killvbs.vbs

[kisuah]

Ahoj,
projel jsem si PC AVGeckem a naslo mi to vira killvbs.vbs ,ale nelze se jej zbavit,prosim radu,jak se ho zbavit.At jiz rucne ,popr. nejakym SW.
Pokud bude potreba nejake logy,dejte vedet.
Diky

[Caroprd111]

Zdravím

Poprosím o log z RSIT.

[kisuah]

Ahoj,
jinak jsem zkousel projet PC Ccleanerem(registry+vycisteni).
Navic ten samy vir jsem nasel i na flashce ve skrytych souborech,ani format flashky nepomohl.
Zasilam log.Dekuji.



Logfile of random's system information tool 1.06 (written by random/random)
Run by danhill at 2010-04-13 09:08:37
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 6 GB (17%) free of 38 GB
Total RAM: 247 MB (7% free)


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-18 208952]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-18 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-18 455168]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1388544]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2004-09-23 860160]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-11-16 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-11-16 126976]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2004-09-07 213054]
"MNM"=C:\Program Files\GlobeSoft\MultiNetwork Manager\NTx\\MNetMgr.exe [2002-11-20 864256]
"openvpn-gui"=C:\Program Files\OpenVPN\bin\openvpn-gui.exe [2005-08-18 99328]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-18 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
C:\WINDOWS\AGRSMMSG.exe [2004-08-24 88363]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CnxDslTaskBar]
C:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2004-11-12 790528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe /background []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-08-06 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [2005-11-10 36975]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-02-18 2012912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-11-04 688218]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-11-04 98394]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-Mobile Communication Centre]
C:\Program Files\T-Mobile\web'n'walk Manager\Manager.exe [2007-02-21 928448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2004-10-26 184320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-11-16 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mnmwlxchain]
C:\WINDOWS\system32\NTGlobeBTA.dll [2002-11-20 106496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\totalcmd\TOTALCMD.EXE"="C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\CesarFTP\Server.exe"="C:\Program Files\CesarFTP\Server.exe:*:Enabled:Server"
"C:\Documents and Settings\danhill\Dokumenty\Záloha notasu\PRÁCE\Eridan net\PRO.11 Configuration Utility\brzmgr.exe"="C:\Documents and Settings\danhill\Dokumenty\Záloha notasu\PRÁCE\Eridan net\PRO.11 Configuration Utility\brzmgr.exe:*:Enabled:PRO.11 Configuration Utility"
"C:\Documents and Settings\danhill\Dokumenty\Duležité !!!\PRÁCE\Eridan net\PRO.11 Configuration Utility\brzmgr.exe"="C:\Documents and Settings\danhill\Dokumenty\Duležité !!!\PRÁCE\Eridan net\PRO.11 Configuration Utility\brzmgr.exe:*:Enabled:PRO.11 Configuration Utility"
"C:\Program Files\X-Lite\X-Lite.exe"="C:\Program Files\X-Lite\X-Lite.exe:*:Enabled:X-Lite"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\inoteska\uniman\v8 sl\mnunia08.exe"="C:\inoteska\uniman\v8 sl\mnunia08.exe:*:Enabled:UniMan - release"
"C:\Documents and Settings\danhill\Plocha\winbox.exe"="C:\Documents and Settings\danhill\Plocha\winbox.exe:*:Enabled:winbox"
"C:\Documents and Settings\danhill\Dokumenty\Duležité !!!\Martin\Instal\superscan4\SuperScan4.exe"="C:\Documents and Settings\danhill\Dokumenty\Duležité !!!\Martin\Instal\superscan4\SuperScan4.exe:*:Enabled:SuperScan 4 Beta 1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe"="C:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Gecko Software\Track 'n Trade Live\TNT_LIVE.exe"="C:\Program Files\Gecko Software\Track 'n Trade Live\TNT_LIVE.exe:*:Enabled:Track 'n Trade Live"
"C:\Program Files\iperf-2.0.2\bin\iperf.exe"="C:\Program Files\iperf-2.0.2\bin\iperf.exe:*:Enabled:iperf"
"C:\Program Files\Kapanga Softphone\kapanga.exe"="C:\Program Files\Kapanga Softphone\kapanga.exe:*:Enabled:Kapanga Softphone"
"C:\Program Files\Attractel\Zoiper\Zoiper.exe"="C:\Program Files\Attractel\Zoiper\Zoiper.exe:*:Enabled:Zoiper"
"C:\Program Files\TmNationsForever\TmForever.exe"="C:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\SJphone 1.65\SJphone.exe"="C:\Program Files\SJphone 1.65\SJphone.exe:*:Enabled:SJphone 1.65"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02973dde-04b6-11de-9464-00904ba4c272}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28cb8628-2162-11db-9052-00904ba4c272}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c9e02b0-78c0-11dc-91c6-00904ba4c272}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com e:
shell\Open\command - E:\resycled\boot.com e:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7dcdadde-00ca-11de-945c-00904ba4c272}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs


======List of files/folders created in the last 1 months======

2010-04-13 09:08:48 ----D---- C:\Program Files\trend micro
2010-04-13 09:08:37 ----D---- C:\rsit
2010-04-12 15:25:32 ----D---- C:\Documents and Settings\danhill\Data aplikací\Uniblue
2010-04-10 09:50:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2010-04-10 09:49:06 ----D---- C:\Program Files\SUPERAntiSpyware
2010-04-10 09:49:05 ----D---- C:\Documents and Settings\danhill\Data aplikací\SUPERAntiSpyware.com
2010-04-10 09:47:16 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-04-08 10:45:28 ----AD---- C:\WINDOWS\VDLL.DLL
2010-04-08 10:45:28 ----AD---- C:\WINDOWS\system32\runouce.exe
2010-04-08 10:45:28 ----AD---- C:\WINDOWS\rundll16.exe
2010-04-08 10:45:28 ----AD---- C:\WINDOWS\RUNDL132.EXE
2010-04-08 10:45:28 ----AD---- C:\WINDOWS\logo1_.exe
2010-04-08 10:45:28 ----AD---- C:\WINDOWS\logo_1.exe
2010-04-08 10:41:27 ----A---- C:\WINDOWS\system32\msvcr80.dll
2010-04-08 10:41:26 ----A---- C:\WINDOWS\system32\msvcp80.dll
2010-04-08 10:41:25 ----A---- C:\WINDOWS\system32\eEmpty.exe
2010-04-08 10:41:17 ----A---- C:\WINDOWS\system32\TASKMGR.COM
2010-04-08 10:41:17 ----A---- C:\WINDOWS\system32\T.COM
2010-04-08 10:41:16 ----A---- C:\WINDOWS\REGEDIT.COM
2010-04-08 10:41:16 ----A---- C:\WINDOWS\R.COM
2010-04-08 10:41:14 ----D---- C:\Program Files\Common Files\MicroWorld
2010-04-08 10:41:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
2010-04-06 15:23:10 ----D---- C:\Documents and Settings\All Users\Data aplikací\FarmFrenzy3
2010-04-06 15:20:57 ----D---- C:\Program Files\Alawar
2010-04-02 11:03:17 ----D---- C:\Program Files\Common Files\Apple
2010-04-02 11:02:46 ----D---- C:\Program Files\Apple Software Update
2010-04-02 11:02:45 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple

