PC je pomalé, nejde nic spustit pro nedostatek prostředků

Zpráva

kail5 · #1 Příspěvek od **kail5** » 26 srp 2010 08:05

Ahoj,
mám u sebe notebook, který není můj, takže nevím, co se s ním dělo.
Práce je hodně pomalá a hlavně: nejde spustit žádný program (např. ani Media Player) s chybovou zprávou, že na to není dostatek systémových prostředků. V nouzovém režimu to jde.

Projel jsem to CCleanerem, ale žádná velká změna.

Zde je log RSIT:

Kód: Vybrat vše

Logfile of random's system information tool 1.08 (written by random/random)
Run by Administrator at 2010-08-26 08:30:30
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 13 GB (22%) free of 57 GB
Total RAM: 503 MB (74% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}]
Ask Search Assistant BHO - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL [2009-05-16 57344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-24 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}]
Ask Toolbar BHO - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL [2009-05-16 245760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200]
{FE063DB9-4EC0-403e-8DD8-394C54984B2C} - Ask Toolbar - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL [2009-05-16 245760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2005-10-07 176128]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-09-15 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-09-15 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-09-15 118784]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-02-21 819200]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-02-21 970752]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-14 644696]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-03 1603152]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-25 149280]
"iaoupryts"=C:\WINDOWS\System32\iaoupryts.exe [2010-08-23 33792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\CTFMON.EXE [2008-04-14 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-09-15 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AtapiDrv.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AtapiDrv.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Disabled:Half-Life Launcher"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-08-26 08:30:30 ----D---- C:\rsit
2010-08-26 08:30:30 ----D---- C:\Program Files\trend micro
2010-08-26 08:28:30 ----A---- C:\WINDOWS\ntbtlog.txt
2010-08-24 23:19:07 ----SHD---- C:\RECYCLER
2010-08-24 23:13:54 ----D---- C:\Program Files\CCleaner
2010-08-24 22:33:58 ----D---- C:\WINDOWS\temp
2010-08-24 22:20:52 ----D---- C:\ComboFix
2010-08-24 21:58:01 ----A---- C:\WINDOWS\zip.exe
2010-08-24 21:58:01 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-08-24 21:58:01 ----A---- C:\WINDOWS\SWSC.exe
2010-08-24 21:58:01 ----A---- C:\WINDOWS\SWREG.exe
2010-08-24 21:58:01 ----A---- C:\WINDOWS\sed.exe
2010-08-24 21:58:01 ----A---- C:\WINDOWS\PEV.exe
2010-08-24 21:58:01 ----A---- C:\WINDOWS\NIRCMD.exe
2010-08-24 21:58:01 ----A---- C:\WINDOWS\MBR.exe
2010-08-24 21:58:01 ----A---- C:\WINDOWS\grep.exe
2010-08-24 21:57:54 ----D---- C:\WINDOWS\ERDNT
2010-08-24 21:52:34 ----D---- C:\Qoobox
2010-08-24 17:35:49 ----ASH---- C:\pagefile.sys
2010-08-23 20:15:58 ----RSH---- C:\Documents and Settings\Administrator.CHOSE-LAPTOP\Data aplikací\ozzfhv.exe
2010-08-23 20:15:38 ----ASH---- C:\Documents and Settings\Administrator.CHOSE-LAPTOP\Data aplikací\desktop.ini
2010-08-23 20:15:37 ----SD---- C:\Documents and Settings\Administrator.CHOSE-LAPTOP\Data aplikací\Microsoft
2010-08-23 20:15:37 ----D---- C:\Documents and Settings\Administrator.CHOSE-LAPTOP\Data aplikací\Macromedia
2010-08-23 20:15:37 ----D---- C:\Documents and Settings\Administrator.CHOSE-LAPTOP\Data aplikací\Intel
2010-08-23 20:09:16 ----A---- C:\WINDOWS\system32\peciboozup.exe
2010-08-23 19:44:16 ----A---- C:\WINDOWS\system32\iaoupryts.exe

======List of files/folders modified in the last 1 months======

2010-08-26 08:30:30 ----RD---- C:\Program Files
2010-08-26 08:28:30 ----D---- C:\WINDOWS
2010-08-24 23:19:07 ----D---- C:\WINDOWS\Minidump
2010-08-24 23:19:07 ----D---- C:\WINDOWS\Debug
2010-08-24 22:43:08 ----D---- C:\WINDOWS\Prefetch
2010-08-24 22:38:29 ----A---- C:\WINDOWS\system.ini
2010-08-24 22:38:13 ----D---- C:\WINDOWS\system32\drivers\etc
2010-08-24 22:37:50 ----SD---- C:\WINDOWS\Tasks
2010-08-24 22:37:23 ----D---- C:\WINDOWS\system32\drivers
2010-08-24 22:36:20 ----D---- C:\WINDOWS\system32\config
2010-08-24 22:33:17 ----D---- C:\WINDOWS\system32
2010-08-24 22:31:48 ----D---- C:\WINDOWS\AppPatch
2010-08-24 22:31:44 ----D---- C:\Program Files\Common Files
2010-08-24 22:26:52 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-24 22:03:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google Updater
2010-08-24 17:34:44 ----A---- C:\WINDOWS\DUMP6476.tmp
2010-08-23 20:49:29 ----D---- C:\Program Files\Mozilla Firefox
2010-08-23 20:15:36 ----D---- C:\Documents and Settings
2010-08-23 20:09:52 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-21 21:02:30 ----D---- C:\Program Files\XnView
2010-08-08 19:52:38 ----HD---- C:\WINDOWS\inf

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-01-14 47616]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a); C:\WINDOWS\System32\drivers\sfdrv01a.sys [2006-07-05 63352]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2006-06-14 13680]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2006-07-10 27032]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\WINDOWS\System32\drivers\sfvfs02.sys [2007-01-12 82296]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2005-09-28 113847]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
S1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
S1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
S1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
S1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2005-08-01 64896]
S2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.6.0.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-10-02 21425]
S2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
S2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
S2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
S2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
S2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-02-21 12416]
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
S3 b57w2k;Broadcom NetXtreme 57xx Gigabit Controller; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-09-03 121472]
S3 BthEnum;Služba Bluetooth Enumerator; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 catchme;catchme; \??\C:\DOCUME~1\D610\LOCALS~1\Temp\catchme.sys []
S3 GTIPCI21;GTIPCI21; C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2006-04-06 88192]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS [2005-05-03 1033728]
S3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2005-05-03 208384]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-09-15 1173468]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-18 5888]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-10-24 35913]
S3 STAC97;SigmaTel C-Major Audio; C:\WINDOWS\system32\drivers\STAC97.sys [2005-03-10 273168]
S3 toshidpt;TOSHIBA Bluetooth HID port driver; C:\WINDOWS\system32\drivers\Toshidpt.sys [2005-07-11 3712]
S3 tosporte;Bluetooth Port Driver from Toshiba; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2005-11-22 47104]
S3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2006-01-07 108800]
S3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2005-09-15 36480]
S3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2006-01-11 62848]
S3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA; C:\WINDOWS\system32\drivers\TosRfSnd.sys [2005-04-06 50048]
S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2006-01-11 39808]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2007-02-08 2209408]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-05-03 705408]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
S2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-02-21 643072]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
S2 IJPLMSVC;PIXMA Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 101528]
S2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-25 153376]
S2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-06-28 79136]
S2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-02-21 327680]
S2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-02-21 983040]
S2 WLANKEEPER;Intel(R) PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2007-02-21 294912]
S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-10-06 33752]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 Bluetooth Hid Switch Service;Bluetooth Hid Switch Service; C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe [2005-08-30 188416]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Díky za pomoc.

#2 Příspěvek od **JaRon** » 26 srp 2010 10:36

odinstaluj :\Program Files\AskTBar
+
prescanuj s MBAM
+
dalsie logy nevkladaj do code

kail5 · #3 Příspěvek od **kail5** » 27 srp 2010 08:58

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

27.8.2010 9:56:31
mbam-log-2010-08-27 (09-56-31).txt

Typ skenu: Rychlý sken
Skenované objekty: 128480
Uplynulý čas: 11 minuta(y), 40 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 2
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AtapiDrv.sys (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AtapiDrv.sys (Rootkit.Agent) -> No action taken.

