Pomale pc

Zpráva

villain · #1 Příspěvek od **villain** » 26 kvě 2010 18:05

Logfile of random's system information tool 1.07 (written by random/random)
Run by michal at 2010-05-26 18:59:53
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 71 GB (47%) free of 153 GB
Total RAM: 511 MB (30% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:00:05, on 26.5.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\OSW\System32\smss.exe
C:\OSW\system32\winlogon.exe
C:\OSW\system32\services.exe
C:\OSW\system32\lsass.exe
C:\OSW\system32\Ati2evxx.exe
C:\OSW\system32\svchost.exe
C:\OSW\System32\svchost.exe
C:\OSW\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\OSW\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\OSW\RTHDCPL.EXE
C:\OSW\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\OSW\system32\spoolsv.exe
C:\OSW\System32\svchost.exe
C:\Program Files\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
C:\Program Files\Autodesk\Data Management Server 2009\Server\Webserver\Connectivity.EDMWS.Server.exe
C:\OSW\system32\HPZipm12.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\OSW\system32\svchost.exe
C:\OSW\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\OSW\System32\svchost.exe
C:\QIP Infium JadrisPack\infium.exe
C:\OSW\system32\taskmgr.exe
C:\Documents and Settings\michal\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\michal\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\michal\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\michal\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\michal\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\michal.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GEST] ]
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\OSW\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\michal\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\OSW\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\OSW\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\OSW\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\OSW\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\OSW\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\OSW\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\OSW\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\OSW\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\OSW\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\OSW\system32\ati2sgag.exe
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk - C:\Program Files\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
O23 - Service: Autodesk EDM Server - Autodesk - C:\Program Files\Autodesk\Data Management Server 2009\Server\Webserver\Connectivity.EDMWS.Server.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\OSW\system32\HPZipm12.exe

--
End of file - 6335 bytes

======Scheduled tasks folder======

C:\OSW\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-706699826-839522115-1004Core.job
C:\OSW\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-706699826-839522115-1004UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
"RTHDCPL"=C:\OSW\RTHDCPL.EXE [2008-12-09 18063872]
"Alcmtr"=C:\OSW\ALCMTR.EXE [2008-06-19 57344]
"GEST"=] []
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-10-01 98304]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\OSW\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=C:\Documents and Settings\michal\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2009-12-26 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\OSW\system32\Ati2evxx.dll [2009-10-02 155648]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\QIP Infium JadrisPack\infium.exe"="C:\QIP Infium JadrisPack\infium.exe:*:Enabled:QIP Infium"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.scr - open - C:\OSW\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-05-26 18:59:56 ----D---- C:\Program Files\trend micro
2010-05-26 18:59:53 ----D---- C:\rsit
2010-05-26 18:37:52 ----D---- C:\Documents and Settings\michal\Data aplikací\Malwarebytes
2010-05-26 18:37:34 ----D---- C:\Documents and Settings\All Users.OSW\Data aplikací\Malwarebytes
2010-05-26 18:37:32 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-05-25 23:23:41 ----D---- C:\OSW\system32\LogFiles
2010-05-25 23:16:55 ----SHD---- C:\found.000
2010-05-25 22:57:18 ----D---- C:\Program Files\CCleaner
2010-05-25 22:26:56 ----D---- C:\Program Files\RegCleaner
2010-05-21 23:12:30 ----D---- C:\OSW\Minidump
2010-05-16 16:57:52 ----D---- C:\Documents and Settings\michal\Data aplikací\Ansys
2010-05-16 16:30:17 ----D---- C:\Program Files\Microsoft.NET
2010-05-16 16:28:15 ----D---- C:\Program Files\MSXML 6.0
2010-05-16 16:24:28 ----D---- C:\Program Files\Microsoft SQL Server
2010-05-16 16:06:54 ----D---- C:\Documents and Settings\All Users.OSW\Data aplikací\Autodesk, Inc
2010-05-16 16:03:50 ----D---- C:\Program Files\AOEMView 2009
2010-05-16 16:02:07 ----D---- C:\Program Files\DWG TrueView 2009
2010-05-16 16:01:33 ----A---- C:\OSW\system32\d3dx10_35.dll
2010-05-16 16:01:33 ----A---- C:\OSW\system32\D3DCompiler_35.dll
2010-05-16 16:01:29 ----A---- C:\OSW\system32\d3dx9_35.dll
2010-05-13 03:00:31 ----HDC---- C:\OSW\$NtUninstallKB978542$

