Černá obrazovka při zapnutí PC, nejde ani nouz. režim

Zpráva

superTom · #1 Příspěvek od **superTom** » 17 dub 2010 08:48

Zdravím, měl jsem problém s virem Security Tool, na vašem webu jsem ale našel návod jak se ho zbavit. Stáhl jsem si Malwarebytes' Anti-Malware, který mi našel několik infikovaných položek. K odstranění některých bylo potřeba PC restartovat, načež jsem tak učinil, ale po restartu mi naběhla na počítači pouze černá obrazovka. Zkoušel jsem F8 a poté PC spustit běžným způsobem, poslední známou konfiguraci nebo třeba nouzový režim ale vždy poté zase naskočí černá obrazovka a nevím co dál. Díky za případnou pomoc

superTom · #2 Příspěvek od **superTom** » 17 dub 2010 08:54

Ani kurzor není vidět. Vypálit CD na jiném PC by neměl být problém

superTom · #3 Příspěvek od **superTom** » 17 dub 2010 09:04

Ok, díky za rychlou odpověď, zkusím to

superTom · #4 Příspěvek od **superTom** » 17 dub 2010 10:18

Promiň, že odepisuju až teď, měl jsem ještě nějaký zařizování.

Udělal jsem vše jak jsi psal, ale v průběhu prohledávání mi vyskočila chybová hláška Cannot create file X:/Programs/OTLPE/cmd/.bat.

superTom · #5 Příspěvek od **superTom** » 17 dub 2010 10:22

Ok, nic se neděje, udělám to znova

Verzi mám ENG

superTom · #6 Příspěvek od **superTom** » 17 dub 2010 11:00

OTL logfile created on: 4/17/2010 12:33:59 PM - Run
OTLPE by OldTimer - Version 3.1.28.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 191.00 Mb Available Physical Memory | 37.00% Memory free
459.00 Mb Paging File | 246.00 Mb Available in Paging File | 54.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 3.93 Gb Free Space | 3.52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard
Using ControlSet: ControlSet003

========== Win32 Services (SafeList) ==========

SRV - [2009/11/28 03:42:16 | 000,268,288 | ---- | M] () [Auto] -- C:\WINDOWS\system32\nycygajoos.exe -- (eoreatzwazjy)
SRV - [2009/11/23 14:22:41 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (tuneup.defrag)
SRV - [2009/11/12 11:33:00 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand] -- C:\Program Files\iPod\bin\iPodService.exe -- (ipod service)
SRV - [2009/10/30 10:05:48 | 001,021,256 | ---- | M] (TuneUp Software) [Auto] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (tuneup.utilitiessvc)
SRV - [2009/10/30 10:01:00 | 000,030,024 | ---- | M] (TuneUp Software) [Auto] -- C:\WINDOWS\system32\uxtuneup.dll -- (uxtuneup)
SRV - [2009/09/11 07:02:16 | 000,133,104 | ---- | M] (Google Inc.) [Auto] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1ca32cf61c5923c) Služba Google Update (gupdate1ca32cf61c5923c)
SRV - [2009/08/28 14:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (apple mobile device)
SRV - [2008/12/12 06:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/10/19 08:30:02 | 000,222,456 | ---- | M] () [Auto] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2008/07/23 10:25:45 | 000,348,344 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2008/07/19 10:38:28 | 000,147,640 | ---- | M] (ALWIL Software) [Auto] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2008/07/19 10:38:04 | 000,250,040 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2008/07/19 10:25:06 | 000,016,056 | ---- | M] (ALWIL Software) [Auto] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2007/10/25 09:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 05:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/05/28 12:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007/03/26 07:06:24 | 000,292,864 | ---- | M] (Nokia.) [On_Demand] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2005/08/05 15:05:00 | 000,516,096 | ---- | M] () [Auto] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2005/08/03 23:02:57 | 000,380,928 | ---- | M] (ATI Technologies Inc.) [Auto] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/04/03 19:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 14:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/04/15 06:24:57 | 000,054,016 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\fyixcrn.sys -- (jtkmmwbd)
DRV - [2010/04/15 03:03:42 | 000,000,000 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\njgyycjk.sys -- (njgyycjk)
DRV - [2009/10/14 02:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (tuneuputilitiesdrv)
DRV - [2009/08/28 14:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (usbaapl)
DRV - [2009/05/18 09:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (gearaspiwdm)
DRV - [2008/09/24 06:29:25 | 000,029,184 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\VClone.sys -- (VClone)
DRV - [2008/09/05 15:15:22 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2008/07/28 11:07:54 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/07/21 08:11:58 | 000,024,392 | ---- | M] (Elaborate Bytes AG) [Kernel | System] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2008/07/19 10:37:42 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/07/19 10:37:21 | 000,094,416 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2008/07/19 10:35:18 | 000,078,416 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2008/07/19 10:33:42 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2008/07/19 10:32:36 | 000,042,912 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2008/07/19 10:32:15 | 000,026,944 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2007/11/13 06:25:52 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/11/03 06:21:00 | 000,068,096 | ---- | M] (EZB Systems, Inc.) [File_System | System] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2005/11/21 01:48:21 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2005/08/22 10:07:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/08/22 10:06:16 | 000,244,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/08/22 10:06:10 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/08/03 23:10:16 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/05/10 18:33:12 | 000,032,256 | ---- | M] (B.H.A Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV - [2004/10/25 14:02:00 | 000,021,664 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Entech.sys -- (ENTECH)
DRV - [2004/08/03 17:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/03 16:41:56 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hsfdpsp2.sys -- (HSF_DP)
DRV - [2004/03/17 05:04:14 | 000,013,059 | ---- | M] (Conexant) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2003/06/17 10:24:00 | 000,286,976 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA(R) nForce(TM)
DRV - [2003/06/17 10:24:00 | 000,030,336 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA(R) nForce(TM)
DRV - [2003/03/19 09:51:00 | 000,018,688 | ---- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nv_agp.SYS -- (nv_agp)
DRV - [2002/11/27 14:52:00 | 000,080,896 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)
DRV - [2002/09/23 06:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2002/09/23 06:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\WINDOWS\system32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2002/09/23 06:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINDOWS\system32\winsock.dll -- (Winsock)
DRV - [2001/08/17 18:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 17:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124)
DRV - [2001/08/17 17:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones)
DRV - [2001/08/17 17:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/17 17:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample)
DRV - [2001/08/17 17:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56)
DRV - [2001/08/17 17:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback)
DRV - [2001/08/17 17:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax)
DRV - [2001/08/17 17:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks)
DRV - [2001/08/17 17:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2)
DRV - [2001/08/17 16:56:16 | 000,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = http://google.icq.com
IE - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
IE - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.fmko.cz/
IE - HKU\Administrator_ON_C\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\Administrator_ON_C\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\Administrator_ON_C\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll (Conduit Ltd.)
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Kristýnka_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\mozilla firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 12:28:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\mozilla firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/02 12:28:14 | 000,000,000 | ---D | M]

