Prosím o kontrolu logu - chyba Generic Host Process for Win3

[Silkwe]

Zdravím, po zapnutí počítače mi vyskakuje tabulka s chybou Generic Host Process for Win32 Service (díky tomu se nelze připojit na internet a nefungují zvuky - to jsou alespoň problémy, kterých jsem si stačila všimnout)

Zkusila jsem projet microsoft.com kvůli aktualizacím - na tento problém existuje oprava (ale počitač mi píše, že již mám novější aktualizaci, takže ji použít nelze)...

Zbývá mi tedy možnost, že se mi do počítače dostat nějaký bordel (anitivir ale nic nenašel, takže prosím o kontrolu logu)

ogfile of random's system information tool 1.08 (written by random/random)
Run by Silkwe at 2010-10-11 11:29:05
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 4 GB (26%) free of 15 GB
Total RAM: 1015 MB (59% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1459280101-1313231037-1648893855-1006Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1459280101-1313231037-1648893855-1006UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-08-04 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-12-19 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-12-19 159744]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-12-19 131072]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-07-31 16806912]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"AsusTray"=C:\Program Files\EeePC\ACPI\AsTray.exe [2008-09-17 106496]
"AsusACPIServer"=C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe [2008-09-16 593920]
"AsusEPCMonitor"=C:\Program Files\EeePC\ACPI\AsEPCMon.exe [2008-05-21 94208]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2008-09-03 335872]
"ETDWareDetect"=C:\Program Files\Elantech\ETDDect.exe [2008-08-28 204800]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"visionboard"=C:\Program Files\VisionBoard\visionboardlauncher.exe [2007-09-20 840704]
"AdobeBridge"= []
"Google Update"=C:\Documents and Settings\Silkwe\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2010-08-28 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
AutoRun OSCleaner.lnk - C:\Program Files\ASUS\Asus OS Cleaner\AsOSCleaner.exe
SuperHybridEngine.lnk - C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-12-19 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Opera 10 Beta\opera.exe"="C:\Program Files\Opera 10 Beta\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\QIP Infium JadrisPack\infium.exe"="C:\QIP Infium JadrisPack\infium.exe:*:Enabled:QIP Infium"
"C:\Documents and Settings\Silkwe\Plocha\WoW\Warcraft III.exe"="C:\Documents and Settings\Silkwe\Plocha\WoW\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\WoW\Warcraft III.exe"="C:\WoW\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 1 months======

2012-09-22 17:09:19 ----D---- C:\Program Files\Eee Storage
2012-09-22 17:08:04 ----D---- C:\Program Files\Elantech
2012-09-22 10:32:26 ----A---- C:\WINDOWS\system32\drivers\ASUSACPI.SYS
2012-09-22 10:32:23 ----D---- C:\Program Files\EeePC
2010-10-11 11:29:05 ----D---- C:\rsit
2010-10-11 11:29:05 ----D---- C:\Program Files\trend micro
2010-10-11 09:55:23 ----D---- C:\WINDOWS\system32\NtmsData
2010-10-04 14:01:49 ----SHD---- C:\Config.Msi