======List of files/folders modified in the last 1 months======

2010-05-26 19:00:02 ----D---- C:\OSW\Prefetch
2010-05-26 18:59:56 ----RD---- C:\Program Files
2010-05-26 18:47:49 ----D---- C:\Program Files\Common Files\Akamai
2010-05-26 18:37:37 ----D---- C:\OSW\system32\drivers
2010-05-26 17:28:11 ----D---- C:\OSW\Temp
2010-05-26 13:18:41 ----A---- C:\OSW\SchedLgU.Txt
2010-05-25 23:23:41 ----D---- C:\OSW\system32
2010-05-25 23:19:18 ----D---- C:\OSW
2010-05-25 22:59:31 ----D---- C:\OSW\Debug
2010-05-25 22:17:41 ----D---- C:\Program Files\Evolution Labs
2010-05-24 04:53:44 ----D---- C:\OSW\system32\config
2010-05-16 17:34:48 ----D---- C:\OSW\system32\CatRoot2
2010-05-16 16:53:27 ----D---- C:\Documents and Settings\All Users.OSW\Data aplikací\Autodesk
2010-05-16 16:38:58 ----D---- C:\Documents and Settings\michal\Data aplikací\Autodesk
2010-05-16 16:38:40 ----SHD---- C:\OSW\Installer
2010-05-16 16:38:36 ----HD---- C:\Config.Msi
2010-05-16 16:38:33 ----RSD---- C:\OSW\assembly
2010-05-16 16:34:00 ----D---- C:\Program Files\Autodesk
2010-05-16 16:32:21 ----A---- C:\OSW\system32\PerfStringBackup.INI
2010-05-16 16:30:33 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-05-16 16:30:12 ----D---- C:\OSW\WinSxS
2010-05-16 16:29:56 ----D---- C:\OSW\Microsoft.NET
2010-05-16 16:25:33 ----D---- C:\OSW\Registration
2010-05-16 16:20:13 ----D---- C:\Program Files\Common Files\Autodesk Shared
2010-05-16 16:09:18 ----RSD---- C:\OSW\Fonts
2010-05-16 16:01:50 ----HD---- C:\Program Files\Uninstall Information
2010-05-16 16:01:34 ----HD---- C:\OSW\inf
2010-05-16 16:01:34 ----D---- C:\OSW\system32\DirectX
2010-05-16 15:23:42 ----D---- C:\Autodesk
2010-05-15 20:21:11 ----SD---- C:\OSW\Downloaded Program Files
2010-05-13 03:00:34 ----RSHDC---- C:\OSW\system32\dllcache
2010-05-13 03:00:34 ----D---- C:\Program Files\Outlook Express
2010-05-12 13:42:02 ----HD---- C:\OSW\$hf_mig$
2010-04-30 20:51:06 ----A---- C:\OSW\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\OSW\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AmdK8;Ovladač procesoru AMD; C:\OSW\System32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 aswSP;avast! Self Protection; C:\OSW\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\OSW\system32\drivers\aswTdi.sys [2009-11-25 48560]
R2 aswFsBlk;aswFsBlk; C:\OSW\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\OSW\system32\drivers\aswMon2.sys [2009-11-25 94160]
R2 irda;Protokol IrDA; C:\OSW\System32\DRIVERS\irda.sys [2008-04-14 88192]
R3 aswRdr;aswRdr; C:\OSW\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:\OSW\System32\DRIVERS\ati2mtag.sys [2009-10-02 4486656]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\OSW\system32\drivers\AtiHdmi.sys [2009-08-19 100368]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\OSW\System32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\OSW\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\OSW\system32\drivers\RtkHDAud.sys [2008-12-11 4959232]
R3 mouhid;Ovladač myši standardu HID; C:\OSW\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\OSW\system32\DRIVERS\nvefd2k.sys [2007-11-18 50304]
R3 Rasirda;WAN Miniport (IrDA); C:\OSW\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\OSW\System32\Drivers\RootMdm.sys [2001-10-25 5888]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\OSW\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\OSW\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\OSW\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
S3 gdrv;gdrv; \??\C:\OSW\gdrv.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\OSW\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\OSW\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\OSW\system32\DRIVERS\HPZius12.sys [2009-08-26 21568]
S3 irsir;Microsoft Serial Infrared Driver; C:\OSW\System32\DRIVERS\irsir.sys [2001-08-17 18688]
S3 nm;Ovladač programu Sledování sítě; C:\OSW\system32\DRIVERS\NMnt.sys [2008-04-14 40320]
S3 nvnetbus;NVIDIA Network Bus Enumerator; C:\OSW\System32\DRIVERS\nvnetbus.sys [2006-03-22 18944]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\OSW\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\OSW\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\OSW\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\OSW\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S4 IntelIde;IntelIde; C:\OSW\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Akamai;Akamai NetSession Interface; C:\OSW\System32\svchost.exe [2008-04-14 14336]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\OSW\system32\Ati2evxx.exe [2009-10-02 602112]
R2 Autodesk Data Management Job Dispatch;Autodesk Data Management Job Dispatch; C:\Program Files\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe [2008-02-18 32768]
R2 Autodesk EDM Server;Autodesk EDM Server; C:\Program Files\Autodesk\Data Management Server 2009\Server\Webserver\Connectivity.EDMWS.Server.exe [2008-02-18 57344]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 Irmon;Sledování infračerveného přenosu; C:\OSW\system32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\OSW\system32\HPZipm12.exe [2006-03-03 69632]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 ATI Smart;ATI Smart; C:\OSW\system32\ati2sgag.exe [2009-10-01 593920]
S2 MSSQL$AUTODESKVAULT;SQL Server (AUTODESKVAULT); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-01-22 29178224]
S3 aspnet_state;Stavová služba ASP.NET; C:\OSW\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2010-05-16 79360]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\OSW\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-01-15 651720]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\OSW\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; C:\OSW\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-01-22 45272]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\OSW\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-01-22 242544]

-----------------EOF-----------------

#2 Příspěvek od **Caroprd111** » 27 kvě 2010 14:02

Zdravím

Stáhněte OTL http://oldtimer.geekstogo.com/OTL.exe na plochu

Spusťte, poté do spodního políčka vložte následující skript.

Kód: Vybrat vše

 netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys 
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys 
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys 
cdrom.sys 
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav 
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT

Označte položku Pro všechny uživatele.
Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Klikněte na tlačítko Prohledat
Po dokončení, sem vložte logy OTL.Txt a Extras.txt

villain · #3 Příspěvek od **villain** » 27 kvě 2010 16:02

Dobry den, predem se omlouvam za duplicitu, pozde jsem si vsiml, ze jsem ve spatne sekci a nenapadlo me nic lepsiho nez vytvorit nove tema v te spravne.
Dekuji za ochotu.

OTL log:
OTL logfile created on: 27.5.2010 16:31:13 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\michal\Dokumenty\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

511,00 Mb Total Physical Memory | 172,00 Mb Available Physical Memory | 34,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): C:\pagefile.sys 1400 2000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\OSW | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 68,66 Gb Free Space | 46,07% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TENTON
Current User Name: michal
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.05.27 16:29:44 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\michal\Dokumenty\Downloads\OTL.exe
PRC - [2010.04.26 19:13:25 | 000,531,440 | ---- | M] (Google Inc.) -- C:\Documents and Settings\michal\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
PRC - [2009.12.10 22:41:40 | 006,016,512 | ---- | M] (QIP) -- C:\QIP Infium JadrisPack\infium.exe
PRC - [2009.11.25 01:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009.11.25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009.11.25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009.11.25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009.11.25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008.04.14 10:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\OSW\explorer.exe
PRC - [2008.02.18 18:37:48 | 000,032,768 | ---- | M] (Autodesk) -- C:\Program Files\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
PRC - [2008.02.18 18:33:44 | 000,057,344 | ---- | M] (Autodesk) -- C:\Program Files\Autodesk\Data Management Server 2009\Server\Webserver\Connectivity.EDMWS.Server.exe
PRC - [2006.03.03 22:03:10 | 000,069,632 | ---- | M] (HP) -- C:\OSW\system32\HPZipm12.exe

