointing-device Driver" = Alps Pointing-device Driver
"fjbtndrv_de13832c47ff2dd397c3eb95531fe041363bdcd2" = Windows Driver Package - Fujitsu Computer Systems Corporation (fjbtndrv) HIDClass 12/23/2004 1.1.1223.2004
"FLV Player" = FLV Player 2.0, build 24
"FPENRMV" = Fujitsu Serial Pen Tablet
"ie8" = Windows Internet Explorer 8
"InstallWiX_{0D48BC29-1FD5-4491-BD55-D4279D109B37}" = Антивирус Касперского для Windows Workstations
"KLiteCodecPack_is1" = K-Lite Codec Pack 2.40 Full
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"O2CZ" = O2
"Pocket DVD Wizard" = Pocket DVD Wizard
"SLABCOMM&10C4&EA60" = USB Test & Measurement Elan Driver (Driver Removal)
"Smart Defrag 2_is1" = Smart Defrag 2
"SpectraLAB" = SpectraLAB FFT Spectral Analysis System
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = Архиватор WinRAR
"Xerox WorkCentre 3119 Series" = Удаление драйвера Xerox WorkCentre 3119 Series

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3501509324-2753180644-3599257674-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"QIP 2010" = QIP 2010 3.1.5890

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 07.02.2010 12:07:49 | Computer Name = NOUT | Source = crypt32 | ID = 131083
Description = Ошибка извлечения стороннего корневого списка из CAB автоматического
обновления на: <http://www.download.windowsupdate.com/m ... ootstl.cab>
с кодом ошибки: Истек/не наступил срок действия требуемого сертификата при проверке
по системным часам или по штампу времени в подписанном файле.

Error - 08.11.2010 20:34:46 | Computer Name = NOUT | Source = TabSrv | ID = 19
Description =

Error - 08.11.2010 20:34:46 | Computer Name = NOUT | Source = TabSrv | ID = 19
Description =

Error - 13.02.2011 18:00:55 | Computer Name = NOUT | Source = crypt32 | ID = 131083
Description = Ошибка извлечения стороннего корневого списка из CAB автоматического
обновления на: <http://www.download.windowsupdate.com/m ... ootstl.cab>
с кодом ошибки: Истек/не наступил срок действия требуемого сертификата при проверке
по системным часам или по штампу времени в подписанном файле.

Error - 13.02.2011 18:00:55 | Computer Name = NOUT | Source = crypt32 | ID = 131083
Description = Ошибка извлечения стороннего корневого списка из CAB автоматического
обновления на: <http://www.download.windowsupdate.com/m ... ootstl.cab>
с кодом ошибки: Истек/не наступил срок действия требуемого сертификата при проверке
по системным часам или по штампу времени в подписанном файле.

Error - 13.02.2011 18:00:57 | Computer Name = NOUT | Source = crypt32 | ID = 131083
Description = Ошибка извлечения стороннего корневого списка из CAB автоматического
обновления на: <http://www.download.windowsupdate.com/m ... ootstl.cab>
с кодом ошибки: Произошла внутренняя ошибка в цепочке сертификатов.

Error - 13.02.2011 18:50:39 | Computer Name = NOUT | Source = Application Hang | ID = 1002
Description = Зависшее приложение SkypeSetup.exe, версия 5.1.0.112, зависший модуль
hungapp, версия 0.0.0.0, адрес 0x00000000.

Error - 25.02.2011 11:29:18 | Computer Name = NOUT | Source = Application Hang | ID = 1002
Description = Зависшее приложение SkypeSetup.exe, версия 5.1.0.112, зависший модуль
hungapp, версия 0.0.0.0, адрес 0x00000000.

Error - 28.02.2011 4:57:30 | Computer Name = NOUT | Source = Application Error | ID = 1000
Description = Ошибка приложения iexplore.exe, версия 8.0.6001.18702, модуль mshtml.dll,
версия 8.0.6001.18975, адрес 0x000ec3c5.

Error - 14.03.2011 6:31:35 | Computer Name = NOUT | Source = Application Hang | ID = 1002
Description = Зависшее приложение iexplore.exe, версия 8.0.6001.18702, зависший
модуль hungapp, версия 0.0.0.0, адрес 0x00000000.