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\WINDOWS\system32\drivers\AtapiDrv.sys (Rootkit.Agent) -> No action taken.

#4 Příspěvek od **JaRon** » 27 srp 2010 09:23

nechaj odstranit v MBAM - restart a uplnu kontrolu

kail5 · #5 Příspěvek od **kail5** » 29 srp 2010 12:08

Odstraněno, restartováno. Spuštěn úplný scan, zde je log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

28.8.2010 4:30:31
mbam-log-2010-08-28 (04-30-31).txt

Typ skenu: Úplný sken (C:\|)
Skenované objekty: 187971
Uplynulý čas: 9 hodina(y), 12 minuta(y), 51 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

Problém přetrvává, notebook je stále příliš pomalý, nejde spustit žádné aplikace
(ani ten LOG soubor se neotevřel - s chybou "K dokončení požadované služby není k dispozici dostatek prostředků")

A taky hned po startu Windows vyskočí, že "V aplikace iaoupryts.exe došlo k problému a je potřeba ji zavřít"...

#6 Příspěvek od **motji** » 30 srp 2010 20:11

Dobrý večer, záskok za kolegu

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT

- zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde

kail5 · #7 Příspěvek od **kail5** » 31 srp 2010 15:37

Díky za pomoc.
Test jsem spustil podle instrukcí, ale vždy se v průběhu zasekl (okno bylo celé bílé a nešlo s tím nic dělat).
Spustil jsem tedy test v nouzovém režimu, ale nevím, zda tím nebude negativně ovlivněn log.

Pokusím se ještě nějak ten test spustit mimo nouzový režim (ale už 2x to kleklo).

OTL.txt
OTL logfile created on: 31.8.2010 16:17:14 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\D610\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

503,00 Mb Total Physical Memory | 396,00 Mb Available Physical Memory | 79,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 95,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55,89 Gb Total Space | 12,53 Gb Free Space | 22,42% Space Free | Partition Type: NTFS
Drive D: | 3,84 Gb Total Space | 0,50 Gb Free Space | 12,98% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHOSE-LAPTOP
Current User Name: D610
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.08.31 08:26:42 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\D610\Plocha\OTL.exe
PRC - [2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010.08.31 08:26:42 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\D610\Plocha\OTL.exe
MOD - [2008.04.14 05:19:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2008.10.19 15:30:02 | 000,222,456 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2008.10.06 10:19:36 | 000,033,752 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R) Helper) getPlus(R)
SRV - [2008.07.29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.07.23 17:25:45 | 000,348,344 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2008.07.19 17:38:28 | 000,147,640 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2008.07.19 17:38:04 | 000,250,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2008.07.19 17:25:06 | 000,016,056 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2007.04.13 08:49:00 | 000,101,528 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007.02.21 11:28:36 | 000,643,072 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2007.02.21 11:19:40 | 000,294,912 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)
SRV - [2007.02.21 11:16:48 | 000,983,040 | ---- | M] (Intel Corporation ) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2007.02.21 11:10:00 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2005.08.30 17:36:00 | 000,188,416 | ---- | M] (Cambridge Silicon Radio) [Disabled | Stopped] -- C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe -- (Bluetooth Hid Switch Service)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\D610\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2008.07.19 17:37:42 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008.07.19 17:37:21 | 000,094,416 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2008.07.19 17:35:18 | 000,078,416 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2008.07.19 17:33:42 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2008.07.19 17:32:36 | 000,042,912 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2008.07.19 17:32:15 | 000,026,944 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2007.02.21 11:16:12 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007.02.08 13:51:16 | 002,209,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2007.01.12 20:09:53 | 000,082,296 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2006.07.10 18:19:58 | 000,027,032 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2006.07.05 14:46:06 | 000,063,352 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01a.sys -- (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a)
DRV - [2006.06.14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2006.04.06 15:49:00 | 000,088,192 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
DRV - [2006.01.11 19:25:26 | 000,039,808 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006.01.11 17:29:42 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2006.01.07 05:39:30 | 000,108,800 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2005.11.22 09:47:00 | 000,047,104 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005.09.28 20:57:18 | 000,113,847 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2005.09.15 18:06:08 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2005.08.01 16:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005.07.11 18:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005.05.03 15:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005.05.03 15:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005.05.03 15:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005.04.06 09:54:44 | 000,050,048 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2005.03.10 16:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2005.01.14 18:14:07 | 000,047,616 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005.01.06 13:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004.09.03 12:23:38 | 000,121,472 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004.08.18 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\beep.backup -- (Beep)
DRV - [2001.10.24 12:04:44 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4221669891-2159344026-1686429561-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-4221669891-2159344026-1686429561-1003\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-4221669891-2159344026-1686429561-1003\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-4221669891-2159344026-1686429561-1003\..\URLSearchHook: {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL File not found
IE - HKU\S-1-5-21-4221669891-2159344026-1686429561-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.4.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_result ... id=afex&q="
FF - prefs.js..network.proxy.autoconfig_url: "http://library.muni.cz/proxy/libproxy.pac"
FF - prefs.js..network.proxy.type: 2

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.26 01:27:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.23 23:29:21 | 000,000,000 | ---D | M]

[2008.11.08 15:36:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\D610\Data aplikací\Mozilla\Extensions
[2010.08.23 19:58:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\D610\Data aplikací\Mozilla\Firefox\Profiles\svsxn7oo.default\extensions
[2010.05.20 17:04:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\D610\Data aplikací\Mozilla\Firefox\Profiles\svsxn7oo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.20 17:04:44 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\D610\Data aplikací\Mozilla\Firefox\Profiles\svsxn7oo.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010.05.20 17:04:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\D610\Data aplikací\Mozilla\Firefox\Profiles\svsxn7oo.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.08.23 19:59:29 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\D610\Data aplikací\Mozilla\Firefox\Profiles\svsxn7oo.default\searchplugins\icqplugin-1.xml
[2010.01.07 13:54:08 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\D610\Data aplikací\Mozilla\Firefox\Profiles\svsxn7oo.default\searchplugins\icqplugin-10.xml
[2010.01.07 14:07:02 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\D610\Data aplikací\Mozilla\Firefox\Profiles\svsxn7oo.default\searchplugins\icqplugin-11.xml
[2010.06.23 23:29:49 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\D610\Data aplikací\Mozilla\Firefox\Profiles\svsxn7oo.default\searchplugins\icqplugin-12.xml
[2009.04.26 17:48:43 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\D610\Data aplikací\Mozilla\Firefox\Profiles\svsxn7oo.default\searchplugins\icqplugin-2.xml
[2009.05.02 21:28:27 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\D610\Data aplikací\Mozilla\Firefox\Profiles\svsxn7oo.default\searchplugins\icqplugin-3.xml
[2009.06.14 15:22:04 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\D610\Data aplikací\Mozilla\Firefox\Profiles\svsxn7oo.default\searchplugins\icqplugin-4.xml
[2009.07.26 17:59:18 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\D610\Data aplikací\Mozilla\Firefox\Profiles\svsxn7oo.default\searchplugins\icqplugin-5.xml
[2009.08.06 19:38:11 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\D610\Data aplikací\Mozilla\Firefox\Profiles\svsxn7oo.default\searchplugins\icqplugin-6.xml
[2009.09.14 18:21:29 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\D610\Data aplikací\Mozilla\Firefox\Profiles\svsxn7oo.default\searchplugins\icqplugin-7.xml
[2009.10.31 16:42:20 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\D610\Data aplikací\Mozilla\Firefox\Profiles\svsxn7oo.default\searchplugins\icqplugin-8.xml
[2009.12.20 18:55:56 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\D610\Data aplikací\Mozilla\Firefox\Profiles\svsxn7oo.default\searchplugins\icqplugin-9.xml
[2008.03.31 09:52:00 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\D610\Data aplikací\Mozilla\Firefox\Profiles\svsxn7oo.default\searchplugins\icqplugin.gif
[2008.03.31 09:52:00 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\D610\Data aplikací\Mozilla\Firefox\Profiles\svsxn7oo.default\searchplugins\icqplugin.src
[2009.03.28 00:22:19 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\D610\Data aplikací\Mozilla\Firefox\Profiles\svsxn7oo.default\searchplugins\icqplugin.xml
[2010.08.27 09:10:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.03.12 18:42:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.06.21 23:01:07 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.01.28 10:31:29 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.01.28 10:31:29 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.01.28 10:31:29 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.01.28 10:31:30 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.01.28 10:31:30 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.08.24 22:38:13 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL File not found
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL File not found
O3 - HKU\S-1-5-21-4221669891-2159344026-1686429561-1003\..\Toolbar\ShellBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL File not found
O3 - HKU\S-1-5-21-4221669891-2159344026-1686429561-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [iaoupryts] C:\WINDOWS\system32\iaoupryts.exe ()
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKU\S-1-5-21-4221669891-2159344026-1686429561-1003..\Run: [iaoupryts] C:\Documents and Settings\D610\iaoupryts.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4221669891-2159344026-1686429561-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4221669891-2159344026-1686429561-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-4221669891-2159344026-1686429561-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-4221669891-2159344026-1686429561-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://icq.oberon-media.com/Gameshell/G ... meHost.cab (Oberon Flash Game Host)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (C:\Documents and Settings\D610\Data aplikací\ozzfhv.exe) - C:\Documents and Settings\D610\Data aplikací\ozzfhv.exe ()
O20 - HKU\S-1-5-21-4221669891-2159344026-1686429561-1003 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-4221669891-2159344026-1686429561-1003 Winlogon: Shell - (C:\Documents and Settings\D610\Data aplikací\ozzfhv.exe) - C:\Documents and Settings\D610\Data aplikací\ozzfhv.exe ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\D610\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\D610\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.10.02 13:10:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
Unable to start service SrService!