======List of files/folders modified in the last 1 months======

2010-04-13 09:10:26 ----D---- C:\WINDOWS\system32
2010-04-13 09:10:23 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-13 09:08:48 ----RD---- C:\Program Files
2010-04-13 09:05:35 ----D---- C:\Program Files\Mozilla Firefox
2010-04-13 09:05:33 ----D---- C:\WINDOWS\Temp
2010-04-12 15:30:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-12 14:43:39 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-12 14:21:08 ----D---- C:\Poker
2010-04-12 14:20:43 ----D---- C:\WINDOWS\Prefetch
2010-04-12 14:02:16 ----D---- C:\WINDOWS\system32\Restore
2010-04-12 14:02:15 ----SHD---- C:\System Volume Information
2010-04-10 20:34:48 ----SH---- C:\boot.ini
2010-04-10 20:34:47 ----A---- C:\WINDOWS\win.ini
2010-04-10 20:34:47 ----A---- C:\WINDOWS\system.ini
2010-04-10 09:49:25 ----SHD---- C:\WINDOWS\Installer
2010-04-10 09:49:25 ----HD---- C:\Config.Msi
2010-04-10 09:47:16 ----D---- C:\Program Files\Common Files
2010-04-08 10:45:28 ----D---- C:\WINDOWS
2010-04-08 10:23:17 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-08 09:27:25 ----D---- C:\Program Files\XTB-Trader
2010-04-08 09:26:07 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-04-06 15:22:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\AlawarWrapper
2010-04-06 11:24:57 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-04-03 18:59:04 ----D---- C:\Documents and Settings\danhill\Data aplikací\Skype
2010-04-03 18:58:43 ----A---- C:\WINDOWS\ModemLog_Wireless Broadband Modem (WDM) #2.txt
2010-04-03 18:43:15 ----D---- C:\Documents and Settings\danhill\Data aplikací\skypePM
2010-04-03 17:04:52 ----A---- C:\WINDOWS\ModemLog_Agere Systems AC'97 Modem.txt
2010-04-02 11:05:16 ----D---- C:\Program Files\QuickTime
2010-04-02 11:04:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2010-04-02 11:03:29 ----D---- C:\WINDOWS\WinSxS
2010-03-31 12:09:03 ----HD---- C:\WINDOWS\inf
2010-03-31 12:08:45 ----D---- C:\WINDOWS\system32\cs-cz
2010-03-31 12:08:45 ----D---- C:\Program Files\Internet Explorer
2010-03-31 10:59:02 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-28 11:54:24 ----A---- C:\WINDOWS\wincmd.ini
2010-03-28 11:45:52 ----A---- C:\WINDOWS\wcx_ftp.ini
2010-03-28 11:12:21 ----D---- C:\Program Files\Mozilla Thunderbird
2010-03-27 14:38:31 ----D---- C:\Program Files\Hry.cz

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-27 39936]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R2 Ethpdrv;Ethernet Packet Driver; C:\WINDOWS\system32\DRIVERS\ethpdrv.sys [2005-09-08 9728]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2006-04-28 15781]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-11-08 127744]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-08-24 1268204]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-18 60800]
R3 BCM43XX;BCM 802.11b ovladač síťového adaptéru; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2004-10-29 342912]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2004-05-26 44928]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-11-16 754909]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-18 61824]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-10-13 259840]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-11-04 186016]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication; C:\WINDOWS\system32\DRIVERS\adusbser.sys [2006-10-23 93440]
S3 CnxTgNW;Conexant AccessRunner ADSL WAN PPPoA Adapter Driver; C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys []
S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2004-04-20 24209]
S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2004-04-20 57404]
S3 ipw_bus;IPWireless; C:\WINDOWS\system32\DRIVERS\ipw_bus.sys [2005-09-27 58320]
S3 ipw_mdfl;Wireless Broadband Modem Filter; C:\WINDOWS\system32\DRIVERS\ipw_mdfl.sys [2005-09-27 8272]
S3 ipw_mdm;Wireless Broadband Modem (WDM); C:\WINDOWS\system32\DRIVERS\ipw_mdm.sys [2005-09-27 95440]
S3 IpwP;IPWireless 3G Network Adapter; C:\WINDOWS\system32\DRIVERS\ipw3gnet.sys [2007-06-12 51040]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\NSNDIS5.SYS []
S3 PCMCARD;Billionton 10/100 Base FastEthernet PC Card; C:\WINDOWS\system32\DRIVERS\PCMCARD.sys [2006-04-28 16021]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 Ser2pl;Prolific Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2005-06-17 119424]
S3 tap0801;TAP-Win32 Adapter V8; C:\WINDOWS\system32\DRIVERS\tap0801.sys [2004-06-24 23552]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 Usblink;Usblink Driver; C:\WINDOWS\System32\Drivers\ulink.sys [2003-08-08 40788]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZipm12.exe [2005-04-29 69632]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 WLTRYSVC;WLTRYSVC; C:\WINDOWS\System32\wltrysvc.exe [2004-10-29 57344]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S3 OpenVPNService;OpenVPN Service; C:\Program Files\OpenVPN\bin\openvpnserv.exe [2005-08-25 16384]
S3 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\system32\snmptrap.exe [2004-08-18 8704]

-----------------EOF-----------------

[Caroprd111]

Vložte do PC všechny flash disky, které používáte.

Stáhněte na plochu UsbFix http://pagesperso-orange.fr/NosTools/Ch ... UsbFix.exe

• Spusťte, poté zvolte jazyk E - Enter
• Zvolte 2 - Enter (je možný restart PC)
• Po dokončení na Vás vyskočí log, vložte mi ho sem, případně ho najdete v C:\UsbFix.txt

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe

• Spusťte program, poté klikněte na Prohledat
• Po dokončení, sem vložte logy OTL.Txt a Extras.txt

[kisuah]

LOG z USB fix:

############################## | UsbFix V6.103 |

User : danhill (Administrators) # MARTIN
Update on 12/04/2010 by El Desaparecido , C_XX & Chimay8
Start at: 14:29:59 | 13. 4. 2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Celeron(R) M processor 1.40GHz
Systém Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 7.0.5730.11
Windows Firewall Status : Enabled

C:\ -> Místní pevný disk # 37,25 Go (6,55 Go free) # NTFS
D:\ -> Disk CD-ROM
E:\ -> Vyměnitelný disk # 1,83 Go (1,83 Go free) # FAT32

################## | Files # Infected Folders |

Deleted ! C:\WINDOWS\regedit.com
Deleted ! C:\WINDOWS\rundl132.exe
Deleted ! C:\DOCUME~1\danhill\LOCALS~1\Temp\ptu1_tmp.exe
Deleted ! C:\Recycler\S-1-5-21-1482476501-606747145-682003330-1003
Deleted ! E:\autorun.inf
Deleted ! E:\killVBS.vbs