======List of files/folders modified in the last 1 months======

2012-09-22 10:50:46 ----A---- C:\WINDOWS\oemver.txt
2012-09-22 10:33:05 ----D---- C:\Program Files\ASUS
2012-09-22 10:33:03 ----HD---- C:\Program Files\InstallShield Installation Information
2010-10-11 11:29:06 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-10-11 11:29:05 ----D---- C:\Program Files
2010-10-11 11:24:07 ----D---- C:\WINDOWS\Temp
2010-10-11 11:01:31 ----D---- C:\WINDOWS\Prefetch
2010-10-11 10:51:19 ----AD---- C:\WINDOWS
2010-10-11 10:41:08 ----D---- C:\WINDOWS\system32\CatRoot2
2010-10-11 10:26:34 ----D---- C:\WINDOWS\system32\config
2010-10-11 10:25:50 ----D---- C:\WINDOWS\system32\wbem
2010-10-11 10:25:49 ----D---- C:\WINDOWS\Registration
2010-10-11 10:20:56 ----D---- C:\WINDOWS\system32\Restore
2010-10-11 09:55:23 ----D---- C:\WINDOWS\system32
2010-10-11 09:55:23 ----D---- C:\WINDOWS\repair
2010-10-11 09:34:29 ----SHD---- C:\System Volume Information
2010-10-11 09:21:39 ----D---- C:\WINDOWS\Network Diagnostic
2010-10-04 19:37:49 ----D---- C:\WINDOWS\Microsoft.NET
2010-10-04 19:37:46 ----RSD---- C:\WINDOWS\assembly
2010-10-04 14:26:23 ----SHD---- C:\WINDOWS\Installer
2010-10-04 14:21:50 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-10-04 14:19:50 ----D---- C:\WINDOWS\WinSxS
2010-09-30 08:05:18 ----D---- C:\Program Files\Microsoft Silverlight
2010-09-29 22:16:00 ----HD---- C:\WINDOWS\inf
2010-09-23 06:33:12 ----A---- C:\WINDOWS\WORDPAD.INI
2010-09-21 18:55:38 ----D---- C:\Program Files\Mozilla Firefox
2010-09-15 14:19:12 ----A---- C:\WINDOWS\imsins.BAK
2010-09-15 14:18:24 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-09-15 14:03:57 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2008-04-14 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2008-04-14 55936]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-05-03 546976]
R3 AsusACPI;ASUS ACPI Driver; C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys [2008-04-08 10752]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-12-19 5854688]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-08-12 4751360]
R3 Ktp;Elantech TouchPad; C:\WINDOWS\system32\DRIVERS\ETD.sys [2008-09-04 26112]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1e51x86.sys [2008-03-11 36864]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound; C:\WINDOWS\system32\drivers\srs_PremiumSound_i386.sys [2008-06-30 38272]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-26 267432]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-17 153376]
R2 nlsX86cc;NLS Service; C:\WINDOWS\system32\NLSSRV32.EXE [2009-12-16 65856]
S2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 usnjsvc;Služba Čtení deníku USN sdílených složek programu Messenger; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[earl]

Zdravim,

Stahnete OTL

spustte, oznacte "Pro vsechny uzivatele,30 dnů zmente na 7,kliknete na Prohledat,

po skonceni skenu sem vlozte obsah logu z OTL.txt.

[Silkwe]

ok tady to je:

OTL logfile created on: 11.10.2010 12:17:11 - Run 1
OTL by OldTimer - Version 3.2.15.0 Folder = C:\Documents and Settings\Silkwe\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: | Country: | Language: | Date Format:

1 015,00 Mb Total Physical Memory | 570,00 Mb Available Physical Memory | 56,00% Memory free
919,00 Mb Paging File | 585,00 Mb Available in Paging File | 64,00% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 15,01 Gb Total Space | 4,55 Gb Free Space | 30,27% Space Free | Partition Type: NTFS
Drive D: | 3,82 Gb Total Space | 0,44 Gb Free Space | 11,64% Space Free | Partition Type: FAT32

Computer Name: N-3MRNKARWBG8PX | User Name: Silkwe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2010.10.11 12:06:50 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Silkwe\Plocha\OTL.exe
PRC - [2010.04.26 18:30:50 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.01.14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.12.16 10:11:06 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\NLSSRV32.EXE
PRC - [2008.09.17 14:54:20 | 000,106,496 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsTray.exe
PRC - [2008.09.16 17:16:38 | 000,593,920 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
PRC - [2008.09.03 19:49:56 | 000,311,296 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
PRC - [2008.09.03 17:57:28 | 000,335,872 | ---- | M] (ELANTECH Devices Corp.) -- C:\Program Files\Elantech\ETDCTRL.EXE
PRC - [2008.08.28 09:54:06 | 000,204,800 | ---- | M] (ELANTECH Devices Corp.) -- C:\Program Files\Elantech\ETDDECT.EXE
PRC - [2008.05.21 01:56:24 | 000,094,208 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsEPCMon.exe
PRC - [2008.04.14 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.12.19 23:07:40 | 000,163,840 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe


========== Modules (SafeList) ==========

MOD - [2010.10.11 12:06:50 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Silkwe\Plocha\OTL.exe
MOD - [2008.04.14 14:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010.04.26 18:30:50 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.02.24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.12.16 10:11:06 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2008.04.14 14:00:00 | 000,126,464 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\wbem\wmiapsrv.exe -- (WmiApSrv)
SRV - [2007.10.25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007.10.18 11:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)