========== Modules (SafeList) ==========

MOD - [2010.05.27 16:29:44 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\michal\Dokumenty\Downloads\OTL.exe
MOD - [2008.04.14 10:49:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\OSW\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010.05.16 16:20:13 | 000,079,360 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2010.05.09 04:09:06 | 002,478,640 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\rswin_3697.dll -- (Akamai)
SRV - [2010.01.15 19:10:35 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.11.25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009.11.25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009.11.25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009.11.25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2008.07.29 20:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\OSW\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.02.18 18:37:48 | 000,032,768 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe -- (Autodesk Data Management Job Dispatch)
SRV - [2008.02.18 18:33:44 | 000,057,344 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files\Autodesk\Data Management Server 2009\Server\Webserver\Connectivity.EDMWS.Server.exe -- (Autodesk EDM Server)
SRV - [2008.01.22 20:15:00 | 029,178,224 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$AUTODESKVAULT) SQL Server (AUTODESKVAULT)
SRV - [2008.01.22 20:14:52 | 000,242,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008.01.22 20:14:52 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2006.03.03 22:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\OSW\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2010.04.25 09:38:20 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\OSW\gdrv.sys -- (gdrv)
DRV - [2009.11.25 01:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\OSW\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009.11.25 01:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\OSW\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009.11.25 01:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\OSW\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009.11.25 01:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\OSW\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009.11.25 01:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\OSW\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009.11.25 01:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\OSW\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009.10.02 06:09:20 | 004,486,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\OSW\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009.08.19 14:05:56 | 000,100,368 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\OSW\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008.12.11 11:24:20 | 004,959,232 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\OSW\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.04.14 11:10:02 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\OSW\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008.04.14 02:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\OSW\system32\drivers\nmnt.sys -- (nm)
DRV - [2007.11.18 01:43:34 | 000,050,304 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\OSW\system32\drivers\nvefd2k.sys -- (NVENETFD)
DRV - [2006.07.01 22:42:58 | 000,043,008 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\OSW\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006.04.24 11:52:28 | 000,100,736 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\OSW\System32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006.03.22 08:24:02 | 000,018,944 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\OSW\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2001.08.17 22:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\OSW\system32\drivers\irsir.sys -- (irsir)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1004336348-706699826-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\OSW\system32\blank.htm
IE - HKU\S-1-5-21-1004336348-706699826-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
IE - HKU\S-1-5-21-1004336348-706699826-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://seznam.cz/"
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.7.3

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.03.19 18:15:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.25 10:10:14 | 000,000,000 | ---D | M]

[2010.03.19 18:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\michal\Data aplikací\Mozilla\Extensions
[2010.03.19 18:17:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\michal\Data aplikací\Mozilla\Firefox\Profiles\5jok82rh.default\extensions
[2010.03.19 18:17:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\michal\Data aplikací\Mozilla\Firefox\Profiles\5jok82rh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.03.19 18:17:38 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\michal\Data aplikací\Mozilla\Firefox\Profiles\5jok82rh.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010.03.19 18:14:56 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.01.16 02:50:40 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.01.16 02:50:40 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.01.16 02:50:40 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.01.16 02:50:40 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.01.16 02:50:40 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2003.04.16 14:00:00 | 000,000,737 | ---- | M]) - C:\OSW\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [Alcmtr] C:\OSW\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [GEST] File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1004336348-706699826-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.88.1 80.251.252.138
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\OSW\system32\msdxm.ocx (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\OSW\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\OSW\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\OSW\Web\Wallpaper\Nebe.bmp
O24 - Desktop BackupWallPaper: C:\OSW\Web\Wallpaper\Nebe.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.05.16 15:23:42 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009.12.26 05:45:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\OSW\system32\ias [2009.12.26 16:05:58 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.divxa32 - C:\OSW\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\OSW\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\OSW\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\OSW\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\OSW\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\OSW\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\OSW\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\OSW\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\OSW\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\OSW\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54338281256517632)

