Prosím o názor - problém s wifi a lan kartou

Zpráva

Arragorn · #1 Příspěvek od **Arragorn** » 01 říj 2010 11:53

Zdravím Vás.

Trošku poruším pravidlá a nedám sem log. Včera mi jedna známa doniesla notebook Asus, pretože jej neide ani wifi ani lan pripojenie (RJ 45). Na NB je naištalovaný Win XP Pro SP2. Pri nahliadnutí do "Sieťových pripojení" som nenašiel žiadne, akoby neexistovalo žiadne zariadenie na pripojenie do LAN. V "Device manager" sú všetky zariadenia označené žltým trojuholníkom s výkričníkom s chybou komunikácie HW s driverom, ktorý sa nepodarilo nájsť. Na začiatku som skúsil preinštalovať drivery s original CD drier danému k NB, ale nepomohlo. v systéme bol nainštalovaný starý antivir Norton, k tomu ešte neaktualizovaný. Keďže som ho nemohol aktualizovať, odinštaloval som ho spolu so všetkými nainštalovanými programamy vo Windowse, prečistil som registre, nainštaloval so Avast Home Edition 4.8 spolu s najnovšou aktualizáciou. Hneď po spustení, kde kontroluje operačnú pamäť, našiel vírus, tak som nechal naplánovať kontrolu po reštarte. Pri kontrole našlo 70 vírusov

, ktoré som nechal odstrániť. Išlo o všehochuť trojanov a malwarov. Po odstránení som očakával, že sa situácia v device manageri zmení, ale nič, znova problém s komunikáciou driver-HW.
Jedno je zaujímavé, že keď zapnem systém v "Safe mode" tak pri "Lan" zariadeniach nie sú výkričníky. V móde "Safe mode with network" sú znova. Skúsil som teda odinštalovať zariadenia "Lan" a nainštalovať cez najnopvšie drivery a utility priamo z asusu, ale znova vypisuje tú istú chybu v device managery. Z uvedeného vyplýva, že HW nie je poškodený, problém asi bude niekde inde. Verím, že nie medzi klávesnicou a stoličkou.

Na prečistenie registrov som použil CCleaner, RegCleaner, Tune Up 2009.
Určite by pomohla celková preištalácia, ale mňa by zaujímalo, či sa s tým nedá urobiť aj niečo iné, s čím by Ste mi mohli pomôcť Vy.

Ako som písal, zo spomínaného NB nie je možné pripojenie na net, takže ak by boli potrebné nejaké logy z programov, fungoval by som jedine cez USB kľúč a môj NB. Pôvodne som chcel sem dať log z MBAM, ale keďže ho nemám ako aktualizovať, upustil som od toho?

Čo mi teda poradíte??? Vopred vrelá vďaka.

Arragorn · #2 Příspěvek od **Arragorn** » 01 říj 2010 11:56

Ešte jedna vec, nie som teraz pri spomínanom NB, takže neviem napísať presne o aké vírusy išlo, ale ak by to bolo treba, všetky sú v truhle avastu, tak keď sa k nemu dostanem môžem poslať výpis.

#3 Příspěvek od **motji** » 01 říj 2010 14:12

Hezké odpoledne

Já bych Vás poprosila o ten výpis z karantény Avastu

.

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT

- zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde

Arragorn · #4 Příspěvek od **Arragorn** » 01 říj 2010 20:29

OTL.TXT

OTL logfile created on: 10/1/2010 8:51:14 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.57 Gb Total Space | 23.81 Gb Free Space | 63.37% Space Free | Partition Type: NTFS
Drive D: | 97.65 Gb Total Space | 8.52 Gb Free Space | 8.72% Space Free | Partition Type: NTFS
Drive E: | 97.65 Gb Total Space | 81.75 Gb Free Space | 83.72% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 7.92 Gb Total Space | 1.15 Gb Free Space | 14.53% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: OSIFCATKA
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/10/01 20:05:01 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/09/30 20:56:17 | 000,603,904 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe
PRC - [2009/02/05 22:08:45 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/02/05 22:08:40 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/02/05 22:08:26 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/02/05 22:01:25 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008/04/09 04:53:00 | 000,450,648 | ---- | M] (Atheros Communications, Inc.) -- C:\Program Files\Atheros\ACU.exe
PRC - [2008/04/09 04:52:42 | 000,467,028 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2008/02/01 15:17:26 | 000,233,472 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\HControl.exe
PRC - [2008/01/23 15:34:42 | 007,766,016 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2008/01/23 10:51:28 | 000,151,552 | ---- | M] () -- C:\Program Files\ATK Hotkey\WDC.exe
PRC - [2007/12/04 10:57:06 | 002,486,272 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2007/08/15 11:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe
PRC - [2007/08/08 00:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007/08/03 12:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2007/08/02 19:41:52 | 002,760,704 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2007/07/13 17:53:34 | 000,274,432 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2007/07/05 16:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2007/02/27 20:21:08 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2007/02/25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2006/07/26 18:01:06 | 000,090,112 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
PRC - [2006/01/23 23:14:10 | 000,069,632 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/06/10 13:29:52 | 012,047,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

========== Modules (SafeList) ==========

MOD - [2010/10/01 20:05:01 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2004/08/04 00:57:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/03 23:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/09/30 20:56:17 | 000,603,904 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2010/09/30 20:56:14 | 000,360,192 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009/02/05 22:08:40 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/02/05 22:08:26 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/02/05 22:06:04 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/02/05 22:01:25 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2008/12/11 13:31:36 | 000,027,904 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008/04/09 04:52:42 | 000,467,028 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2007/08/08 00:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007/08/03 12:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2007/02/25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- F:\I386\AsProcOb.sys -- (ASUSProcObsrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ar5211.sys -- (AR5211)
DRV - [2009/02/05 22:08:10 | 000,094,032 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/02/05 22:07:23 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/02/05 22:07:12 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/02/05 22:06:20 | 000,051,376 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/02/05 22:06:10 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/02/05 22:05:11 | 000,026,944 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/10/22 18:38:26 | 000,223,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
DRV - [2008/10/22 18:21:04 | 000,642,560 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/04/16 19:33:00 | 004,707,328 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/08 18:45:42 | 001,309,504 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2008/04/05 12:56:08 | 000,908,800 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\athr.sys -- (athr)
DRV - [2008/03/17 02:45:00 | 005,955,872 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/02/08 08:46:36 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2007/11/15 15:27:56 | 000,219,136 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/08/08 20:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/08/02 15:26:22 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2007/07/30 10:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/24 11:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007/07/12 11:49:16 | 000,096,384 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/06/11 14:25:28 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (tosrfusb)
DRV - [2007/05/24 14:27:30 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007/04/24 13:20:06 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007/03/01 16:53:10 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007/01/23 21:08:40 | 000,005,632 | R--- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2006/12/17 02:11:58 | 000,007,680 | R--- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006/11/21 20:35:00 | 000,982,272 | R--- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2006/11/20 17:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2006/10/10 19:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2005/01/07 05:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/05/27 18:13:04 | 000,016,269 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\ATK Hotkey\ASNDIS5.SYS -- (ASNDIS5)
DRV - [2001/12/18 14:45:04 | 000,003,279 | ---- | M] (VIA Technologies. Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\VIAPFD.SYS -- (VIAPFD)
DRV - [2001/08/23 21:03:54 | 000,025,434 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1659004503-963894560-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[2010/04/19 15:19:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/02/17 00:07:51 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2006/09/26 13:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