################## | Registry |


################## | Mountpoints2 |

Deleted ! HKCU\...\Explorer\MountPoints2\{28cb8628-2162-11db-9052-00904ba4c272}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{4c9e02b0-78c0-11dc-91c6-00904ba4c272}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{7dcdadde-00ca-11de-945c-00904ba4c272}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{8fa3ef9a-46f7-11df-a06b-001279c3fa2c}\Shell\AutoRun\Command

################## | Listing of the present files |

[28. 04. 2006 14:03|--a------|0] C:\AUTOEXEC.BAT
[28. 04. 2006 14:32|--a------|166] C:\bcmwl5.log
[10. 04. 2010 20:34|---hs----|211] C:\boot.ini
[18. 08. 2004 14:00|-rahs----|4952] C:\Bootfont.bin
[28. 04. 2006 14:32|--a------|90] C:\chpst.log
[28. 04. 2006 14:03|--a------|0] C:\CONFIG.SYS
[?|?|?] C:\hiberfil.sys
[28. 04. 2006 14:03|-rahs----|0] C:\IO.SYS
[28. 04. 2006 14:03|-rahs----|0] C:\MSDOS.SYS
[18. 08. 2004 14:00|-rahs----|47564] C:\NTDETECT.COM
[18. 08. 2004 14:00|-rahs----|250048] C:\ntldr
[?|?|?] C:\pagefile.sys
[18. 02. 2010 12:15|--a------|13030] C:\PDOXUSRS.NET
[28. 04. 2006 14:26|--a------|161] C:\sedinst.log
[28. 04. 2006 14:26|--a------|200] C:\sedinst2.log
[28. 04. 2006 14:32|--a------|190] C:\setup.log
[28. 04. 2006 14:27|--a------|20944] C:\sunjava.log
[28. 04. 2006 14:22|--a------|191] C:\syntp.log
[28. 04. 2006 14:21|--a------|32] C:\ticrdbus.log
[28. 03. 2010 11:33|---h-----|133848] C:\TREEINFO.WC
[13. 04. 2010 14:32|--a------|2448] C:\UsbFix.txt

################## | Vaccination |

# C:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).

################## | Upload |

Please send the file : C:\UsbFix_Upload_Me_MARTIN.zip : http://chiquitine.changelog.fr/Sample/Upload.php
Thank you for your contribution .

################## | ! End of report # UsbFix V6.103 ! |








OTL logfile created on: 13. 4. 2010 14:40:47 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\danhill\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d. M. yyyy

247,00 Mb Total Physical Memory | 24,00 Mb Available Physical Memory | 10,00% Memory free
606,00 Mb Paging File | 398,00 Mb Available in Paging File | 66,00% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,25 Gb Total Space | 6,61 Gb Free Space | 17,74% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1,83 Gb Total Space | 1,83 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARTIN
Current User Name: danhill
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.04.13 14:40:35 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\danhill\Plocha\OTL.exe
PRC - [2010.04.02 10:40:10 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2004.08.18 14:00:00 | 001,032,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002.09.20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2010.04.13 14:40:35 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\danhill\Plocha\OTL.exe
MOD - [2004.08.18 14:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (aspnet_state)
SRV - [2005.08.25 18:55:56 | 000,016,384 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2002.09.20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2010.02.17 10:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010.02.17 10:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.02.17 10:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2007.06.12 13:15:10 | 000,051,040 | ---- | M] (IPWireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipw3gnet.sys -- (IpwP)
DRV - [2006.10.23 10:36:38 | 000,093,440 | ---- | M] (AnyDATA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\adusbser.sys -- (adusbser)
DRV - [2006.04.28 17:35:49 | 000,016,021 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCMCARD.sys -- (PCMCARD)
DRV - [2006.04.28 14:32:39 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2005.11.03 16:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005.09.27 10:21:54 | 000,095,440 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipw_mdm.sys -- (ipw_mdm) Wireless Broadband Modem (WDM)
DRV - [2005.09.27 10:21:50 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipw_mdfl.sys -- (ipw_mdfl)
DRV - [2005.09.27 10:21:28 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipw_bus.sys -- (ipw_bus)
DRV - [2005.09.08 01:18:54 | 000,009,728 | ---- | M] (Gemfor s.r.o.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ethpdrv.sys -- (Ethpdrv)
DRV - [2005.08.10 14:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005.06.17 11:20:20 | 000,119,424 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2005.05.16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004.11.04 20:26:42 | 000,186,016 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004.10.29 09:53:14 | 000,342,912 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004.08.24 13:20:08 | 001,268,204 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004.06.24 04:54:12 | 000,023,552 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0801.sys -- (tap0801)
DRV - [2004.05.26 15:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2004.04.20 11:05:10 | 000,057,404 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2004.04.20 11:04:56 | 000,024,209 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2004.03.24 04:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)
DRV - [2003.08.08 10:07:08 | 000,040,788 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ulink.sys -- (Usblink)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aktualne.cz/?ms=ae
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.centrum.cz/?ms=ae [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.centrum.cz/?ms=ae [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aktualne.cz/?ms=ae
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.centrum.cz/?ms=ae [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {08c834b4-e025-44a3-9b95-e9885adc4be0}:3.5

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.02 11:05:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.02 11:05:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 1.5.0.14\Extensions\\Components: C:\Program Files\Mozilla Thunderbird\components\ [2010.04.02 11:05:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 1.5.0.14\Extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins\ [2010.04.02 11:05:20 | 000,000,000 | ---D | M]