========== Files/Folders - Created Within 30 Days ==========

[2010.08.31 08:29:56 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\D610\Plocha\OTL.exe
[2010.08.27 09:31:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D610\Data aplikací\Malwarebytes
[2010.08.27 09:29:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.08.27 09:29:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2010.08.27 09:29:31 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.08.27 09:29:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.08.26 08:30:30 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.08.26 08:30:30 | 000,000,000 | ---D | C] -- C:\rsit
[2010.08.24 23:19:07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\D610\Recent
[2010.08.24 23:19:07 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.08.24 23:19:05 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\D610\IECompatCache
[2010.08.24 23:13:54 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.08.24 22:33:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.08.24 22:20:52 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010.08.24 21:58:01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.08.24 21:58:01 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.08.24 21:58:01 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.08.24 21:58:01 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.08.24 21:57:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.08.24 21:52:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.08.23 19:51:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D610\Local Settings\Data aplikací\WMTools Downloaded Files
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.08.31 16:13:34 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.08.31 16:12:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.08.31 09:31:04 | 000,000,960 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010.08.31 09:30:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.08.31 09:29:33 | 005,505,024 | ---- | M] () -- C:\Documents and Settings\D610\ntuser.dat
[2010.08.31 09:29:33 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\D610\ntuser.ini
[2010.08.31 09:26:03 | 004,842,590 | -H-- | M] () -- C:\Documents and Settings\D610\Local Settings\Data aplikací\IconCache.db
[2010.08.31 09:11:46 | 000,000,133 | ---- | M] () -- C:\Documents and Settings\D610\Plocha\cmd.bat
[2010.08.31 08:26:42 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\D610\Plocha\OTL.exe
[2010.08.27 11:13:15 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\kdxvfkg.sys
[2010.08.27 09:29:39 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.08.24 23:21:00 | 000,221,074 | ---- | M] () -- C:\Documents and Settings\D610\Plocha\cc_20100824_232039.reg
[2010.08.24 23:13:55 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\D610\Plocha\CCleaner.lnk
[2010.08.24 22:38:29 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.08.24 22:38:13 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.08.24 21:19:26 | 003,827,072 | R--- | M] () -- C:\Documents and Settings\D610\Plocha\ComboFix.exe
[2010.08.23 20:10:04 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\D610\iaoupryts.exe
[2010.08.23 20:10:02 | 000,033,792 | ---- | M] () -- C:\WINDOWS\System32\iaoupryts.exe
[2010.08.23 20:09:23 | 000,216,576 | ---- | M] () -- C:\WINDOWS\System32\peciboozup.exe
[2010.08.23 19:38:19 | 000,112,128 | RHS- | M] () -- C:\Documents and Settings\D610\Data aplikací\ozzfhv.exe
[2010.08.22 18:29:08 | 000,203,776 | ---- | M] () -- C:\Documents and Settings\D610\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.08.31 09:11:46 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\D610\Plocha\cmd.bat
[2010.08.27 11:13:15 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\kdxvfkg.sys
[2010.08.27 09:29:39 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.08.24 23:20:45 | 000,221,074 | ---- | C] () -- C:\Documents and Settings\D610\Plocha\cc_20100824_232039.reg
[2010.08.24 23:13:55 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\D610\Plocha\CCleaner.lnk
[2010.08.24 21:58:01 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.08.24 21:58:01 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.08.24 21:58:01 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.08.24 21:58:01 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.08.24 21:58:01 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.08.24 21:51:49 | 003,827,072 | R--- | C] () -- C:\Documents and Settings\D610\Plocha\ComboFix.exe
[2010.08.23 20:09:16 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\peciboozup.exe
[2010.08.23 19:44:17 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\D610\iaoupryts.exe
[2010.08.23 19:44:16 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\iaoupryts.exe
[2010.08.23 19:38:19 | 000,112,128 | RHS- | C] () -- C:\Documents and Settings\D610\Data aplikací\ozzfhv.exe
[2009.09.15 18:22:24 | 000,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009.07.26 18:49:20 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.04.13 22:15:28 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2009.01.26 23:51:02 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008.12.13 01:49:10 | 000,000,097 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2008.11.08 18:33:42 | 000,203,776 | ---- | C] () -- C:\Documents and Settings\D610\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.11.08 15:38:48 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.11.08 15:38:48 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008.11.08 15:38:48 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008.11.08 15:38:47 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.11.08 15:38:47 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008.10.02 13:58:08 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008.10.02 13:56:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2008.10.02 13:21:28 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2005.10.14 12:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 12:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 12:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 12:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 12:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 12:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.09.01 21:44:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005.07.22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004.07.20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004.01.15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll

========== LOP Check ==========

[2008.11.08 18:36:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ashampoo
[2009.09.15 18:16:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonBJ
[2010.07.18 17:32:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonIJPLM
[2009.11.18 00:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\FarmFrenzy2
[2009.03.12 18:41:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2009.05.16 08:58:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\LightScribe
[2009.09.15 18:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ScanSoft
[2008.11.08 18:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\D610\Data aplikací\Ashampoo
[2009.09.23 19:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\D610\Data aplikací\Canon
[2009.10.03 09:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\D610\Data aplikací\gtk-2.0
[2010.06.12 09:03:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\D610\Data aplikací\ICQ
[2008.11.08 18:15:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\D610\Data aplikací\ICQLite
[2009.09.15 18:22:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\D610\Data aplikací\ScanSoft
[2008.11.08 16:54:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\D610\Data aplikací\XnView

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"LightScribe Control Panel" = C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden -- [2007.06.20 12:49:10 | 000,451,872 | ---- | M] (Hewlett-Packard Company)
"Skype" = "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized -- [2010.05.13 16:12:40 | 026,192,168 | R--- | M] (Skype Technologies S.A.)
"iaoupryts" = C:\Documents and Settings\D610\iaoupryts.exe -- [2010.08.23 20:10:04 | 000,033,792 | ---- | M] ()