O1 HOSTS File: ([2010/09/30 23:11:30 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [ACU] C:\Program Files\Atheros\ACU.exe (Atheros Communications, Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\WINDOWS\ASScrProlog.exe ()
O4 - HKLM..\Run: [ATKHOTKEY] C:\Program Files\ATK Hotkey\Hcontrol.exe (ATK0100)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe ()
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1659004503-963894560-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/fl ... wflash.cab (Shockwave Flash Object)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/21 20:32:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/10/24 21:03:39 | 000,000,090 | ---- | M] () - E:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2010/04/14 05:02:33 | 000,000,000 | ---D | M] - H:\Autocad 2005 -- [ NTFS ]
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setupSNK.exe -- [2004/08/04 00:56:58 | 000,028,672 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56027131116781568)

========== Files/Folders - Created Within 30 Days ==========

[2010/10/01 20:48:53 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/09/30 22:39:33 | 000,467,028 | ---- | C] (Atheros) -- C:\WINDOWS\System32\acs.exe
[2010/09/30 22:39:14 | 001,265,758 | ---- | C] (Devicescape) -- C:\WINDOWS\System32\dsa.dll
[2010/09/30 22:39:14 | 000,401,498 | ---- | C] (Atheros) -- C:\WINDOWS\System32\wgapi.dll
[2010/09/30 22:39:14 | 000,401,408 | ---- | C] (Atheros) -- C:\WINDOWS\System32\wcapi.dll
[2010/09/30 22:39:14 | 000,352,347 | ---- | C] (Atheros) -- C:\WINDOWS\System32\wcapiU.dll
[2010/09/30 22:39:14 | 000,254,022 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\wsfwDS.dll
[2010/09/30 22:39:14 | 000,249,924 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\wsimd.dll
[2010/09/30 22:39:14 | 000,090,112 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\athcfg11resloc.dll
[2010/09/30 22:39:14 | 000,082,017 | ---- | C] (Devicescape, Inc.) -- C:\WINDOWS\System32\dsaNac.dll
[2010/09/30 22:39:14 | 000,081,920 | ---- | C] (Atheros) -- C:\WINDOWS\System32\wgapiloc.dll
[2010/09/30 22:39:14 | 000,057,408 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\wsimd.sys
[2010/09/30 22:39:14 | 000,057,408 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\wsimd.sys
[2010/09/30 22:39:13 | 000,307,294 | ---- | C] (Atheros) -- C:\WINDOWS\System32\athcfg20U.dll
[2010/09/30 22:39:13 | 000,241,664 | ---- | C] (Atheros) -- C:\WINDOWS\System32\athcfg20.dll
[2010/09/30 22:39:13 | 000,127,079 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\athcfg20resU.dll
[2010/09/30 22:39:13 | 000,127,053 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\athcfg20res.dll
[2010/09/30 22:39:01 | 001,309,504 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\athw.sys
[2010/09/30 22:39:01 | 001,309,504 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\athw.sys
[2010/09/30 22:39:01 | 000,000,000 | ---D | C] -- C:\Program Files\Atheros
[2010/09/30 22:38:00 | 000,000,000 | ---D | C] -- C:\Program Files\Wireless Console 2
[2010/09/30 22:37:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\InstallShield
[2010/09/30 21:24:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WinRAR
[2010/09/30 21:02:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GHISLER
[2010/09/30 21:02:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/09/30 20:56:17 | 000,603,904 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TUProgSt.exe
[2010/09/30 20:56:15 | 000,027,904 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
[2010/09/30 20:56:14 | 000,360,192 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TuneUpDefragService.exe
[2010/09/30 20:56:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
[2010/09/30 20:55:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/09/30 20:55:49 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2009
[2010/09/30 20:49:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/09/30 18:44:59 | 000,000,000 | ---D | C] -- C:\Program Files\RegCleaner
[2010/09/30 18:42:32 | 000,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/09/30 18:42:31 | 000,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/09/30 18:42:31 | 000,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/09/30 18:42:29 | 000,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/09/30 18:42:29 | 000,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2010/09/30 18:42:29 | 000,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/09/30 18:42:29 | 000,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/09/30 18:42:29 | 000,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/09/30 18:42:14 | 001,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/09/30 18:39:08 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/09/30 18:36:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Real
[2010/09/30 18:31:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Opera
[2010/09/30 18:31:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2010/09/30 18:30:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2010/09/30 18:20:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/09/30 18:20:26 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/09/30 18:18:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Bluetooth
[2010/09/30 18:18:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2010/09/30 18:18:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Toshiba
[2010/09/30 18:18:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2010/09/30 18:17:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2010/09/30 18:17:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2010/09/30 18:17:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2010/09/30 18:11:02 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2010/09/30 18:10:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Avast
[2010/09/30 17:58:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/09/30 17:55:07 | 000,908,800 | R--- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\athr.sys
[2010/09/30 17:46:50 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2010/09/30 17:46:50 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Cookies
[2010/09/30 17:46:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2010/09/30 17:46:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2010/09/30 17:46:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2010/09/30 17:46:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents
[2010/09/30 17:46:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites
[2010/09/30 17:46:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2010/09/30 17:46:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2010/09/30 17:46:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2010/09/30 17:46:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2010/09/30 17:46:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2010/09/30 17:46:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2010/09/30 17:46:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2010/09/30 17:41:47 | 001,698,880 | R--- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\athwx.sys
[2010/09/30 17:40:59 | 000,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/30 17:40:54 | 000,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/30 17:40:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/30 17:40:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/30 17:24:34 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WMErrCSY.dll
[2010/09/30 17:24:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1029
[2010/09/30 17:23:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{C293798B-D4EF-480E-B8FB-F9BC2AEB56DC}
[2010/09/30 17:23:29 | 000,000,000 | ---D | C] -- C:\Program Files\Language Packs
[2010/09/30 16:44:55 | 000,003,279 | ---- | C] (VIA Technologies. Inc.) -- C:\WINDOWS\System32\drivers\VIAPFD.SYS
[2010/09/30 16:44:50 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe
[2010/09/21 15:57:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2008/10/21 20:59:21 | 000,005,632 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\kbfiltr.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/01 20:51:25 | 001,048,576 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/10/01 20:49:24 | 000,000,852 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010/10/01 20:21:43 | 000,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/10/01 20:21:43 | 000,432,690 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/01 20:21:43 | 000,067,646 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/01 20:20:06 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/01 20:20:05 | 000,000,502 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2010/10/01 20:11:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/01 20:11:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/01 20:06:04 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\OTL.doc