[2010/04/15 05:08:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/04/07 11:26:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2008/01/23 02:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010/03/16 14:34:36 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010/03/16 14:34:36 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010/03/16 14:34:36 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010/03/16 14:34:36 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010/03/16 14:34:36 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2002/09/23 06:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Documents and Settings\Administrator\Dokumenty\BitComet\tools\BitCometBHO_1.2.1.2.dll (BitComet)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll (Conduit Ltd.)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [nForce Tray Options] C:\WINDOWS\System32\sstray.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [noozou] C:\WINDOWS\system32\tigoob.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe (WildTangent, Inc.)
O4 - HKLM..\Run: [zitof] C:\WINDOWS\system32\bugyco.exe ()
O4 - HKU\Administrator_ON_C..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKU\Administrator_ON_C..\Run: [DAEMON Tools Lite] C:\Documents and Settings\Administrator\Dokumenty\DAEMON Tools Lite\daemon.exe File not found
O4 - HKU\Administrator_ON_C..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe File not found
O4 - HKU\Administrator_ON_C..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\Kristýnka_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe File not found
O4 - HKU\Kristýnka_ON_C..\Run: [msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe File not found
O4 - HKU\Kristýnka_ON_C..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\Kristýnka_ON_C..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe File not found
O4 - HKU\User_ON_C..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe File not found
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Kristýnka_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Documents and Settings\Administrator\Dokumenty\BitComet\tools\BitCometBHO_1.2.1.2.dll (BitComet)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {31435657-9980-0010-8000-00aa00389b71} http://download.microsoft.com/download/ ... vc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdat ... /opuc3.cab (Office Update Installation Engine)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://spaces.msn.com//PhotoUpload/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/10/07 12:23:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/10/07 12:23:14 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\WINDOWS\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: VIDC.3iv2 - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx.com)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: VIDC.MJPG - C:\WINDOWS\System32\Pvmjpg21.dll (Pegasus Imaging Corporation)
Drivers32: VIDC.VP31 - C:\WINDOWS\System32\vp31vfw.dll (On2.com)
Drivers32: VIDC.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP70 - C:\WINDOWS\System32\vp7vfw.dll (On2.com)
Drivers32: VIDC.wmv3 - C:\WINDOWS\System32\WMV9VCM.dll (Microsoft Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