========== Files/Folders - Created Within 30 Days ==========

[2010.05.27 09:39:13 | 000,000,000 | ---D | C] -- C:\OSW\System32\appmgmt
[2010.05.26 18:59:56 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.05.26 18:59:53 | 000,000,000 | ---D | C] -- C:\rsit
[2010.05.26 18:37:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michal\Data aplikací\Malwarebytes
[2010.05.26 18:37:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\OSW\System32\drivers\mbamswissarmy.sys
[2010.05.26 18:37:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.OSW\Data aplikací\Malwarebytes
[2010.05.26 18:37:33 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\OSW\System32\drivers\mbam.sys
[2010.05.26 18:37:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.05.25 23:23:41 | 000,000,000 | ---D | C] -- C:\OSW\System32\LogFiles
[2010.05.25 23:16:55 | 000,000,000 | -HSD | C] -- C:\found.000
[2010.05.25 22:59:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\michal\Recent
[2010.05.25 22:57:18 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.05.25 22:26:56 | 000,000,000 | ---D | C] -- C:\Program Files\RegCleaner
[2010.05.25 16:28:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michal\Dokumenty\Lenca_ot
[2010.05.21 23:12:30 | 000,000,000 | ---D | C] -- C:\OSW\Minidump
[2010.05.16 16:57:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michal\Data aplikací\Ansys
[2010.05.16 16:53:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\michal\Dokumenty\Adlm
[2010.05.16 16:30:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010.05.16 16:28:15 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2010.05.16 16:24:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2010.05.16 16:06:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.OSW\Data aplikací\Autodesk, Inc
[2010.05.16 16:03:50 | 000,000,000 | ---D | C] -- C:\Program Files\AOEMView 2009
[2010.05.16 16:02:07 | 000,000,000 | ---D | C] -- C:\Program Files\DWG TrueView 2009
[2010.05.16 16:01:33 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\OSW\System32\D3DCompiler_35.dll
[2010.05.16 16:01:33 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\OSW\System32\d3dx10_35.dll
[2010.05.16 16:01:29 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\OSW\System32\d3dx9_35.dll
[4 C:\OSW\*.tmp files -> C:\OSW\*.tmp -> ]
[1 C:\OSW\System32\*.tmp files -> C:\OSW\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.05.27 15:48:01 | 000,001,030 | ---- | M] () -- C:\OSW\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-706699826-839522115-1004UA.job
[2010.05.27 12:48:01 | 000,000,978 | ---- | M] () -- C:\OSW\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-706699826-839522115-1004Core.job
[2010.05.27 09:12:19 | 000,000,006 | -H-- | M] () -- C:\OSW\tasks\SA.DAT
[2010.05.27 09:12:01 | 000,002,048 | --S- | M] () -- C:\OSW\bootstat.dat
[2010.05.26 22:58:51 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\michal\NTUSER.DAT
[2010.05.26 22:58:51 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\michal\ntuser.ini
[2010.05.26 18:59:07 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\michal\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.26 18:37:42 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users.OSW\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.05.26 13:21:22 | 000,064,720 | ---- | M] () -- C:\Documents and Settings\michal\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
[2010.05.26 13:20:27 | 000,239,944 | ---- | M] () -- C:\OSW\System32\FNTCACHE.DAT
[2010.05.25 23:01:49 | 000,194,262 | ---- | M] () -- C:\Documents and Settings\michal\Dokumenty\cc_20100525_230136.reg
[2010.05.25 22:57:19 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\michal\Plocha\CCleaner.lnk
[2010.05.24 22:16:06 | 000,002,300 | ---- | M] () -- C:\OSW\System32\wpa.dbl
[2010.05.16 16:32:21 | 001,048,718 | ---- | M] () -- C:\OSW\System32\PerfStringBackup.INI
[2010.05.16 16:32:21 | 000,487,968 | ---- | M] () -- C:\OSW\System32\perfh009.dat
[2010.05.16 16:32:21 | 000,484,540 | ---- | M] () -- C:\OSW\System32\perfh005.dat
[2010.05.16 16:32:21 | 000,100,374 | ---- | M] () -- C:\OSW\System32\perfc005.dat
[2010.05.16 16:32:21 | 000,089,018 | ---- | M] () -- C:\OSW\System32\perfc009.dat
[2010.05.16 16:19:59 | 000,000,823 | ---- | M] () -- C:\Documents and Settings\michal\Dokumenty\Inventor Samples.lnk
[2010.05.16 16:19:55 | 000,001,902 | ---- | M] () -- C:\Documents and Settings\All Users.OSW\Plocha\Autodesk Inventor Professional 2009.lnk
[2010.05.16 16:03:04 | 000,001,749 | ---- | M] () -- C:\Documents and Settings\All Users.OSW\Plocha\DWG TrueView 2009.lnk
[2010.05.15 20:25:04 | 000,001,976 | ---- | M] () -- C:\Documents and Settings\All Users.OSW\Plocha\Autodesk Inventor Professional 2010.lnk
[2010.05.14 19:23:13 | 000,280,467 | ---- | M] () -- C:\Documents and Settings\michal\Dokumenty\buben_certif-Model.jpg
[2010.05.14 18:41:33 | 000,001,811 | ---- | M] () -- C:\Documents and Settings\All Users.OSW\Plocha\Autodesk Design Review.lnk
[2010.05.14 18:36:05 | 000,078,963 | ---- | M] () -- C:\Documents and Settings\michal\Dokumenty\buben_certif.dwf
[2010.05.14 18:35:44 | 000,168,114 | ---- | M] () -- C:\Documents and Settings\michal\Dokumenty\buben_certif.dwg
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\OSW\System32\drivers\mbamswissarmy.sys
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\OSW\System32\drivers\mbam.sys
[2010.04.29 13:48:58 | 000,002,266 | ---- | M] () -- C:\Documents and Settings\michal\Plocha\Google Chrome.lnk
[4 C:\OSW\*.tmp files -> C:\OSW\*.tmp -> ]
[1 C:\OSW\System32\*.tmp files -> C:\OSW\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.05.26 18:37:42 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users.OSW\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.05.25 23:01:43 | 000,194,262 | ---- | C] () -- C:\Documents and Settings\michal\Dokumenty\cc_20100525_230136.reg
[2010.05.25 22:57:19 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\michal\Plocha\CCleaner.lnk
[2010.05.16 16:19:55 | 000,001,902 | ---- | C] () -- C:\Documents and Settings\All Users.OSW\Plocha\Autodesk Inventor Professional 2009.lnk
[2010.05.16 16:03:04 | 000,001,749 | ---- | C] () -- C:\Documents and Settings\All Users.OSW\Plocha\DWG TrueView 2009.lnk
[2010.05.15 20:25:10 | 000,000,823 | ---- | C] () -- C:\Documents and Settings\michal\Dokumenty\Inventor Samples.lnk
[2010.05.15 20:25:04 | 000,001,976 | ---- | C] () -- C:\Documents and Settings\All Users.OSW\Plocha\Autodesk Inventor Professional 2010.lnk
[2010.05.14 19:23:11 | 000,280,467 | ---- | C] () -- C:\Documents and Settings\michal\Dokumenty\buben_certif-Model.jpg
[2010.05.14 18:41:33 | 000,001,811 | ---- | C] () -- C:\Documents and Settings\All Users.OSW\Plocha\Autodesk Design Review.lnk
[2010.05.14 18:36:03 | 000,078,963 | ---- | C] () -- C:\Documents and Settings\michal\Dokumenty\buben_certif.dwf
[2010.05.14 17:56:26 | 000,178,560 | ---- | C] () -- C:\Documents and Settings\michal\Dokumenty\buben_certif.bak
[2010.05.14 17:56:26 | 000,168,114 | ---- | C] () -- C:\Documents and Settings\michal\Dokumenty\buben_certif.dwg
[2010.01.08 19:04:32 | 000,077,824 | R--- | C] () -- C:\OSW\System32\HPZIDS01.dll
[2009.12.27 12:35:06 | 000,000,097 | ---- | C] () -- C:\OSW\System32\PICSDK.ini
[2008.04.14 10:51:54 | 000,363,520 | ---- | C] () -- C:\OSW\System32\psisdecd.dll
[2001.07.07 04:00:00 | 000,003,165 | ---- | C] () -- C:\OSW\System32\HPTCPMON.INI

========== LOP Check ==========

[2010.05.16 16:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.OSW\Data aplikací\Autodesk
[2010.05.16 16:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.OSW\Data aplikací\Autodesk, Inc
[2010.01.16 21:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Data aplikací\Softland
[2010.05.16 16:57:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\michal\Data aplikací\Ansys
[2010.05.16 16:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\michal\Data aplikací\Autodesk
[2010.01.15 18:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\michal\Data aplikací\OpenOffice.org
[2010.01.16 17:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\michal\Data aplikací\Orbit
[2009.12.27 12:36:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\michal\Data aplikací\Panasonic

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\OSW\system32\ctfmon.exe -- [2008.04.14 10:52:18 | 000,015,360 | ---- | M] (Microsoft Corporation)
"Google Update" = "C:\Documents and Settings\michal\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c -- [2009.12.26 20:33:03 | 000,135,664 | ---- | M] (Google Inc.)