[2009.01.10 16:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\danhill\Data aplikací\Mozilla\Extensions
[2010.04.11 17:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\danhill\Data aplikací\Mozilla\Firefox\Profiles\76nsf2kj.default\extensions
[2010.01.14 15:40:49 | 000,000,000 | ---D | M] (iFox Metal) -- C:\Documents and Settings\danhill\Data aplikací\Mozilla\Firefox\Profiles\76nsf2kj.default\extensions\{08c834b4-e025-44a3-9b95-e9885adc4be0}
[2007.08.03 14:34:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\danhill\Data aplikací\Mozilla\Firefox\Profiles\76nsf2kj.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2006.04.29 20:26:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\danhill\Data aplikací\Mozilla\Firefox\Profiles\76nsf2kj.default\extensions\blueshift@shift.themes
[2008.06.14 22:56:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.01.14 10:50:10 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.01.14 10:50:10 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.01.14 10:50:10 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.01.14 10:50:10 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.01.14 10:50:10 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2004.08.18 14:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MNM] C:\Program Files\GlobeSoft\MultiNetwork Manager\NTx\MNetMgr.exe (GlobeSoft AB)
O4 - HKLM..\Run: [openvpn-gui] C:\Program Files\OpenVPN\bin\openvpn-gui.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} http://messenger.zone.msn.com/binary/Mi ... b31267.cab (Minesweeper Flags Class)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/So ... b56986.cab (Solitaire Showdown Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zone.msn.com/binary/Me ... b31267.cab (MessengerStatsClient Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Me ... b56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/Mi ... b56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.146.11 195.146.100.5 195.146.99.4
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\mnmwlxchain: DllName - NTGlobeBTA.dll - C:\WINDOWS\System32\NTGlobeBTA.dll (GlobeSoft AB)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\danhill\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\danhill\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.04.28 14:03:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.04.13 14:32:57 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.04.13 14:40:34 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\danhill\Plocha\OTL.exe
[2010.04.13 14:32:57 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2010.04.13 14:26:58 | 000,000,000 | ---D | C] -- C:\UsbFix
[2010.04.13 09:08:48 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.04.13 09:08:37 | 000,000,000 | ---D | C] -- C:\rsit
[2010.04.12 15:25:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\danhill\Data aplikací\Uniblue
[2010.04.12 15:20:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\danhill\Plocha\Music
[2010.04.10 09:50:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
[2010.04.10 09:49:06 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010.04.10 09:49:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\danhill\Data aplikací\SUPERAntiSpyware.com
[2010.04.10 09:47:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010.04.08 10:45:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\VDLL.DLL
[2010.04.08 10:45:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\runouce.exe
[2010.04.08 10:45:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\rundll16.exe
[2010.04.08 10:45:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\logo1_.exe
[2010.04.08 10:45:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\logo_1.exe
[2010.04.08 10:41:27 | 000,632,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll
[2010.04.08 10:41:26 | 000,554,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp80.dll
[2010.04.08 10:41:25 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\WINDOWS\System32\eEmpty.exe
[2010.04.08 10:41:17 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TASKMGR.COM
[2010.04.08 10:41:17 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\T.COM
[2010.04.08 10:41:16 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\R.COM
[2010.04.08 10:41:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MicroWorld
[2010.04.08 10:41:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
[2010.04.06 15:23:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\FarmFrenzy3
[2010.04.06 15:20:57 | 000,000,000 | ---D | C] -- C:\Program Files\Alawar
[2010.04.06 11:24:57 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Data aplikací\Microsoft
[2010.04.02 11:03:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010.04.02 11:02:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\danhill\Local Settings\Data aplikací\Apple
[2010.04.02 11:02:46 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010.04.02 11:02:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Apple
[2010.03.31 08:53:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\danhill\Local Settings\Data aplikací\SJphone 1.65
[2010.03.17 21:53:42 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010.03.17 21:53:42 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2009.12.18 17:11:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[2009.12.18 17:01:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[2009.12.18 17:01:26 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[2009.03.20 19:30:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Google
[2009.03.20 09:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Google
[2006.04.29 13:44:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\ApplicationHistory
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.04.13 14:40:35 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\danhill\Plocha\OTL.exe
[2010.04.13 14:37:58 | 000,568,814 | ---- | M] () -- C:\UsbFix_Upload_Me_MARTIN.zip
[2010.04.13 14:34:50 | 000,402,972 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.04.13 14:34:50 | 000,400,840 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.04.13 14:34:50 | 000,073,276 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.04.13 14:34:50 | 000,061,884 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.04.13 14:34:48 | 000,949,268 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.04.13 14:29:31 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.13 14:29:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.13 14:29:26 | 259,444,736 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.13 14:28:42 | 004,718,592 | ---- | M] () -- C:\Documents and Settings\danhill\ntuser.dat
[2010.04.13 14:28:42 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\danhill\ntuser.ini
[2010.04.13 14:26:42 | 001,777,455 | ---- | M] () -- C:\Documents and Settings\danhill\Plocha\UsbFix.exe
[2010.04.13 10:05:26 | 000,000,666 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010.04.13 10:05:24 | 000,001,015 | ---- | M] () -- C:\WINDOWS\wcx_ftp.ini
[2010.04.10 20:34:48 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010.04.10 20:34:47 | 000,000,592 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.04.10 20:34:47 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.04.10 10:29:19 | 003,354,336 | -H-- | M] () -- C:\Documents and Settings\danhill\Local Settings\Data aplikací\IconCache.db
[2010.04.10 09:49:21 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\SUPERAntiSpyware Free Edition.lnk
[2010.04.10 09:41:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.04.08 11:54:51 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\danhill\Dokumenty\pinfect.zip
[2010.04.08 10:45:26 | 000,000,054 | ---- | M] () -- C:\WINDOWS\Lic.xxx
[2010.04.08 10:41:26 | 000,632,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll
[2010.04.08 10:41:25 | 000,554,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp80.dll
[2010.04.08 10:41:24 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\WINDOWS\System32\eEmpty.exe
[2010.04.03 18:42:48 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[2010.03.28 11:33:57 | 000,133,848 | -H-- | M] () -- C:\TREEINFO.WC
[2010.03.17 21:53:42 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010.03.17 21:53:42 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.04.13 14:37:58 | 000,568,814 | ---- | C] () -- C:\UsbFix_Upload_Me_MARTIN.zip
[2010.04.13 14:26:41 | 001,777,455 | ---- | C] () -- C:\Documents and Settings\danhill\Plocha\UsbFix.exe
[2010.04.10 09:49:21 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\SUPERAntiSpyware Free Edition.lnk
[2010.04.08 11:54:51 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\danhill\Dokumenty\pinfect.zip
[2010.04.08 10:42:03 | 000,000,054 | ---- | C] () -- C:\WINDOWS\Lic.xxx
[2010.04.08 10:41:25 | 000,000,522 | ---- | C] () -- C:\WINDOWS\System32\Microsoft.VC80.CRT.manifest
[2009.06.01 10:09:50 | 000,002,260 | ---- | C] () -- C:\Program Files\uninstal.log
[2008.04.10 14:37:27 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\danhill\PUTTY.RND
[2007.10.12 14:42:13 | 000,000,019 | ---- | C] () -- C:\WINDOWS\SoundConverter.INI
[2007.06.29 18:01:17 | 000,000,381 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\hpzinstall.log
[2007.01.17 10:15:11 | 000,000,092 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2006.10.19 14:52:00 | 000,001,763 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\QTSBandwidthCache
[2006.10.05 20:55:42 | 004,718,592 | ---- | C] () -- C:\Documents and Settings\danhill\ntuser.dat
[2006.06.05 13:50:08 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\Udetect.dll
[2006.06.05 13:49:58 | 000,040,788 | ---- | C] () -- C:\WINDOWS\System32\drivers\ulink.sys
[2006.06.05 12:18:42 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\ntuser.dat
[2006.06.05 12:18:42 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\ntuser.dat.LOG
[2006.05.19 22:51:45 | 000,000,342 | ---- | C] () -- C:\WINDOWS\Jelly.ini
[2006.04.29 13:49:09 | 000,002,048 | ---- | C] () -- C:\WINDOWS\MNMGM32.DLL
[2006.04.29 13:43:26 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\fusioncache.dat
[2006.04.29 13:14:35 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\danhill\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.04.29 13:00:29 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.04.28 18:20:49 | 000,007,241 | ---- | C] () -- C:\Documents and Settings\danhill\AdobeFnt10.lst
[2006.04.28 17:22:48 | 000,001,015 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2006.04.28 17:20:55 | 000,000,666 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2006.04.28 15:05:17 | 000,000,044 | ---- | C] () -- C:\WINDOWS\SMWizard.INI
[2006.04.28 14:30:31 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006.04.28 14:30:31 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006.04.28 14:30:31 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006.04.28 14:30:31 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006.04.28 14:30:31 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006.04.28 14:30:31 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006.04.28 14:28:59 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\danhill\Local Settings\Data aplikací\fusioncache.dat
[2006.04.28 14:25:39 | 000,094,274 | R--- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2006.04.28 14:09:46 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\danhill\ntuser.ini
[2006.04.28 14:09:45 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\danhill\ntuser.dat.LOG
[2006.04.13 11:30:06 | 001,073,152 | ---- | C] () -- C:\WINDOWS\System32\libmysql_c.dll
[2005.10.14 11:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 11:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 11:56:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 11:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 11:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 11:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 11:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 11:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.10.14 11:56:48 | 003,223,552 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2005.10.14 11:56:48 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2005.10.14 11:56:48 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2005.10.14 11:56:48 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2005.10.14 11:56:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2003.03.12 16:01:48 | 000,110,592 | ---- | C] () -- C:\Program Files\iperf.exe
[2001.09.21 06:00:38 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\InTouchViewer.dll
[2001.09.21 05:59:38 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\InTouchCOMClient.dll
[2001.09.17 09:49:22 | 000,421,888 | R--- | C] () -- C:\WINDOWS\System32\XMLParser.dll
[2001.09.17 09:49:20 | 000,573,440 | R--- | C] () -- C:\WINDOWS\System32\dbsock.dll
[2001.09.17 09:49:20 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\Transport.dll
[2001.09.17 09:48:54 | 000,503,808 | R--- | C] () -- C:\WINDOWS\System32\lt_xtrans.dll
[2001.09.17 09:48:54 | 000,286,720 | R--- | C] () -- C:\WINDOWS\System32\MrSIDD.dll
[2001.09.17 09:48:54 | 000,163,840 | R--- | C] () -- C:\WINDOWS\System32\lt_common.dll
[2001.09.17 09:48:54 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\lt_trans.dll
[2001.09.17 09:48:54 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\lt_meta.dll
[2001.09.17 09:48:54 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\lt_encrypt.dll
[2001.09.17 09:48:54 | 000,020,480 | R--- | C] () -- C:\WINDOWS\System32\lt_messagetext.dll
< End of report >