========== Files/Folders - Created Within 7 Days ==========

[2010/04/15 05:04:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Data aplikací\Malwarebytes
[2010/04/15 05:04:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/15 05:04:14 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/15 05:04:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/15 05:03:27 | 005,918,776 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Plocha\mbam-setup-1.45.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2010/04/15 06:25:10 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/04/15 06:25:10 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/04/15 06:25:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/15 06:25:03 | 011,272,192 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/04/15 06:25:03 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/04/15 06:24:57 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\fyixcrn.sys
[2010/04/15 05:03:40 | 005,918,776 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Plocha\mbam-setup-1.45.exe
[2010/04/15 04:59:49 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\rkill.exe
[2010/04/15 04:58:18 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/15 04:52:48 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/15 04:29:00 | 000,000,502 | ---- | M] () -- C:\WINDOWS\tasks\Automatic troubleshooting.job
[2010/04/15 04:28:57 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/15 04:13:00 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/15 03:03:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\njgyycjk.sys
[2010/04/13 06:31:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/15 06:24:57 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\fyixcrn.sys
[2010/04/15 04:59:53 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\rkill.exe
[2010/04/13 03:58:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\njgyycjk.sys
[2010/01/23 16:07:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\lqacrd.sys
[2009/09/11 07:13:45 | 000,000,023 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/01/02 12:10:20 | 000,155,216 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2007/11/21 10:46:13 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/04/09 16:36:28 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/04/09 16:36:06 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/09 16:32:03 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2006/09/18 03:52:23 | 000,000,125 | -HS- | C] () -- C:\Documents and Settings\Administrator\Data aplikací\.zreglib
[2006/05/27 15:59:16 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2006/03/12 05:45:42 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\fusioncache.dat
[2006/03/11 07:23:58 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\nLame.dll
[2006/03/11 07:23:58 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\auth.dll
[2006/03/09 19:49:21 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2006/03/09 19:49:17 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/03/09 19:49:17 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/03/09 19:49:14 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2006/03/09 19:49:14 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2006/02/02 06:11:01 | 000,000,953 | ---- | C] () -- C:\WINDOWS\QIII.INI
[2005/10/08 15:05:46 | 000,000,494 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/10/08 09:37:09 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/10/08 09:35:12 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2003/06/17 10:34:16 | 000,018,253 | ---- | C] () -- C:\WINDOWS\System32\ssnvfx.ini
[2003/04/09 09:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2006/07/19 10:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Azureus
[2008/11/16 02:44:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Canneverbe_Limited
[2006/07/20 12:17:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\ConvertTemp
[2008/09/05 15:15:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\DAEMON Tools
[2006/11/24 11:51:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Elaborate Bytes
[2010/03/19 12:47:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\ICQ
[2008/03/19 13:11:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\ICQ Toolbar
[2005/10/19 13:59:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\ICQLite
[2007/11/28 11:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\LimeWire
[2008/09/15 11:55:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\MegauploadToolbar
[2007/07/24 19:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Nokia
[2006/11/24 11:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\OLYMPUS
[2007/07/24 19:00:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\PC Suite
[2007/05/10 08:34:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Samsung
[2006/09/18 03:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\SlySoft
[2010/02/13 04:26:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Sports Interactive
[2006/07/20 12:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Temporary
[2006/07/20 12:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\TransRender
[2009/11/23 14:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\TuneUp Software
[2009/02/18 12:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\uTorrent
[2009/11/23 15:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\TuneUp Software
[2010/04/15 04:29:00 | 000,000,502 | ---- | M] () -- C:\WINDOWS\Tasks\Automatic troubleshooting.job

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >

< c:\windows\*.* /U >
[4 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.

Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe

Invalid Environment Variable: %APPDATA%\*.

Invalid Environment Variable: %APPDATA%\*.exe

< MD5 for: AGP440.SYS >
[2004/08/17 09:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/17 09:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\agp440.sys
[2004/08/03 17:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004/08/03 17:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/09/23 06:00:00 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/17 09:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/17 09:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2002/09/23 06:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\atapi.sys
[2004/08/03 16:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/03 16:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: CHANGER.SYS >
[2004/08/17 09:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2004/08/17 09:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:Changer.sys
[2008/04/13 14:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\changer.sys
[2004/08/03 17:00:14 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=DAF1A8193B6CAF0FB858CADCC5C4AF4A -- C:\WINDOWS\ServicePackFiles\i386\changer.sys

< MD5 for: CRYPTSVC.DLL >
[2002/09/23 06:00:00 | 000,053,248 | ---- | M] (Microsoft Corporation) MD5=031E7FF41B13B658CAE7D6C98086F76A -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2004/08/17 09:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2004/08/17 09:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\cryptsvc.dll
[2008/04/13 23:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008/04/13 23:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\eventlog.dll
[2004/08/17 09:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004/08/17 09:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\eventlog.dll
[2002/09/23 06:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=E8508E7F865490D8AE71D00C8DF4D227 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2002/09/23 06:00:00 | 001,004,544 | ---- | M] (Microsoft Corporation) MD5=11D80755545CFB5EB9659EE88440EAE2 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008/04/13 23:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\explorer.exe
[2004/08/17 09:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2004/08/17 09:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 09:11:59 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=9B32416BD5988C97B6397CE0B02CAF97 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 09:23:39 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=ED7B460B142A32097B8A8F6ECC941815 -- C:\WINDOWS\explorer.exe
[2007/06/13 09:23:39 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=ED7B460B142A32097B8A8F6ECC941815 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: HAL.DLL >
[2002/09/23 06:00:00 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:hal.dll
[2004/08/17 09:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2004/08/17 09:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:hal.dll
[2008/04/13 14:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\hal.dll
[2004/08/03 16:59:20 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=C321C95318495909A0066FB0EDC97287 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2002/09/23 06:00:00 | 000,127,872 | ---- | M] (Microsoft Corporation) MD5=E8D2B5D5186A9B93D7019D7A74D77A1E -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll
[2004/08/03 16:59:10 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\system32\HAL.DLL