========== Driver Services (SafeList) ==========

DRV - [2010.03.01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.02.11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009.05.11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.09.04 19:47:12 | 000,026,112 | ---- | M] (ELANTECH Devices Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ETD.sys -- (Ktp)
DRV - [2008.08.12 16:10:50 | 004,751,360 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.06.30 17:43:20 | 000,038,272 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys -- (SRS_PremiumSound_Service)
DRV - [2008.04.14 14:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008.04.14 14:00:00 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008.04.14 14:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2008.04.14 14:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2008.04.08 15:59:28 | 000,010,752 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS -- (AsusACPI)
DRV - [2008.03.11 19:37:00 | 000,036,864 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2007.12.19 23:32:12 | 005,854,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007.05.03 04:00:58 | 000,546,976 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.28 13:18:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.28 13:18:18 | 000,000,000 | ---D | M]

[2009.09.07 07:02:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Silkwe\Data aplikací\Mozilla\Extensions
[2010.09.21 19:05:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Silkwe\Data aplikací\Mozilla\Firefox\Profiles\k0e90zfz.default\extensions
[2010.05.06 13:11:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Silkwe\Data aplikací\Mozilla\Firefox\Profiles\k0e90zfz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.09.21 19:05:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.05.04 07:45:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.25 21:54:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009.07.31 00:15:16 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2009.07.31 00:15:16 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2009.07.31 00:15:16 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2009.07.31 00:15:16 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2009.07.31 00:15:16 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Podpora odkazu pro Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCTRL.EXE (ELANTECH Devices Corp.)
O4 - HKLM..\Run: [ETDWareDetect] C:\Program Files\Elantech\ETDDECT.EXE (ELANTECH Devices Corp.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [visionboard] C:\Program Files\VisionBoard\visionboardlauncher.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\AutoRun OSCleaner.lnk = C:\Program Files\ASUS\Asus OS Cleaner\AsOSCleaner.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\SuperHybridEngine.lnk = C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.252 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Silkwe\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Silkwe\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.07.29 18:39:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{06d12a6e-e407-11de-88ec-0023544660a0}\Shell\AutoRun\command - "" = RECYCLER.exe F:\
O33 - MountPoints2\{06d12a6e-e407-11de-88ec-0023544660a0}\Shell\Explore\command - "" = RECYCLER.exe F:\
O33 - MountPoints2\{06d12a6e-e407-11de-88ec-0023544660a0}\Shell\Open\command - "" = RECYCLER.exe F:\
O33 - MountPoints2\{94bc2fbe-1bc1-11df-8968-0023544660a0}\Shell\AutoRun\command - "" = D:\RECYCLER.exe -- File not found
O33 - MountPoints2\{94bc2fbe-1bc1-11df-8968-0023544660a0}\Shell\Explore\command - "" = D:\RECYCLER.exe -- File not found
O33 - MountPoints2\{94bc2fbe-1bc1-11df-8968-0023544660a0}\Shell\Open\command - "" = D:\RECYCLER.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 7 Days ==========

