Problém - nejde nic spustit, XP securtity 2012

[acter]

Dobrý den, potřeboval bych poradit. V PC jsem měl problém XP security 2012. Dle návodu z některých anglicky psaných webů jsem smazal určité soubory ve složkách Data Aplikací, atp ( vše jsem provedl v nouzovém režimu). Když jsem se pak vrátil do režimu normálního nejde mi spustit žádný exe soubor. Čili ani firefox, ani nic dalšího. Jediný režim kde se mi to podařilo spustit je Administrator nouzový režim. Prosím o rady jak postupovat při řešení. Děkuji

[stell]

Zdravim
Pouzijes program RogueKiller>>moznost 2 (Delete)
1: http://www.viry.cz/forum/viewtopic.php? ... 05#p981205
log vloz sem
Restartuj pocitac.

[acter]

log:

RogueKiller V5.2.4 [06/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Safe mode with network support
User: Administrator [Admin rights]
Mode: Remove -- Date : 06/23/2011 21:01:12

Bad processes: 0

Registry Entries: 6
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[FILE ASSO] HKLM\[...]Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command : ("C:\Documents and Settings\bujnoch\Local Settings\Data aplikací\vec.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") -> REPLACED : ("C:\Program Files\mozilla firefox\firefox.exe")
[FILE ASSO] HKLM\[...]Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command : ("C:\Documents and Settings\bujnoch\Local Settings\Data aplikací\vec.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) -> REPLACED : ("C:\Program Files\mozilla firefox\firefox.exe" -safe-mode)

HOSTS File:
127.0.0.1 localhost


Finished : << RKreport[1].txt >>
RKreport[1].txt

[stell]

1:Stiahnes>spustis>.log vloz sem
http://www.raktor.net/exeHelper/exeHelper.com

2:1:Stiahnuť aswMBR.exe na plochu.
http://public.avast.com/%7Egmerek/aswMBR.exe
2:Dvakrát kliknite na aswMBR.exe a spusťte
3:Kliknite na tlačidlo "Scan" pre spustenie skenovania
4:V prípade infekcie Kliknite na tlačidlo "Fix"
5:Uložte asw.log na plochu.>>log vloz sem.

3:Stiahnes>>mbam-setup
Nainstalovat, aktualizovat, a spustit skan.
SpravitUPLNY skan, co najde daj zmazat,
Log vloz sem.
Podrobny Navod:
http://www.viry.cz/forum/viewtopic.php?f=29&t=67229

Potom napis ako sa chova pc.

[acter]

exeHelper by Raktor
Build 20100414
Run at 21:07:41 on 06/23/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

aswMBR version 0.9.7.675 Copyright(c) 2011 AVAST Software
Run date: 2011-06-23 21:09:42
-----------------------------
21:09:42.296 OS Version: Windows 5.1.2600 Service Pack 2
21:09:42.296 Number of processors: 2 586 0xF0D
21:09:42.296 ComputerName: BUJNOCH-1E265AC UserName: Administrator
21:09:42.484 Initialize success
21:09:56.406 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7
21:09:56.421 Disk 0 Vendor: WDC_WD3200AAJS-00L7A0 01.03E01 Size: 305245MB BusType: 3
21:09:58.437 Disk 0 MBR read successfully
21:09:58.453 Disk 0 MBR scan
21:09:58.453 Disk 0 unknown MBR code
21:10:00.468 Disk 0 scanning sectors +625137345
21:10:00.515 Disk 0 scanning C:\WINDOWS\system32\drivers
21:10:02.546 Service scanning
21:10:04.921 Disk 0 trace - called modules:
21:10:04.937 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
21:10:04.953 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89b95ab8]
21:10:04.968 3 CLASSPNP.SYS[f765805b] -> nt!IofCallDriver -> \Device\0000006c[0x89b9a9e8]
21:10:04.984 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-7[0x89b41940]
21:10:05.000 Scan finished successfully
21:10:12.468 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Plocha\MBR.dat"
21:10:12.484 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Plocha\aswMBR.txt"

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 6930

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 6.0.2900.2180

23.6.2011 21:32:35
mbam-log-2011-06-23 (21-32-35).txt

Typ kontroly: Úplný test (C:\|G:\|H:\|)
Testované objekty: 237703
Uplynulý čas: 15 minut, 1 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\documents and settings\bujnoch\local settings\data aplikací\Temp\{81d5a0ce-bad0-4c5b-8225-99445728a467} (Trojan.P2P.Worm) -> Quarantined and deleted successfully.
c:\documents and settings\bujnoch\local settings\Temp\0.0633338322193111.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.