< c:\windows\*.* /U >
[3 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >
[2007.01.06 17:57:55 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\devcon.exe
[2007.01.06 17:59:11 | 000,226,574 | ---- | M] () -- C:\DPsFnshr.exe
[2007.01.06 17:59:14 | 000,192,936 | ---- | M] () -- C:\DSPdsblr.exe
[2007.01.06 17:57:54 | 000,020,992 | ---- | M] () -- C:\makePNF.exe
[2007.01.06 17:59:15 | 000,184,316 | ---- | M] () -- C:\pmtimer.exe

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010.01.09 11:57:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\michal\Data aplikací\Adobe
[2010.05.16 16:57:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\michal\Data aplikací\Ansys
[2010.04.25 10:06:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\michal\Data aplikací\ATI
[2010.05.16 16:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\michal\Data aplikací\Autodesk
[2009.12.29 22:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\michal\Data aplikací\Google
[2009.12.27 13:43:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\michal\Data aplikací\GRETECH
[2010.01.08 19:25:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\michal\Data aplikací\HP
[2009.12.25 22:22:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\michal\Data aplikací\Identities
[2010.04.21 21:52:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\michal\Data aplikací\InstallShield
[2009.12.25 22:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\michal\Data aplikací\Macromedia
[2010.05.26 18:37:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\michal\Data aplikací\Malwarebytes
[2010.02.05 20:14:58 | 000,000,000 | --SD | M] -- C:\Documents and Settings\michal\Data aplikací\Microsoft
[2010.03.19 18:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\michal\Data aplikací\Mozilla
[2010.01.10 12:40:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\michal\Data aplikací\Nero
[2010.01.15 18:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\michal\Data aplikací\OpenOffice.org
[2010.01.16 17:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\michal\Data aplikací\Orbit
[2009.12.27 12:36:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\michal\Data aplikací\Panasonic
[2010.01.09 16:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\michal\Data aplikací\WinRAR

< %APPDATA%\*.exe /s >
[2010.02.05 19:39:56 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\michal\Data aplikací\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe

< MD5 for: AGP440.SYS >
[2004.08.17 17:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\Documents and Settings\michal\Dokumenty\WindowsXPsp3cz\I386\sp2.cab:AGP440.sys
[2008.04.14 11:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\Documents and Settings\michal\Dokumenty\WindowsXPsp3cz\I386\sp3.cab:AGP440.sys
[2008.04.14 11:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\OSW\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 11:10:02 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\OSW\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2002.09.20 22:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\Documents and Settings\michal\Dokumenty\WindowsXPsp3cz\I386\sp1.cab:atapi.sys
[2004.08.17 17:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\Documents and Settings\michal\Dokumenty\WindowsXPsp3cz\I386\sp2.cab:atapi.sys
[2008.04.14 11:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\Documents and Settings\michal\Dokumenty\WindowsXPsp3cz\I386\sp3.cab:atapi.sys
[2008.04.14 11:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\OSW\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 11:10:02 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\OSW\system32\drivers\atapi.sys
[2004.08.04 06:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: CDROM.SYS >
[2002.09.20 22:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\Documents and Settings\michal\Dokumenty\WindowsXPsp3cz\I386\sp1.cab:cdrom.sys
[2004.08.17 17:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\Documents and Settings\michal\Dokumenty\WindowsXPsp3cz\I386\sp2.cab:cdrom.sys
[2008.04.14 11:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\Documents and Settings\michal\Dokumenty\WindowsXPsp3cz\I386\sp3.cab:cdrom.sys
[2008.04.14 11:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\OSW\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 11:10:02 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\OSW\system32\drivers\cdrom.sys
[2004.08.04 06:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\drivers\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2007.01.06 06:59:36 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=87F3E2D2A3231F820F9248DB90090F42 -- C:\WINDOWS\system32\cryptsvc.dll
[2008.04.14 10:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\OSW\system32\cryptsvc.dll
[2008.04.14 10:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\OSW\system32\dllcache\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 10:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\OSW\system32\dllcache\eventlog.dll
[2008.04.14 10:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\OSW\system32\eventlog.dll
[2004.08.04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 10:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\OSW\explorer.exe
[2008.04.14 10:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\OSW\system32\dllcache\explorer.exe
[2007.01.06 06:59:44 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=42D32722B805D7DF42D30487A0BCBD78 -- C:\WINDOWS\explorer.exe

< MD5 for: HAL.DLL >
[2002.09.20 22:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\Documents and Settings\michal\Dokumenty\WindowsXPsp3cz\I386\sp1.cab:hal.dll
[2004.08.17 17:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\Documents and Settings\michal\Dokumenty\WindowsXPsp3cz\I386\sp2.cab:hal.dll
[2008.04.14 11:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\Documents and Settings\michal\Dokumenty\WindowsXPsp3cz\I386\sp3.cab:hal.dll
[2008.04.14 11:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\OSW\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 11:10:02 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=6F61D3287A6A15A08A9433222C09D17F -- C:\OSW\system32\hal.dll
[2007.01.06 06:59:50 | 000,131,712 | ---- | M] (Microsoft Corporation) MD5=F9A83D160C80EE6F45AA577CB101B83F -- C:\WINDOWS\system32\hal.dll

< MD5 for: CHANGER.SYS >
[2004.08.17 17:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\Documents and Settings\michal\Dokumenty\WindowsXPsp3cz\I386\sp2.cab:Changer.sys
[2008.04.14 11:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\Documents and Settings\michal\Dokumenty\WindowsXPsp3cz\I386\sp3.cab:Changer.sys
[2008.04.14 11:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\OSW\Driver Cache\i386\sp3.cab:Changer.sys