< MD5 for: ISAPNP.SYS >
[2002/09/23 06:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\drivers\isapnp.sys
[2008/04/13 22:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\isapnp.sys

< MD5 for: LSASS.EXE >
[2002/09/23 06:00:00 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=32F7074BAC9A5F899CCA9C046C9FA6EB -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2004/08/17 09:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2004/08/17 09:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\lsass.exe
[2008/04/13 23:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\lsass.exe

< MD5 for: NDIS.SYS >
[2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\ndis.sys
[2002/09/23 06:00:00 | 000,167,552 | ---- | M] (Microsoft Corporation) MD5=3B350E5A2A5E951453F3993275A4523A -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
[2004/08/03 17:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2004/08/03 17:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2004/08/17 09:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004/08/17 09:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\netlogon.dll
[2008/04/13 23:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\netlogon.dll
[2002/09/23 06:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=CF03E300B5CEEFFEFBE6F67532BD0EF1 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/17 09:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004/08/17 09:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\scecli.dll
[2008/04/13 23:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\scecli.dll
[2002/09/23 06:00:00 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B2666CAB5E8C8A741D63F18D551A47FB -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< MD5 for: SMSS.EXE >
[2004/08/17 09:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2004/08/17 09:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\smss.exe
[2002/09/23 06:00:00 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=7763D73255AD4046FA999D42EAF22C26 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2008/04/13 23:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\smss.exe

< MD5 for: SVCHOST.EXE >
[2002/09/23 06:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=329945887A0C684C38A4845330BC9100 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2008/04/13 23:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\svchost.exe
[2004/08/17 09:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2004/08/17 09:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2006/04/20 07:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
[2002/09/23 06:00:00 | 000,332,928 | ---- | M] (Microsoft Corporation) MD5=244A2F9816BC9B593957281EF577D976 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008/06/20 06:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008/06/20 06:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\system32\drivers\tcpip.sys
[2006/01/13 13:07:08 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=5562CC0A47B2AEF06D3417B733F3C195 -- C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[2006/01/12 22:28:14 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=583E063FDC888CA30D05C2724B0D7EF4 -- C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
[2005/05/25 15:07:12 | 000,359,936 | ---- | M] (Microsoft Corporation) MD5=63FDFEA54EB53DE2D863EE454937CE1E -- C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[2007/10/30 12:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[2008/06/20 06:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2005/05/25 15:04:02 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=88763A98A4C26C409741B4AA162720C9 -- C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
[2007/10/30 13:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008/04/13 15:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\tcpip.sys
[2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2004/08/03 17:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
[2004/08/03 17:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008/06/20 07:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006/04/20 08:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008/04/13 23:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\userinit.exe
[2004/08/17 09:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2004/08/17 09:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\userinit.exe
[2002/09/23 06:00:00 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B26871B5CE92F9D95AE6E62119799EB9 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/17 09:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2004/08/17 09:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\winlogon.exe
[2008/04/13 23:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\winlogon.exe
[2002/09/23 06:00:00 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=FF8857D1AF59071F172C0FAD0FD33E87 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

< MD5 for: WS2_32.DLL >
[2004/08/17 09:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2004/08/17 09:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\system32\ws2_32.dll
[2002/09/23 06:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=748494B94A871A828C64D1D5C738D2B7 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008/04/13 23:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/06/20 13:42:16 | 000,148,992 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2008/12/20 19:03:39 | 006,066,688 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll
[2008/12/20 19:03:40 | 000,267,776 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll
[2004/08/17 09:49:14 | 000,275,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2004/08/17 09:49:16 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2004/08/17 09:49:16 | 000,023,040 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\psapi.dll
[2007/10/25 12:57:21 | 008,458,752 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/10/06 19:37:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/10/06 19:37:10 | 000,630,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/10/06 19:37:10 | 000,401,408 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[2008/06/20 13:42:16 | 000,148,992 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2008/12/20 19:03:39 | 006,066,688 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll
[2008/12/20 19:03:40 | 000,267,776 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll
[2004/08/17 09:49:14 | 000,275,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2004/08/17 09:49:16 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2004/08/17 09:49:16 | 000,023,040 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\psapi.dll
[2007/10/25 12:57:21 | 008,458,752 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< CREATERESTOREPOINT >
< End of report >

superTom · #7 Příspěvek od **superTom** » 17 dub 2010 11:01

OTL Extras logfile created on: 4/17/2010 12:33:59 PM - Run
OTLPE by OldTimer - Version 3.1.28.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 191.00 Mb Available Physical Memory | 37.00% Memory free
459.00 Mb Paging File | 246.00 Mb Available in Paging File | 54.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 3.93 Gb Free Space | 3.52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard
Using ControlSet: ControlSet003

