Pomalé pc a nemužu zadat rozlišení monitoru

[Caroprd111]

Spusťte OTL a do spodního okna vložte následující skript.

Kód: Vybrat vše

:OTL
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:2BE9FEFC

:COMMANDS
[Reboot]

Poté klikněte na Run fix, PC se restartuje, log vložte sem.

[Ondra100]

OTL logfile created on: 23.3.2010 14:10:00 - Run 4
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Ondra\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 6,40 Gb Free Space | 32,78% Space Free | Partition Type: NTFS
Drive D: | 54,99 Gb Total Space | 15,76 Gb Free Space | 28,66% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OND-F0A308A7C77
Current User Name: Ondra
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.03.22 16:54:39 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ondra\Plocha\OTL.exe
PRC - [2010.03.18 18:05:29 | 000,212,992 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Ondra\Local Settings\temp\RtkBtMnt.exe
PRC - [2010.02.21 05:03:12 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010.01.03 20:37:30 | 000,139,264 | ---- | M] (SOURCENEXT) -- C:\WINDOWS\system32\bgsvcgen.exe
PRC - [2010.01.03 17:07:48 | 000,246,520 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2009.12.09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009.12.09 18:02:36 | 000,202,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
PRC - [2009.11.16 21:51:29 | 000,603,904 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe
PRC - [2009.07.01 17:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2009.05.18 10:50:18 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009.05.18 10:50:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2008.04.14 04:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.02.21 21:22:50 | 000,453,936 | ---- | M] (Seznam.cz a.s.) -- C:\Program Files\Seznam\Postak\Postak.exe
PRC - [2008.02.15 13:17:00 | 000,832,760 | ---- | M] (BinarySense, Inc.) -- C:\Program Files\Common Files\BinarySense\hldasvc.exe
PRC - [2008.02.15 13:16:18 | 002,278,648 | ---- | M] (BinarySense, Inc.) -- C:\Program Files\BinarySense\HDDlife 3\HDDlifePro.exe
PRC - [2007.06.27 17:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007.06.27 17:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006.04.04 17:08:44 | 000,421,888 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2006.03.27 10:37:58 | 000,045,056 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
PRC - [2005.03.02 12:21:58 | 000,278,528 | ---- | M] (Leadtek Research Inc.) -- C:\Program Files\WinFast\WFTVFM\WFWIZ.exe


========== Modules (SafeList) ==========

MOD - [2010.03.22 16:54:39 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ondra\Plocha\OTL.exe
MOD - [2008.04.14 04:21:45 | 001,028,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42.dll
MOD - [2006.03.02 13:00:00 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42loc.dll
MOD - [2005.10.11 12:18:54 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2010.01.03 20:37:30 | 000,139,264 | ---- | M] (SOURCENEXT) [Auto | Running] -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2010.01.03 17:07:48 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.12.09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009.11.16 21:51:29 | 000,603,904 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2009.11.16 21:51:22 | 000,362,240 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2008.11.12 16:44:18 | 000,027,904 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008.07.29 18:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.02.15 13:17:00 | 000,832,760 | ---- | M] (BinarySense, Inc.) [Auto | Running] -- C:\Program Files\Common Files\BinarySense\hldasvc.exe -- (HDDlife HDD Access service)