< MD5 for: IASTOR.SYS >
[2006.02.26 17:21:18 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\D\M\IN\1\O\iastor.sys
[2006.08.05 19:56:25 | 000,247,808 | ---- | M] (Intel Corporation) MD5=580BFEC487C55264BFE3D60C3C24EEE1 -- C:\D\M\IN\1\iaStor.sys

< MD5 for: ISAPNP.SYS >
[2008.04.14 11:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\Documents and Settings\michal\Dokumenty\WindowsXPsp3cz\I386\sp3.cab:isapnp.sys
[2008.04.14 11:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\OSW\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 11:10:02 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\OSW\system32\drivers\isapnp.sys
[2004.08.04 06:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=E504F706CCB699C2596E9A3DA1596E87 -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2004.08.04 06:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=84885F9B82F4D55C6146EBF6065D75D2 -- C:\WINDOWS\system32\lsass.exe
[2008.04.14 10:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\OSW\system32\dllcache\lsass.exe
[2008.04.14 10:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\OSW\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.14 02:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\OSW\system32\dllcache\ndis.sys
[2008.04.14 02:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\OSW\system32\drivers\ndis.sys
[2004.08.04 06:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2004.08.04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll
[2008.04.14 10:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\OSW\system32\dllcache\netlogon.dll
[2008.04.14 10:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\OSW\system32\netlogon.dll

< MD5 for: NVATA.SYS >
[2005.08.12 14:31:12 | 000,098,432 | ---- | M] (NVIDIA Corporation) MD5=11D1AD7E946538E02F9EF6A6E1792061 -- C:\D\M\N\4INTEL\I\nvata.sys
[2006.05.01 17:27:00 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=49628180ADB2E043CE017D85014BB751 -- C:\D\M\N\590SLI\I\nvata.sys
[2006.05.01 17:27:00 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=49628180ADB2E043CE017D85014BB751 -- C:\WINDOWS\system32\drivers\nvata.sys
[2006.04.24 17:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\D\M\N\4\I\nvata.sys
[2006.04.24 11:52:28 | 000,100,736 | R--- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\OSW\system32\drivers\nvata.sys

< MD5 for: NVATABUS.SYS >
[2005.08.12 14:31:12 | 000,098,432 | ---- | M] (NVIDIA Corporation) MD5=11D1AD7E946538E02F9EF6A6E1792061 -- C:\D\M\N\4INTEL\R\nvatabus.sys
[2006.05.01 17:27:00 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=49628180ADB2E043CE017D85014BB751 -- C:\D\M\N\590SLI\R\nvatabus.sys
[2006.02.26 17:21:19 | 000,089,856 | ---- | M] (NVIDIA Corporation) MD5=83F0275A21D9772B51CEF57E35AFAE61 -- C:\D\M\N\123\NvAtaBus.sys
[2006.04.24 17:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\D\M\N\4\R\nvatabus.sys
[2006.04.24 17:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\D\M\N\TM\nvatabus.sys

< MD5 for: NVRAID.SYS >
[2006.05.01 17:27:06 | 000,082,944 | ---- | M] (NVIDIA Corporation) MD5=1163D19CDD6EB65892655E181D89D053 -- C:\D\M\N\590SLI\R\nvraid.sys
[2005.08.12 14:31:14 | 000,077,184 | ---- | M] (NVIDIA Corporation) MD5=3BC8B9D8A744DF75698FE35D52F18A0A -- C:\D\M\N\4INTEL\R\nvraid.sys
[2006.04.24 17:52:36 | 000,082,944 | ---- | M] (NVIDIA Corporation) MD5=B65CE56C36F573113FF2F6D0F07B7563 -- C:\D\M\N\4\R\nvraid.sys
[2006.04.24 17:52:36 | 000,082,944 | ---- | M] (NVIDIA Corporation) MD5=B65CE56C36F573113FF2F6D0F07B7563 -- C:\D\M\N\TM\nvraid.sys
[2006.02.26 17:21:19 | 000,063,232 | ---- | M] (NVIDIA Corporation) MD5=B95B5FB53245D6C7AD5696CE71360EED -- C:\D\M\N\123\nvraid.sys

< MD5 for: SCECLI.DLL >
[2004.08.04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008.04.14 10:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\OSW\system32\dllcache\scecli.dll
[2008.04.14 10:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\OSW\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2008.04.14 10:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\OSW\system32\dllcache\smss.exe
[2008.04.14 10:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\OSW\system32\smss.exe
[2004.08.04 06:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=BD7FB0957C716F1A60333AEE04DE2178 -- C:\WINDOWS\system32\smss.exe
[2008.04.14 10:52:52 | 000,481,792 | ---- | M] (Microsoft Corporation) MD5=F209B5C79A87A9521DC0BD88B039EEE3 -- C:\Documents and Settings\michal\Dokumenty\WindowsXPsp3cz\I386\SYSTEM32\SMSS.EXE

< MD5 for: SVCHOST.EXE >
[2004.08.04 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\svchost.exe
[2008.04.14 10:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\OSW\system32\dllcache\svchost.exe
[2008.04.14 10:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\OSW\system32\svchost.exe

< MD5 for: SYMMPI.SYS >
[2006.02.26 17:21:19 | 000,041,856 | ---- | M] (LSI Logic) MD5=3ADFFB39782474652F4EA2CF1345B340 -- C:\D\M\L\4\symmpi.sys

< MD5 for: TCPIP.SYS >
[2008.04.14 02:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\OSW\$NtUninstallKB951748$\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\OSW\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\OSW\system32\drivers\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\OSW\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2007.01.06 08:31:30 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=E7DFCFFA380749B8626AD71E8F367DCB -- C:\WINDOWS\system32\drivers\tcpip.sys

< MD5 for: USERINIT.EXE >
[2004.08.04 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe
[2008.04.14 10:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\OSW\system32\dllcache\userinit.exe
[2008.04.14 10:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\OSW\system32\userinit.exe

< MD5 for: VIAMRAID.SYS >
[2006.02.26 17:21:23 | 000,092,672 | ---- | M] (VIA Technologies inc,.ltd) MD5=FBF18F9F5FB852C2976723587B44F346 -- C:\D\M\V\1\viamraid.sys