[stell]

¨vypnut,system volume information/restore (Obnova systému):po restarte ,zapnut.
http://www.viry.cz/forum/viewtopic.php?f=11&t=47040

Napis ako sa chova pc
Stiahnes>>RSIT >>logy vloz sem,

[acter]

V běžném režimu, když chci spustit například Firefox, mi vyskočí dialog "Vyberte program ve kterém chcete Firefox.exe spustit.". Bohužel už teď musím končit, takže budu pokračovat zítra ráno. Díky moc za všechny rady.

[stell]

ok, zajtra.,uvidis, ked zapnes pc, takze sprav co som napisal, ale pred tym este spust aswmbr>>a teraz hned klikni na tlacitko FIXMBR, potom pokracuj tak ako som napisal.

[stell]

Takze aby sme mali v tom poriadok, spravis to takto.
Vsetko rob v normalnom rezime.
este raz spust RogueKiller>>2<<delete>.log vloz sem
spustis este raz aswMBR>>ale teraz klikni na FIXMBR.
¨vypnut,system volume information/restore (Obnova systému):po restarte ,zapnut.
viewtopic.php?f=11&t=47040
Stiahnes>>RSIT >>logy vloz sem,
Napis ako sa chova pc

[acter]

Problém je že se mi nedaří v normálním režimu nic spustit tedy ani RogueKiller, prostě se mě to ptá v čem chci soubor RogueKiller.exe otevřít.

[acter]

OK, nakonec se mi to všechno podařilo provést. Problémy které jsem sledoval ustaly, všechno jde teď normálně spustit. Tady jsou logy:

RogueKiller V5.2.4 [06/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User: bujnoch [Admin rights]
Mode: Remove -- Date : 06/24/2011 09:48:29

Bad processes: 0

Registry Entries: 3
[ROGUE ST] HKCU\[...]\Run : 1990635948 (C:\Documents and Settings\bujnoch\Local Settings\Data aplikací\vec.exe) -> DELETED
[FILE ASSO] HKCU\[...]Software\Classes\.exe\shell\open\command : ("C:\Documents and Settings\bujnoch\Local Settings\Data aplikací\vec.exe" -a "%1" %*) -> REPLACED : ("%1" %*)
[FILE ASSO] HKCU\[...]Software\Classes\exefile\shell\open\command : ("C:\Documents and Settings\bujnoch\Local Settings\Data aplikací\vec.exe" -a "%1" %*) -> REPLACED : ("%1" %*)

HOSTS File:
127.0.0.1 localhost


Finished : << RKreport[1].txt >>
RKreport[1].txt

aswMBR version 0.9.7.675 Copyright(c) 2011 AVAST Software
Run date: 2011-06-24 09:50:50
-----------------------------
09:50:50.421 OS Version: Windows 5.1.2600 Service Pack 2
09:50:50.421 Number of processors: 2 586 0xF0D
09:50:50.421 ComputerName: BUJNOCH-1E265AC UserName: bujnoch
09:50:50.703 Initialize success
09:51:16.312 Disk 0 Windows 501 MBR fixed successfully
09:51:26.234 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\bujnoch\Plocha\MBR.dat"
09:51:26.234 The log file has been saved successfully to "C:\Documents and Settings\bujnoch\Plocha\aswMBR.txt"

Logfile of random's system information tool 1.08 (written by random/random)
Run by bujnoch at 2011-06-24 09:56:31
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 19 GB (60%) free of 32 GB
Total RAM: 2047 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:56:34, on 24.6.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\bujnoch\Plocha\RSIT.exe
C:\Program Files\trend micro\bujnoch.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

--
End of file - 5499 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-02-06 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-25 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-06 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-06 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-09-30 16864768]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2007-12-21 1443072]
"COMODO Firewall Pro"=C:\Program Files\COMODO\Firewall\cfp.exe [2009-02-06 1655552]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-06 136600]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-04 36352]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-01-29 23975720]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-17 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-01-14 155648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0
"DisableCMD"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 3 months======