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"7618:TCP" = 7618:TCP:*:Enabled:BitComet 7618 TCP
"7618:UDP" = 7618:UDP:*:Enabled:BitComet 7618 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Alžběta\Dokumenty\Adámečíček\BitComet\BitComet.exe" = C:\Documents and Settings\Alžbeta\Dokumenty\Adámecícek\BitComet\BitComet.exe:*:Disabled:BitComet - a BitTorrent Client -- File not found
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe:*:Enabled:Football Manager 2009 -- (Sports Interactive)
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe:*:Enabled:Football Manager 2010 -- (Sports Interactive)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{048298c9-a4d3-490b-9ff9-ab023a9238f3}" = Steam
"{066D65EA-ED53-44E4-A96A-F81B6E409D2E}" = PC Connectivity Solution
"{07287123-b8ac-41ce-8346-3d777245c35b}" = Bonjour
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{122A9B48-BCE3-4CE1-B7C4-E45EA2D728D6}" = Samsung PC Studio
"{129DDEC1-A6A3-3D60-AABE-76E6E5334922}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - CSY
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{1451de6b-abe1-4f62-be9a-b363a17588a2}" = QuickTime
"{239BB983-8A2D-4974-B780-2ADAE32752D5}" = Windows Live installer
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3fa365df-2d68-45ed-8f83-8c8a33e65143}" = Apple Application Support
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856f-b6b3-4be0-ba0b-8f495be32033}" = Apple Software Update
"{6de13770-01b7-4366-8da6-48237793f445}" = VoiceOver Kit
"{6FE8B722-4D7E-3CD7-BB3A-3AD1684B1295}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - CSY
"{74DCC43B-33C9-3389-BD0D-33EB37973657}" = Microsoft .NET Framework 3.5 Language Pack - csy
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000ff1ce}" = Compatibility Pack for the 2007 Office system
"{a6fdf86a-f541-4e7b-aea0-8849a2a700d5}" = iTunes
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{aadea55d-c834-4bcb-98a3-4b8d1c18f4ee}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1029-7B44-A70000000000}" = Adobe Reader 7.0 - Czech
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}" = Asistent pro přihlášení ke službě Windows Live
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{d3742f82-1c1a-4dcc-abbd-0e7c3c0185cc}" = TuneUp Utilities
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F62475E6-6F06-4D65-97D3-71D3CB696A1C}" = Windows Live Messenger
"{fe3997d3-6b56-4ac4-a99c-9ddfc45359bf}" = TuneUp Utilities Language Pack (en-US)
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"avast!" = avast! Antivirus
"AviSynth" = AviSynth 2.5
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F30&SUBSYS_205514F1" = PCI SoftV92 Modem
"Czech Soccer Manager 2002 Final Editionverze 4.0 (31.3.2006)" = Czech Soccer Manager 2002 Final Edition
"DVDFab Decrypter_is1" = DVDFab Decrypter 3.0.7.2
"EPSON Printer and Utilities" = EPSON Printer Software
"Football Manager 2009" = Football Manager 2009
"football manager 2010" = Football Manager 2010
"Free YouTube Downloader Converter" = Free YouTube Downloader Converter
"free-downloads.net Toolbar" = free-downloads.net Toolbar
"GOM Player" = GOM Player
"Google Chrome" = Google Chrome
"ICQToolbar" = ICQ Toolbar
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"KLiteCodecPack_is1" = K-Lite Codec Pack 2.67 Full
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
"Microsoft .NET Framework 3.5 Language Pack - csy" = Microsoft .NET Framework 3.5 Language Pack - CSY
"Microsoft DirectX SDK (November 2008)" = Microsoft DirectX SDK (November 2008)
"mozilla firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Nero BurnRights!UninstallKey" = Nero BurnRights
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA nForce Drivers" = NVIDIA nForce Drivers
"POD-Bot 2.5" = POD-Bot 2.5
"quake iii arena" = Quake III Arena
"rajče.net_is1" = rajče beta50
"RealPlayer 12.0" = RealPlayer
"tuneup utilities" = TuneUp Utilities
"UltraISO_is1" = UltraISO Premium V8.65
"VirtualCloneDrive" = VirtualCloneDrive
"wcmdmgr.exe" = WildTangent Updater
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinRAR archiver" = WinRAR
"WinZip" = WinZip
"wtwebdriver" = WildTangent Web Driver
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"ymb" = Yahoo! Mail Quick Select Tool (PhotoMail)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

< End of report >

(nešlo mi to dát do jedné zprávy kvůli přílišnému počtu znaků, omlouvám se za DP)

superTom · #8 Příspěvek od **superTom** » 17 dub 2010 11:17

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Verze databáze: 3989

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.5730.13

15.4.2010 12:24:45
mbam-log-2010-04-15 (12-24-45).txt

Typ skenu: Úplný sken (A:\|C:\|D:\|E:\|G:\|)
Skenované objekty: 349511
Uplynulý čas: 1 hodina(y), 6 minuta(y), 30 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 8
Infikované hodnoty registru: 3
Infikované datové položky registru: 2
Infikované složky: 5
Infikované soubory: 16

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ce3edaaa (Rootkit.Rustock) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DbgMgr (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch (Adware.BookedSpace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\39711425 (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\internet connection wizard setup tool (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysgif32 (Trojan.Proxy) -> Quarantined and deleted successfully.