[2010/10/01 20:05:01 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/09/30 23:11:30 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/30 22:50:00 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/09/30 22:49:58 | 003,712,656 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/09/30 22:39:37 | 000,001,496 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Atheros Client Utility.lnk
[2010/09/30 21:32:13 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/09/30 21:00:33 | 000,017,856 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/09/30 20:56:17 | 000,603,904 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TUProgSt.exe
[2010/09/30 20:56:14 | 000,360,192 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TuneUpDefragService.exe
[2010/09/30 20:56:05 | 000,001,545 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Utilities 2009.lnk
[2010/09/30 20:52:05 | 000,000,206 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20100930_205203.reg
[2010/09/30 20:51:56 | 000,515,612 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20100930_205151.reg
[2010/09/30 20:51:42 | 000,416,474 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20100930_205134.reg
[2010/09/30 20:47:44 | 000,045,056 | ---- | M] () -- C:\WINDOWS\System32\acovcnt.exe
[2010/09/30 18:46:26 | 000,114,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/30 18:45:01 | 000,000,645 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RegCleaner.lnk
[2010/09/30 18:43:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/09/30 18:42:32 | 000,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2010/09/30 18:42:29 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/09/30 18:39:08 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2010/09/30 18:20:27 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CCleaner.lnk
[2010/09/30 18:18:59 | 000,000,534 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Total Commander 32.lnk
[2010/09/30 18:18:21 | 000,000,715 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
[2010/09/30 18:17:58 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/30 18:17:57 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/09/30 18:11:03 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Revo Uninstaller.lnk
[2010/09/30 17:40:59 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/30 17:23:51 | 000,000,902 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Language Packs.lnk
[2010/09/30 16:41:48 | 000,024,064 | ---- | M] () -- C:\WINDOWS\autoload.exe
[2010/09/21 15:57:57 | 000,000,215 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/09/15 13:15:20 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/01 20:48:33 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\OTL.doc
[2010/09/30 22:39:37 | 000,001,496 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Atheros Client Utility.lnk
[2010/09/30 22:39:33 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2010/09/30 22:39:14 | 000,029,976 | ---- | C] () -- C:\WINDOWS\System32\wsimdp.cat
[2010/09/30 22:39:14 | 000,029,974 | ---- | C] () -- C:\WINDOWS\System32\wsimd.cat
[2010/09/30 22:39:14 | 000,005,363 | ---- | C] () -- C:\WINDOWS\System32\wsimdp.inf
[2010/09/30 22:39:14 | 000,002,179 | ---- | C] () -- C:\WINDOWS\System32\wsimd.inf
[2010/09/30 22:39:01 | 000,149,239 | ---- | C] () -- C:\WINDOWS\System32\netathw.inf
[2010/09/30 22:39:01 | 000,031,819 | ---- | C] () -- C:\WINDOWS\System32\netathw.cat
[2010/09/30 21:32:12 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/09/30 20:56:15 | 000,000,502 | ---- | C] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2010/09/30 20:56:05 | 000,001,545 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Utilities 2009.lnk
[2010/09/30 20:52:04 | 000,000,206 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20100930_205203.reg
[2010/09/30 20:51:53 | 000,515,612 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20100930_205151.reg
[2010/09/30 20:51:36 | 000,416,474 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20100930_205134.reg
[2010/09/30 18:45:01 | 000,000,645 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RegCleaner.lnk
[2010/09/30 18:42:32 | 000,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2010/09/30 18:42:14 | 000,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2010/09/30 18:39:08 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2010/09/30 18:20:27 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\CCleaner.lnk
[2010/09/30 18:18:59 | 000,000,534 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Total Commander 32.lnk
[2010/09/30 18:18:03 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\acovcnt.exe
[2010/09/30 18:17:57 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/09/30 18:17:45 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/30 18:11:03 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Revo Uninstaller.lnk
[2010/09/30 17:46:52 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/09/30 17:46:50 | 000,020,480 | -H-- | C] () -- C:\Documents and Settings\Administrator\NtUser.dat.LOG
[2010/09/30 17:46:49 | 001,048,576 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/09/30 17:40:59 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/30 17:23:51 | 000,000,902 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Language Packs.lnk
[2010/09/21 15:57:57 | 000,000,215 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/05/25 19:29:26 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS66.DLL
[2010/04/24 18:35:11 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2009/02/17 00:20:25 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/10/27 18:27:32 | 000,000,098 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2008/10/22 19:48:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2008/10/22 19:40:00 | 000,003,909 | ---- | C] () -- C:\WINDOWS\WTRAN32.INI
[2008/10/22 19:39:31 | 000,004,348 | ---- | C] () -- C:\WINDOWS\WDICT32.INI
[2008/10/22 19:26:50 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/22 19:00:17 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/10/22 18:38:26 | 000,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys
[2008/10/22 18:21:04 | 000,642,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/10/22 18:21:04 | 000,096,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd9741.sys
[2008/10/22 18:11:07 | 000,000,852 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2008/10/21 21:49:52 | 000,000,024 | ---- | C] () -- C:\WINDOWS\ATKPF.ini
[2008/10/21 21:21:51 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2008/10/21 20:44:05 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4935.dll
[2007/06/21 10:49:24 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/10/14 11:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/10/14 11:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005/10/14 11:56:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005/10/14 11:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005/10/14 11:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005/10/14 11:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005/10/14 11:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005/10/14 11:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005/07/22 21:30:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/08/03 23:14:30 | 000,211,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ndis.sys
[2004/07/17 11:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/04/07 11:38:32 | 000,005,746 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/09/30 18:34:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2010/09/30 20:56:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
[2008/10/27 00:12:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1435B
[2008/10/27 14:11:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\26399
[2008/11/25 09:53:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2A2E
[2009/11/13 12:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\30AB
[2008/11/24 23:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\34242
[2008/11/27 00:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\367D
[2008/12/01 23:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\37D
[2008/10/22 18:51:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2008/10/26 23:43:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2008/10/22 18:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2010/09/30 20:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/02/17 20:48:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2010/09/30 18:30:44 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2010/09/30 17:23:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{C293798B-D4EF-480E-B8FB-F9BC2AEB56DC}
[2010/10/01 20:20:05 | 000,000,502 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >

< c:\windows\*.* /U >
[3 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >
[2008/10/27 00:12:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1435B
[2008/10/27 14:11:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\26399
[2008/11/25 09:53:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2A2E
[2009/11/13 12:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\30AB
[2008/11/24 23:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\34242
[2008/11/27 00:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\367D
[2008/12/01 23:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\37D
[2010/09/30 18:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/10/22 18:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/09/30 22:39:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Atheros
[2008/10/22 17:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2008/10/22 18:51:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/09/30 21:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2008/10/28 13:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\hps
[2008/10/26 23:43:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2008/10/22 18:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2010/09/30 17:40:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/10/23 21:44:37 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010/03/10 19:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Real
[2010/09/30 18:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010/09/30 20:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2008/10/22 19:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/02/17 20:48:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2010/09/30 18:30:44 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2010/09/30 17:23:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{C293798B-D4EF-480E-B8FB-F9BC2AEB56DC}

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2009/05/10 21:50:52 | 002,657,940 | ---- | M] (Egy-Mor Team ) -- C:\Documents and Settings\All Users\Application Data\{C293798B-D4EF-480E-B8FB-F9BC2AEB56DC}\Language Packs.exe

< %APPDATA%\*. >
[2010/09/30 18:18:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2010/09/30 18:17:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2010/09/30 22:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InstallShield
[2010/02/12 20:47:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2010/09/30 17:58:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/09/30 21:25:05 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2010/09/30 18:34:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2010/09/30 18:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Real
[2010/09/30 20:56:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
[2010/09/30 21:24:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WinRAR

< %APPDATA%\*.exe /s >

< MD5 for: AGP440.SYS >
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: CDROM.SYS >
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2004/08/03 22:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\drivers\cdrom.sys

< MD5 for: CHANGER.SYS >
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys

< MD5 for: CRYPTSVC.DLL >
[2004/08/04 00:56:42 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=10654F9DDCEA9C46CFB77554231BE73B -- C:\WINDOWS\system32\cryptsvc.dll
[2004/08/04 00:56:42 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=10654F9DDCEA9C46CFB77554231BE73B -- C:\WINDOWS\system32\dllcache\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2004/08/04 00:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/04 00:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\explorer.exe
[2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: HAL.DLL >
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2006/10/30 11:50:16 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=E40F822C7D487671FED2CAAF533FB4B6 -- C:\WINDOWS\system32\HAL.DLL

< MD5 for: ISAPNP.SYS >
[2001/08/17 13:58:02 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=E504F706CCB699C2596E9A3DA1596E87 -- C:\WINDOWS\system32\dllcache\isapnp.sys
[2001/08/17 13:58:02 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=E504F706CCB699C2596E9A3DA1596E87 -- C:\WINDOWS\system32\drivers\isapnp.sys
[2001/08/23 14:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=E504F706CCB699C2596E9A3DA1596E87 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\isapnp.sys

< MD5 for: LSASS.EXE >
[2004/08/04 00:56:52 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=84885F9B82F4D55C6146EBF6065D75D2 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2004/08/04 00:56:52 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=84885F9B82F4D55C6146EBF6065D75D2 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NETLOGON.DLL >
[2009/02/06 20:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 20:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 00:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/04 00:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2004/08/04 00:56:58 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=BD7FB0957C716F1A60333AEE04DE2178 -- C:\WINDOWS\system32\dllcache\smss.exe
[2004/08/04 00:56:58 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=BD7FB0957C716F1A60333AEE04DE2178 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2004/08/04 00:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2004/08/04 00:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2008/06/20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008/06/20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008/06/20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2008/06/20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008/06/20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2004/08/04 00:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004/08/04 00:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 00:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004/08/04 00:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2004/08/04 00:56:48 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2004/08/04 00:56:48 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2008/10/22 18:38:26 | 000,223,128 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\dtscsi.sys
[2008/10/22 18:21:04 | 000,642,560 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
[2008/10/22 18:21:04 | 000,096,256 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd9741.sys

< %systemroot%\System32\config\*.sav >
[2008/10/22 04:10:05 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/10/22 04:10:05 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/10/22 04:10:04 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2010/09/30 20:47:44 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\acovcnt.exe
[2010/09/30 18:42:29 | 000,002,626 | ---- | M] () -- C:\WINDOWS\system32\CONFIG.NT
[2010/09/30 18:46:26 | 000,114,176 | ---- | M] () -- C:\WINDOWS\system32\FNTCACHE.DAT
[2010/10/01 20:21:43 | 000,067,646 | ---- | M] () -- C:\WINDOWS\system32\perfc009.dat
[2010/10/01 20:21:43 | 000,432,690 | ---- | M] () -- C:\WINDOWS\system32\perfh009.dat
[2010/10/01 20:21:43 | 000,508,956 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI
[2010/09/30 20:56:14 | 000,360,192 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TuneUpDefragService.exe
[2010/09/30 20:56:17 | 000,603,904 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe
[2010/10/01 20:20:06 | 000,002,228 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< >
< End of report >

Arragorn · #5 Příspěvek od **Arragorn** » 01 říj 2010 20:31

EXTRAS.TXT

OTL Extras logfile created on: 10/1/2010 8:51:14 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.57 Gb Total Space | 23.81 Gb Free Space | 63.37% Space Free | Partition Type: NTFS
Drive D: | 97.65 Gb Total Space | 8.52 Gb Free Space | 8.72% Space Free | Partition Type: NTFS
Drive E: | 97.65 Gb Total Space | 81.75 Gb Free Space | 83.72% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 7.92 Gb Total Space | 1.15 Gb Free Space | 14.53% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: OSIFCATKA
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare -- File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{4462AD13-F2AA-4CBD-9F95-293C38EED870}" = Power4 Gear
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{6D8DDBFB-E807-4F7A-8818-6431BB437469}" = Language Packs
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{9011041B-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}" = RTLSetup
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Avance AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"avast!" = avast! Antivirus
"CCleaner" = CCleaner (remove only)
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"IrfanView" = IrfanView (remove only)
"Language Packs" = Language Packs
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"Revo Uninstaller" = Revo Uninstaller 1.83
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Totalcmd" = Total Commander (Remove or Repair)
"VLC media player" = VLC media player 0.9.8a
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 9/30/2010 2:47:27 PM | Computer Name = OSIFCATKA | Source = avast! | ID = 33554522
Description = AAVM - chyba pri startu: g_tdi.Initialize failed! (logName: C:\Program
Files\Alwil Software\Avast4\DATA\log\nshield.log), 00000000.

Error - 9/30/2010 3:32:59 PM | Computer Name = OSIFCATKA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\InstallShield Installation Information\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}\setup.ilg
failed, 00000005.

Error - 9/30/2010 3:33:38 PM | Computer Name = OSIFCATKA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\InstallShield Installation Information\{9D48531D-2135-49FC-BC29-ACCDA5396A76}\setup.ilg
failed, 00000005.

Error - 9/30/2010 4:43:16 PM | Computer Name = OSIFCATKA | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestOpenList Error 1753.

Error - 9/30/2010 4:43:16 PM | Computer Name = OSIFCATKA | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::LoadFiles()
chestOpenList() failed: 2147422219.

Error - 9/30/2010 4:43:21 PM | Computer Name = OSIFCATKA | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::OnCreate()
!m_strErrorWnd.IsEmpty().

Error - 9/30/2010 4:51:13 PM | Computer Name = OSIFCATKA | Source = avast! | ID = 33554522
Description = AAVM - chyba pri startu: Network Shield provider: driver open failed,
error code: 0x2 , 00000000.

Error - 9/30/2010 4:51:13 PM | Computer Name = OSIFCATKA | Source = avast! | ID = 33554522
Description = AAVM - chyba pri startu: g_tdi.Initialize failed! (logName: C:\Program
Files\Alwil Software\Avast4\DATA\log\nshield.log), 00000000.

Error - 10/1/2010 2:11:35 PM | Computer Name = OSIFCATKA | Source = avast! | ID = 33554522
Description = AAVM - chyba pri startu: Network Shield provider: driver open failed,
error code: 0x2 , 00000000.

Error - 10/1/2010 2:11:35 PM | Computer Name = OSIFCATKA | Source = avast! | ID = 33554522
Description = AAVM - chyba pri startu: g_tdi.Initialize failed! (logName: C:\Program
Files\Alwil Software\Avast4\DATA\log\nshield.log), 00000000.