2011-06-24 09:54:47 ----D---- C:\Documents and Settings\bujnoch\Data aplikací\Malwarebytes
2011-06-24 09:47:28 ----ASH---- C:\hiberfil.sys
2011-06-24 09:40:28 ----D---- C:\rsit
2011-06-23 21:13:01 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2011-06-23 21:13:01 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-06-23 21:12:58 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-06-23 21:12:58 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-06-23 20:13:52 ----SHD---- C:\WINDOWS\CSC
2011-06-23 20:13:47 ----A---- C:\WINDOWS\ntbtlog.txt
2011-06-23 13:21:19 ----D---- C:\WINDOWS\Sun

======List of files/folders modified in the last 3 months======

2011-06-24 09:56:32 ----D---- C:\WINDOWS\Temp
2011-06-24 09:56:32 ----D---- C:\Program Files\Trend Micro
2011-06-24 09:55:59 ----SHD---- C:\System Volume Information
2011-06-24 09:55:59 ----D---- C:\WINDOWS\system32\Restore
2011-06-24 09:54:57 ----D---- C:\Program Files\Mozilla Firefox
2011-06-24 09:53:57 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-06-23 21:34:00 ----D---- C:\WINDOWS\system32\drivers
2011-06-23 21:34:00 ----D---- C:\WINDOWS\msagent
2011-06-23 21:12:58 ----RD---- C:\Program Files
2011-06-23 20:13:56 ----D---- C:\Documents and Settings
2011-06-23 20:13:52 ----D---- C:\WINDOWS
2011-06-23 19:58:39 ----D---- C:\WINDOWS\Prefetch
2011-06-23 13:18:52 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google Updater
2011-06-17 21:47:39 ----A---- C:\WINDOWS\IE4 Error Log.txt
2011-06-15 08:33:42 ----D---- C:\WINDOWS\system32
2011-05-03 11:24:30 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2011-03-30 19:18:15 ----D---- C:\Documents and Settings\bujnoch\Data aplikací\Canon
2011-03-28 20:33:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Inspect;COMODO Firewall Pro Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys [2009-02-06 79760]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2004-08-03 61056]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2009-02-06 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2009-02-06 24208]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2007-12-21 30216]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 33800]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2007-12-21 39944]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-17 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-01-14 3455488]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-10-02 4878336]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-17 61824]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-07-01 108800]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 epmntdrv;epmntdrv; \??\C:\WINDOWS\system32\epmntdrv.sys []
S3 EuGdiDrv;EuGdiDrv; \??\C:\WINDOWS\system32\EuGdiDrv.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 MSICPL;MSICPL; \??\D:\install4\MSICPL.sys []
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; \??\D:\NTGLM7X.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-01-14 598016]
R2 cmdAgent;COMODO Firewall Pro Helper Service; C:\Program Files\COMODO\Firewall\cmdagent.exe [2009-02-06 519936]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-06 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-30 935208]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-01-13 593920]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 183280]
S2 NOD32FiXTemDono;Eset Nod32 Boot; C:\WINDOWS\system32\regedt32.exe [2001-10-25 3584]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2007-12-21 19200]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.08 2011-06-24 09:40:36