< c:\windows\*.* /U >
[5 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2008.12.13 00:44:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\D610\Data aplikací\Adobe
[2009.05.16 08:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\D610\Data aplikací\Ahead
[2008.11.08 18:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\D610\Data aplikací\Ashampoo
[2009.09.23 19:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\D610\Data aplikací\Canon
[2009.01.10 14:51:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\D610\Data aplikací\Google
[2009.10.03 09:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\D610\Data aplikací\gtk-2.0
[2010.06.12 09:03:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\D610\Data aplikací\ICQ
[2008.11.08 18:15:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\D610\Data aplikací\ICQLite
[2008.10.02 13:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\D610\Data aplikací\Identities
[2008.10.02 13:55:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\D610\Data aplikací\Intel
[2008.11.08 13:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\D610\Data aplikací\Macromedia
[2010.08.27 09:31:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\D610\Data aplikací\Malwarebytes
[2009.05.16 09:33:07 | 000,000,000 | --SD | M] -- C:\Documents and Settings\D610\Data aplikací\Microsoft
[2008.11.08 15:36:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\D610\Data aplikací\Mozilla
[2010.08.22 11:49:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\D610\Data aplikací\OpenOffice.org2
[2009.09.15 18:22:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\D610\Data aplikací\ScanSoft
[2010.08.31 09:37:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\D610\Data aplikací\Skype
[2010.08.31 08:28:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\D610\Data aplikací\skypePM
[2009.10.25 09:23:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\D610\Data aplikací\Sun
[2008.11.08 16:54:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\D610\Data aplikací\XnView

< %APPDATA%\*.exe /s >
[2010.08.23 19:38:19 | 000,112,128 | RHS- | M] () -- C:\Documents and Settings\D610\Data aplikací\ozzfhv.exe

< MD5 for: AGP440.SYS >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009.03.03 21:01:44 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009.03.03 21:01:44 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009.03.03 21:01:44 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009.03.03 21:01:44 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.18 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: CDROM.SYS >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2009.03.03 21:01:44 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2009.03.03 21:01:44 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004.08.18 14:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2004.08.18 14:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2004.08.18 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004.08.18 14:00:00 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: HAL.DLL >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2009.03.03 21:01:44 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2009.03.03 21:01:44 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2008.04.13 20:31:28 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=6F61D3287A6A15A08A9433222C09D17F -- C:\WINDOWS\system32\HAL.DLL
[2004.08.18 14:00:00 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll

< MD5 for: CHANGER.SYS >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2009.03.03 21:01:44 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2009.03.03 21:01:44 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys

< MD5 for: ISAPNP.SYS >
[2009.03.03 21:01:44 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2009.03.03 21:01:44 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2001.10.24 11:44:12 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
[2004.08.18 14:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2004.08.18 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2004.08.18 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2004.08.18 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004.08.18 14:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.18 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2004.08.18 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004.08.18 14:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2004.08.18 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.18 14:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2004.08.18 14:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008.10.02 14:57:38 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008.10.02 14:57:38 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008.10.02 14:57:38 | 000,479,232 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2010.08.31 16:13:34 | 000,012,598 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report >

kail5 · #8 Příspěvek od **kail5** » 31 srp 2010 15:38

Extras.txt
OTL Extras logfile created on: 31.8.2010 16:17:14 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\D610\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

503,00 Mb Total Physical Memory | 396,00 Mb Available Physical Memory | 79,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 95,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55,89 Gb Total Space | 12,53 Gb Free Space | 22,42% Space Free | Partition Type: NTFS
Drive D: | 3,84 Gb Total Space | 0,50 Gb Free Space | 12,98% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHOSE-LAPTOP
Current User Name: D610
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-4221669891-2159344026-1686429561-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Prozkoumat v XnView] -- "C:\Program Files\XnView\xnview.exe" "%1" (XnView, http://www.xnview.com)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\ICQLite\ICQLite.exe" = C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite -- File not found
"C:\Program Files\ICQ6\ICQ.exe" = C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Program Files\Valve\hl.exe" = C:\Program Files\Valve\hl.exe:*:Disabled:Half-Life Launcher -- (Valve)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{0E0479F8-180F-4054-B4F7-17EE657F90BF}" = TIPCI
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{252436F1-9583-4AD7-AA11-619AFFB96543}" = Xpand Rally
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{AC76BA86-7AD7-1029-7B44-A90000000001}" = Adobe Reader 9 - Czech
"{BC61F51E-8AF7-46B9-AF20-B33B5EE81029}" = Nero 7 Essentials
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2ED62F4-4F0B-44DF-B630-DD02FD7E8C60}" = OpenOffice.org 2.4
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE86A0E7-818D-43EC-A181-59BA9BD3EF2E}" = LightScribe 1.8.13.1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D4006E71-FF32-44FF-AD5A-B5EE4389B825}_is1" = FlatOut2
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast!" = avast! Antivirus
"BSPlayer1" = BSPlayer
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.92 Modem
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Farm Frenzy 21.0" = Farm Frenzy 2
"Google Updater" = Google Updater
"ICQToolbar" = ICQ Toolbar
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{0E0479F8-180F-4054-B4F7-17EE657F90BF}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{252436F1-9583-4AD7-AA11-619AFFB96543}" = Xpand Rally
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.10)" = Mozilla Firefox (3.5.10)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ProInst" = Software Intel(R) PROSet/Wireless
"QuicktimeAlt_is1" = QuickTime Alternative 2.6.0
"Registrace uživatele zařízení Canon MP210 series" = Registrace uživatele zařízení Canon MP210 series
"ST6UNST #1" = FreeDVD Codec Installer Version 1.0
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.4
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XnView_is1" = XnView 1.94.2

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 27.8.2010 13:15:58 | Computer Name = CHOSE-LAPTOP | Source = avast! | ID = 33554522
Description = AAVM - chyba při startu: g_tdi.Initialize failed! (logName: C:\Program
Files\Alwil Software\Avast4\DATA\log\nshield.log), 00000000.

Error - 28.8.2010 9:27:48 | Computer Name = CHOSE-LAPTOP | Source = avast! | ID = 33554522
Description = AAVM - chyba při startu: Network Shield provider: driver open failed,
error code: 0x2 , 00000000.

Error - 28.8.2010 9:27:48 | Computer Name = CHOSE-LAPTOP | Source = avast! | ID = 33554522
Description = AAVM - chyba při startu: g_tdi.Initialize failed! (logName: C:\Program
Files\Alwil Software\Avast4\DATA\log\nshield.log), 00000000.

Error - 28.8.2010 10:56:55 | Computer Name = CHOSE-LAPTOP | Source = avast! | ID = 33554522
Description = AAVM - chyba při startu: Network Shield provider: driver open failed,
error code: 0x2 , 00000000.

Error - 28.8.2010 10:56:55 | Computer Name = CHOSE-LAPTOP | Source = avast! | ID = 33554522
Description = AAVM - chyba při startu: g_tdi.Initialize failed! (logName: C:\Program
Files\Alwil Software\Avast4\DATA\log\nshield.log), 00000000.

Error - 29.8.2010 6:52:38 | Computer Name = CHOSE-LAPTOP | Source = avast! | ID = 33554522
Description = AAVM - chyba při startu: Network Shield provider: driver open failed,
error code: 0x2 , 00000000.

Error - 29.8.2010 6:52:38 | Computer Name = CHOSE-LAPTOP | Source = avast! | ID = 33554522
Description = AAVM - chyba při startu: g_tdi.Initialize failed! (logName: C:\Program
Files\Alwil Software\Avast4\DATA\log\nshield.log), 00000000.

Error - 31.8.2010 2:27:22 | Computer Name = CHOSE-LAPTOP | Source = avast! | ID = 33554522
Description = AAVM - chyba při startu: Network Shield provider: driver open failed,
error code: 0x2 , 00000000.

Error - 31.8.2010 2:27:22 | Computer Name = CHOSE-LAPTOP | Source = avast! | ID = 33554522
Description = AAVM - chyba při startu: g_tdi.Initialize failed! (logName: C:\Program
Files\Alwil Software\Avast4\DATA\log\nshield.log), 00000000.