Infikované datové položky registru:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\System32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\System32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

Infikované složky:
C:\Documents and Settings\All Users\Data aplikací\39711425 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infikované soubory:
C:\Documents and Settings\All Users\Data aplikací\39711425\39711425.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\Connection Wizard\icwsetup.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wpv871254042811.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\install.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Shortcuts\icwsetup.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ce3edaaa.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wpv101253107493.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wpv261252841080.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Plocha\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Nabídka Start\Programy\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Data aplikací\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\ikowin32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wpv101248633206.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wpv581248662101.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wpv921253471139.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\ICQToolbar\toolbaru.dll (Trojan.BHO) -> Quarantined and deleted successfully.

Promiň já teď musim jet tak na dvě hodiny pryč

superTom · #9 Příspěvek od **superTom** » 17 dub 2010 13:18

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\eoreatzwazjy deleted successfully.
C:\WINDOWS\system32\nycygajoos.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\jtkmmwbd deleted successfully.
C:\WINDOWS\system32\drivers\fyixcrn.sys moved successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\njgyycjk deleted successfully.
C:\WINDOWS\system32\drivers\njgyycjk.sys moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\noozou deleted successfully.
C:\WINDOWS\system32\tigoob.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\wcmdmgr deleted successfully.
C:\WINDOWS\wt\updater\wcmdmgrl.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\zitof deleted successfully.
C:\WINDOWS\system32\bugyco.exe moved successfully.
File C:\WINDOWS\System32\drivers\fyixcrn.sys not found.
File C:\WINDOWS\System32\drivers\njgyycjk.sys not found.
C:\WINDOWS\system32\drivers\lqacrd.sys moved successfully.

OTLPE by OldTimer - Version 3.1.28.0 log created on 04172010_151222

Posílám ten log, ale musím zas běžet

každopádně díky, že se mnou máš trpělivost

superTom · #10 Příspěvek od **superTom** » 17 dub 2010 14:07

Já zas v šest musim z baráku a vracim se až k jedenáctý hodině a to chápu, že máš taky svoje starosti. Zítra tu budu dopoledne pak jsem zas tak do jedenácti pryč

superTom · #11 Příspěvek od **superTom** » 17 dub 2010 15:59

Po restartu PC už mě to pustilo k přihlášení, které také proběhlo úspěšně. Ani Security Tool už mě "nestraší". Úplně vyhráno asi ještě ale nemám co?

superTom · #12 Příspěvek od **superTom** » 17 dub 2010 21:54

ComboFix 10-04-15.05 - Administrator 17.04.2010 19:29:34.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.511.211 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 081031-1] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Cookies\administrator@managerzone[2].txt
c:\windows\system32\sstray.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-17 do 2010-04-17 )))))))))))))))))))))))))))))))
.

2010-04-17 19:12 . 2010-04-17 19:12 -------- d-----w- C:\_OTL
2010-04-15 09:04 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-15 09:04 . 2010-04-15 09:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-15 09:04 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-17 15:58 . 2009-10-24 09:10 -------- d-----w- c:\program files\Steam
2010-03-30 16:31 . 2002-09-23 10:00 82656 ----a-w- c:\windows\system32\perfc005.dat
2010-03-30 16:31 . 2002-09-23 10:00 438014 ----a-w- c:\windows\system32\perfh005.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre0.dll" [2008-02-14 1555480]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-02-14 13:54 1555480 ----a-w- c:\program files\free-downloads.net\tbfre0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre0.dll" [2008-02-14 1555480]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 217544]
"Steam"="c:\program files\Steam\Steam.exe" [2010-02-20 1217872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-11 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 15:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-07-16 11:20 25604904 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
2005-07-15 21:48 479232 ----a-w- c:\program files\Google\Gmail Notifier\gnotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"ERSvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7618:TCP"= 7618:TCP:BitComet 7618 TCP
"7618:UDP"= 7618:UDP:BitComet 7618 UDP

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2.4.2008 15:13 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2.4.2008 15:13 20560]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [7.4.2009 17:26 222456]
R2 tuneup.utilitiessvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30.10.2009 16:05 1021256]
R3 tuneuputilitiesdrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 8:24 10064]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5.9.2008 21:15 717296]
S2 gupdate1ca32cf61c5923c;Služba Google Update (gupdate1ca32cf61c5923c);c:\program files\Google\Update\GoogleUpdate.exe [11.9.2009 13:02 133104]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-04-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-04-17 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-10-30 14:12]

2010-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-11 11:02]