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9 - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-A90000000001}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Canon MP Navigator 2.0-->"C:\Program Files\Canon\MP Navigator 2.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 2.0\uninst.ini
Canon MP150-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{CA9A3609-3ECC-4574-8824-A8161A71A603}\DelDrv.exe" /U:{CA9A3609-3ECC-4574-8824-A8161A71A603} /L0x0009
Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
Codec Pack - All In 1 6.0.3.0-->C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
COMODO Firewall Pro-->C:\Program Files\COMODO\Firewall\cfpconfg.exe -u
EASEUS Partition Manager 3.0 Home Edition-->"C:\Program Files\EASEUS\EASEUS Partition Manager 3.0 Home Edition\unins000.exe"
ESET NOD32 Antivirus-->MsiExec.exe /I{DA4A7657-605C-4367-AF27-76C72DE4648C}
Google Earth-->MsiExec.exe /X{9074AFC0-CFDA-11DE-B484-005056806466}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
K-Lite Codec Pack 4.5.3 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kořenové certifikáty I.CA-->"C:\Documents and Settings\bujnoch\Dokumenty\Kořenové certifikáty I.CA\uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Language Pack - CSY-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - CSY\install.exe
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0 Czech Language Pack-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 Czech Language Pack\setup.exe
Microsoft .NET Framework 3.0 Czech Language Pack-->MsiExec.exe /X{FB09515C-8E3E-4E0F-A1F2-032F38DEC185}
Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110405-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.5.19)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
Nero 9-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M03-01A1-PCX7-K31A-8A94-98PT-KT2E-522A"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up -->"C:\Program Files\ESET\ESET NOD32 Antivirus\unins000.exe"
PC Wizard 2008.1.80-->"C:\Program Files\PC Wizard 2008\unins000.exe"
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe -runfromtemp -l0x0005 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x5 -removeonly
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Presentation Foundation Language Pack (CSY)-->MsiExec.exe /X{AAB6D0F8-02B3-4E89-B24C-0BB153C21445}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation CS Language Pack-->MsiExec.exe /I{6EF72FC6-842E-4FE6-BF88-BFBF03C9DA74}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

======Security center information======

AV: ESET NOD32 Antivirus 3.0 (outdated)
FW: COMODO Firewall Pro (disabled)

======System event log======

Computer Name: BUJNOCH-1E265AC
Event Code: 7035
Message: Řídící příkaz Spuštěno byl službě Kompatibilita pro rychlé přepínání uživatelů úspěšně odeslán.

Record Number: 29378
Source Name: Service Control Manager
Time Written: 20110411074828.000000+120
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: BUJNOCH-1E265AC
Event Code: 7036
Message: Stav služby Terminálová služba byl změněn na: Spuštěno

Record Number: 29377
Source Name: Service Control Manager
Time Written: 20110411074828.000000+120
Event Type: Informace
User:

Computer Name: BUJNOCH-1E265AC
Event Code: 7000
Message: Služba Eset Nod32 Boot neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.


Record Number: 29376
Source Name: Service Control Manager
Time Written: 20110411074818.000000+120
Event Type: Chyba
User:

Computer Name: BUJNOCH-1E265AC
Event Code: 7009
Message: Vypršel časový limit (30000 milisekund) čekání na připojení služby Eset Nod32 Boot.

Record Number: 29375
Source Name: Service Control Manager
Time Written: 20110411074818.000000+120
Event Type: Chyba
User:

Computer Name: BUJNOCH-1E265AC
Event Code: 6005
Message: Služba Event Log byla spuštěna.

Record Number: 29374
Source Name: EventLog
Time Written: 20110411074811.000000+120
Event Type: Informace
User:

=====Application event log=====

Computer Name: BUJNOCH-1E265AC
Event Code: 105
Message: The service was started.

Record Number: 6643
Source Name: ATI Smart
Time Written: 20100706211859.000000+120
Event Type: Informace
User:

Computer Name: BUJNOCH-1E265AC
Event Code: 101
Message: wuauclt (4076) Databázový stroj byl zastaven.

Record Number: 6642
Source Name: ESENT
Time Written: 20100706060841.000000+120
Event Type: Informace
User:

Computer Name: BUJNOCH-1E265AC
Event Code: 103
Message: wuaueng.dll (4076) SUS20ClientDataStore: Databázový stroj zastavil instanci (0).

Record Number: 6641
Source Name: ESENT
Time Written: 20100706060841.000000+120
Event Type: Informace
User:

Computer Name: BUJNOCH-1E265AC
Event Code: 0
Message:
Record Number: 6640
Source Name: gusvc
Time Written: 20100706060411.000000+120
Event Type: Informace
User:

Computer Name: BUJNOCH-1E265AC
Event Code: 102
Message: wuaueng.dll (4076) SUS20ClientDataStore: Databázový stroj spustil novou instanci (0).

Record Number: 6639
Source Name: ESENT
Time Written: 20100706060340.000000+120
Event Type: Informace
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SAFEBOOT_OPTION"=NETWORK

-----------------EOF-----------------

Díky za pomoc

[stell]

dobre, este to docistime,
Stahni OTListIt2>> OTL
Označ položku Pro všechny uživatele.
Označ položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Klikn na tlačítko Prohledat
Po dokončení, sem vlož logy OTL.Txt a Extras.txt