========== Driver Services (SafeList) ==========

DRV - [2010.01.03 20:37:30 | 000,038,944 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2009.12.02 15:23:40 | 000,149,040 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2008.04.13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) Ovladač zvukové karty USB (WDM)
DRV - [2008.04.13 17:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007.11.01 13:38:56 | 004,620,288 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.10.19 10:29:22 | 000,161,792 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007.08.24 10:22:56 | 005,776,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007.05.02 10:00:58 | 000,546,976 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2006.11.02 21:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006.02.20 17:59:36 | 000,083,344 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w810obex.sys -- (w810obex)
DRV - [2006.02.20 17:59:34 | 000,085,408 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w810mgmt.sys -- (w810mgmt) Sony Ericsson W810 USB WMC Device Management Drivers (WDM)
DRV - [2006.02.20 17:59:33 | 000,094,064 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w810mdm.sys -- (w810mdm)
DRV - [2006.02.20 17:59:31 | 000,008,336 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w810mdfl.sys -- (w810mdfl)
DRV - [2006.02.20 17:59:27 | 000,058,288 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w810bus.sys -- (w810bus) Sony Ericsson W810 Driver driver (WDM)
DRV - [2005.01.06 15:55:38 | 000,009,446 | ---- | M] (Leadtek Research Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\WinFast\WFTVFM\WFIOCTL.sys -- (WFIOCTL)
DRV - [2004.12.08 14:10:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
DRV - [2004.10.15 17:32:44 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys -- (wg6n)
DRV - [2004.10.15 17:32:42 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys -- (wg5n)
DRV - [2004.10.15 17:32:40 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys -- (wg4n)
DRV - [2004.09.22 17:41:00 | 000,020,608 | ---- | M] (Empia Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emAudio.sys -- (emAudio)
DRV - [2004.09.22 09:42:00 | 000,079,563 | ---- | M] (eMPIA Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2004.09.21 14:52:00 | 000,110,653 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2004.09.21 14:52:00 | 000,004,857 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2003.09.19 16:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010.03.23 09:35:53 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKLM\..\Toolbar: (&S-Rank) - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll (Seznam.cz a.s.)
O3 - HKCU\..\Toolbar\WebBrowser: (&S-Rank) - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll (Seznam.cz a.s.)
O4 - HKLM..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe ()
O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe ()
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SMail] C:\Program Files\Seznam\Postak\Postak.exe (Seznam.cz a.s.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe (Leadtek Research Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe (Acer Inc.)
O4 - Startup: C:\Documents and Settings\Ondra\Nabídka Start\Programy\Po spuštění\HDDlife.lnk = C:\Program Files\BinarySense\HDDlife 3\HDDlifePro.exe (BinarySense, Inc.)
O4 - Startup: C:\Documents and Settings\Ondra\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 5860782103 (MUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.2
O18 - Protocol\Handler\hddlife {BD758015-47D9-477A-8873-4B688A2BC0E2} - C:\Program Files\Common Files\BinarySense\hlAPP.dll (BinarySense, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Ondra\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ondra\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.10.18 10:51:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.03.22 17:17:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.03.22 16:54:26 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ondra\Plocha\OTL.exe
[2010.03.22 15:52:19 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.03.22 15:52:18 | 000,000,000 | ---D | C] -- C:\rsit
[2010.03.22 15:52:04 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010.03.19 15:51:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ondra\Dokumenty\Acoustica
[2010.03.19 15:51:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ondra\Data aplikací\Acoustica
[2010.03.18 18:08:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ondra\Plocha\Nepoužívané odkazy plochy
[2010.03.18 14:52:32 | 000,000,000 | ---D | C] -- C:\SAV32CLI
[2010.03.18 14:51:23 | 000,000,000 | ---D | C] -- C:\SDFix
[2010.03.18 14:48:58 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.03.18 13:48:18 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010.03.18 13:46:25 | 000,390,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF4003.exe
[2010.03.12 17:44:08 | 000,000,000 | ---D | C] -- C:\Program Files\eKucharka
[2010.03.11 09:29:14 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010.02.25 18:18:10 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.02.25 18:17:29 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.02.25 18:17:29 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.02.25 18:17:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.02.25 18:17:28 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.02.25 18:16:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.02.25 18:16:14 | 000,390,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF30059.exe
[2010.02.25 18:16:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.02.25 17:42:25 | 000,000,000 | ---D | C] -- C:\Program Files\AVI to VCD SVCD DVD Converter
[2010.02.25 17:40:19 | 000,000,000 | ---D | C] -- C:\ConverterOutput
[2010.02.25 17:40:04 | 000,000,000 | ---D | C] -- C:\Program Files\Cucusoft
[2010.02.22 10:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ondra\Dokumenty\ICQ
[2010.02.15 17:33:59 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[2009.10.18 12:46:26 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.Shell32.dll
[2009.10.18 11:38:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[2009.10.18 10:53:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[2009.10.18 10:50:53 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Data aplikací\Microsoft
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.03.23 14:11:32 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010.03.23 14:07:30 | 000,000,841 | ---- | M] () -- C:\Documents and Settings\Ondra\Nabídka Start\Programy\Po spuštění\HDDlife.lnk