[2012.09.22 17:09:19 | 000,000,000 | ---D | C] -- C:\Program Files\Eee Storage
[2012.09.22 17:08:04 | 000,000,000 | ---D | C] -- C:\Program Files\Elantech
[2012.09.22 10:32:26 | 000,010,752 | ---- | C] (ASUSTeK Computer Inc.) -- C:\WINDOWS\System32\drivers\ASUSACPI.SYS
[2012.09.22 10:32:23 | 000,000,000 | ---D | C] -- C:\Program Files\EeePC
[2010.10.11 12:08:18 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Silkwe\Plocha\OTL.exe
[2010.10.11 11:29:05 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.10.11 11:29:05 | 000,000,000 | ---D | C] -- C:\rsit
[2010.10.11 09:55:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010.10.04 14:01:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2008.08.19 10:31:08 | 015,523,560 | ---- | C] (Macrovision Corporation) -- C:\Program Files\U1 Setup.exe
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2012.09.22 17:28:10 | 000,000,333 | ---- | M] () -- C:\WINDOWS\System32\$ncsp$.inf
[2012.09.22 17:09:26 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Eee Storage.lnk
[2012.09.22 10:33:05 | 000,000,787 | ---- | M] () -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\SuperHybridEngine.lnk
[2010.10.11 12:13:14 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.10.11 12:06:50 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Silkwe\Plocha\OTL.exe
[2010.10.11 12:06:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.10.11 12:04:43 | 003,932,160 | ---- | M] () -- C:\Documents and Settings\Silkwe\ntuser.dat
[2010.10.11 12:04:43 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Silkwe\ntuser.ini
[2010.10.11 12:04:42 | 002,107,430 | -H-- | M] () -- C:\Documents and Settings\Silkwe\Local Settings\Data aplikací\IconCache.db
[2010.10.11 11:27:38 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\Silkwe\Plocha\RSIT.exe
[2010.10.11 10:30:03 | 000,001,030 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1459280101-1313231037-1648893855-1006UA.job
[2010.10.11 10:27:01 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.10.10 17:30:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1459280101-1313231037-1648893855-1006Core.job
[2010.10.09 18:33:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010.10.08 13:26:16 | 000,030,078 | ---- | M] () -- C:\Documents and Settings\Silkwe\Data aplikací\wklnhst.dat
[2010.10.08 13:26:16 | 000,001,148 | ---- | M] () -- C:\Documents and Settings\Silkwe\Plocha\morse.doc
[2010.10.08 13:19:38 | 000,000,008 | ---- | M] () -- C:\Documents and Settings\Silkwe\Plocha\Nový objekt - Dokument ve formátu RTF.rtf
[2010.10.04 14:21:51 | 000,441,458 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.10.04 14:21:51 | 000,438,070 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.10.04 14:21:51 | 000,071,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.10.04 14:21:50 | 001,006,042 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.10.04 14:21:50 | 000,082,750 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.09.22 17:09:26 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Eee Storage.lnk
[2012.09.22 10:33:05 | 000,000,787 | ---- | C] () -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\SuperHybridEngine.lnk
[2012.09.22 10:32:26 | 000,001,205 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsusACPI.inf
[2010.10.11 11:28:40 | 000,339,991 | ---- | C] () -- C:\Documents and Settings\Silkwe\Plocha\RSIT.exe
[2010.10.09 09:41:38 | 003,932,160 | ---- | C] () -- C:\Documents and Settings\Silkwe\ntuser.dat
[2010.10.08 13:26:16 | 000,001,148 | ---- | C] () -- C:\Documents and Settings\Silkwe\Plocha\morse.doc
[2010.10.08 13:19:38 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Silkwe\Plocha\Nový objekt - Dokument ve formátu RTF.rtf
[2010.05.15 08:30:57 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010.03.09 13:07:04 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010.03.09 13:07:02 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010.03.09 13:06:51 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010.03.09 13:06:51 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010.03.09 13:06:49 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2010.03.09 13:06:35 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010.03.09 13:06:31 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.08.01 12:32:59 | 000,030,078 | ---- | C] () -- C:\Documents and Settings\Silkwe\Data aplikací\wklnhst.dat
[2009.07.30 00:56:57 | 000,002,724 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\KGyGaAvL.sys
[2009.07.30 00:56:57 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\F269A88BA7.sys
[2009.06.17 11:13:30 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2009.06.15 01:43:53 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\Silkwe\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.15 01:43:53 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Silkwe\Local Settings\Data aplikací\fusioncache.dat
[2008.08.21 13:21:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008.08.19 10:21:06 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\drivers\tshd4_kern_i386.sys
[2008.08.19 10:21:06 | 000,048,128 | R--- | C] () -- C:\WINDOWS\System32\drivers\maxv_kern_i386.sys
[2008.08.19 10:21:06 | 000,040,832 | R--- | C] () -- C:\WINDOWS\System32\drivers\cshp_kern_i386.sys
[2008.08.19 10:21:06 | 000,038,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_PremiumSound_i386.sys
[2008.08.19 10:21:06 | 000,030,592 | R--- | C] () -- C:\WINDOWS\System32\drivers\hp360_kern_i386.sys
[2008.08.18 18:43:16 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2008.07.30 19:31:52 | 000,021,864 | ---- | C] () -- C:\WINDOWS\AsAcpiSvrLang.ini
[2008.07.29 19:35:52 | 000,005,312 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008.03.17 15:54:36 | 000,012,208 | ---- | C] () -- C:\WINDOWS\AsTrayLang.ini

========== Files - Unicode (All) ==========
[2010.03.10 20:05:49 | 000,000,000 | ---D | M](C:\Documents and Settings\Silkwe\Data aplikac?) -- C:\Documents and Settings\Silkwe\Data aplikac�
[2009.08.21 19:49:59 | 000,198,144 | ---- | M] ()(C:\Documents and Settings\Silkwe\Dokumenty\Pokyny na platby_Jana_Klomfarov?.doc) -- C:\Documents and Settings\Silkwe\Dokumenty\Pokyny na platby_Jana_Klomfarov�.doc
[2009.08.21 19:49:59 | 000,198,144 | ---- | C] ()(C:\Documents and Settings\Silkwe\Dokumenty\Pokyny na platby_Jana_Klomfarov?.doc) -- C:\Documents and Settings\Silkwe\Dokumenty\Pokyny na platby_Jana_Klomfarov�.doc
(C:\Documents and Settings\Silkwe\Data aplikac?) -- C:\Documents and Settings\Silkwe\Data aplikac�

========== Alternate Data Streams ==========

@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:0A8E2C33

< End of report >

[earl]

Pripojte vsechny usb flash disky co pouzivate do pc.