Error - 31.8.2010 3:30:51 | Computer Name = CHOSE-LAPTOP | Source = avast! | ID = 33554522
Description = AAVM - chyba při startu: Network Shield provider: driver open failed,
error code: 0x2 , 00000000.

[ Application Events ]
Error - 31.8.2010 2:28:27 | Computer Name = CHOSE-LAPTOP | Source = PerfNet | ID = 2002
Description = Nelze otevřít službu přesměrovače. Data o výkonu přesměrovače nejsou
k
dispozici.Vrácený chybový kód je v datech DWORD 0.

Error - 31.8.2010 2:28:36 | Computer Name = CHOSE-LAPTOP | Source = Application Error | ID = 1000
Description = Chybující aplikace iaoupryts.exe, verze 1.0.0.1, chybující modul unknown,
verze 0.0.0.0, adresa chyby 0x00300034.

Error - 31.8.2010 2:29:14 | Computer Name = CHOSE-LAPTOP | Source = Application Error | ID = 1000
Description = Chybující aplikace iaoupryts.exe, verze 1.0.0.1, chybující modul unknown,
verze 0.0.0.0, adresa chyby 0x00300034.

Error - 31.8.2010 3:30:56 | Computer Name = CHOSE-LAPTOP | Source = JavaQuickStarterService | ID = 1
Description =

Error - 31.8.2010 3:30:58 | Computer Name = CHOSE-LAPTOP | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.

Error - 31.8.2010 3:30:58 | Computer Name = CHOSE-LAPTOP | Source = PerfNet | ID = 2002
Description = Nelze otevřít službu přesměrovače. Data o výkonu přesměrovače nejsou
k
dispozici.Vrácený chybový kód je v datech DWORD 0.

Error - 31.8.2010 3:37:27 | Computer Name = CHOSE-LAPTOP | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.

Error - 31.8.2010 3:37:27 | Computer Name = CHOSE-LAPTOP | Source = PerfNet | ID = 2002
Description = Nelze otevřít službu přesměrovače. Data o výkonu přesměrovače nejsou
k
dispozici.Vrácený chybový kód je v datech DWORD 0.

Error - 31.8.2010 3:37:29 | Computer Name = CHOSE-LAPTOP | Source = Application Error | ID = 1000
Description = Chybující aplikace iaoupryts.exe, verze 1.0.0.1, chybující modul unknown,
verze 0.0.0.0, adresa chyby 0x00300034.

Error - 31.8.2010 3:37:53 | Computer Name = CHOSE-LAPTOP | Source = Application Error | ID = 1000
Description = Chybující aplikace iaoupryts.exe, verze 1.0.0.1, chybující modul unknown,
verze 0.0.0.0, adresa chyby 0x00300034.

[ System Events ]
Error - 31.8.2010 2:28:11 | Computer Name = CHOSE-LAPTOP | Source = Service Control Manager | ID = 7001
Description = Služba Sledování umístění v síti (NLA) závisí na službě AFD, která
neuspěla při spuštění v důsledku následující chyby: %%2

Error - 31.8.2010 2:29:21 | Computer Name = CHOSE-LAPTOP | Source = Service Control Manager | ID = 7000
Description = Služba Ovladač IPSEC neuspěla při spuštění v důsledku následující
chyby: %%2

Error - 31.8.2010 2:29:21 | Computer Name = CHOSE-LAPTOP | Source = Service Control Manager | ID = 7001
Description = Služba Ovladač protokolu TCP/IP závisí na službě Ovladač IPSEC, která
neuspěla při spuštění v důsledku následující chyby: %%2

Error - 31.8.2010 2:29:21 | Computer Name = CHOSE-LAPTOP | Source = Service Control Manager | ID = 7000
Description = Služba AFD neuspěla při spuštění v důsledku následující chyby: %%2

Error - 31.8.2010 2:29:21 | Computer Name = CHOSE-LAPTOP | Source = Service Control Manager | ID = 7001
Description = Služba Sledování umístění v síti (NLA) závisí na službě AFD, která
neuspěla při spuštění v důsledku následující chyby: %%2

Error - 31.8.2010 2:29:27 | Computer Name = CHOSE-LAPTOP | Source = Service Control Manager | ID = 7000
Description = Služba Ovladač IPSEC neuspěla při spuštění v důsledku následující
chyby: %%2

Error - 31.8.2010 2:29:27 | Computer Name = CHOSE-LAPTOP | Source = Service Control Manager | ID = 7001
Description = Služba Ovladač protokolu TCP/IP závisí na službě Ovladač IPSEC, která
neuspěla při spuštění v důsledku následující chyby: %%2

Error - 31.8.2010 2:29:27 | Computer Name = CHOSE-LAPTOP | Source = Service Control Manager | ID = 7000
Description = Služba AFD neuspěla při spuštění v důsledku následující chyby: %%2

Error - 31.8.2010 2:29:27 | Computer Name = CHOSE-LAPTOP | Source = Service Control Manager | ID = 7001
Description = Služba Sledování umístění v síti (NLA) závisí na službě AFD, která
neuspěla při spuštění v důsledku následující chyby: %%2

Error - 31.8.2010 2:32:41 | Computer Name = CHOSE-LAPTOP | Source = SRService | ID = 104
Description = Proces inicializace nástroje Obnovení systému se nezdařil.

< End of report >

#9 Příspěvek od **motji** » 01 zář 2010 18:34

Omlouvám se za zpoždění, logy z OTL mi zaberou víc času.

Spustte OTL
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O20 - HKLM Winlogon: TaskMan - (C:\Documents and Settings\D610\Data aplikací\ozzfhv.exe) - C:\Documents and Settings\D610\Data aplikací\ozzfhv.exe ()
O4 - HKLM..\Run: [iaoupryts] C:\WINDOWS\system32\iaoupryts.exe ()
O4 - HKU\S-1-5-21-4221669891-2159344026-1686429561-1003..\Run: [iaoupryts] C:\Documents and Settings\D610\iaoupryts.exe ()
O2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL File not found
O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL File not found
O3 - HKU\S-1-5-21-4221669891-2159344026-1686429561-1003\..\Toolbar\ShellBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL File not found
O3 - HKU\S-1-5-21-4221669891-2159344026-1686429561-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL File not found
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&q="
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
IE - HKU\S-1-5-21-4221669891-2159344026-1686429561-1003\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-4221669891-2159344026-1686429561-1003\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-4221669891-2159344026-1686429561-1003\..\URLSearchHook: {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL File not found

:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s
 C:\WINDOWS\System32\peciboozup.exe
C:\Documents and Settings\D610\iaoupryts.exe
C:\WINDOWS\System32\iaoupryts.exe
C:\Documents and Settings\D610\Data aplikací\ozzfhv.exe
C:\WINDOWS\System32\drivers\kdxvfkg.sys
C:\Documents and Settings\D610\Plocha\cmd.bat

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="explorer.exe"

:services
AtapiDrv

:commands
[emptytemp]
[EMPTYFLASH]
[Reboot]

-klikněte na tlačítko opravit.
-Následně se pc restartuje.
- Log vložte zde

kail5 · #10 Příspěvek od **kail5** » 01 zář 2010 23:33

Není se za co omlouvat, jsem rád, že se mi někdo věnuje a to v rozumném čase (díky).

Nalogoval jsem se jako běžný uživatel, spustil OTL a zkopíroval do něj určený kód.
Chvíli to něco dělalo a pak se vyvolal restart.
Po restartu se nikde nový log neobjevil.

Chyba o iaoupryts.exe se po restartu objevila znovu.
Chtěl jsem znovu spustit OTL a zadat nový scan, abych získal log, ale OTL nešlo spustit, Windows opět hlásí chybu a nedostačujících prostředcích.

Proto jsem provedl restart a najel do nouzového režimu. V něm jsem OTL spustil a zadal nový scan (stejně jako prvně: pro všechny uživatele, LOP a Purity).