< MD5 for: WINLOGON.EXE >
[2004.08.04 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe
[2008.04.14 10:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\OSW\system32\dllcache\winlogon.exe
[2008.04.14 10:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\OSW\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2004.08.04 06:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\system32\ws2_32.dll
[2008.04.14 10:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\OSW\system32\dllcache\ws2_32.dll
[2008.04.14 10:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\OSW\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009.10.02 05:33:02 | 000,446,464 | R--- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\OSW\system32\ATIDEMGX.dll
[2008.04.14 10:51:40 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\OSW\system32\comsvcs.dll
[1 C:\OSW\system32\*.tmp files -> C:\OSW\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009.12.26 16:58:24 | 000,262,144 | ---- | M] () -- C:\OSW\system32\config\default.sav
[2009.12.26 15:55:12 | 000,262,144 | ---- | M] () -- C:\OSW\system32\config\security.sav
[2009.12.26 16:58:24 | 011,272,192 | ---- | M] () -- C:\OSW\system32\config\software.sav
[2009.12.26 16:58:25 | 003,407,872 | ---- | M] () -- C:\OSW\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[2009.10.02 05:33:02 | 000,446,464 | R--- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\OSW\system32\ATIDEMGX.dll
[2008.04.14 10:51:40 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\OSW\system32\comsvcs.dll
[1 C:\OSW\system32\*.tmp files -> C:\OSW\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2010.05.26 13:20:27 | 000,239,944 | ---- | M] () -- C:\OSW\system32\FNTCACHE.DAT
[2010.05.24 22:16:06 | 000,002,300 | ---- | M] () -- C:\OSW\system32\wpa.dbl
[1 C:\OSW\system32\*.tmp files -> C:\OSW\system32\*.tmp -> ]
< End of report >

villain · #4 Příspěvek od **villain** » 27 kvě 2010 16:03

Extras log:
OTL Extras logfile created on: 27.5.2010 16:31:13 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\michal\Dokumenty\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

511,00 Mb Total Physical Memory | 172,00 Mb Available Physical Memory | 34,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): C:\pagefile.sys 1400 2000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\OSW | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 68,66 Gb Free Space | 46,07% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TENTON
Current User Name: michal
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1941:TCP" = 1941:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\QIP Infium JadrisPack\infium.exe" = C:\QIP Infium JadrisPack\infium.exe:*:Enabled:QIP Infium -- (QIP)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05C56753-F144-44BC-BA67-83CC5DBF395C}" = F300
"{083F79E4-6FE9-46FB-A6C6-4F8862742947}" = ATI HYDRAVISION
"{106EEA42-249B-97B6-827E-D79C677A7284}" = CCC Help Spanish
"{1AEC8B94-C25D-E93E-C60C-ED2736782633}" = CCC Help Chinese Traditional
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FB138CC-5503-4B4A-BC42-81E9C1FF26EE}" = Autodesk Inventor Content Center Libraries 2010 (Desktop Content)
"{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}" = Catalyst Control Center - Branding
"{2090AAD2-D129-375A-8152-93AE4EBDEF11}" = ccc-core-static
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{267117C0-779A-4BD2-1D33-AD569C43D93B}" = CCC Help Czech
"{2A4F281E-2161-405B-B090-4487F505BDDE}" = AOEMView 2009
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (AUTODESKVAULT)
"{2CDCCE7E-55D5-40CC-AEA0-ABA54713501F}" = LUMIX Simple Viewer
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37DC95F1-D521-23A7-313C-D6789F3EAE24}" = CCC Help Finnish
"{3B1BD294-2747-6271-6F47-82A640A3A9E9}" = Catalyst Control Center Localization All
"{3E9CDBD5-DBF7-0D39-4A3B-0535B0A7FBA7}" = CCC Help Danish
"{4552B6C7-2175-15BA-AE39-7B4FB594AE4D}" = CCC Help French
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4685E2C0-838E-2D49-E561-5870D57C2112}" = CCC Help English
"{4D842445-947A-975F-02B9-E87A0956DA14}" = CCC Help German
"{4E61CAD2-655B-5884-DE11-4C27FA952D1E}" = CCC Help Chinese Standard
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{52969324-463B-4643-BF36-854BE2BECB89}" = Autodesk Inventor Professional 2010
"{546C143E-68DC-314D-97BC-1E454E3BA429}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CSY
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56E4D082-46F8-99B4-4E43-C6B79677968F}" = Catalyst Control Center Graphics Previews Common
"{57396CE7-B938-D86E-B3C2-450FA8212BA6}" = CCC Help Swedish
"{575471C8-A90D-9AEB-DD5F-D68D0536482A}" = ccc-utility
"{5783F2D6-7028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2009
"{5783F2D7-8001-0405-0002-0060B0CE6BBA}" = AutoCAD 2010 - česky
"{5783F2D7-8001-0405-1002-0060B0CE6BBA}" = Jazykový balíček aplikace AutoCAD 2010 - čeština
"{5783F2D7-8028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2010
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{62540657-7F15-A129-AD00-345CA1685095}" = CCC Help Japanese
"{64FAC270-6C96-2579-0398-E92A29F31796}" = CCC Help Russian
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6F3ECAC9-BB76-C8A8-8DFD-754633F965D1}" = Catalyst Control Center Core Implementation
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7BFAE5A7-5EDC-D120-7FA4-96168AB8575D}" = CCC Help Turkish
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7F4DD591-1300-0409-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2009
"{7F4DD591-1400-0409-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2010
"{7FF910CA-67F5-E39B-2F6A-8E8A7C17FFB3}" = CCC Help Dutch
"{824BADF8-9A1B-4D07-8817-8DDDC8543F23}" = OpenOffice.org 3.1
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8D20B4D7-3422-4099-9332-39F27E617A6F}" = Autodesk Design Review 2011
"{8D70145A-3BD3-4DBF-9CBF-223EF4A43257}" = ATI Parental Control & Encoder
"{905D6E0C-B378-8CF8-0681-31F38D78E204}" = ccc-core-preinstall
"{922D09F2-5A96-2ECB-BB71-493F23AD052B}" = Catalyst Control Center Graphics Light
"{97882553-D37E-F980-1ED0-0748A550D912}" = Catalyst Control Center Graphics Full Existing
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2C9CD1B-2551-3AED-B244-6698FB929FA6}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CSY
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1029-7B44-A93000000001}" = Adobe Reader 9.3.2 - Czech
"{AF16488F-1EAB-5AF1-54D4-59BBAEFA4F48}" = Catalyst Control Center Graphics Full New
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{BB9FF67B-1A16-491B-81C5-272B145FEAB7}" = Autodesk Data Management Server 2009
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{BEECCA33-C880-4648-A043-18614EE1249E}" = ATI AVIVO Codecs
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C4D31726-3698-7CA1-EA46-BEE1B1E2ECA2}" = CCC Help Hungarian
"{C5E2A972-51E3-6B56-6B01-F7D21256F864}" = CCC Help Greek
"{C73FBCE6-B6BF-FDFE-AF76-566A49937FE2}" = CCC Help Portuguese
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C95193C0-29BC-F95E-1D1A-F5346BA45091}" = CCC Help Polish
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD468D28-B317-7038-E384-34E347CD5CAA}" = CCC Help Korean
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D96F5244-BBFF-04F9-4E20-78CFE08AD01A}" = CCC Help Thai
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5966E4C-0A93-4F59-A981-BD3173D4799F}" = F300_Help
"{E85A7628-5420-A5E2-3E6E-8A314C6930F3}" = CCC Help Italian
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EDFB291E-CFF7-9A67-3948-4DC57D9DB3A6}" = CCC Help Norwegian
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FA930901-0E74-F94E-B36B-057B55194E00}" = Skins
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FE2243EE-7C32-C90A-DDF8-75067F45A68D}" = Catalyst Control Center HydraVision Full
"{fff2fae4-54aa-428c-a2c9-67bbcbdd0ee4}" = Nero 9 Lite
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"All ATI Software" = Softarová utilita ATI - Odinstalovat
"AOEMView 2009" = AOEMView 2009
"ATI Display Driver" = ATI Display Driver
"AutoCAD 2010 - česky" = AutoCAD 2010 - česky
"Autodesk Data Management Server 2009" = Autodesk Data Management Server 2009
"Autodesk Design Review 2011" = Autodesk Design Review 2011
"Autodesk Inventor Professional 2009" = Autodesk Inventor Professional 2009
"Autodesk Inventor Professional 2010" = Autodesk Inventor Professional 2010 čeština (Czech)
"avast!" = avast! Antivirus
"CCleaner" = CCleaner (remove only)
"doPDF 6 printer_is1" = doPDF 6.3 printer
"DWG TrueView 2009" = DWG TrueView 2009
"DWG TrueView 2010" = DWG TrueView 2010
"GOM Player" = GOM Player
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"QIP Infium JadrisPack 3.0.1b" = QIP Infium JadrisPack 3.0.1b
"WinRAR archiver" = WinRAR
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1004336348-706699826-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 25.4.2010 4:14:15 | Computer Name = TENTON | Source = Application Error | ID = 1000
Description = Chybující aplikace nmdllhost.exe, verze 4.3.8.0, chybující modul nmbcwriter.dll,
verze 4.5.4.4, adresa chyby 0x0000eb83.