CTETE POZORNE NAVOD,TENTO SOFT NETOLERUJE CHYBY V POSTUPU APLIKOVANI!

Klidne si nasledujici radky vytisknete,at vite,co se bude na obrazovce odehravat.

Budte prihlasen na pc s administratorskymi pravy.

V operacnich systemech Windows Vista a Windows 7 je nutno spoustet aplikaci jako spravce (kliknutim pravym tlacitkem mysi na ikonu ComboFixu a klepnutim levym na volbu "Spustit jako spravce")

stahnete a ulozte nejlepe na plochu ComboFix

v pripade,ze nepujde stranka nacist-stahnete odtud download , popr. nepujde ComboFix spustit - prejmenujte jej na grinder.com a postupujte dale dle instrukci.

hned po startu se zobrazi Zreknuti se prava zaruky na funkcnost software, pokracujte kliknutim na tlacitko Ano:



pote muze nasledovat upozorneni na nainstalovane emulatory CD mechanik,typicky Daemon Tools nebo Alcohol 120



odklepnout OK

Souhlasit s instalaci Recovery console(Konzola pro zotaveni)-nutno funkcni internet

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: upozorneni: Vypnete rezidentni stit u antiviru a antispywaru a zakazte docasne firewall-ComboFix by nemusel fungovat korektne-pokud budete mit stity vypnute a Combofix zahlasi,ze nejsou,pokracujte dal a potvrdte.

po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem

Zkontroluji ho po 23 hod.

[Silkwe]

takže tady je ten další log:

ComboFix 10-10-10.02 - Silkwe 11.10.2010 12:50:43.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1015.593 [GMT 2:00]
Spuštěný z: c:\documents and settings\Silkwe\Plocha\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Thumbs.db

Nakažená kopie c:\windows\system32\wbem\wmiapsrv.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\system32\dllcache\wmiapsrv.exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_usnjsvc


((((((((((((((((((((((((( Soubory vytvořené od 2010-09-11 do 2010-10-11 )))))))))))))))))))))))))))))))
.

2012-09-22 15:09 . 2012-09-22 15:09 -------- d-----w- c:\program files\Eee Storage
2012-09-22 15:08 . 2012-09-22 15:08 -------- d-----w- c:\program files\Elantech
2012-09-22 08:32 . 2008-04-08 13:59 10752 ----a-w- c:\windows\system32\drivers\ASUSACPI.SYS
2012-09-22 08:32 . 2012-09-22 08:32 -------- d-----w- c:\program files\EeePC
2010-10-11 09:29 . 2010-10-11 09:30 -------- d-----w- C:\rsit
2010-10-11 09:29 . 2010-10-11 09:29 -------- d-----w- c:\program files\trend micro
2010-10-11 08:25 . 2010-10-11 08:25 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-11 07:55 . 2010-10-11 08:22 -------- d-----w- c:\windows\system32\NtmsData

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"visionboard"="c:\program files\VisionBoard\visionboardlauncher.exe" [2007-09-20 840704]
"Google Update"="c:\documents and settings\Silkwe\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-08-28 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-31 16806912]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-09-17 106496]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-09-16 593920]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-20 94208]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2008-09-03 335872]
"ETDWareDetect"="c:\program files\Elantech\ETDDect.exe" [2008-08-28 204800]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AutoRun OSCleaner.lnk - c:\program files\ASUS\Asus OS Cleaner\AsOSCleaner.exe [2008-8-19 118784]
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2012-9-22 311296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 20:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2007-10-18 09:34 5724184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Opera 10 Beta\\opera.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [19.12.2009 12:00 135336]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [16.12.2009 10:11 65856]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [19.8.2008 10:21 38272]
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = hxxp://eee.yostore.net/tutorial/quickstart/?c=0
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Silkwe\Data aplikací\Mozilla\Firefox\Profiles\k0e90zfz.default\
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npdsplay.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npwmsdrm.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-AdobeBridge - (no file)


.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2420)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dwwin.exe
.
**************************************************************************
.
Celkový čas: 2010-10-11 13:04:46 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-10-11 11:04

Před spuštěním: 4 787 236 864
Po spuštění: 5 200 883 712

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 3FAD123DEC78700985CFAB5E666BC423

[earl]

Stahnete,ulozte na plochu a pri pripojenych usb flash discich spustte FlashDisinfector

Pak popiste chovani pc.