[2010.03.23 14:07:08 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2010.03.23 14:06:16 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.03.23 14:06:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.03.23 14:06:12 | 1600,139,264 | -HS- | M] () -- C:\hiberfil.sys
[2010.03.23 14:05:31 | 006,815,744 | -H-- | M] () -- C:\Documents and Settings\Ondra\NTUSER.DAT
[2010.03.23 14:05:24 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Ondra\ntuser.ini
[2010.03.23 09:35:53 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010.03.22 16:54:39 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ondra\Plocha\OTL.exe
[2010.03.22 15:58:44 | 000,002,435 | ---- | M] () -- C:\Documents and Settings\Ondra\Plocha\HiJackThis.lnk
[2010.03.22 15:51:34 | 001,401,344 | ---- | M] () -- C:\Documents and Settings\Ondra\Plocha\HijackThis.msi
[2010.03.22 15:47:03 | 000,781,909 | ---- | M] () -- C:\Documents and Settings\Ondra\Plocha\RSIT.exe
[2010.03.19 15:53:10 | 000,000,729 | ---- | M] () -- C:\Documents and Settings\Ondra\Plocha\Register Acoustica CD Label Maker.lnk
[2010.03.19 15:53:10 | 000,000,703 | ---- | M] () -- C:\Documents and Settings\Ondra\Plocha\Acoustica CD Label Maker.lnk
[2010.03.19 15:30:10 | 000,012,041 | ---- | M] () -- C:\Documents and Settings\Ondra\Plocha\Levoš.odt
[2010.03.18 13:53:39 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.03.18 13:46:56 | 003,894,152 | R--- | M] () -- C:\Documents and Settings\Ondra\Plocha\ComboFix.exe
[2010.03.18 13:46:10 | 000,390,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF4003.exe
[2010.03.15 20:21:04 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.03.12 18:02:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010.03.12 17:48:16 | 000,000,640 | ---- | M] () -- C:\Documents and Settings\Ondra\Plocha\eKuchařka.lnk
[2010.03.10 16:08:30 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Microsoft Security Essentials.lnk
[2010.03.07 19:17:49 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.03.02 19:03:59 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Ondra\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.25 18:18:19 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010.02.25 18:16:04 | 000,390,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF30059.exe
[2010.02.25 17:42:29 | 000,000,755 | ---- | M] () -- C:\Documents and Settings\Ondra\Plocha\AVI to VCD SVCD DVD Converter.lnk
[2010.02.25 17:40:09 | 000,000,805 | ---- | M] () -- C:\Documents and Settings\Ondra\Plocha\Cucusoft AVI to VCD DVD MPEG Creator Pro.lnk
[2010.02.24 10:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010.02.24 09:36:51 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.02.22 21:01:08 | 000,000,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2010.02.21 15:48:21 | 000,000,918 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\NET Radio Rekorder.lnk
[2010.02.21 15:48:21 | 000,000,113 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\REDSYSTEM.url
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.03.22 15:52:05 | 000,002,435 | ---- | C] () -- C:\Documents and Settings\Ondra\Plocha\HiJackThis.lnk
[2010.03.22 15:51:31 | 001,401,344 | ---- | C] () -- C:\Documents and Settings\Ondra\Plocha\HijackThis.msi
[2010.03.22 15:47:00 | 000,781,909 | ---- | C] () -- C:\Documents and Settings\Ondra\Plocha\RSIT.exe
[2010.03.19 15:53:10 | 000,000,729 | ---- | C] () -- C:\Documents and Settings\Ondra\Plocha\Register Acoustica CD Label Maker.lnk
[2010.03.19 15:53:10 | 000,000,703 | ---- | C] () -- C:\Documents and Settings\Ondra\Plocha\Acoustica CD Label Maker.lnk
[2010.03.19 15:53:09 | 000,299,552 | ---- | C] () -- C:\WINDOWS\wmsysprx.prx
[2010.03.19 15:30:09 | 000,012,041 | ---- | C] () -- C:\Documents and Settings\Ondra\Plocha\Levoš.odt
[2010.03.18 13:46:48 | 003,894,152 | R--- | C] () -- C:\Documents and Settings\Ondra\Plocha\ComboFix.exe
[2010.03.12 17:44:12 | 000,000,640 | ---- | C] () -- C:\Documents and Settings\Ondra\Plocha\eKuchařka.lnk
[2010.03.10 16:14:33 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010.02.25 18:18:18 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010.02.25 18:18:16 | 000,261,312 | ---- | C] () -- C:\cmldr
[2010.02.25 18:17:29 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.02.25 18:17:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.02.25 18:17:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.02.25 18:17:29 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.02.25 18:17:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.02.25 17:42:29 | 000,000,755 | ---- | C] () -- C:\Documents and Settings\Ondra\Plocha\AVI to VCD SVCD DVD Converter.lnk
[2010.02.25 17:40:09 | 000,000,805 | ---- | C] () -- C:\Documents and Settings\Ondra\Plocha\Cucusoft AVI to VCD DVD MPEG Creator Pro.lnk
[2010.02.25 17:40:08 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2010.02.25 17:40:08 | 001,761,280 | ---- | C] () -- C:\WINDOWS\System32\ffdshow.ax
[2010.02.25 17:40:08 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2010.02.25 17:40:08 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2010.02.25 17:40:08 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2010.02.25 17:40:07 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\ac3filter.ax
[2010.02.21 15:48:21 | 000,000,918 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\NET Radio Rekorder.lnk
[2010.02.21 15:48:21 | 000,000,113 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\REDSYSTEM.url
[2010.01.25 18:18:35 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Ondra\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.27 14:31:32 | 000,001,014 | ---- | C] () -- C:\WINDOWS\ARCHPR.INI
[2009.12.27 14:20:07 | 000,000,183 | ---- | C] () -- C:\WINDOWS\aimpr.ini
[2009.11.12 16:48:38 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009.11.10 18:13:37 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.10.18 13:57:46 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009.10.18 13:57:45 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009.10.18 13:57:44 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.10.18 13:57:44 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.10.18 13:57:43 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009.10.18 13:57:42 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.10.18 13:57:42 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009.10.18 12:46:26 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\ScrollBarLib.dll
[2009.10.18 10:58:46 | 001,174,000 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2009.10.18 10:58:46 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4864.dll
[2009.10.18 10:58:46 | 000,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:2BE9FEFC
< End of report >