Log Extras.txt se nevytvořil. Log OTL.txt je zde:
OTL logfile created on: 1.9.2010 23:22:02 - Run 2
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\D610\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

503,00 Mb Total Physical Memory | 378,00 Mb Available Physical Memory | 75,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 95,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55,89 Gb Total Space | 12,53 Gb Free Space | 22,43% Space Free | Partition Type: NTFS
Drive D: | 3,84 Gb Total Space | 0,50 Gb Free Space | 12,98% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHOSE-LAPTOP
Current User Name: D610
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.08.31 08:26:42 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\D610\Plocha\OTL.exe
PRC - [2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010.08.31 08:26:42 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\D610\Plocha\OTL.exe
MOD - [2008.04.14 05:19:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2008.10.19 15:30:02 | 000,222,456 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2008.10.06 10:19:36 | 000,033,752 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R) Helper) getPlus(R)
SRV - [2008.07.29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.07.23 17:25:45 | 000,348,344 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2008.07.19 17:38:28 | 000,147,640 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2008.07.19 17:38:04 | 000,250,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2008.07.19 17:25:06 | 000,016,056 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2007.04.13 08:49:00 | 000,101,528 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007.02.21 11:28:36 | 000,643,072 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2007.02.21 11:19:40 | 000,294,912 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)
SRV - [2007.02.21 11:16:48 | 000,983,040 | ---- | M] (Intel Corporation ) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2007.02.21 11:10:00 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2005.08.30 17:36:00 | 000,188,416 | ---- | M] (Cambridge Silicon Radio) [Disabled | Stopped] -- C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe -- (Bluetooth Hid Switch Service)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\D610\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2008.07.19 17:37:42 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008.07.19 17:37:21 | 000,094,416 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2008.07.19 17:35:18 | 000,078,416 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2008.07.19 17:33:42 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2008.07.19 17:32:36 | 000,042,912 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2008.07.19 17:32:15 | 000,026,944 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2007.02.21 11:16:12 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007.02.08 13:51:16 | 002,209,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2007.01.12 20:09:53 | 000,082,296 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2006.07.10 18:19:58 | 000,027,032 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2006.07.05 14:46:06 | 000,063,352 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01a.sys -- (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a)
DRV - [2006.06.14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2006.04.06 15:49:00 | 000,088,192 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
DRV - [2006.01.11 19:25:26 | 000,039,808 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006.01.11 17:29:42 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2006.01.07 05:39:30 | 000,108,800 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2005.11.22 09:47:00 | 000,047,104 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005.09.28 20:57:18 | 000,113,847 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2005.09.15 18:06:08 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2005.08.01 16:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005.07.11 18:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005.05.03 15:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005.05.03 15:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005.05.03 15:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005.04.06 09:54:44 | 000,050,048 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2005.03.10 16:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2005.01.14 18:14:07 | 000,047,616 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005.01.06 13:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004.09.03 12:23:38 | 000,121,472 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004.08.18 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\beep.backup -- (Beep)
DRV - [2001.10.24 12:04:44 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4221669891-2159344026-1686429561-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-4221669891-2159344026-1686429561-1003\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-4221669891-2159344026-1686429561-1003\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-4221669891-2159344026-1686429561-1003\..\URLSearchHook: {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL File not found
IE - HKU\S-1-5-21-4221669891-2159344026-1686429561-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.4.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_result ... id=afex&q="
FF - prefs.js..network.proxy.autoconfig_url: "http://library.muni.cz/proxy/libproxy.pac"
FF - prefs.js..network.proxy.type: 2

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.26 01:27:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.23 23:29:21 | 000,000,000 | ---D | M]