[ Application Events ]
Error - 9/21/2010 10:02:14 AM | Computer Name = OSIFCATKA | Source = Google Update | ID = 20
Description =

Error - 9/21/2010 3:02:05 PM | Computer Name = OSIFCATKA | Source = Google Update | ID = 20
Description =

Error - 9/22/2010 11:02:05 AM | Computer Name = OSIFCATKA | Source = Google Update | ID = 20
Description =

Error - 9/22/2010 6:02:05 PM | Computer Name = OSIFCATKA | Source = Google Update | ID = 20
Description =

Error - 9/30/2010 11:02:05 AM | Computer Name = OSIFCATKA | Source = Google Update | ID = 20
Description =

Error - 9/30/2010 11:07:56 AM | Computer Name = OSIFCATKA | Source = Application Error | ID = 1000
Description = Faulting application hcontrol.exe, version 1043.2.31.91, faulting
module hcontrol.exe, version 1043.2.31.91, fault address 0x00013593.

Error - 9/30/2010 12:31:12 PM | Computer Name = OSIFCATKA | Source = MsiInstaller | ID = 11500
Description = Product: TuneUp Utilities 2009 -- Error 1500. Another installation
is in progress. You must complete that installation before continuing this one.

Error - 9/30/2010 12:31:14 PM | Computer Name = OSIFCATKA | Source = MsiInstaller | ID = 11500
Description = Product: TuneUp Utilities 2009 -- Error 1500. Another installation
is in progress. You must complete that installation before continuing this one.

Error - 9/30/2010 12:32:27 PM | Computer Name = OSIFCATKA | Source = Automatic LiveUpdate Scheduler | ID = 101
Description =

Error - 9/30/2010 3:32:12 PM | Computer Name = OSIFCATKA | Source = MsiInstaller | ID = 11721
Description = Product: Apple Software Update -- Error 1721. There is a problem with
this Windows Installer package. A program required for this install to complete
could not be run. Contact your support personnel or package vendor. Action: SoftwareUpdate_UnregServer,
location: C:\Program Files\Apple Software Update\SoftwareUpdate.exe, command: /UnregServer

[ System Events ]
Error - 9/30/2010 11:11:32 AM | Computer Name = OSIFCATKA | Source = Service Control Manager | ID = 7000
Description = The IPSEC driver service failed to start due to the following error:
%%2

Error - 9/30/2010 11:11:32 AM | Computer Name = OSIFCATKA | Source = Service Control Manager | ID = 7001
Description = The TCP/IP Protocol Driver service depends on the IPSEC driver service
which failed to start because of the following error: %%2

Error - 9/30/2010 11:11:32 AM | Computer Name = OSIFCATKA | Source = Service Control Manager | ID = 7001
Description = The SYMTDI service depends on the TCP/IP Protocol Driver service which
failed to start because of the following error: %%1068

Error - 9/30/2010 11:11:32 AM | Computer Name = OSIFCATKA | Source = Service Control Manager | ID = 7000
Description = The IPSEC driver service failed to start due to the following error:
%%2

Error - 9/30/2010 11:11:32 AM | Computer Name = OSIFCATKA | Source = Service Control Manager | ID = 7001
Description = The TCP/IP Protocol Driver service depends on the IPSEC driver service
which failed to start because of the following error: %%2

Error - 9/30/2010 11:11:32 AM | Computer Name = OSIFCATKA | Source = Service Control Manager | ID = 7001
Description = The SYMTDI service depends on the TCP/IP Protocol Driver service which
failed to start because of the following error: %%1068

Error - 9/30/2010 11:11:42 AM | Computer Name = OSIFCATKA | Source = Service Control Manager | ID = 7000
Description = The IPSEC driver service failed to start due to the following error:
%%2

Error - 9/30/2010 11:11:42 AM | Computer Name = OSIFCATKA | Source = Service Control Manager | ID = 7001
Description = The TCP/IP Protocol Driver service depends on the IPSEC driver service
which failed to start because of the following error: %%2

Error - 9/30/2010 11:11:42 AM | Computer Name = OSIFCATKA | Source = Service Control Manager | ID = 7001
Description = The SYMTDI service depends on the TCP/IP Protocol Driver service which
failed to start because of the following error: %%1068

Error - 9/30/2010 11:11:42 AM | Computer Name = OSIFCATKA | Source = Service Control Manager | ID = 7000
Description = The IPSEC driver service failed to start due to the following error:
%%2

[ TuneUp Events ]
Error - 9/30/2010 3:01:45 PM | Computer Name = OSIFCATKA | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-09-30 21:01:45', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','1252',0)

Error - 9/30/2010 4:59:26 PM | Computer Name = OSIFCATKA | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-09-30 22:59:26', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','3300',0)

Error - 9/30/2010 11:21:21 PM | Computer Name = OSIFCATKA | Source = TuneUp Program Statistics | ID = 131840
Description = Error getting process list. Error Code: 0x5AA

< End of report >

Arragorn · #6 Příspěvek od **Arragorn** » 01 říj 2010 20:40

No a ten výpis z Avastu sa mi nepodarilo urobiť, lebo sa akosi nedaju vyrobiť logy a nemôžem ani skopírovať výpis z truhly do nejake textového súboru. Fotiť sa mi nechce, ale ak je to potrebné pre vyriešenie problému, tak povedzte prosím. Zatiaľ vďaka.

#7 Příspěvek od **motji** » 01 říj 2010 21:25

Já bych potřebovala vědět, co našel

#8 Příspěvek od **motji** » 01 říj 2010 21:33

Použijte combofix, po stažení ho nejdříve přejmenujete na cokoliv.com.
Konzoli neinstalujte, nemáte připojení na net

.

Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix

Arragorn · #9 Příspěvek od **Arragorn** » 01 říj 2010 21:50

Tak sa mi to podarilo nájsť. Nech sa páči.