[kisuah]

Jeste jsem zapomnel na extras....

OTL Extras logfile created on: 13. 4. 2010 14:40:47 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\danhill\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d. M. yyyy

247,00 Mb Total Physical Memory | 24,00 Mb Available Physical Memory | 10,00% Memory free
606,00 Mb Paging File | 398,00 Mb Available in Paging File | 66,00% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,25 Gb Total Space | 6,61 Gb Free Space | 17,74% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1,83 Gb Total Space | 1,83 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARTIN
Current User Name: danhill
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\totalcmd\TOTALCMD.EXE" = C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows -- (C. Ghisler & Co.)
"C:\Program Files\CesarFTP\Server.exe" = C:\Program Files\CesarFTP\Server.exe:*:Enabled:Server -- ()
"C:\Documents and Settings\danhill\Dokumenty\Záloha notasu\PRÁCE\Eridan net\PRO.11 Configuration Utility\brzmgr.exe" = C:\Documents and Settings\danhill\Dokumenty\Záloha notasu\PRÁCE\Eridan net\PRO.11 Configuration Utility\brzmgr.exe:*:Enabled:PRO.11 Configuration Utility -- File not found
"C:\Documents and Settings\danhill\Dokumenty\Duležité !!!\PRÁCE\Eridan net\PRO.11 Configuration Utility\brzmgr.exe" = C:\Documents and Settings\danhill\Dokumenty\Duležité !!!\PRÁCE\Eridan net\PRO.11 Configuration Utility\brzmgr.exe:*:Enabled:PRO.11 Configuration Utility -- (BreezeCOM)
"C:\Program Files\X-Lite\X-Lite.exe" = C:\Program Files\X-Lite\X-Lite.exe:*:Enabled:X-Lite -- ()
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\inoteska\uniman\v8 sl\mnunia08.exe" = C:\inoteska\uniman\v8 sl\mnunia08.exe:*:Enabled:UniMan - release -- (Inoteska)
"C:\Documents and Settings\danhill\Plocha\winbox.exe" = C:\Documents and Settings\danhill\Plocha\winbox.exe:*:Enabled:winbox -- ()
"C:\Documents and Settings\danhill\Dokumenty\Duležité !!!\Martin\Instal\superscan4\SuperScan4.exe" = C:\Documents and Settings\danhill\Dokumenty\Duležité !!!\Martin\Instal\superscan4\SuperScan4.exe:*:Enabled:SuperScan 4 Beta 1 -- (Foundstone Inc.)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe" = C:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC -- File not found
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- File not found
"C:\Program Files\Gecko Software\Track 'n Trade Live\TNT_LIVE.exe" = C:\Program Files\Gecko Software\Track 'n Trade Live\TNT_LIVE.exe:*:Enabled:Track 'n Trade Live -- File not found
"C:\Program Files\iperf-2.0.2\bin\iperf.exe" = C:\Program Files\iperf-2.0.2\bin\iperf.exe:*:Enabled:iperf -- ()
"C:\Program Files\Kapanga Softphone\kapanga.exe" = C:\Program Files\Kapanga Softphone\kapanga.exe:*:Enabled:Kapanga Softphone -- File not found
"C:\Program Files\Attractel\Zoiper\Zoiper.exe" = C:\Program Files\Attractel\Zoiper\Zoiper.exe:*:Enabled:Zoiper -- File not found
"C:\Program Files\TmNationsForever\TmForever.exe" = C:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\SJphone 1.65\SJphone.exe" = C:\Program Files\SJphone 1.65\SJphone.exe:*:Enabled:SJphone 1.65 -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Nástroj pro odesílání služby Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{71E40B32-5173-4538-8996-5822DD18E8D4}" = Windows Live Messenger
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7E7B1-5322-4F57-AF8E-F94346367ECA}" = MultiNetwork Manager 6.3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{8E50332B-772C-4AEA-BF56-94DE6A1D5F10}" = TIxx21
"{90280405-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional s aplikací FrontPage
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{92605735-AAFB-47F7-A67D-17ED129EFF9C}" = ACDSee 4.0
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98DF9F27-A3AB-4998-B7F0-BFE628CCE78E}" = Smart Switch Configuration 3.6
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{AC76BA86-7AD7-1029-7B44-A70000000000}" = Adobe Reader 7.0 - Czech
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{E3F328E4-EB9F-4ABF-8FF3-5AD0472743D8}" = Windows Live Essentials
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"0AAD16715A341564716CE9901E2911A02B1EB808" = Balíček ovladače systému Windows - AnyDATA Corporated (adusbser) Modem (09/21/2006 2.0.3.2)
"5C49EB77B7315FA2E925C43BA449BB322C4D9418" = Balíček ovladače systému Windows - AnyDATA Corporation (adusbser) Ports (09/21/2006 2.0.3.2)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"Broadcom 802.11 Application" = Broadcom 802.11 Control Panel
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Driver
"bwin" = bwin Poker (remove only)
"CCleaner" = CCleaner (remove only)
"CesarFTP 0.99g_is1" = CesarFTP 0.99g
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"České prostředí do ACDSee 4.0" = České prostředí do ACDSee 4.0
"Easy Graphic Converter 1.2_is1" = Easy Graphic Converter 1.2
"EMS-SD1" = EMS-SD1
"FTDICOMM" = FTDI USB Serial Converter Drivers
"Heroes of Might and Magic IV" = Heroes of Might and Magic® IV
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"InstallShield_{8E50332B-772C-4AEA-BF56-94DE6A1D5F10}" = Texas Instruments PCIxx21/x515 drivers.
"KPerf 2.0.2" = KPerf 2.0.2
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"Mozilla Thunderbird (1.5.0.14)" = Mozilla Thunderbird (1.5.0.14)
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenVPN" = OpenVPN 2.0.5-gui-1.0.3
"rajče průvodce_is1" = rajče beta32
"ST6UNST #1" = ServicePack4
"ST6UNST #2" = Orlan
"ST6UNST #3" = MiracleView 4.80
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"T-Mobile Communication Centre" = web'n'walk Manager
"Totalcmd" = Total Commander (Remove or Repair)
"USB Super Link" = USB Super Link
"WhatsUp Gold" = Ipswitch WhatsUp Gold
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"X-Lite_is1" = X-Lite 2.0 release 1105x