[2008.11.08 15:36:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\D610\Data aplikací\Mozilla\Extensions
[2010.08.23 19:58:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\D610\Data aplikací\Mozilla\Firefox\Profiles\svsxn7oo.default\extensions
[2010.05.20 17:04:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\D610\Data aplikací\Mozilla\Firefox\Profiles\svsxn7oo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.20 17:04:44 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\D610\Data aplikací\Mozilla\Firefox\Profiles\svsxn7oo.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010.05.20 17:04:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\D610\Data aplikací\Mozilla\Firefox\Profiles\svsxn7oo.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.08.23 19:59:29 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\D610\Data aplikací\Mozilla\Firefox\Profiles\svsxn7oo.default\searchplugins\icqplugin-1.xml
[2010.01.07 13:54:08 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\D610\Data aplikací\Mozilla\Firefox\Profiles\svsxn7oo.default\searchplugins\icqplugin-10.xml
[2010.01.07 14:07:02 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\D610\Data aplikací\Mozilla\Firefox\Profiles\svsxn7oo.default\searchplugins\icqplugin-11.xml
[2010.06.23 23:29:49 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\D610\Data aplikací\Mozilla\Firefox\Profiles\svsxn7oo.default\searchplugins\icqplugin-12.xml
[2009.04.26 17:48:43 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\D610\Data aplikací\Mozilla\Firefox\Profiles\svsxn7oo.default\searchplugins\icqplugin-2.xml
[2009.05.02 21:28:27 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\D610\Data aplikací\Mozilla\Firefox\Profiles\svsxn7oo.default\searchplugins\icqplugin-3.xml
[2009.06.14 15:22:04 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\D610\Data aplikací\Mozilla\Firefox\Profiles\svsxn7oo.default\searchplugins\icqplugin-4.xml
[2009.07.26 17:59:18 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\D610\Data aplikací\Mozilla\Firefox\Profiles\svsxn7oo.default\searchplugins\icqplugin-5.xml
[2009.08.06 19:38:11 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\D610\Data aplikací\Mozilla\Firefox\Profiles\svsxn7oo.default\searchplugins\icqplugin-6.xml
[2009.09.14 18:21:29 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\D610\Data aplikací\Mozilla\Firefox\Profiles\svsxn7oo.default\searchplugins\icqplugin-7.xml
[2009.10.31 16:42:20 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\D610\Data aplikací\Mozilla\Firefox\Profiles\svsxn7oo.default\searchplugins\icqplugin-8.xml
[2009.12.20 18:55:56 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\D610\Data aplikací\Mozilla\Firefox\Profiles\svsxn7oo.default\searchplugins\icqplugin-9.xml
[2008.03.31 09:52:00 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\D610\Data aplikací\Mozilla\Firefox\Profiles\svsxn7oo.default\searchplugins\icqplugin.gif
[2008.03.31 09:52:00 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\D610\Data aplikací\Mozilla\Firefox\Profiles\svsxn7oo.default\searchplugins\icqplugin.src
[2009.03.28 00:22:19 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\D610\Data aplikací\Mozilla\Firefox\Profiles\svsxn7oo.default\searchplugins\icqplugin.xml
[2010.08.27 09:10:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.03.12 18:42:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.06.21 23:01:07 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.01.28 10:31:29 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.01.28 10:31:29 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.01.28 10:31:29 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.01.28 10:31:30 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.01.28 10:31:30 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.08.24 22:38:13 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL File not found
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL File not found
O3 - HKU\S-1-5-21-4221669891-2159344026-1686429561-1003\..\Toolbar\ShellBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL File not found
O3 - HKU\S-1-5-21-4221669891-2159344026-1686429561-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [iaoupryts] C:\WINDOWS\system32\iaoupryts.exe ()
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKU\S-1-5-21-4221669891-2159344026-1686429561-1003..\Run: [iaoupryts] C:\Documents and Settings\D610\iaoupryts.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4221669891-2159344026-1686429561-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4221669891-2159344026-1686429561-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-4221669891-2159344026-1686429561-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-4221669891-2159344026-1686429561-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://icq.oberon-media.com/Gameshell/G ... meHost.cab (Oberon Flash Game Host)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (C:\Documents and Settings\D610\Data aplikací\ozzfhv.exe) - C:\Documents and Settings\D610\Data aplikací\ozzfhv.exe ()
O20 - HKU\S-1-5-21-4221669891-2159344026-1686429561-1003 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-4221669891-2159344026-1686429561-1003 Winlogon: Shell - (C:\Documents and Settings\D610\Data aplikací\ozzfhv.exe) - C:\Documents and Settings\D610\Data aplikací\ozzfhv.exe ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\D610\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\D610\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.10.02 13:10:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.09.01 22:13:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.08.31 08:29:56 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\D610\Plocha\OTL.exe
[2010.08.27 09:31:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D610\Data aplikací\Malwarebytes
[2010.08.27 09:29:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.08.27 09:29:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2010.08.27 09:29:31 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.08.27 09:29:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.08.26 08:30:30 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.08.26 08:30:30 | 000,000,000 | ---D | C] -- C:\rsit
[2010.08.24 23:19:07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\D610\Recent
[2010.08.24 23:19:07 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.08.24 23:19:05 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\D610\IECompatCache
[2010.08.24 23:13:54 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.08.24 22:33:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.08.24 22:20:52 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010.08.24 21:58:01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.08.24 21:58:01 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.08.24 21:58:01 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.08.24 21:58:01 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.08.24 21:57:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.08.24 21:52:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.08.23 19:51:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D610\Local Settings\Data aplikací\WMTools Downloaded Files
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.09.01 23:21:24 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.09.01 23:18:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.09.01 23:17:42 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.09.01 23:17:25 | 005,505,024 | ---- | M] () -- C:\Documents and Settings\D610\ntuser.dat
[2010.09.01 23:17:25 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\D610\ntuser.ini
[2010.09.01 23:16:22 | 004,310,102 | -H-- | M] () -- C:\Documents and Settings\D610\Local Settings\Data aplikací\IconCache.db
[2010.09.01 22:15:59 | 000,000,960 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010.08.31 08:26:42 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\D610\Plocha\OTL.exe
[2010.08.27 11:13:15 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\kdxvfkg.sys
[2010.08.27 09:29:39 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.08.24 23:21:00 | 000,221,074 | ---- | M] () -- C:\Documents and Settings\D610\Plocha\cc_20100824_232039.reg
[2010.08.24 23:13:55 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\D610\Plocha\CCleaner.lnk
[2010.08.24 22:38:29 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.08.24 22:38:13 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.08.24 21:19:26 | 003,827,072 | R--- | M] () -- C:\Documents and Settings\D610\Plocha\ComboFix.exe
[2010.08.23 20:10:04 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\D610\iaoupryts.exe
[2010.08.23 20:10:02 | 000,033,792 | ---- | M] () -- C:\WINDOWS\System32\iaoupryts.exe
[2010.08.23 20:09:23 | 000,216,576 | ---- | M] () -- C:\WINDOWS\System32\peciboozup.exe
[2010.08.23 19:38:19 | 000,112,128 | RHS- | M] () -- C:\Documents and Settings\D610\Data aplikací\ozzfhv.exe
[2010.08.22 18:29:08 | 000,203,776 | ---- | M] () -- C:\Documents and Settings\D610\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.08.27 11:13:15 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\kdxvfkg.sys
[2010.08.27 09:29:39 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.08.24 23:20:45 | 000,221,074 | ---- | C] () -- C:\Documents and Settings\D610\Plocha\cc_20100824_232039.reg
[2010.08.24 23:13:55 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\D610\Plocha\CCleaner.lnk
[2010.08.24 21:58:01 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.08.24 21:58:01 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.08.24 21:58:01 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.08.24 21:58:01 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.08.24 21:58:01 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.08.24 21:51:49 | 003,827,072 | R--- | C] () -- C:\Documents and Settings\D610\Plocha\ComboFix.exe
[2010.08.23 20:09:16 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\peciboozup.exe
[2010.08.23 19:44:17 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\D610\iaoupryts.exe
[2010.08.23 19:44:16 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\iaoupryts.exe
[2010.08.23 19:38:19 | 000,112,128 | RHS- | C] () -- C:\Documents and Settings\D610\Data aplikací\ozzfhv.exe
[2009.09.15 18:22:24 | 000,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009.07.26 18:49:20 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.04.13 22:15:28 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2009.01.26 23:51:02 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008.12.13 01:49:10 | 000,000,097 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2008.11.08 18:33:42 | 000,203,776 | ---- | C] () -- C:\Documents and Settings\D610\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.11.08 15:38:48 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.11.08 15:38:48 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008.11.08 15:38:48 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008.11.08 15:38:47 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.11.08 15:38:47 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008.10.02 13:58:08 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008.10.02 13:56:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2008.10.02 13:21:28 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2005.10.14 12:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 12:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 12:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 12:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 12:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 12:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.09.01 21:44:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005.07.22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004.07.20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004.01.15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll

========== LOP Check ==========

[2008.11.08 18:36:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ashampoo
[2009.09.15 18:16:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonBJ
[2010.07.18 17:32:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonIJPLM
[2009.11.18 00:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\FarmFrenzy2
[2009.03.12 18:41:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2009.05.16 08:58:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\LightScribe
[2009.09.15 18:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ScanSoft
[2008.11.08 18:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\D610\Data aplikací\Ashampoo
[2009.09.23 19:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\D610\Data aplikací\Canon
[2009.10.03 09:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\D610\Data aplikací\gtk-2.0
[2010.06.12 09:03:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\D610\Data aplikací\ICQ
[2008.11.08 18:15:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\D610\Data aplikací\ICQLite
[2009.09.15 18:22:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\D610\Data aplikací\ScanSoft
[2008.11.08 16:54:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\D610\Data aplikací\XnView

========== Purity Check ==========

< End of report >

#11 Příspěvek od **motji** » 02 zář 2010 09:36

Ten příkaz se totiž vůbec neprovedl, soubory jsou tam dál

Ještě se zeptám, když jste dělal ten skript, dal jste tlačítko opravit?

Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

Obrázek

záložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner

Obrázek

záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy

ok

zavřít

Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.

***********

Zkuste ten skript na OTL znovu, ale v nouzovém režimu. Pokud to zase nepujde, vymyslím něco jiného.
Vy jste spouštěl combofix? Asi se Vám neprovedl celý?

Já tu zase budu v tom rozumném čase v noci

, po 9 večer

kail5 · #12 Příspěvek od **kail5** » 03 zář 2010 10:12

Ano, dal jsem tlačítko opravit. Ale v průběhu se provedl, ten restart, myslel jsem, že to tak má být.
Nyní jsem stejný postup provedl v nouzovém režimu, o restartu už mě informavala hláška v OTL (tento restart už se tvářil seriózně).
Po restartu vyskočil log:

All processes killed
========== OTL ==========
Process explorer.exe killed successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\TaskMan:C:\Documents and Settings\D610\Data aplikací\ozzfhv.exe deleted successfully.
C:\Documents and Settings\D610\Data aplikací\ozzfhv.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\iaoupryts deleted successfully.
C:\WINDOWS\system32\iaoupryts.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-4221669891-2159344026-1686429561-1003\Software\Microsoft\Windows\CurrentVersion\Run\\iaoupryts deleted successfully.
C:\Documents and Settings\D610\iaoupryts.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{FE063DB9-4EC0-403e-8DD8-394C54984B2C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4221669891-2159344026-1686429561-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{FE063DB9-4EC0-403E-8DD8-394C54984B2C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}\ not found.
Registry value HKEY_USERS\S-1-5-21-4221669891-2159344026-1686429561-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FE063DB9-4EC0-403E-8DD8-394C54984B2C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}\ not found.
Prefs.js: "http://search.icq.com/search/afe_result ... id=afex&q=" removed from keyword.URL
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Registry value HKEY_USERS\S-1-5-21-4221669891-2159344026-1686429561-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4221669891-2159344026-1686429561-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Program Files\ICQ6Toolbar\ICQToolBar.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-4221669891-2159344026-1686429561-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{9CB65206-89C4-402c-BA80-02D8C59F9B1D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CB65206-89C4-402c-BA80-02D8C59F9B1D}\ deleted successfully.
========== FILES ==========
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
C:\WINDOWS\system32\SET43.tmp moved successfully.
C:\WINDOWS\system32\SET47.tmp moved successfully.
C:\WINDOWS\system32\SET48.tmp moved successfully.
C:\WINDOWS\system32\SET4F.tmp moved successfully.
C:\WINDOWS\system32\SET96.tmp moved successfully.
C:\WINDOWS\002658_.tmp moved successfully.
C:\WINDOWS\DUMP6476.tmp moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP167.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP186.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP24A.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP26E.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP276.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP281.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2AE.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPBD.tmp folder moved successfully.
C:\WINDOWS\system32\CONFIG.TMP moved successfully.
C:\WINDOWS\System32\peciboozup.exe moved successfully.
File\Folder C:\Documents and Settings\D610\iaoupryts.exe not found.
File\Folder C:\WINDOWS\System32\iaoupryts.exe not found.
File\Folder C:\Documents and Settings\D610\Data aplikací\ozzfhv.exe not found.
C:\WINDOWS\System32\drivers\kdxvfkg.sys moved successfully.
File\Folder C:\Documents and Settings\D610\Plocha\cmd.bat not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Shell"|"explorer.exe" /E : value set successfully!
========== SERVICES/DRIVERS ==========
Error: No service named AtapiDrv was found to stop!
Service\Driver key AtapiDrv not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temporary Internet Files folder emptied: 205106 bytes
->Flash cache emptied: 41 bytes