Error - 14.5.2010 12:54:37 | Computer Name = TENTON | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace acad.exe, verze 24.0.55.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 14.5.2010 12:56:25 | Computer Name = TENTON | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace DesignReview.exe, verze 11.0.0.86, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 14.5.2010 14:21:26 | Computer Name = TENTON | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace chrome.exe, verze 0.0.0.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 16.5.2010 10:01:46 | Computer Name = TENTON | Source = MsiInstaller | ID = 11931
Description = Product: MSXML 6.0 Parser -- Error 1931. The Windows Installer service
cannot update the system file C:\OSW\system32\msxml6r.dll because the file is protected
by Windows. You may need to update your operating system for this program to work
correctly. Package version: 6.0.3883.0, OS Protected version: 6.0.3883.0

Error - 16.5.2010 10:28:15 | Computer Name = TENTON | Source = MsiInstaller | ID = 11931
Description = Product: MSXML 6.0 Parser -- Error 1931. The Windows Installer service
cannot update the system file C:\OSW\system32\msxml6r.dll because the file is protected
by Windows. You may need to update your operating system for this program to work
correctly. Package version: 6.0.3883.0, OS Protected version: 6.0.3883.0

[ System Events ]
Error - 25.5.2010 15:44:30 | Computer Name = TENTON | Source = atapi | ID = 262153
Description = Zařízení \Device\Ide\IdePort3 neodpovídá v periodě časového limitu.

Error - 25.5.2010 15:44:42 | Computer Name = TENTON | Source = atapi | ID = 262153
Description = Zařízení \Device\Ide\IdePort3 neodpovídá v periodě časového limitu.

Error - 25.5.2010 15:44:42 | Computer Name = TENTON | Source = atapi | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Ide\IdePort3.

Error - 25.5.2010 17:22:03 | Computer Name = TENTON | Source = Service Control Manager | ID = 7022
Description = Služba Autodesk EDM Server přestala během spouštění reagovat.

Error - 26.5.2010 3:20:16 | Computer Name = TENTON | Source = Service Control Manager | ID = 7022
Description = Služba Autodesk EDM Server přestala během spouštění reagovat.

Error - 26.5.2010 3:21:20 | Computer Name = TENTON | Source = Service Control Manager | ID = 7034
Description = Služba Autodesk Data Management Job Dispatch byla neočekávaně ukončena.
Tento stav nastal již 1krát.

Error - 26.5.2010 7:22:03 | Computer Name = TENTON | Source = Service Control Manager | ID = 7024
Description = Služba SQL Server (AUTODESKVAULT) ukončena s chybou 3417 (0xD59),
specifickou pro službu.

Error - 26.5.2010 7:23:25 | Computer Name = TENTON | Source = Service Control Manager | ID = 7022
Description = Služba Autodesk EDM Server přestala během spouštění reagovat.

Error - 27.5.2010 3:14:49 | Computer Name = TENTON | Source = Service Control Manager | ID = 7022
Description = Služba Autodesk EDM Server přestala během spouštění reagovat.

Error - 27.5.2010 4:59:24 | Computer Name = TENTON | Source = Service Control Manager | ID = 7034
Description = Služba SQL Server (AUTODESKVAULT) byla neočekávaně ukončena. Tento
stav nastal již 1krát.

< End of report >

#5 Příspěvek od **Caroprd111** » 27 kvě 2010 17:50

Odstraňte prosím logy z "Code".

VIRY.CZ

Pomale pc

Pomale pc

Re: Pomale pc

Re: Pomale pc

Re: Pomale pc

Re: Pomale pc