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6. 4. 2010 7:34:40 | Computer Name = MARTIN | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace firefox.exe, verze 1.9.1.3726, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 6. 4. 2010 7:49:38 | Computer Name = MARTIN | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace firefox.exe, verze 1.9.1.3726, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 6. 4. 2010 7:50:16 | Computer Name = MARTIN | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace firefox.exe, verze 1.9.1.3726, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 6. 4. 2010 7:50:51 | Computer Name = MARTIN | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace firefox.exe, verze 1.9.1.3726, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 6. 4. 2010 7:51:22 | Computer Name = MARTIN | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace firefox.exe, verze 1.9.1.3726, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 6. 4. 2010 7:52:47 | Computer Name = MARTIN | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace firefox.exe, verze 1.9.1.3726, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 8. 4. 2010 4:38:53 | Computer Name = MARTIN | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.


Error - 8. 4. 2010 4:39:05 | Computer Name = MARTIN | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace firefox.exe, verze 1.9.1.3726, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 8. 4. 2010 4:40:34 | Computer Name = MARTIN | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.


Error - 8. 4. 2010 4:40:34 | Computer Name = MARTIN | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.


[ System Events ]
Error - 13. 4. 2010 3:46:46 | Computer Name = MARTIN | Source = Cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.

Error - 13. 4. 2010 3:46:46 | Computer Name = MARTIN | Source = Cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.

Error - 13. 4. 2010 3:46:46 | Computer Name = MARTIN | Source = Cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.

Error - 13. 4. 2010 3:46:46 | Computer Name = MARTIN | Source = Cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.

Error - 13. 4. 2010 3:46:46 | Computer Name = MARTIN | Source = Cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.

Error - 13. 4. 2010 3:46:49 | Computer Name = MARTIN | Source = Cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.

Error - 13. 4. 2010 3:46:49 | Computer Name = MARTIN | Source = Cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.

Error - 13. 4. 2010 3:46:49 | Computer Name = MARTIN | Source = Cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.

Error - 13. 4. 2010 6:02:06 | Computer Name = MARTIN | Source = Dhcp | ID = 1002
Description = Zapůjčení adresy IP 192.168.146.51 pro síťovou kartu s adresou 001279C3FA2C
byla serverem DHCP 192.168.1.1 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).

Error - 13. 4. 2010 6:07:39 | Computer Name = MARTIN | Source = Dhcp | ID = 1002
Description = Zapůjčení adresy IP 192.168.1.33 pro síťovou kartu s adresou 001279C3FA2C
byla serverem DHCP 192.168.146.11 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).


< End of report >

[Caroprd111]

Soubor C:\UsbFix_Upload_Me_MARTIN.zip prosím uložte na http://chiquitine.changelog.fr/Sample/Upload.php


Spusťte OTL a do spodního okna vložte následující skript.

Kód: Vybrat vše

:OTL
SRV - File not found [On_Demand | Stopped] -- -- (aspnet_state)
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

:Commands
[EMPTYTEMP] 
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[CREATERESTOREPOINT]
[REBOOT] 

Poté klikněte na Opravit, PC se restartuje, log vložte sem.


Tohle otestujte na http://www.virustotal.com/cs/
C:\WINDOWS\System32\Udetect.dll
C:\WINDOWS\MNMGM32.DLL

(Soubor nehledejte, jenom vložíte tučně označenou cestu, v případě hlášky "Soubor již byl testován" dejte otestovat znovu. Výsledek analýzy sem v podobě odkazu vložte.)

[kisuah]

Ten soubor na tech strankach jsem vlozil a nechal jsem tam moznost AD-Remover...snad to nevadi.
Na tech dalsich strankach mi nejde vlozit tucne napsanou trasu,vzdy to po me chce hledat cestu k adresari,mam tu cestu vyhledat?
Dekuji.

LOG:

All processes killed
========== OTL ==========
Service aspnet_state stopped successfully!
Service aspnet_state deleted successfully!
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: danhill
->Temp folder emptied: 102 bytes
->Temporary Internet Files folder emptied: 6710662 bytes
->Java cache emptied: 17196476 bytes
->FireFox cache emptied: 38033102 bytes
->Flash cache emptied: 31376 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 84 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 182046 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 59,00 mb


[EMPTYFLASH]

User: All Users

User: danhill
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

Restore points cleared and new OTL Restore Point set!
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

OTL by OldTimer - Version 3.2.1.1 log created on 04132010_153542

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

[Caroprd111]

Ano, cestu vyhledejte.

[kisuah]

Omlouvam se,ale dnes uz se k (ne)nakazenemu PC nedostanu az zitra rano..dekuji za trpelivost

[Caroprd111]

V pořádku.

[kisuah]

Podarilo se mi najit ten vir killvbs i na druhem PC ,muzu pouzit USB fix a skript OTL i na toto PC?
Zasilam pozadovane logy.



Soubor Udetect.dll přijatý 2010.04.14 07:43:34 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/40 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: ___.
Odhadovaný čas začátku mezi ___ a ___ .
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.

Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.04.14 -
AhnLab-V3 5.0.0.2 2010.04.13 -
AntiVir 7.10.6.69 2010.04.13 -
Antiy-AVL 2.0.3.7 2010.04.14 -
Authentium 5.2.0.5 2010.04.14 -
Avast 4.8.1351.0 2010.04.13 -
Avast5 5.0.332.0 2010.04.13 -
AVG 9.0.0.787 2010.04.14 -
BitDefender 7.2 2010.04.14 -
CAT-QuickHeal 10.00 2010.04.14 -
ClamAV 0.96.0.3-git 2010.04.14 -
Comodo 4595 2010.04.14 -
DrWeb 5.0.2.03300 2010.04.14 -
eSafe 7.0.17.0 2010.04.13 -
eTrust-Vet 35.2.7423 2010.04.13 -
F-Prot 4.5.1.85 2010.04.13 -
F-Secure 9.0.15370.0 2010.04.14 -
Fortinet 4.0.14.0 2010.04.12 -
GData 19 2010.04.14 -
Ikarus T3.1.1.80.0 2010.04.14 -
Jiangmin 13.0.900 2010.04.13 -
Kaspersky 7.0.0.125 2010.04.14 -
McAfee 5.400.0.1158 2010.04.14 -
McAfee-GW-Edition 6.8.5 2010.04.13 -
Microsoft 1.5605 2010.04.14 -
NOD32 5026 2010.04.13 -
Norman 6.04.11 2010.04.14 -
nProtect 2009.1.8.0 2010.04.06 -
Panda 10.0.2.7 2010.04.13 -
PCTools 7.0.3.5 2010.04.14 -
Prevx 3.0 2010.04.14 -
Rising 22.43.02.03 2010.04.14 -
Sophos 4.52.0 2010.04.14 -
Sunbelt 6174 2010.04.14 -
Symantec 20091.2.0.41 2010.04.14 -
TheHacker 6.5.2.0.261 2010.04.14 -
TrendMicro 9.120.0.1004 2010.04.14 -
VBA32 3.12.12.4 2010.04.09 -
ViRobot 2010.4.14.2275 2010.04.14 -
VirusBuster 5.0.27.0 2010.04.13 -
Rozšiřující informace
File size: 61440 bytes
MD5...: 110ab38aa1df03cabe9fbd45f3bc1db8
SHA1..: 240b9316b574faaaff92a42c849db56dca42018f
SHA256: b2e24c1f0e8fa5f2f1c9784a4dd53bb3cd569eaf8a0c1a31087cdd8eea0d2036
ssdeep: 768:9Fc1z8aJqXU1lLQSPv4dOWDEX4BkJGn4CaJKK:9Q7JWWlLQSn4dfVBkJGn6K
K
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x2750
timedatestamp.....: 0x3f6e63ef (Mon Sep 22 02:52:31 2003)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x6466 0x7000 6.05 b83e898e2968e8dbbb0e48054404269e
.rdata 0x8000 0x16ee 0x2000 4.34 3c30456619f48f89b0251224c1ffb5bd
.data 0xa000 0x5500 0x4000 1.44 ccf57df660d7aeb033c2c1bb9e8eacc7
.reloc 0x10000 0xd60 0x1000 4.14 74571aed5777f430ee9baeae45a6561c

( 6 imports )
> CFGMGR32.dll: CM_Query_Remove_SubTree, CM_Remove_SubTree, CM_Get_Parent, CM_Locate_DevNodeA, CM_Get_DevNode_Registry_PropertyA, CM_Get_Sibling, CM_Get_Child
> SETUPAPI.dll: SetupDiDestroyDeviceInfoList, SetupDiGetDeviceInterfaceDetailA, SetupDiEnumDeviceInterfaces, SetupDiGetClassDevsA
> KERNEL32.dll: WideCharToMultiByte, GetVersionExA, GetLastError, CloseHandle, CreateFileA, MultiByteToWideChar, SetHandleCount, SetLastError, TlsGetValue, SetStdHandle, FlushFileBuffers, LoadLibraryA, SetFilePointer, RtlUnwind, InterlockedDecrement, InterlockedIncrement, GetCommandLineA, GetVersion, HeapFree, HeapAlloc, LCMapStringA, LCMapStringW, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, ExitProcess, GetOEMCP, TerminateProcess, GetCurrentProcess, GetCurrentThreadId, TlsSetValue, TlsAlloc, TlsFree, GetProcAddress, GetEnvironmentStringsW, GetLocaleInfoW, GetStdHandle, GetFileType, GetStartupInfoA, GetModuleFileNameA, GetCPInfo, GetACP, VirtualAlloc, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, HeapDestroy, HeapCreate, VirtualFree, WriteFile, GetLocaleInfoA, GetStringTypeA, GetStringTypeW
> USER32.dll: UnregisterDeviceNotification, RegisterDeviceNotificationA
> ADVAPI32.dll: RegEnumKeyA, RegCloseKey, RegQueryValueExA, RegOpenKeyExA
> ole32.dll: CoTaskMemFree, CoInitialize, CoCreateInstance, CoUninitialize

( 11 exports )
__0CUdetect@@QAE@XZ, __4CUdetect@@QAEAAV0@ABV0@@Z, _CheckLinkType@@YAIXZ, _FindDeviceAtUSBPort@@YAHPAUULink_Device_List@@@Z, _GetDevicesName@@YAXPAUVNET_ITEMLIST@@@Z, _OpenNetProperty@@YAXPADPAUHWND__@@@Z, _RegisterNotify@@YA_NPAUHWND__@@@Z, _RemoveDevice@@YAHK@Z, _UnregisterNotify@@YAXXZ, _fnUdetect@@YAHPAULinkInstList@@@Z, _nUdetect@@3HA
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned








Soubor MNMGM32.DLL přijatý 2010.04.14 07:55:06 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/40 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: ___.
Odhadovaný čas začátku mezi ___ a ___ .
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.

Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.04.14 -
AhnLab-V3 5.0.0.2 2010.04.13 -
AntiVir 7.10.6.69 2010.04.13 -
Antiy-AVL 2.0.3.7 2010.04.14 -
Authentium 5.2.0.5 2010.04.14 -
Avast 4.8.1351.0 2010.04.13 -
Avast5 5.0.332.0 2010.04.13 -
AVG 9.0.0.787 2010.04.14 -
BitDefender 7.2 2010.04.14 -
CAT-QuickHeal 10.00 2010.04.14 -
ClamAV 0.96.0.3-git 2010.04.14 -
Comodo 4595 2010.04.14 -
DrWeb 5.0.2.03300 2010.04.14 -
eSafe 7.0.17.0 2010.04.13 -
eTrust-Vet 35.2.7423 2010.04.13 -
F-Prot 4.5.1.85 2010.04.13 -
F-Secure 9.0.15370.0 2010.04.14 -
Fortinet 4.0.14.0 2010.04.12 -
GData 19 2010.04.14 -
Ikarus T3.1.1.80.0 2010.04.14 -
Jiangmin 13.0.900 2010.04.13 -
Kaspersky 7.0.0.125 2010.04.14 -
McAfee 5.400.0.1158 2010.04.14 -
McAfee-GW-Edition 6.8.5 2010.04.13 -
Microsoft 1.5605 2010.04.14 -
NOD32 5026 2010.04.13 -
Norman 6.04.11 2010.04.14 -
nProtect 2009.1.8.0 2010.04.06 -
Panda 10.0.2.7 2010.04.13 -
PCTools 7.0.3.5 2010.04.14 -
Prevx 3.0 2010.04.14 -
Rising 22.43.02.03 2010.04.14 -
Sophos 4.52.0 2010.04.14 -
Sunbelt 6174 2010.04.14 -
Symantec 20091.2.0.41 2010.04.14 -
TheHacker 6.5.2.0.261 2010.04.14 -
TrendMicro 9.120.0.1004 2010.04.14 -
VBA32 3.12.12.4 2010.04.09 -
ViRobot 2010.4.14.2275 2010.04.14 -
VirusBuster 5.0.27.0 2010.04.13 -
Rozšiřující informace
File size: 2048 bytes
MD5...: 92571fa4251b4284801b86cfb51f83cf
SHA1..: 677c1ab7d018b929140fc0681f7dfecda47dae6f
SHA256: 5b97cc228c9ba54da14c70243a9a84f01bbe016ee14af2f4a966bccb163cd523
ssdeep: 24:qe7F3QRgEfhGsuQMYV7F3QRgEfhGsuQMY:qyFedfssuQvFedfssuQ
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

[Caroprd111]

Vložte sem log z RSIT z druhého PC. Skript se píše na každý počítač individuálně.