2010-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-11 11:02]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.fmko.cz/
uInternet Connection Wizard,ShellNext = hxxp://www.irfanview.net/faq.htm
uInternet Settings,ProxyOverride = *.local
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\documents and settings\Administrator\Dokumenty\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\documents and settings\Administrator\Dokumenty\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\documents and settings\Administrator\Dokumenty\BitComet\BitComet.exe/AddAllLink.htm
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\jjpv2dza.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/skinit/icq/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-OM_Monitor - c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe
HKCU-Run-DAEMON Tools Lite - c:\documents and settings\Administrator\Dokumenty\DAEMON Tools Lite\daemon.exe
HKLM-Run-nForce Tray Options - sstray.exe
MSConfigStartUp-ICQ - c:\program files\ICQ6\ICQ.exe
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-17 19:43
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1392)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-04-17 19:49:48
ComboFix-quarantined-files.txt 2010-04-17 17:49

Před spuštěním: 4 081 922 048
Po spuštění: 7 963 914 240

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 371AC6B682111705CE6998C68F9A4B77

P.S. - zapiste si informace proc se ukoncil nebo co mu brani v provozu (sdelte radci) - Antivirus: Avast! Antivirus (VPS 081031-1)

superTom · #13 Příspěvek od **superTom** » 18 dub 2010 08:11

Posílám log po rychlém skenu, protože nevím zda ještě budu doma až se dokončí sken druhý

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-04-18 08:12:12
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ugldqpog.sys

---- System - GMER 1.0.15 ----

SSDT spoe.sys ZwEnumerateKey [0xF85B3CA2]
SSDT spoe.sys ZwEnumerateValueKey [0xF85B4030]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 82F701F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

superTom · #14 Příspěvek od **superTom** » 19 dub 2010 06:03

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-19 06:59:38
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ugldqpog.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xBA7C0618]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xBA7C04D4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xBA7C09B2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xBA7C00AC]
SSDT spoe.sys ZwEnumerateKey [0xF85B3CA2]
SSDT spoe.sys ZwEnumerateValueKey [0xF85B4030]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xBA7C05AE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xBA7BFFEC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xBA7C0050]
SSDT spoe.sys ZwQueryKey [0xF85B4108]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xBA7C06CE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xBA7C068E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xBA7C080E]

INT 0x62 ? 82F71BF8
INT 0x82 ? 82F71BF8
INT 0x83 ? 82E18BF8
INT 0x83 ? 82E18BF8
INT 0x83 ? 82E18BF8

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 82F701F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbohci \Device\USBPDO-0 82DE41F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 82FDD1F8
Device \Driver\dmio \Device\DmControl\DmConfig 82FDD1F8
Device \Driver\dmio \Device\DmControl\DmPnP 82FDD1F8
Device \Driver\dmio \Device\DmControl\DmInfo 82FDD1F8
Device \Driver\usbohci \Device\USBPDO-1 82DE41F8

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Ftdisk \Device\HarddiskVolume1 82F721F8
Device \Driver\Cdrom \Device\CdRom0 82DC41F8
Device \Driver\Cdrom \Device\CdRom1 82DC41F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 82F711F8
Device \Driver\atapi \Device\Ide\IdePort0 82F711F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 82F711F8
Device \Driver\atapi \Device\Ide\IdePort1 82F711F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f 82F711F8
Device \Driver\Cdrom \Device\CdRom2 82DC41F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 825B71F8
Device \Driver\NetBT \Device\NetbiosSmb 825B71F8

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\NetBT \Device\NetBT_Tcpip_{28AF7622-4EF3-4BB0-A048-5695D826F4C9} 825B71F8
Device \Driver\usbohci \Device\USBFDO-0 82DE41F8
Device \Driver\usbohci \Device\USBFDO-1 82DE41F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{171585F7-5536-431B-B103-A6F33516312C} 825B71F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 824411F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 824411F8
Device \Driver\Ftdisk \Device\FtControl 82F721F8
Device \Driver\VClone \Device\Scsi\VClone1 82D6B1F8
Device \Driver\VClone \Device\Scsi\VClone1Port2Path0Target0Lun0 82D6B1F8
Device \FileSystem\Cdfs \Cdfs 82C06500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE4 0x27 0xA5 0xCF ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Documents and Settings\Administrator\Dokumenty\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x9B 0x77 0xC6 0x01 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x88 0x04 0x1A 0xC8 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x78 0xD4 0x40 0xCA ...
Reg HKLM\SYSTEM\controlset002\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 2
Reg HKLM\SYSTEM\controlset002\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\controlset002\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 35
Reg HKLM\SYSTEM\controlset002\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset002\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset002\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset002\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\controlset002\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\Services\BITS\Parameters@ServiceDll C:\WINDOWS\System32\qmgr.dll
Reg HKLM\SYSTEM\controlset002\Services\MRxDAV\EncryptedDirectories@
Reg HKLM\SYSTEM\controlset002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\controlset002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\controlset002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE4 0x27 0xA5 0xCF ...
Reg HKLM\SYSTEM\controlset002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\controlset002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\controlset002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Documents and Settings\Administrator\Dokumenty\DAEMON Tools Lite\
Reg HKLM\SYSTEM\controlset002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\controlset002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x9B 0x77 0xC6 0x01 ...
Reg HKLM\SYSTEM\controlset002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\controlset002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\controlset002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x88 0x04 0x1A 0xC8 ...
Reg HKLM\SYSTEM\controlset002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\controlset002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x78 0xD4 0x40 0xCA ...
Reg HKLM\SYSTEM\controlset002\Services\wuauserv\Parameters@ServiceDll C:\WINDOWS\system32\wuauserv.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE4 0x27 0xA5 0xCF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Documents and Settings\Administrator\Dokumenty\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x9B 0x77 0xC6 0x01 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x88 0x04 0x1A 0xC8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x78 0xD4 0x40 0xCA ...