[ System Events ]
Error - 13.09.2012 16:25:00 | Computer Name = NOUT | Source = Service Control Manager | ID = 7000
Description = Сбой при запуске службы "L-Card USB class driver" из-за ошибки %%2

Error - 13.09.2012 16:25:00 | Computer Name = NOUT | Source = Service Control Manager | ID = 7000
Description = Сбой при запуске службы "ldevusbu.sys LComp compatible USB WDM driver"
из-за ошибки %%2

Error - 13.09.2012 19:13:32 | Computer Name = NOUT | Source = Service Control Manager | ID = 7000
Description = Сбой при запуске службы "L-Card USB class driver" из-за ошибки %%2

Error - 13.09.2012 19:13:32 | Computer Name = NOUT | Source = Service Control Manager | ID = 7000
Description = Сбой при запуске службы "ldevusbu.sys LComp compatible USB WDM driver"
из-за ошибки %%2

Error - 13.09.2012 19:35:55 | Computer Name = NOUT | Source = SCardSvr | ID = 610
Description = Считыватель смарт-карт "HUAWEI USB SmartCard Reader 1" отверг IOCTL
GET_STATE: Это устройство было удалено.

Error - 13.09.2012 20:00:13 | Computer Name = NOUT | Source = SCardSvr | ID = 610
Description = Считыватель смарт-карт "HUAWEI USB SmartCard Reader 1" отверг IOCTL
GET_STATE: Это устройство было удалено.

Error - 14.09.2012 10:18:08 | Computer Name = NOUT | Source = DCOM | ID = 10010
Description = Регистрация сервера {A5B020FD-E04B-4E67-B65A-E7DEED25B2CF} DCOM не
прошла за отведенное время ожидания.

Error - 14.09.2012 15:22:23 | Computer Name = NOUT | Source = Service Control Manager | ID = 7000
Description = Сбой при запуске службы "L-Card USB class driver" из-за ошибки %%2

Error - 14.09.2012 15:22:23 | Computer Name = NOUT | Source = Service Control Manager | ID = 7000
Description = Сбой при запуске службы "ldevusbu.sys LComp compatible USB WDM driver"
из-за ошибки %%2

Error - 14.09.2012 18:25:36 | Computer Name = NOUT | Source = SCardSvr | ID = 610
Description = Считыватель смарт-карт "HUAWEI USB SmartCard Reader 1" отверг IOCTL
GET_STATE: Это устройство было удалено.


< End of report >

Spustte znovu OTL

• Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
• Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

• Kód: Vybrat vše

  :otl
  DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\БАВ\Desktop\Для USB\VNWA30.5\zlportio.sys -- (zlportio)
  DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
  DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
  DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
  DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
  DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
  DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
  DRV - File not found [Kernel | Auto | Stopped] -- System32\Drivers\ldevusb.sys -- (ldevusb)
  DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
  DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
  DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
  IE - HKLM\..\SearchScopes,DefaultScope = {95289393-33EA-4F8D-B952-483415B9C955}
  IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
  IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
  IE - HKLM\..\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}: "URL" = http://search.qip.ru/?query={searchTerms}
  IE - HKU\S-1-5-21-3501509324-2753180644-3599257674-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
  IE - HKU\S-1-5-21-3501509324-2753180644-3599257674-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
  IE - HKU\S-1-5-21-3501509324-2753180644-3599257674-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
  IE - HKU\S-1-5-21-3501509324-2753180644-3599257674-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
  IE - HKU\S-1-5-21-3501509324-2753180644-3599257674-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
  IE - HKU\S-1-5-21-3501509324-2753180644-3599257674-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
  IE - HKU\S-1-5-21-3501509324-2753180644-3599257674-1005\..\URLSearchHook: - No CLSID value found
  IE - HKU\S-1-5-21-3501509324-2753180644-3599257674-1005\..\URLSearchHook: {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\БАВ\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
  IE - HKU\S-1-5-21-3501509324-2753180644-3599257674-1005\..\SearchScopes,DefaultScope = {95289393-33EA-4F8D-B952-483415B9C955}
  IE - HKU\S-1-5-21-3501509324-2753180644-3599257674-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
  IE - HKU\S-1-5-21-3501509324-2753180644-3599257674-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co.uk/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPT_ruCZ418
  IE - HKU\S-1-5-21-3501509324-2753180644-3599257674-1005\..\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}: "URL" = http://search.qip.ru/?query={searchTerms}
  IE - HKU\S-1-5-21-3501509324-2753180644-3599257674-1005\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = http://search.qip.ru/search?query={searchTerms}&from=IE
  O2 - BHO: (QIPBHO Class) - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\БАВ\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
  O3 - HKU\S-1-5-21-3501509324-2753180644-3599257674-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
  O4 - HKLM..\Run: [] File not found
  O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
  O33 - MountPoints2\{186a2f40-3f6b-11e0-a1fd-000b5da43841}\Shell - "" = AutoRun
  [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
  [1 C:\WINDOWS\CSC\*.tmp files -> C:\WINDOWS\CSC\*.tmp -> ]
  [1 C:\WINDOWS\SoftwareDistribution.bak\Download\d27c2900aa2705e008389ddae7c985e9\*.tmp files -> C:\WINDOWS\SoftwareDistribution.bak\Download\d27c2900aa2705e008389ddae7c985e9\*.tmp -> ]
  [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
  [1 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CLR Security Config\v1.1.4322\*.tmp files -> C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CLR Security Config\v1.1.4322\*.tmp -> ]
  [2 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> ]
  [2012.09.14 01:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\БАВ\Application Data\IObit
  [2012.09.15 00:27:05 | 000,000,896 | ---- | M] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
  [2012.09.14 23:47:17 | 000,000,946 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
  [2012.09.15 00:47:04 | 000,000,950 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
  [2012.09.14 21:30:50 | 000,000,276 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag_Startup.job
  [2012.09.14 21:25:52 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{724051C5-0748-4BAD-AE23-F4ADEC853BF7}.job
  