09/30/2010 18:50
Testujú sa všetky lokálne disky

Súbor C:\Documents and Settings\osifky\Local Settings\Temp\038.exe je infikovaný vírusom Win32:Malware-gen, Presunutý do truhly
Súbor C:\Documents and Settings\osifky\Local Settings\Temp\092.exe je infikovaný vírusom Win32:Malware-gen, Presunutý do truhly
Súbor C:\Documents and Settings\osifky\Local Settings\Temp\127.exe je infikovaný vírusom Win32:Crypt-HPM [Trj], Presunutý do truhly
Súbor C:\Documents and Settings\osifky\Local Settings\Temp\172.exe je infikovaný vírusom Win32:Crypt-HPM [Trj], Presunutý do truhly
Súbor C:\Documents and Settings\osifky\Local Settings\Temp\173.exe je infikovaný vírusom Win32:Malware-gen, Presunutý do truhly
Súbor C:\Documents and Settings\osifky\Local Settings\Temp\195.exe je infikovaný vírusom Win32:Malware-gen, Presunutý do truhly
Súbor C:\Documents and Settings\osifky\Local Settings\Temp\2275.exe je infikovaný vírusom Win32:Malware-gen, Presunutý do truhly
Súbor C:\Documents and Settings\osifky\Local Settings\Temp\244.exe je infikovaný vírusom Win32:Crypt-HPM [Trj], Presunutý do truhly
Súbor C:\Documents and Settings\osifky\Local Settings\Temp\318.exe je infikovaný vírusom Win32:Crypt-HPM [Trj], Presunutý do truhly
Súbor C:\Documents and Settings\osifky\Local Settings\Temp\320.exe je infikovaný vírusom Win32:Malware-gen, Presunutý do truhly
Súbor C:\Documents and Settings\osifky\Local Settings\Temp\360.exe je infikovaný vírusom Win32:Malware-gen, Presunutý do truhly
Súbor C:\Documents and Settings\osifky\Local Settings\Temp\362.exe je infikovaný vírusom Win32:Malware-gen, Presunutý do truhly
Súbor C:\Documents and Settings\osifky\Local Settings\Temp\404.exe je infikovaný vírusom Win32:Malware-gen, Presunutý do truhly
Súbor C:\Documents and Settings\osifky\Local Settings\Temp\409.exe je infikovaný vírusom Win32:Malware-gen, Presunutý do truhly
Súbor C:\Documents and Settings\osifky\Local Settings\Temp\416.exe je infikovaný vírusom Win32:Crypt-HPM [Trj], Presunutý do truhly
Súbor C:\Documents and Settings\osifky\Local Settings\Temp\419.exe je infikovaný vírusom Win32:Malware-gen, Presunutý do truhly
Súbor C:\Documents and Settings\osifky\Local Settings\Temp\421.exe je infikovaný vírusom Win32:Malware-gen, Presunutý do truhly
Súbor C:\Documents and Settings\osifky\Local Settings\Temp\496.exe je infikovaný vírusom Win32:Crypt-HPM [Trj], Presunutý do truhly
Súbor C:\Documents and Settings\osifky\Local Settings\Temp\572.exe je infikovaný vírusom Win32:Crypt-HPM [Trj], Presunutý do truhly
Súbor C:\Documents and Settings\osifky\Local Settings\Temp\604.exe je infikovaný vírusom Win32:Malware-gen, Presunutý do truhly
Súbor C:\Documents and Settings\osifky\Local Settings\Temp\654.exe je infikovaný vírusom Win32:Malware-gen, Presunutý do truhly
Súbor C:\Documents and Settings\osifky\Local Settings\Temp\663.exe je infikovaný vírusom Win32:Crypt-HPM [Trj], Presunutý do truhly
Súbor C:\Documents and Settings\osifky\Local Settings\Temp\706.exe je infikovaný vírusom Win32:Crypt-HPM [Trj], Presunutý do truhly
Súbor C:\Documents and Settings\osifky\Local Settings\Temp\729.exe je infikovaný vírusom Win32:Crypt-HPM [Trj], Presunutý do truhly
Súbor C:\Documents and Settings\osifky\Local Settings\Temp\776.exe je infikovaný vírusom Win32:Malware-gen, Presunutý do truhly
Súbor C:\Documents and Settings\osifky\Local Settings\Temp\806.exe je infikovaný vírusom Win32:Crypt-HPM [Trj], Presunutý do truhly
Súbor C:\Documents and Settings\osifky\Local Settings\Temp\831.exe je infikovaný vírusom Win32:Crypt-HPM [Trj], Presunutý do truhly
Súbor C:\Documents and Settings\osifky\Local Settings\Temp\832.exe je infikovaný vírusom Win32:Crypt-HPM [Trj], Presunutý do truhly
Súbor C:\Documents and Settings\osifky\Local Settings\Temp\845.exe je infikovaný vírusom Win32:Crypt-HPM [Trj], Presunutý do truhly
Súbor C:\Documents and Settings\osifky\Local Settings\Temp\877.exe je infikovaný vírusom Win32:Malware-gen, Presunutý do truhly
Súbor C:\Documents and Settings\osifky\Local Settings\Temp\877619.exe je infikovaný vírusom Win32:Malware-gen, Presunutý do truhly
Súbor C:\Documents and Settings\osifky\Local Settings\Temp\879.exe je infikovaný vírusom Win32:Malware-gen, Presunutý do truhly
Súbor C:\Documents and Settings\osifky\Local Settings\Temp\885.exe je infikovaný vírusom Win32:Malware-gen, Presunutý do truhly
Súbor C:\Documents and Settings\osifky\Local Settings\Temp\93258.exe je infikovaný vírusom Win32:FakeAlert-PP [Drp], Presunutý do truhly
Súbor C:\Documents and Settings\osifky\Local Settings\Temp\943.exe je infikovaný vírusom Win32:Malware-gen, Presunutý do truhly
Súbor C:\Documents and Settings\osifky\Local Settings\Temp\976.exe je infikovaný vírusom Win32:Crypt-HPM [Trj], Presunutý do truhly
Súbor C:\Documents and Settings\osifky\Local Settings\Temporary Internet Files\Content.IE5\7Y4VFD4D\d[1].exe je infikovaný vírusom Win32:Crypt-HPM [Trj], Presunutý do truhly
Súbor C:\Documents and Settings\osifky\Local Settings\Temporary Internet Files\Content.IE5\7Y4VFD4D\feflkeok[1].exe je infikovaný vírusom Win32:Malware-gen, Presunutý do truhly