[Caroprd111]

Potřebuji log, co vyskočil po aplikaci skriptu.

[Ondra100]

Mě žadný nevyskočil.

[Caroprd111]

Podívejte se na disk C: do složky OTL, jestli tam není log.

[Ondra100]

========== OTL ==========
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:2BE9FEFC deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.1.37.3 log created on 03232010_140513

[Caroprd111]

Stáhněte MBAM http://www.viry.cz/forum/viewtopic.php?f=29&t=67229

• Podle návodu v odkazu nainstalujte, poté dejte úplný sken.
• Nic nemažte MBAM má občas falešné detekce a mohl by smazat např. systémové soubory.
• Log vložte sem.

[Ondra100]

Už se mi podařilo nastavit rozlišení monitoru. Děkuji

[Caroprd111]

Ještě proveďte ten MBAM.

[Ondra100]

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3903
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

23.3.2010 15:10:07
mbam-log-2010-03-23 (15-09-59).txt

Typ kontroly: Kompletní kontrola (C:\|D:\|)
Zkontrolované objekty: 179553
Uplynulý čas: 42 minute(s), 10 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\System Volume Information\_restore{9AA4E6F8-FE46-49C1-85BF-48174C21E2B6}\RP102\A0029528.exe (HackTool.Asterisk) -> No action taken.
D:\System Volume Information\_restore{9AA4E6F8-FE46-49C1-85BF-48174C21E2B6}\RP71\A0019100.exe (HackTool.PassReminder) -> No action taken.

[Caroprd111]

Vše, co našel MBAM smažte a napište stav PC.

[Ondra100]

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3903
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

23.3.2010 15:47:24
mbam-log-2010-03-23 (15-47-24).txt

Typ kontroly: Kompletní kontrola (C:\|D:\|)
Zkontrolované objekty: 179631
Uplynulý čas: 25 minute(s), 3 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\System Volume Information\_restore{9AA4E6F8-FE46-49C1-85BF-48174C21E2B6}\RP102\A0029528.exe (HackTool.Asterisk) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{9AA4E6F8-FE46-49C1-85BF-48174C21E2B6}\RP71\A0019100.exe (HackTool.PassReminder) -> Quarantined and deleted successfully.

[Caroprd111]

Napište stav PC.

[Ondra100]

Jede už rychleji. Děkuji.

[Caroprd111]

Poprosím o nový log z RSIT.