[Silkwe]

Takže program se spustil, na chvilku zmizely ikony na ploše, pak se objevila tabulka Done!

Jinak chyba mi stále vyskakuje...po tom co vyskočí se mi odpojí internet (nic nového)

Jo a nejde mi zapnout firewall...

[earl]

Pouzijte MBAM

instalace,uplny sken,vlozit sem log-NIC NEMAZAT!

Stahnete GMER , rozbalte a spustte jako Administrator

probehne sken, po jehoz ukonceni na vas vyskoci vysledky

pote kliknete na Save a ulozite tak log, jehoz obsah sem vlozte

pote dle tohoto navodu

absolvujte druhy sken a opet obsah logu sem.

[Silkwe]

takže: 1. log (z mbam)
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

13.10.2010 16:28:33
mbam-log-2010-10-13 (16-28-33).txt

Typ skenu: Rychlý sken
Skenované objekty: 111841
Uplynulý čas: 6 minuta(y), 2 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)


A tady je log z GMERu (až ten druhý)

GMER 1.0.15.15315 - http://www.gmer.net
Rootkit scan 2010-10-13 17:47:52
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\WINDOWS\TEMP\kxlyauog.sys


---- System - GMER 1.0.15 ----

SSDT F7C6212E ZwCreateKey
SSDT F7C62124 ZwCreateThread
SSDT F7C62133 ZwDeleteKey
SSDT F7C6213D ZwDeleteValueKey
SSDT F7C62142 ZwLoadKey
SSDT F7C62110 ZwOpenProcess
SSDT F7C62115 ZwOpenThread
SSDT F7C6214C ZwReplaceKey
SSDT F7C62147 ZwRestoreKey
SSDT F7C62138 ZwSetValueKey

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares@a\1k\0o\0l\0a CSCFlags=0?MaxUses=4294967295?Path=C:\Documents and Settings\Silkwe\Plocha\?kola?Permissions=0?Remark=?Type=0?
Reg HKLM\SYSTEM\ControlSet002\Services\LanmanServer\Shares@a\1k\0o\0l\0a CSCFlags=0?MaxUses=4294967295?Path=C:\Documents and Settings\Silkwe\Plocha\?kola?Permissions=0?Remark=?Type=0?
Reg HKCU\Software\Microsoft\Windows Live Mail\PerPassportSettings\391970701@a\1k\0o\0a 1
Reg HKCU\Software\Microsoft\Windows Live Mail\PerPassportSettings\391970701@a\1k\0o\0l\0a 1

---- EOF - GMER 1.0.15 ----

[earl]

Dejte log z uplneho skenu z MBAMu.

Muzete udelat screen obrazovky pri chybe a ulozit ho treba na www.leteckaposta.cz?

[Silkwe]

http://leteckaposta.cz/335553760
(rozklikla jsem pro jistotu tu chybovou zprávu)

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

14.10.2010 7:51:11
mbam-log-2010-10-14 (07-51-11).txt

Typ skenu: Úplný sken (C:\|)
Skenované objekty: 143009
Uplynulý čas: 13 minuta(y), 24 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[earl]

Dopoledne napisu,co dal.

[earl]

Pardon,dostal jsem se k pc az ted

Stahnete a nainstalujte tento update - http://www.microsoft.com/downloads/deta ... laylang=cs

Pak popiste stav pc.

[Silkwe]

Takže tuhle aktualizaci jsem už jednouzkoušela instalovat (to byla jedna z 1. věcí co mě napadla udělat)

Při prvním pokusu i teď se mi objevila tabulka:

"Instalační program zjistil, že verze aktualizace Service Pack nainstalované v tomto počítači je novější než verze instalované aktualizace.
Tuto aktualizaci již není třeba instalovat."

(a chyba stále vyskakuje)

[earl]

Jdete do Ovladacich panelu,Nastroje pro spravu a rozklepnete zalozku System - opiste sem text,ktery je u chyby,tykajici se nami reseneho problemu.