Súbor C:\Documents and Settings\osifky\Local Settings\Temporary Internet Files\Content.IE5\7Y4VFD4D\fekeok[1].exe je infikovaný vírusom Win32:Malware-gen, Presunutý do truhly
Súbor C:\Documents and Settings\osifky\Local Settings\Temporary Internet Files\Content.IE5\7Y4VFD4D\femdwi[1].exe je infikovaný vírusom Win32:Malware-gen, Presunutý do truhly
Súbor C:\Documents and Settings\osifky\Local Settings\Temporary Internet Files\Content.IE5\7Y4VFD4D\fewkfeok[1].exe je infikovaný vírusom Win32:Malware-gen, Presunutý do truhly
Súbor C:\Documents and Settings\osifky\Local Settings\Temporary Internet Files\Content.IE5\8B5B62R9\mir[1].exe je infikovaný vírusom Win32:Malware-gen, Presunutý do truhly
Súbor C:\Documents and Settings\osifky\Local Settings\Temporary Internet Files\Content.IE5\8B5B62R9\mir[2].exe je infikovaný vírusom Win32:Malware-gen, Presunutý do truhly
Súbor C:\Documents and Settings\osifky\Local Settings\Temporary Internet Files\Content.IE5\8B5B62R9\vgrgfe[1].exe je infikovaný vírusom Win32:Malware-gen, Presunutý do truhly
Súbor C:\Documents and Settings\osifky\Local Settings\Temporary Internet Files\Content.IE5\DJFZ5TWY\feelpl[1].exe je infikovaný vírusom Win32:Malware-gen, Presunutý do truhly
Súbor C:\Documents and Settings\osifky\Local Settings\Temporary Internet Files\Content.IE5\DJFZ5TWY\fefmeo[1].exe je infikovaný vírusom Win32:Malware-gen, Presunutý do truhly
Súbor C:\Documents and Settings\osifky\Local Settings\Temporary Internet Files\Content.IE5\DJFZ5TWY\gfrekok1[1].exe je infikovaný vírusom Win32:Malware-gen, Presunutý do truhly
Súbor C:\Documents and Settings\osifky\Local Settings\Temporary Internet Files\Content.IE5\DJFZ5TWY\jidnwdw[1].exe je infikovaný vírusom Win32:Malware-gen, Presunutý do truhly
Súbor C:\Documents and Settings\osifky\Local Settings\Temporary Internet Files\Content.IE5\DJFZ5TWY\vrkeowk[1].exe je infikovaný vírusom Win32:Malware-gen, Presunutý do truhly
Súbor C:\Documents and Settings\osifky\Local Settings\Temporary Internet Files\Content.IE5\E1LMZ2LS\baby[1].exe je infikovaný vírusom Win32:Crypt-HPM [Trj], Presunutý do truhly
Súbor C:\Documents and Settings\osifky\Local Settings\Temporary Internet Files\Content.IE5\E1LMZ2LS\bfdrd5[1].exe je infikovaný vírusom Win32:Malware-gen, Presunutý do truhly
Súbor C:\Documents and Settings\osifky\Local Settings\Temporary Internet Files\Content.IE5\E1LMZ2LS\femeko[1].exe je infikovaný vírusom Win32:Malware-gen, Presunutý do truhly
Súbor C:\Documents and Settings\osifky\Local Settings\Temporary Internet Files\Content.IE5\E1LMZ2LS\gfreglerp[1].exe je infikovaný vírusom Win32:Malware-gen, Presunutý do truhly
Súbor C:\Documents and Settings\osifky\Start Menu\Programs\Startup\66c3y1u.exe je infikovaný vírusom Win32:Malware-gen, Presunutý do truhly
Súbor C:\Documents and Settings\osifky\Start Menu\Programs\Startup\81ozavb.exe je infikovaný vírusom Win32:Malware-gen, Presunutý do truhly
Súbor C:\Documents and Settings\osifky\Start Menu\Programs\Startup\bm1d70kkf.exe je infikovaný vírusom Win32:Malware-gen, Presunutý do truhly
Súbor C:\Documents and Settings\osifky\Start Menu\Programs\Startup\gb03s1op.exe je infikovaný vírusom Win32:Malware-gen, Presunutý do truhly
Súbor C:\Documents and Settings\osifky\Start Menu\Programs\Startup\rhhdd2jzavb.exe je infikovaný vírusom Win32:Malware-gen, Presunutý do truhly
Súbor C:\Documents and Settings\osifky\xaaglsea.exe je infikovaný vírusom Win32:Crypt-HPM [Trj], Presunutý do truhly
Súbor C:\RECYCLER\S-1-5-21-8691643893-2378259044-617726650-9873\yv8g67.exe je infikovaný vírusom Win32:Malware-gen, Presunutý do truhly
Súbor C:\System Volume Information\_restore{38E389D6-AE63-48EC-8E2F-03E0EE4A27EC}\RP264\A0060321.exe je infikovaný vírusom Win32:Crypt-HPM [Trj], Presunutý do truhly
Súbor C:\System Volume Information\_restore{38E389D6-AE63-48EC-8E2F-03E0EE4A27EC}\RP264\A0060327.exe je infikovaný vírusom Win32:Malware-gen, Presunutý do truhly
Súbor C:\System Volume Information\_restore{38E389D6-AE63-48EC-8E2F-03E0EE4A27EC}\RP264\A0060328.exe je infikovaný vírusom Win32:Malware-gen, Presunutý do truhly
Súbor C:\System Volume Information\_restore{38E389D6-AE63-48EC-8E2F-03E0EE4A27EC}\RP264\A0060329.exe je infikovaný vírusom Win32:Malware-gen, Presunutý do truhly
Súbor C:\System Volume Information\_restore{38E389D6-AE63-48EC-8E2F-03E0EE4A27EC}\RP264\A0060330.exe je infikovaný vírusom Win32:Malware-gen, Presunutý do truhly
Súbor C:\System Volume Information\_restore{38E389D6-AE63-48EC-8E2F-03E0EE4A27EC}\RP264\A0060331.exe je infikovaný vírusom Win32:Malware-gen, Presunutý do truhly
Súbor C:\System Volume Information\_restore{38E389D6-AE63-48EC-8E2F-03E0EE4A27EC}\RP264\A0060332.exe je infikovaný vírusom Win32:Crypt-HPM [Trj], Presunutý do truhly
Súbor C:\System Volume Information\_restore{38E389D6-AE63-48EC-8E2F-03E0EE4A27EC}\RP264\A0060333.exe je infikovaný vírusom Win32:Malware-gen, Presunutý do truhly
Súbor C:\WINDOWS\system32\dllcache\ndis.sys je infikovaný vírusom Win32:Malware-gen, Presunutý do truhly
Súbor C:\WINDOWS\system32\xaaglsea.exe je infikovaný vírusom Win32:Crypt-HPM [Trj], Presunutý do truhly
Pocet prehladaných priecinkov: 4579
Pocet testovaných súborov: 56843
Pocet infikovaných súborov: 70