User: Administrator.CHOSE-LAPTOP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 71165 bytes
->FireFox cache emptied: 3246011 bytes
->Flash cache emptied: 41 bytes

User: All Users

User: D610
->Temp folder emptied: 202735 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 64575276 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
->Java cache emptied: 1425920 bytes
->FireFox cache emptied: 3248559 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 180707 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 70,00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: Administrator.CHOSE-LAPTOP
->Flash cache emptied: 0 bytes

User: All Users

User: D610
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: TEMP
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.11.0 log created on 09032010_091738

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Po startu Win nenaskočila žádná chybová hláška.
ComboFix byl spuštěn ještě dřív, než se mi NB dostal do rukou, ale prý proběhl celý, bez nějakého manuálního zásahu.
Při pokusu otevřít např. nějaký hudební soubor stále vyskakuje chyba, že k dokončení operace není dostatek syst. prostředků

#13 Příspěvek od **motji** » 03 zář 2010 10:28

Zkuste ten combofix spustit teď znovu

Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.

Combofix stahněte takto:
- pravým myšítkem klikněte na odkaz combofixu --uložit jako.. ,a teď ho přejmenujte na Potvora.com a uložte.

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-souhlaste s instalací konzole pro zotavení

- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem

kail5 · #14 Příspěvek od **kail5** » 03 zář 2010 11:57

Pokus o spuštění ComboFix /Uninstall selhal zase se zprávou, že na to není dost syst. prostředků.

Udělal jsem reboot do nouzového režimu a přihlásil se jako Administrator.
Zde Uninstall proběhl v pořádku.

Na plochu jsem ComboFix uložil jako Potvora.com a spustil.
Konzolu pro zotavení jsem neinstaloval, z důvodu nemožnosti připojení k síti (zatím nevím, zda chybí ovladače k LAN, nebo co se se síťovou kartou děje, ale není zobrazena ani ve Správci zařízení).
Veškerou komunikace s NB provádím přes flashku.

Zde je log z Potvora.com:
ComboFix 10-09-02.01 - Administrator 03.09.2010 12:43:19.2.1 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.503.378 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator.CHOSE-LAPTOP\Plocha\Potvora.com
AV: avast! antivirus 4.8.1229 [VPS 100725-1] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-08-03 do 2010-09-03 )))))))))))))))))))))))))))))))
.

2010-09-01 20:13 . 2010-09-01 20:13 -------- d-----w- C:\_OTL
2010-08-27 07:29 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-27 07:29 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-27 07:29 . 2010-08-27 07:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-27 07:10 . 2010-08-27 07:10 -------- d-sh--w- c:\documents and settings\Administrator.CHOSE-LAPTOP\PrivacIE
2010-08-26 06:30 . 2010-08-26 06:30 -------- d-----w- C:\rsit
2010-08-26 06:30 . 2010-08-26 06:30 -------- d-----w- c:\program files\trend micro
2010-08-24 21:19 . 2010-08-24 21:19 -------- d-sh--w- c:\documents and settings\D610\IECompatCache
2010-08-24 21:13 . 2010-08-24 21:13 -------- d-----w- c:\program files\CCleaner
2010-08-23 18:16 . 2010-08-23 18:16 -------- d-sh--w- c:\documents and settings\Administrator.CHOSE-LAPTOP\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-21 19:02 . 2008-11-08 14:54 -------- d-----w- c:\program files\XnView
2010-06-24 01:06 . 2004-08-18 12:00 77872 ----a-w- c:\windows\system32\perfc005.dat
2010-06-24 01:06 . 2004-08-18 12:00 428750 ----a-w- c:\windows\system32\perfh005.dat
2010-06-14 14:31 . 2008-10-02 11:07 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
.

------- Sigcheck -------

[7] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[7] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ndis.sys
[7] 2004-08-18 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys

c:\windows\System32\drivers\ndis.sys ... chybí !!
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-06-20 451872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-09-15 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-09-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-09-15 118784]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-25 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-11-18 1724416]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"="c:\documents and settings\D610\Data aplikací\ozzfhv.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [8.11.2008 18:38 78416]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8.11.2008 18:38 20560]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [12.3.2009 18:41 222456]
S3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2.10.2008 13:38 88192]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 10:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-09-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-10 17:28]
.
.
------- Doplňkový sken -------
.
FF - ProfilePath - c:\documents and settings\Administrator.CHOSE-LAPTOP\Data aplikací\Mozilla\Firefox\Profiles\rcn2lmqa.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-03 12:48
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-4221669891-2159344026-1686429561-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,84,31,2d,2a,eb,70,51,41,b2,ae,bf,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,84,31,2d,2a,eb,70,51,41,b2,ae,bf,\
.
Celkový čas: 2010-09-03 12:51:10
ComboFix-quarantined-files.txt 2010-09-03 10:50

Před spuštěním: Volných bajtů: 13 581 094 912
Po spuštění: Volných bajtů: 13 536 514 048

- - End Of File - - FAE6AEC86A9232B4778722FA1DFACB23

#15 Příspěvek od **motji** » 03 zář 2010 12:48

Driver od síťovky skutečně chybí, ten nahradíme. A ještě je tam stále šmejd. zatím pracujte v nouzovém režimu.

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

KillAll::
FCOPY::
c:\windows\ServicePackFiles\i386\ndis.sys | c:\windows\System32\drivers\ndis.sys

Collect::
c:\documents and settings\D610\Data aplikací\ozzfhv.exe

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=-

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek

-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

VIRY.CZ

PC je pomalé, nejde nic spustit pro nedostatek prostředků

PC je pomalé, nejde nic spustit pro nedostatek prostředků

Re: PC je pomalé, nejde nic spustit pro nedostatek prostředk

Re: PC je pomalé, nejde nic spustit pro nedostatek prostředk

Re: PC je pomalé, nejde nic spustit pro nedostatek prostředk

Re: PC je pomalé, nejde nic spustit pro nedostatek prostředk

Re: PC je pomalé, nejde nic spustit pro nedostatek prostředk

Re: PC je pomalé, nejde nic spustit pro nedostatek prostředk

Re: PC je pomalé, nejde nic spustit pro nedostatek prostředk

Re: PC je pomalé, nejde nic spustit pro nedostatek prostředk

Re: PC je pomalé, nejde nic spustit pro nedostatek prostředk

Re: PC je pomalé, nejde nic spustit pro nedostatek prostředk

Re: PC je pomalé, nejde nic spustit pro nedostatek prostředk

Re: PC je pomalé, nejde nic spustit pro nedostatek prostředk

Re: PC je pomalé, nejde nic spustit pro nedostatek prostředk

Re: PC je pomalé, nejde nic spustit pro nedostatek prostředk