[kisuah]

PC,z ktereho nyni zasilam log porad hrabe,ikdyz neprovadim zadnou operaci....snad tam neco najdete...
To prvni PC uz je v poradku?Dekuji


Logfile of random's system information tool 1.06 (written by random/random)
Run by MCI at 2010-04-14 13:55:46
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 62 GB (81%) free of 76 GB
Total RAM: 239 MB (3% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:01:00, on 14.4.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\install\RSIT.exe
C:\Program Files\trend micro\MCI.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\killVBS.vbs
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/fu ... .0.0.8.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = enet.loc
O17 - HKLM\Software\..\Telephony: DomainName = enet.loc
O17 - HKLM\System\CCS\Services\Tcpip\..\{222D6CCC-C91D-4CD4-888B-45E127A91C89}: NameServer = 82.202.112.130,213.235.146.3
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = enet.loc
O17 - HKLM\System\CS1\Services\Tcpip\..\{222D6CCC-C91D-4CD4-888B-45E127A91C89}: NameServer = 82.202.112.130,213.235.146.3
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 4647 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll [2003-05-12 50376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll [2006-10-12 434279]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll [2003-05-12 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll [2003-05-12 147456]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2003-05-29 790528]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2003-05-30 585728]
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe [2003-04-07 155648]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2003-04-07 114688]
"pdfSaver3"= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-18 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
C:\PROGRA~1\AVG\AVG9\avgtray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList]
C:\Program Files\Pinnacle\Studio 10\LaunchList.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfSaver3]
C:\Program Files\PDF\pdfSaver\pdfSaver3.exe [2004-05-19 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe [2006-10-12 49263]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-02-18 2012912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Acrobat Assistant.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0CE\Distillr\acrotray.exe [2003-07-17 217180]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Google Updater.lnk]
C:\PROGRA~1\Google\GOOGLE~3\GOOGLE~1.EXE -systray -startup []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-04-07 315392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\Documents and Settings\MCI\Plocha\winbox.exe"="C:\Documents and Settings\MCI\Plocha\winbox.exe:*:Enabled:winbox"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\Program Files\Pinnacle\Studio 10\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 10\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8fe97e16-38c4-11df-961c-000cf19e0283}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs


======File associations======

.scr - open - "C:\WINDOWS\system32\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-04-14 13:56:45 ----D---- C:\Program Files\trend micro
2010-04-14 13:55:46 ----D---- C:\rsit
2010-04-13 11:17:39 ----D---- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2010-04-13 11:17:24 ----D---- C:\Program Files\SUPERAntiSpyware
2010-04-13 11:17:23 ----D---- C:\Documents and Settings\MCI\Data aplikací\SUPERAntiSpyware.com
2010-04-13 11:16:54 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-04-13 10:47:33 ----D---- C:\WINDOWS\system32\appmgmt
2010-04-13 10:42:13 ----D---- C:\Program Files\CCleaner
2010-04-12 12:46:01 ----HD---- C:\$AVG
2010-04-12 12:08:02 ----D---- C:\Program Files\AVG
2010-04-07 11:32:33 ----HDC---- C:\WINDOWS\$NtUninstallKB980182$

======List of files/folders modified in the last 1 months======

2010-04-14 13:57:30 ----D---- C:\WINDOWS\Prefetch
2010-04-14 13:56:45 ----RD---- C:\Program Files
2010-04-14 13:54:51 ----D---- C:\install
2010-04-14 13:54:16 ----D---- C:\WINDOWS\system32
2010-04-14 13:54:14 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-14 13:52:59 ----D---- C:\Program Files\Mozilla Firefox
2010-04-14 13:49:26 ----D---- C:\WINDOWS\Temp
2010-04-13 18:04:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-13 12:22:44 ----RASH---- C:\boot.ini
2010-04-13 12:22:44 ----A---- C:\WINDOWS\win.ini
2010-04-13 12:22:44 ----A---- C:\WINDOWS\system.ini
2010-04-13 11:20:54 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-13 11:17:35 ----SHD---- C:\WINDOWS\Installer
2010-04-13 11:16:54 ----D---- C:\Program Files\Common Files
2010-04-13 11:15:45 ----D---- C:\Program Files\Google
2010-04-13 11:15:41 ----SD---- C:\WINDOWS\Tasks
2010-04-13 10:55:13 ----D---- C:\WINDOWS
2010-04-13 10:49:41 ----D---- C:\WINDOWS\Debug
2010-04-13 10:31:05 ----D---- C:\WINDOWS\system32\drivers
2010-04-12 16:21:28 ----RASH---- C:\WINDOWS\system32\killVBS.vbs
2010-04-12 12:06:40 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-04-12 12:06:39 ----D---- C:\WINDOWS\WinSxS
2010-04-07 11:33:42 ----HD---- C:\WINDOWS\inf
2010-04-07 11:33:08 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-07 11:33:06 ----D---- C:\Program Files\Internet Explorer
2010-04-06 12:39:19 ----HD---- C:\WINDOWS\$hf_mig$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-18 39936]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 sf;SFI Service; C:\WINDOWS\system32\drivers\sf.sys [2003-05-09 33248]
R2 Ethpdrv;Ethernet Packet Driver; C:\WINDOWS\system32\DRIVERS\ethpdrv.sys [2007-08-01 16376]
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-03-14 100224]
R3 E1000;Intel(R) PRO/1000 Adapter Driver; C:\WINDOWS\System32\DRIVERS\e1000325.sys [2003-05-21 121856]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-04-15 90907]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-06-02 171008]
R3 SMBios;Intel (R) System Managment BIOS Service; C:\WINDOWS\System32\DRIVERS\SMBios.sys [2003-06-18 35012]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-06-02 578304]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 ASAPIW2K;ASAPIW2K; \??\C:\WINDOWS\system32\Drivers\asapiW2k.sys []
S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2002-09-20 235100]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 usbprint;Třída USB Printer; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-04 25600]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe [2002-12-27 65536]

-----------------EOF-----------------

[Caroprd111]

PC1

Jak to vypadá s PC


PC2


Vložte do PC všechny flash disky, které používáte.

Stáhněte na plochu UsbFix http://pagesperso-orange.fr/NosTools/Ch ... UsbFix.exe

• Spusťte, poté zvolte jazyk E - Enter
• Zvolte 2 - Enter (je možný restart PC)
• Po dokončení na Vás vyskočí log, vložte mi ho sem, případně ho najdete v C:\UsbFix.txt

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe

• Spusťte program, poté klikněte na Prohledat
• Po dokončení, sem vložte logy OTL.Txt a Extras.txt