#10 Příspěvek od **motji** » 01 říj 2010 21:54

nádhera

C:\WINDOWS\system32\dllcache\ndis.sys je infikovaný vírusom Win32:Malware-gen, Presunutý do truhly
Podle OTL Vám ndis.sys uplně chybí, proto nejde internet

.

Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

Obrázek

záložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner

Obrázek

záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy

ok

zavřít

Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.

***********

Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech

A pak použijte ten combofix

Arragorn · #11 Příspěvek od **Arragorn** » 01 říj 2010 22:25

Log Combofix:

ComboFix 10-09-30.05 - Administrator 10/01/2010 23:14:59.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1033.18.2039.1582 [GMT 2:00]
Spuštěný z: h:\anika~1\cokoliv.com
AV: avast! antivirus 4.8.1335 [VPS 100930-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

E:\Autorun.inf

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-09-01 do 2010-10-01 )))))))))))))))))))))))))))))))
.

2010-09-30 20:38 . 2010-09-30 20:38 -------- d-----w- c:\program files\Wireless Console 2
2010-09-30 20:37 . 2010-09-30 20:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield
2010-09-30 19:02 . 2010-09-30 19:02 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\GHISLER
2010-09-30 19:00 . 2010-09-30 19:00 17856 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-30 18:56 . 2010-09-30 18:56 603904 ----a-w- c:\windows\system32\TUProgSt.exe
2010-09-30 18:56 . 2008-12-11 11:31 27904 ----a-w- c:\windows\system32\uxtuneup.dll
2010-09-30 18:56 . 2010-09-30 18:56 360192 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2010-09-30 18:56 . 2010-09-30 18:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\TuneUp Software
2010-09-30 18:55 . 2010-09-30 18:55 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2010-09-30 18:55 . 2010-09-30 18:56 -------- d-----w- c:\program files\TuneUp Utilities 2009
2010-09-30 16:44 . 2010-09-30 18:54 -------- d-----w- c:\program files\RegCleaner
2010-09-30 16:42 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-30 16:42 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-30 16:42 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-09-30 16:42 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-30 16:42 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-30 16:42 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-30 16:42 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-30 16:42 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2010-09-30 16:42 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-30 16:39 . 2010-09-30 16:39 -------- d-----w- c:\program files\Trend Micro
2010-09-30 16:31 . 2010-09-30 16:34 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Opera
2010-09-30 16:30 . 2010-09-30 16:30 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2010-09-30 16:20 . 2010-09-30 16:20 -------- d-----w- c:\program files\CCleaner
2010-09-30 16:18 . 2010-09-30 16:18 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2010-09-30 16:18 . 2010-09-30 16:18 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Toshiba
2010-09-30 15:46 . 2010-09-30 18:49 -------- d-----w- c:\documents and settings\Administrator
2010-09-30 15:41 . 2008-04-08 10:47 1698880 ----a-r- c:\windows\system32\drivers\athwx.sys
2010-09-30 15:40 . 2008-12-03 17:52 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-30 15:40 . 2008-12-03 17:52 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-30 15:40 . 2010-09-30 15:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-30 15:40 . 2010-09-30 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-30 15:24 . 2010-09-30 15:24 -------- d-----w- c:\windows\system32\1029
2010-09-30 15:24 . 2008-12-05 17:20 61440 ----a-w- c:\windows\system32\WMErrCSY.dll
2010-09-30 15:24 . 2010-09-30 15:24 -------- d-----w- c:\windows\system32\wbem\MUI
2010-09-30 15:23 . 2010-09-30 15:23 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{C293798B-D4EF-480E-B8FB-F9BC2AEB56DC}
2010-09-30 15:23 . 2009-05-10 19:50 2657940 -c--a-w- c:\documents and settings\All Users\Application Data\{C293798B-D4EF-480E-B8FB-F9BC2AEB56DC}\Language Packs.exe
2010-09-30 15:23 . 2010-09-30 15:23 -------- d-----w- c:\program files\Language Packs
2010-09-30 14:44 . 2001-12-18 12:45 3279 ----a-w- c:\windows\system32\drivers\VIAPFD.SYS
2010-09-30 14:44 . 2002-02-07 14:38 306688 ----a-w- c:\windows\IsUninst.exe
2010-09-21 13:57 . 2010-09-21 13:57 -------- d-----w- c:\windows\system32\MpEngineStore

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-30 20:39 . 2008-10-21 19:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Atheros
2010-09-30 20:39 . 2010-09-30 20:39 -------- d-----w- c:\program files\Atheros
2010-09-30 20:39 . 2008-10-21 18:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-30 20:37 . 2008-10-21 19:01 -------- d-----w- c:\program files\Realtek
2010-09-30 20:33 . 2008-10-21 19:18 -------- d-----w- c:\program files\ASUS
2010-09-30 19:02 . 2008-11-16 20:24 -------- d-----w- c:\program files\Google
2010-09-30 18:47 . 2010-09-30 16:18 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-09-30 16:46 . 2008-10-21 19:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-09-30 16:36 . 2009-02-16 22:08 -------- d-----w- c:\program files\Common Files\Real
2010-09-30 16:32 . 2008-10-21 19:22 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-09-30 16:28 . 2008-10-26 22:07 -------- d-----w- c:\program files\BearShare Applications
2010-09-30 16:23 . 2008-10-21 19:30 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-30 16:11 . 2010-09-30 16:11 -------- d-----w- c:\program files\VS Revo Group
2010-09-30 15:58 . 2010-09-30 15:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-09-30 14:41 . 2010-04-24 16:31 24064 ----a-w- c:\windows\autoload.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATKHOTKEY"="c:\program files\ATK Hotkey\Hcontrol.exe" [2008-02-01 233472]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-15 1024000]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-09 16861184]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2010-04-24 37232]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384]
"ACU"="c:\program files\Atheros\ACU.exe" [2008-04-09 450648]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-8-2 2760704]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-03 22:56 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2005-12-10 14:57 133016 ----a-w- c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-03-17 15:59 2289664 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2006-11-21 18:31 630784 ----a-r- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"IgfxTray"=c:\windows\system32\igfxtray.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe"
"MsgTranAgt"="c:\program files\ATK Hotkey\MsgTranAgt.exe"
"Persistence"=c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9/30/2010 6:42 PM 114768]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/30/2010 6:42 PM 20560]
S3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;\??\f:\i386\AsProcOb.sys --> f:\i386\AsProcOb.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/22/2008 6:21 PM 642560]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-17 15:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-10-01 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

MSConfigStartUp-Acrobat Assistant 7 - c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-01 23:17
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2010-10-01 23:18:33
ComboFix-quarantined-files.txt 2010-10-01 21:18

Před spuštěním: 25,477,566,464 bytes free
Po spuštění: 25,531,826,176 bytes free

- - End Of File - - F6B4E1308C32B2F926713CE7A57DE28C

Arragorn · #12 Příspěvek od **Arragorn** » 01 říj 2010 22:31

Urobil som všetko, ale stav stále rovnaký, neide sieť ani sieťové zariadenia. Súbor ndis.sys nie je v celom compe a nenašiel som ho ani na inštalačnom cd windowsu xp. Ako ho nahradím???
A vďaka za zatiaľ venovaný čas.

#13 Příspěvek od **motji** » 01 říj 2010 22:33

podle combofixu je vše ok, co počítač?
Mrkněte prosím jestli máte soubor
c:\windows\system32\drivers\ndis.sys

Já už dnes končím, zítra tu budu zase večer.

Arragorn · #14 Příspěvek od **Arragorn** » 01 říj 2010 23:00

Nie, nenachádza sa tam. Dá sa nejak obnoviť???
PC je v takom stave ako predtým, nefungujú sieťová karta, ani wifi karta. Akurát že ide rýchlejšie.

#15 Příspěvek od **motji** » 02 říj 2010 07:16

Dá, ale musím Vám je sehnat.
Vy máte windows xp sp2 home nebo profi?

Jen nechápu že to combofix neodhalil

, mám trochu podezdření že tam ještě něco bude

.
Já tu budu až v noci, ted musím od pc, udělejte mi ještě gmer

Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu provedete druhý sken a log sem také vložíte.

VIRY.CZ

Prosím o názor - problém s wifi a lan kartou

Prosím o názor - problém s wifi a lan kartou

Re: Prosím o názor - problém s wifi a lan kartou

Re: Prosím o názor - problém s wifi a lan kartou

Re: Prosím o názor - problém s wifi a lan kartou

Re: Prosím o názor - problém s wifi a lan kartou

Re: Prosím o názor - problém s wifi a lan kartou

Re: Prosím o názor - problém s wifi a lan kartou

Re: Prosím o názor - problém s wifi a lan kartou

Re: Prosím o názor - problém s wifi a lan kartou

Re: Prosím o názor - problém s wifi a lan kartou

Re: Prosím o názor - problém s wifi a lan kartou

Re: Prosím o názor - problém s wifi a lan kartou

Re: Prosím o názor - problém s wifi a lan kartou

Re: Prosím o názor - problém s wifi a lan kartou

Re: Prosím o názor - problém s wifi a lan kartou