---- Files - GMER 1.0.15 ----

File C:\Cookies 0 bytes
File C:\Cookies\index.dat 16384 bytes
File C:\Data aplikací 0 bytes
File C:\Data aplikací\Microsoft 0 bytes
File C:\Data aplikací\Microsoft\Credentials 0 bytes
File C:\Data aplikací\Microsoft\Credentials\S-1-5-19 0 bytes
File C:\Data aplikací\Microsoft\Internet Explorer 0 bytes
File C:\Data aplikací\Microsoft\SystemCertificates 0 bytes
File C:\Data aplikací\Microsoft\SystemCertificates\My 0 bytes
File C:\Data aplikací\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\Data aplikací\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\Data aplikací\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\Data aplikací\TuneUp Software 0 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities 0 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Backups 0 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics 0 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2010-01-11.rep 135 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2009-11-26.rep 442 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2009-11-30.rep 190 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2009-12-02.rep 316 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2009-12-03.rep 324 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2009-12-07.rep 346 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2009-12-10.rep 355 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2009-12-13.rep 346 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2009-12-18.rep 355 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2009-12-25.rep 216 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2009-12-28.rep 134 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2009-12-31.rep 143 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2010-01-03.rep 143 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2010-01-07.rep 143 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2010-01-14.rep 143 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2010-01-17.rep 143 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2010-01-18.rep 143 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2010-01-23.rep 143 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2010-01-27.rep 143 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2010-01-30.rep 134 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2010-02-02.rep 143 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2010-02-07.rep 143 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2010-02-10.rep 135 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2010-02-14.rep 134 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2010-02-18.rep 134 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2010-02-24.rep 143 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2010-03-08.rep 134 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2010-03-11.rep 135 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2010-03-15.rep 143 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2010-03-18.rep 143 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2010-03-21.rep 143 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2010-03-29.rep 143 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2010-04-02.rep 143 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2010-04-06.rep 143 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2010-04-10.rep 135 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2010-04-13.rep 143 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\2010-04-17.rep 143 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\Program Statistics\Recentdata.rep 603 bytes
File C:\Data aplikací\TuneUp Software\TuneUp Utilities\StartUp Manager 0 bytes
File C:\Local Settings 0 bytes
File C:\Nabídka Start 0 bytes
File C:\NTUSER.DAT 262144 bytes
File C:\ntuser.dat.LOG 1024 bytes
File C:\ntuser.ini 20 bytes
File C:\Plocha 0 bytes

---- EOF - GMER 1.0.15 ----

MBAM pošlu ještě odpoledne, promiň vrátil jsem se až po půlnoci. rkill byl tuším ve spojitosti se Security Toolem, četl jsem na to jeden návod zde na fóru.

superTom · #15 Příspěvek od **superTom** » 19 dub 2010 20:01

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Verze databáze: 3989

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

19.4.2010 20:31:44
mbam-log-2010-04-19 (20-31-44).txt

Typ skenu: Úplný sken (A:\|C:\|D:\|E:\|F:\|G:\|)
Skenované objekty: 343449
Uplynulý čas: 4 hodina(y), 31 minuta(y), 0 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

Jdu na ten OTL

VIRY.CZ

Černá obrazovka při zapnutí PC, nejde ani nouz. režim

Černá obrazovka při zapnutí PC, nejde ani nouz. režim

Re: Černá obrazovka při zapnutí PC, nejde ani nouz. režim

Re: Černá obrazovka při zapnutí PC, nejde ani nouz. režim

Re: Černá obrazovka při zapnutí PC, nejde ani nouz. režim

Re: Černá obrazovka při zapnutí PC, nejde ani nouz. režim

Re: Černá obrazovka při zapnutí PC, nejde ani nouz. režim

Re: Černá obrazovka při zapnutí PC, nejde ani nouz. režim

Re: Černá obrazovka při zapnutí PC, nejde ani nouz. režim

Re: Černá obrazovka při zapnutí PC, nejde ani nouz. režim

Re: Černá obrazovka při zapnutí PC, nejde ani nouz. režim

Re: Černá obrazovka při zapnutí PC, nejde ani nouz. režim

Re: Černá obrazovka při zapnutí PC, nejde ani nouz. režim

Re: Černá obrazovka při zapnutí PC, nejde ani nouz. režim

Re: Černá obrazovka při zapnutí PC, nejde ani nouz. režim

Re: Černá obrazovka při zapnutí PC, nejde ani nouz. režim