  :services
  gupdate
  gupdatem
  
  :reg
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  ""=-
  "SunJavaUpdateSched"=-
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  "ctfmon.exe"=-
  "MSMSGS"=-
  "Skype"=-
  "Infium"=-
  
  :files
  C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk 
  %windir%\system32\*.tmp.dll /s
  %windir%\system32\SET*.tmp /s
  %windir%\*.tmp
  
  :commands
  [RESETHOSTS]
  [EMPTYTEMP]
  [EMPTYFLASH]
  [EMPTYJAVA]

• Nasledne kliknete na Opravit
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Tak tady je:

All processes killed
========== OTL ==========
Service zlportio stopped successfully!
Service zlportio deleted successfully!
File C:\Documents and Settings\БАВ\Desktop\Для USB\VNWA30.5\zlportio.sys not found.
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service ldevusb stopped successfully!
Service ldevusb deleted successfully!
File System32\Drivers\ldevusb.sys not found.
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
Service Changer stopped successfully!
Service Changer deleted successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}\ deleted successfully.
HKU\S-1-5-21-3501509324-2753180644-3599257674-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-3501509324-2753180644-3599257674-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-3501509324-2753180644-3599257674-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-3501509324-2753180644-3599257674-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-3501509324-2753180644-3599257674-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-3501509324-2753180644-3599257674-1005\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3501509324-2753180644-3599257674-1005\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3501509324-2753180644-3599257674-1005\Software\Microsoft\Internet Explorer\URLSearchHooks\\{95289393-33EA-4F8D-B952-483415B9C955} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}\ not found.
C:\Documents and Settings\БАВ\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll moved successfully.
HKEY_USERS\S-1-5-21-3501509324-2753180644-3599257674-1005\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3501509324-2753180644-3599257674-1005\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3501509324-2753180644-3599257674-1005\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-3501509324-2753180644-3599257674-1005\Software\Microsoft\Internet Explorer\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}\ not found.
Registry key HKEY_USERS\S-1-5-21-3501509324-2753180644-3599257674-1005\Software\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}\ not found.
File C:\Documents and Settings\БАВ\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-3501509324-2753180644-3599257674-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{186a2f40-3f6b-11e0-a1fd-000b5da43841}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{186a2f40-3f6b-11e0-a1fd-000b5da43841}\ not found.
C:\WINDOWS\003328_.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\CSC\csc1.tmp deleted successfully.
C:\WINDOWS\SoftwareDistribution.bak\Download\d27c2900aa2705e008389ddae7c985e9\BITB.tmp deleted successfully.
C:\WINDOWS\system32\CONFIG.TMP deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CLR Security Config\v1.1.4322\prf38A.tmp deleted successfully.
C:\WINDOWS\Temp\EPT67.tmp deleted successfully.
C:\WINDOWS\Temp\EPT69.tmp deleted successfully.
C:\Documents and Settings\БАВ\Application Data\IObit\Smart Defrag 2 folder moved successfully.
C:\Documents and Settings\БАВ\Application Data\IObit folder moved successfully.
C:\WINDOWS\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\WINDOWS\Tasks\SmartDefrag_Startup.job moved successfully.
C:\WINDOWS\Tasks\User_Feed_Synchronization-{724051C5-0748-4BAD-AE23-F4ADEC853BF7}.job moved successfully.
========== SERVICES/DRIVERS ==========
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ctfmon.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MSMSGS deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Skype deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Infium deleted successfully.
========== FILES ==========
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk moved successfully.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes

User: БАВ
->Temp folder emptied: 129467283 bytes
->Java cache emptied: 25884854 bytes
->Flash cache emptied: 2881674 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 881460 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 907327 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 1314947 bytes
RecycleBin emptied: 54700034 bytes

Total Files Cleaned = 206,00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: БАВ
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: БАВ
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.65.1 log created on 09232012_081436

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

OTL udelalo co melo, jak se chova PC

Asi je to lepší:) Díky!

Tak jeste uklidime

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse