VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Prosim o kontrolu logu a popis odstraneni problemu

https://forum.viry.cz:443/viewtopic.php?t=100721

Stránka 1 z 3

Prosim o kontrolu logu a popis odstraneni problemu

Napsal: 03 kvě 2010 17:38
od server123
Dobrý den,

zda se ze i muj pocitac skolik nejaky zly spyware, vytezuje na sto procent procesor, vetsinou je to proces svchost.exe

zde je vypis z ComboFix:
Prosim o kontrolu logu a popis odstraneni problemu, dekuju nastotisickrat!!!


ComboFix 10-05-02.01 - restore 02.05.2010 21:12:51.1.1 - x86
Spuštěný z: c:\documents and settings\restore\Dokumenty\Stažené soubory\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\FlashGet Network
c:\program files\FlashGet Network\FlashGet 3\dat\Appsetting.cfg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\1.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\1.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\2.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\3.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\btn1.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\btn2.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\cig.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\cig1.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_1644431G8.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_2544432.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_4090637.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_44848_1.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_icon01.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_icon03.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_icon04.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_KeHuDuanZiYuanZhongXinTuiJianTuMoBan_4.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_KeHuDuanZiYuanZhongXinTuiJianTuMoBan_5.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_logo.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_WuBiaoTi-2.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_WuBiaoTi-6.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\dian.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\directui_new_1264129396.zip
c:\program files\FlashGet Network\FlashGet 3\dat\directui\down.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\game.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\game.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\game1.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\gameall.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\gametop.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\ico01.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\ico02.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\line.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\movie.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\movie1.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\new_rescenter.txt
c:\program files\FlashGet Network\FlashGet 3\dat\directui\newgame.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\newmovie.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p1.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p2.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p3.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p4.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p5.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p6.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p7.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p8.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\pic_bg.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\preview.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\reom.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\reom.jpg1
c:\program files\FlashGet Network\FlashGet 3\dat\directui\rescenter.txt
c:\program files\FlashGet Network\FlashGet 3\dat\directui\soft.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\soft_zhan.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\tab.gif
c:\program files\FlashGet Network\FlashGet 3\dat\FlashGet3db.bak
c:\program files\FlashGet Network\FlashGet 3\dat\FlashGet3db.db
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\domain_url_list_en.zip
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\port.ini
c:\program files\FlashGet Network\FlashGet 3\dat\stat\skinpreview\preview_blue.png
c:\program files\FlashGet Network\FlashGet 3\dat\stat\skinpreview\preview_classic.png
c:\program files\FlashGet Network\FlashGet 3\dat\stat\skinpreview\preview_white.png
c:\program files\FlashGet Network\FlashGet 3\dat\stat\statdata\statinfo.dat
c:\program files\FlashGet Network\FlashGet 3\P2PCfg.ini
c:\program files\FlashGet Network\FlashGet 3\perf.ini
c:\program files\FlashGet Network\FlashGet 3\pstat.dat
c:\program files\FlashGet Network\FlashGet 3\pup.dat
c:\program files\WindowsUpdate
c:\windows\system32\secustat.dat

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-02 do 2010-05-02 )))))))))))))))))))))))))))))))
.

2010-05-02 19:08 . 2010-05-02 19:08 390144 ----a-w- c:\windows\system32\CF28651.exe
2010-05-02 17:27 . 2010-05-02 17:56 -------- d-----w- c:\windows\SxsCaPendDel
2010-05-01 18:43 . 2008-04-13 17:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-05-01 18:43 . 2008-04-13 17:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-05-01 18:43 . 2008-04-13 17:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-05-01 18:43 . 2008-04-13 17:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-05-01 18:43 . 2008-04-13 17:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-05-01 18:43 . 2008-04-13 17:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-04-22 19:10 . 2010-04-22 19:10 -------- d-----w- c:\program files\MSXML 4.0
2010-04-21 16:03 . 2010-04-21 16:16 -------- d-----w- c:\program files\The Tale of Despereaux
2010-04-13 05:08 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-05 12:53 . 2010-04-05 12:53 -------- d-----w- c:\program files\Ledové Drahokamy

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-02 17:26 . 2010-05-02 17:39 153834 ----a-w- c:\windows\PCHealth\HelpCtr\Config\Cache\Personal_32_1029.dat
2010-05-02 17:16 . 2010-01-31 13:32 -------- d-----w- c:\program files\smartmontools
2010-04-21 15:13 . 2010-04-21 15:13 -------- d-----w- c:\program files\Free Easy Burner
2010-04-14 16:47 . 2010-01-24 08:47 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-14 16:47 . 2010-01-24 09:12 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-04-14 16:35 . 2010-01-24 09:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-04-14 16:35 . 2010-01-24 09:12 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-04-14 16:31 . 2010-01-24 09:12 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-04-14 16:31 . 2010-01-24 09:12 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-04-14 16:31 . 2010-01-24 09:12 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-04-14 16:31 . 2010-01-31 06:59 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-04-14 16:30 . 2010-01-24 09:12 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-28 07:08 . 2003-04-16 12:00 47206 ----a-w- c:\windows\system32\perfc005.dat
2010-03-28 07:08 . 2003-04-16 12:00 312970 ----a-w- c:\windows\system32\perfh005.dat
2010-03-09 11:11 . 2003-04-16 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-05 16:02 . 2010-01-24 09:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-05 15:04 . 2010-03-05 15:04 -------- d-----w- c:\program files\Common Files\PCCamera
2010-03-05 15:04 . 2010-03-05 15:04 -------- d-----w- c:\program files\VideoCAM GE111
2010-02-26 05:43 . 2006-06-23 12:27 668160 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:43 . 2004-08-17 22:49 81920 ------w- c:\windows\system32\ieencode.dll
2010-02-24 13:11 . 2003-04-16 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 12:09 . 2003-04-16 12:00 2192128 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:09 . 2002-09-20 17:12 2068992 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:35 . 2006-05-19 12:40 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2003-04-16 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-02 08:49 . 2010-02-02 08:49 1727041 ----a-w- c:\program files\miranda-im-v0.8.13-unicode.exe
2010-02-02 08:10 . 2010-02-02 08:10 56 ---ha-w- c:\windows\system32\ezsidmv.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-10-22 86016]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2004-12-20 33792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"DrvIcon"="c:\program files\Vista Drive Icon\DrvIcon.exe" [2008-04-13 49152]
"Cobian Backup 9 interface"="c:\program files\Cobian Backup 9\cbInterface.exe" [2009-01-22 2749952]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Leionek\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\Miriamka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
srvaju32.exe [2008-4-14 30208]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\The Tale of Despereaux\\TalesLauncher.exe"=
"c:\\Program Files\\The Tale of Despereaux\\TalesD.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-25 682232]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 CobianBackupAmanita;Cobian Backup 9 služba;c:\program files\Cobian Backup 9\cbService.exe [2009-01-22 583168]

.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
FF - ProfilePath - c:\documents and settings\restore\Data aplikací\Mozilla\Firefox\Profiles\sx2h0ur5.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-ashMaiSv - c:\progra~1\ALWILS~1\Avast4\ashmaisv.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-02 21:16
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2010-05-02 21:17:31
ComboFix-quarantined-files.txt 2010-05-02 19:17

Před spuštěním: Volných bajtů: 85 345 390 592
Po spuštění: Volných bajtů: 88 599 928 832

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - B0A90294DB0C45AD215DBD7979D9BCE9

Re: Prosim o kontrolu logu a popis odstraneni problemu

Napsal: 03 kvě 2010 17:47
od stell
Zdravim
Pri tejto akcii je nutné mať ComboFix na ploche.

Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.

Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex:

Kód: Vybrat vše

KILLALL::
File::
C:\Documents and Settings\Miriamka\Nabídka Start\Programy\Po spuštění\srvaju32.exe
FixCSet::
Potom klik na Subor -> Uložiť ako.. .. -> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :
Obrázek

Po skonceni skenu vlož log čo ComboFix vytvorí

Re: Prosim o kontrolu logu a popis odstraneni problemu

Napsal: 03 kvě 2010 18:30
od server123
dik, tu to je:
ComboFix 10-05-02.03 - restore 03.05.2010 19:11:34.2.1 - x86
Spuštěný z: c:\documents and settings\restore\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\restore\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Vytvořen nový Bod Obnovení

FILE ::
"c:\documents and settings\Miriamka\Nabídka Start\Programy\Po spuštění\srvaju32.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Miriamka\Nabídka Start\Programy\Po spuštění\srvaju32.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-03 do 2010-05-03 )))))))))))))))))))))))))))))))
.

2010-05-02 20:24 . 2010-05-02 20:26 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-02 19:21 . 2010-05-02 19:21 -------- d-----w- c:\program files\CCleaner
2010-05-02 19:08 . 2010-05-02 19:08 390144 ----a-w- c:\windows\system32\CF28651.exe
2010-05-02 17:27 . 2010-05-02 17:56 -------- d-----w- c:\windows\SxsCaPendDel
2010-05-01 18:43 . 2008-04-13 17:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-05-01 18:43 . 2008-04-13 17:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-05-01 18:43 . 2008-04-13 17:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-05-01 18:43 . 2008-04-13 17:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-05-01 18:43 . 2008-04-13 17:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-05-01 18:43 . 2008-04-13 17:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-04-22 19:10 . 2010-04-22 19:10 -------- d-----w- c:\program files\MSXML 4.0
2010-04-21 16:03 . 2010-04-21 16:16 -------- d-----w- c:\program files\The Tale of Despereaux
2010-04-13 05:08 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-05 12:53 . 2010-04-05 12:53 -------- d-----w- c:\program files\Ledové Drahokamy

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-02 17:26 . 2010-05-02 17:39 153834 ----a-w- c:\windows\PCHealth\HelpCtr\Config\Cache\Personal_32_1029.dat
2010-05-02 17:16 . 2010-01-31 13:32 -------- d-----w- c:\program files\smartmontools
2010-04-21 15:13 . 2010-04-21 15:13 -------- d-----w- c:\program files\Free Easy Burner
2010-04-14 16:47 . 2010-01-24 08:47 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-14 16:47 . 2010-01-24 09:12 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-04-14 16:35 . 2010-01-24 09:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-04-14 16:35 . 2010-01-24 09:12 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-04-14 16:31 . 2010-01-24 09:12 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-04-14 16:31 . 2010-01-24 09:12 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-04-14 16:31 . 2010-01-24 09:12 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-04-14 16:31 . 2010-01-31 06:59 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-04-14 16:30 . 2010-01-24 09:12 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-28 07:08 . 2003-04-16 12:00 47206 ----a-w- c:\windows\system32\perfc005.dat
2010-03-28 07:08 . 2003-04-16 12:00 312970 ----a-w- c:\windows\system32\perfh005.dat
2010-03-09 11:11 . 2003-04-16 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-05 16:02 . 2010-01-24 09:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-05 15:04 . 2010-03-05 15:04 -------- d-----w- c:\program files\Common Files\PCCamera
2010-03-05 15:04 . 2010-03-05 15:04 -------- d-----w- c:\program files\VideoCAM GE111
2010-02-26 05:43 . 2006-06-23 12:27 668160 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:43 . 2004-08-17 22:49 81920 ------w- c:\windows\system32\ieencode.dll
2010-02-24 13:11 . 2003-04-16 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 12:09 . 2003-04-16 12:00 2192128 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:09 . 2002-09-20 17:12 2068992 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:35 . 2006-05-19 12:40 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2003-04-16 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-02 08:49 . 2010-02-02 08:49 1727041 ----a-w- c:\program files\miranda-im-v0.8.13-unicode.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-05-02_19.16.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2003-04-16 12:00 . 2008-04-14 03:22 20480 c:\windows\system32\dllcache\wmpui.dll
- 2010-01-25 07:09 . 2008-04-14 03:22 20480 c:\windows\system32\dllcache\wmpui.dll
- 2010-01-25 07:09 . 2008-04-14 03:22 20480 c:\windows\system32\dllcache\wmpcore.dll
+ 2003-04-16 12:00 . 2008-04-14 03:22 20480 c:\windows\system32\dllcache\wmpcore.dll
+ 2003-04-16 12:00 . 2008-04-14 03:22 20480 c:\windows\system32\dllcache\wmpcd.dll
- 2010-01-25 07:09 . 2008-04-14 03:22 20480 c:\windows\system32\dllcache\wmpcd.dll
+ 2010-01-23 20:09 . 2008-04-14 03:22 75264 c:\windows\system32\dllcache\usbui.dll
+ 2004-08-17 22:49 . 2009-10-21 05:40 75776 c:\windows\system32\dllcache\strmfilt.dll
- 2009-10-21 05:40 . 2009-10-21 05:40 75776 c:\windows\system32\dllcache\strmfilt.dll
+ 2010-01-23 20:08 . 2004-08-17 22:43 69008 c:\windows\system32\dllcache\mmsystem.dll
+ 2003-04-16 12:00 . 2008-04-14 03:21 48128 c:\windows\system32\dllcache\iernonce.dll
+ 2004-08-17 22:49 . 2009-10-21 05:40 25088 c:\windows\system32\dllcache\httpapi.dll
- 2009-10-21 05:40 . 2009-10-21 05:40 25088 c:\windows\system32\dllcache\httpapi.dll
+ 2003-04-16 12:00 . 2008-04-14 03:21 32768 c:\windows\system32\dllcache\dispex.dll
+ 2004-08-17 22:49 . 2008-04-14 03:21 13312 c:\windows\system32\dllcache\cmsetacl.dll
+ 2010-01-24 08:59 . 2004-08-02 13:20 4569 c:\windows\system32\dllcache\secupd.dat
+ 2003-04-16 12:00 . 2004-07-17 18:38 175224 c:\windows\system32\dllcache\xenroll.dll
- 2010-01-25 07:09 . 2008-04-14 03:22 115200 c:\windows\system32\dllcache\wmsdmoe.dll
+ 2003-04-16 12:00 . 2008-04-14 03:22 115200 c:\windows\system32\dllcache\wmsdmoe.dll
- 2010-01-25 07:09 . 2008-04-14 03:22 114688 c:\windows\system32\dllcache\wmpasf.dll
+ 2004-08-17 22:49 . 2008-04-14 03:22 114688 c:\windows\system32\dllcache\wmpasf.dll
+ 2010-01-23 20:08 . 2008-04-14 03:22 146944 c:\windows\system32\dllcache\winspool.drv
+ 2010-01-23 22:41 . 2008-04-14 03:22 197120 c:\windows\system32\dllcache\wbemupgd.dll
+ 2010-01-23 22:42 . 2008-04-14 03:22 851968 c:\windows\system32\dllcache\vgx.dll
+ 2003-04-16 12:00 . 2009-08-26 08:02 247326 c:\windows\system32\dllcache\strmdll.dll
- 2009-08-26 08:16 . 2009-08-26 08:02 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2005-05-17 00:43 . 2008-04-13 18:39 717312 c:\windows\system32\dllcache\spru0405.dll
+ 2006-05-14 09:27 . 2008-04-14 03:21 105472 c:\windows\system32\dllcache\polstore.dll
- 2009-08-05 09:01 . 2009-08-05 09:01 205312 c:\windows\system32\dllcache\mswebdvd.dll
+ 2003-04-16 12:00 . 2009-08-05 09:01 205312 c:\windows\system32\dllcache\mswebdvd.dll
+ 2010-01-23 22:42 . 2008-04-14 03:21 565760 c:\windows\system32\dllcache\msobmain.dll
- 2010-01-25 07:08 . 2008-04-14 03:21 368640 c:\windows\system32\dllcache\mpvis.dll
+ 2004-08-17 22:49 . 2008-04-14 03:21 368640 c:\windows\system32\dllcache\mpvis.dll
+ 2003-04-16 12:00 . 2003-04-16 12:00 673088 c:\windows\system32\dllcache\mlang.dat
+ 2004-08-17 22:49 . 2008-04-14 03:22 786432 c:\windows\system32\dllcache\migrate.exe
- 2010-01-25 07:08 . 2008-04-14 03:22 786432 c:\windows\system32\dllcache\migrate.exe
+ 2003-04-16 12:00 . 2008-04-14 03:21 125952 c:\windows\system32\dllcache\exts.dll
+ 2003-04-16 12:00 . 2008-04-14 03:21 499254 c:\windows\system32\dllcache\dxmasf.dll
- 2010-01-25 07:08 . 2008-04-14 03:21 499254 c:\windows\system32\dllcache\dxmasf.dll
+ 2003-04-16 12:00 . 2008-04-14 03:21 229376 c:\windows\system32\dllcache\compstui.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-10-22 86016]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2004-12-20 33792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"DrvIcon"="c:\program files\Vista Drive Icon\DrvIcon.exe" [2008-04-13 49152]
"Cobian Backup 9 interface"="c:\program files\Cobian Backup 9\cbInterface.exe" [2009-01-22 2749952]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Leionek\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\The Tale of Despereaux\\TalesLauncher.exe"=
"c:\\Program Files\\The Tale of Despereaux\\TalesD.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-25 682232]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 CobianBackupAmanita;Cobian Backup 9 služba;c:\program files\Cobian Backup 9\cbService.exe [2009-01-22 583168]

.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
FF - ProfilePath - c:\documents and settings\restore\Data aplikací\Mozilla\Firefox\Profiles\sx2h0ur5.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-03 19:17
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvatabus.sys sptd.sys >>UNKNOWN [0x867888A8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7620f28
\Driver\ACPI -> ACPI.sys @ 0xf73b3cb8
\Driver\atapi -> atapi.sys @ 0xf736eb40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
ParseProcedure -> ntkrnlpa.exe @ 0x80577c76
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
ParseProcedure -> ntkrnlpa.exe @ 0x80577c76
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf7263bb0
PacketIndicateHandler -> NDIS.sys @ 0xf7270a21
SendHandler -> NDIS.sys @ 0xf724e87b
user & kernel MBR OK

**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\System32\nvsvc32.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\SOUNDMAN.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-05-03 19:19:59 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-05-03 17:19
ComboFix2.txt 2010-05-02 19:17

Před spuštěním: Volných bajtů: 89 211 502 592
Po spuštění: Volných bajtů: 89 187 377 152

- - End Of File - - 43FC046753E131F2E79E5AFCA75BFB6E

Re: Prosim o kontrolu logu a popis odstraneni problemu

Napsal: 03 kvě 2010 18:39
od stell
Odinstaluj progrm C:\Program Files\DAEMON Tools Lite i pokud mas jine emulatory mechanik, alcohol aspol.

:arrow: Stahni dle ze stranek SPTD http://www.duplexsecure.com/en/downloads verzi dle sveho operacniho systemu. SPTD for Windows (32 bit) nebo (64b) na plochu
- spust
- zvol moznost Uninstall
- restart PC

stiahni>> MBR - http://www2.gmer.net/mbr/mbr.exe ulož ho na plochu
do start-spustit-vloz prikaz
cmd /c mbr.exe -t >log.txt&start log.txt
log.txt vloz sem.

Re: Prosim o kontrolu logu a popis odstraneni problemu

Napsal: 03 kvě 2010 19:05
od server123
uff, musel jsem asi 6x restartovat pc, vubec s tim neslo delat, porad to tuhne
v procesech uz neni 100 vytizeni, zato jetam treba zas nejaky proces TeaTimer.exe - 119 MB :shock:

zde ten log:
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvatabus.sys
kernel: MBR read successfully
user & kernel MBR OK

Re: Prosim o kontrolu logu a popis odstraneni problemu

Napsal: 03 kvě 2010 19:10
od stell
no vyzera to ze mas tam este Rootkita-
ano spybot treba odinstalovat,cez pridat /odobrat programy.
a pokracujes takto:
:arrow: 1:Stiahnite si a uložte HelpAsst_mebroot_fix


2:Zatvorte všetky spustené programy a okná.
dvoj-kliknite na súbor spustite a postupujte podľa
pokynov na obrazovke
Ak nastroj zistí MBR infekcie, prosím,nechajte

bezat- povolte MBR -f
Po reštartovaní,prosím počkajte asi 5 minút,


Kliknite na Štart> Spustiť a zadajte nasledujúci

príkaz
helpasst -mbrt [Enter]
Pri skonceni,otvori sa log.
Prosím postnite obsah tu.
dolezite,, prikazy stale skopiruj do okna .. nepis.

Re: Prosim o kontrolu logu a popis odstraneni problemu

Napsal: 03 kvě 2010 19:22
od server123
jakykoliv pokus o spusteni Ovladaciho panelu = zatuhnuti PC = nutnost restartu :(
nejde ten spybot odinstalovat nejak jinak?

Re: Prosim o kontrolu logu a popis odstraneni problemu

Napsal: 03 kvě 2010 19:25
od stell
no skus to v nudzovom rezime ,ak nepojde tak to zabijeme.

Re: Prosim o kontrolu logu a popis odstraneni problemu

Napsal: 03 kvě 2010 19:30
od server123
slo to,spybot je pryc.
Pustil jsem HelpAsst_mebroot_fix ale pak to jen chtelo 2x zmackout libovolnou klavesu a pak okno zmizelo a nic se nedeje, krom toho ze je zase vytuhnuta lista se Startem

Re: Prosim o kontrolu logu a popis odstraneni problemu

Napsal: 03 kvě 2010 19:33
od stell
pockaj,chvilku,ak nic sa nebude diat,pokracuj takto
príkaz-skopiruj do okna start-spustit.
helpasst -mbrt [Enter]
Pri skonceni,otvori sa log.
Prosím postnite obsah tu.
dolezite,, prikazy stale skopiruj do okna .. nepis.

Re: Prosim o kontrolu logu a popis odstraneni problemu

Napsal: 03 kvě 2010 19:36
od server123
trvalo to, ale rozjelo se to:

Kód: Vybrat vše

C:\Documents and Settings\restore\Plocha\HelpAsst_mebroot_fix.exe
po 03.05.2010 at 20:28:38,48

[b][color=red]Could not determine language ~ no action taken on account ~ please consult noahdfear[/color][/b]

00000405
U§ivatelsk‚ jm‚no                   HelpAssistant
Jm‚no a pýˇjmenˇ                    éźet pomoci vzd len‚ plochy
Koment ý                            éźet pro poskytov nˇ vzd len‚ pomoci.
Koment ý u§ivatele                  
SmŘrov‚ źˇslo zemŘ                  000 (Věchozˇ syst‚mov‚ nastavenˇ)
éźet je aktivnˇ                     Ne
éźet vyprçel                        Nikdy

Heslo bylo naposledy nastaveno      1/24/2010 12:42 AM
Heslo vyprçˇ                        Nikdy
Heslo lze mŘnit                     1/24/2010 12:42 AM
Heslo je vy§adov no                 Ano
U§ivatel smˇ mŘnit heslo            Ne

Pracovnˇ stanice byla povolena      Vçe
Pýihlaçovacˇ skript                 
Profil u§ivatele                    
Domovskě adres ý                    
Naposledy pýihl çen                 Nikdy

Povolen‚ pýihlaçovacˇ hodiny        Vçe

¬lenstvˇ v mˇstnˇch skupin ch       
¬lenstvˇ v glob lnˇch skupin ch     *None                 
Pýˇkaz byl ŁspŘçnŘ dokonźen.


 ~~ Checking for termsrv32.dll ~~

termsrv32.dll not found

 ~~ Checking firewall ports ~~

HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\globallyopenports\list

HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list

 ~~ Checking profile list ~~

No HelpAssistant profile in registry

 ~~ Checking mbr ~~

user & kernel MBR OK

 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Status check on po 03.05.2010 at 20:36:06,29

éźet je aktivnˇ                     Ne

 ~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvatabus.sys 
kernel: MBR read successfully
user & kernel MBR OK 

 ~~ Checking for termsrv32.dll ~~

termsrv32.dll not found


HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
   ServiceDll	REG_EXPAND_SZ  	%SystemRoot%\System32\termsrv.dll

 ~~ Checking profile list ~~

No HelpAssistant profile in registry

 ~~ Checking for HelpAssistant directories ~~

none found

 ~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]


 ~~ EOF ~~

Re: Prosim o kontrolu logu a popis odstraneni problemu

Napsal: 03 kvě 2010 19:42
od stell
Stahni OTListIt2>> OTL
Označ položku Pro všechny uživatele.
Označ položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do okna vlastbni skenovano/opravy-vloz zeleny text
Klikn na tlačítko Prohledat
Po dokončení, sem vlož logy OTL.Txt

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
CREATERESTOREPOINT

Re: Prosim o kontrolu logu a popis odstraneni problemu

Napsal: 03 kvě 2010 19:50
od server123
OTL logfile created on: 3.5.2010 20:44:41 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\restore\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1 023,00 Mb Total Physical Memory | 646,00 Mb Available Physical Memory | 63,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111,78 Gb Total Space | 83,05 Gb Free Space | 74,30% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive T: | 596,17 Gb Total Space | 262,08 Gb Free Space | 43,96% Space Free | Partition Type: NTFS
Drive Z: | 232,88 Gb Total Space | 23,46 Gb Free Space | 10,07% Space Free | Partition Type: NTFS

Computer Name: MAXIM
Current User Name: restore
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.05.03 20:42:34 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\restore\Plocha\OTL.exe
PRC - [2010.04.14 18:47:08 | 002,790,472 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010.04.14 18:47:05 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010.04.04 19:26:54 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009.01.22 12:38:38 | 000,583,168 | ---- | M] (Luis Cobian) -- C:\Program Files\Cobian Backup 9\cbService.exe
PRC - [2009.01.22 12:38:32 | 002,749,952 | ---- | M] (Luis Cobian) -- C:\Program Files\Cobian Backup 9\cbInterface.exe
PRC - [2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.04.13 20:39:20 | 000,049,152 | ---- | M] (artArmin) -- C:\Program Files\Vista Drive Icon\DrvIcon.exe
PRC - [2006.11.17 06:42:52 | 000,577,536 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2004.12.20 20:41:22 | 000,033,792 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe


========== Modules (SafeList) ==========

MOD - [2010.05.03 20:42:34 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\restore\Plocha\OTL.exe
MOD - [2008.04.14 05:19:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010.04.14 18:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010.04.14 18:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010.04.14 18:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009.01.22 12:38:38 | 000,583,168 | ---- | M] (Luis Cobian) [Auto | Running] -- C:\Program Files\Cobian Backup 9\cbService.exe -- (CobianBackupAmanita)


========== Driver Services (SafeList) ==========

DRV - [2010.04.14 18:35:47 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010.04.14 18:35:25 | 000,162,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010.04.14 18:31:39 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010.04.14 18:31:12 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010.04.14 18:31:01 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.04.14 18:30:45 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008.04.13 19:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\changer.sys -- (Changer)
DRV - [2008.04.13 19:40:26 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2007.07.12 12:49:16 | 000,096,384 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007.03.08 15:34:46 | 004,027,840 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2006.10.22 13:22:00 | 003,994,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004.06.03 11:40:46 | 000,079,360 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2004.05.17 15:00:54 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2003.10.29 14:02:00 | 000,021,120 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1060284298-1425521274-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.28 14:40:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.04 19:27:05 | 000,000,000 | ---D | M]

[2010.05.02 21:06:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\restore\Data aplikací\Mozilla\Extensions
[2010.05.02 21:06:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\restore\Data aplikací\Mozilla\Firefox\Profiles\sx2h0ur5.default\extensions
[2010.05.03 20:35:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.01.16 02:50:40 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.01.16 02:50:40 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.01.16 02:50:40 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.01.16 02:50:40 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.01.16 02:50:40 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.05.03 19:16:43 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (http://www.flashget.com)
O3 - HKLM\..\Toolbar: (StylerToolBar) - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll (StyleFantasist)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [Cobian Backup 9 interface] C:\Program Files\Cobian Backup 9\cbInterface.exe (Luis Cobian)
O4 - HKLM..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe (artArmin)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKU\S-1-5-21-1060284298-1425521274-725345543-1006..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe File not found
O4 - Startup: C:\Documents and Settings\Leionek\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1060284298-1425521274-725345543-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1060284298-1425521274-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1060284298-1425521274-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1060284298-1425521274-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.msi.com.tw/autobios/L ... nstall.cab (WebSDev Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (vistaui.exe) - C:\WINDOWS\System32\vistaui.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.01.24 00:44:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010.01.24 00:44:33 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (http://www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (55745656140070912)

========== Files/Folders - Created Within 30 Days ==========

[2010.05.03 20:42:28 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\restore\Plocha\OTL.exe
[2010.05.03 19:44:28 | 000,882,672 | ---- | C] (Duplex Secure Ltd.) -- C:\Documents and Settings\restore\Plocha\SPTDinst-v169-x86.exe
[2010.05.03 19:10:45 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010.05.02 22:24:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
[2010.05.02 22:24:35 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010.05.02 22:20:28 | 000,218,112 | ---- | C] (Soeperman Enterprises Ltd.) -- C:\Documents and Settings\restore\Plocha\HijackThis.exe
[2010.05.02 22:07:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\restore\Recent
[2010.05.02 21:21:07 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.05.02 21:11:47 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.05.02 21:10:46 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.05.02 21:10:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.05.02 21:10:45 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.05.02 21:10:45 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.05.02 21:08:08 | 000,390,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF28651.exe
[2010.05.02 21:08:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.05.02 21:08:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.05.02 21:07:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\restore\Dokumenty\Stažené soubory
[2010.05.02 21:06:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\restore\Data aplikací\Macromedia
[2010.05.02 21:06:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\restore\Data aplikací\Adobe
[2010.05.02 21:06:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\restore\Local Settings\Data aplikací\Mozilla
[2010.05.02 21:06:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\restore\Data aplikací\Mozilla
[2010.05.02 21:01:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\restore\Data aplikací\Identities
[2010.05.02 20:51:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\restore\Dokumenty\Hudba
[2010.05.02 20:51:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\restore\Dokumenty\Obrázky
[2010.05.02 20:51:49 | 000,000,000 | --SD | C] -- C:\Documents and Settings\restore\Data aplikací\Microsoft
[2010.05.02 20:51:49 | 000,000,000 | --SD | C] -- C:\Documents and Settings\restore\Cookies
[2010.05.02 20:51:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\restore\SendTo
[2010.05.02 20:51:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\restore\Data aplikací
[2010.05.02 20:51:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\restore\Oblíbené položky
[2010.05.02 20:51:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\restore\Nabídka Start
[2010.05.02 20:51:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\restore\Dokumenty
[2010.05.02 20:51:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\restore\Šablony
[2010.05.02 20:51:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\restore\Okolní tiskárny
[2010.05.02 20:51:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\restore\Okolní síť
[2010.05.02 20:51:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\restore\Local Settings
[2010.05.02 20:51:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\restore\Plocha
[2010.05.02 20:51:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\restore\Local Settings\Data aplikací\Microsoft Help
[2010.05.02 20:51:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\restore\Local Settings\Data aplikací\Microsoft
[2010.05.02 19:29:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Windows Genuine Advantage
[2010.05.02 19:27:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010.05.02 19:17:15 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010.05.01 20:43:39 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys
[2010.05.01 20:43:39 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2010.05.01 20:43:38 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
[2010.05.01 20:43:37 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\changer.sys
[2010.05.01 20:43:37 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2010.04.22 21:10:14 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010.04.21 18:07:58 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2010.04.21 18:07:57 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
[2010.04.21 18:07:57 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
[2010.04.21 18:07:57 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2010.04.21 18:07:57 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
[2010.04.21 18:07:57 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll
[2010.04.21 18:07:56 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll
[2010.04.21 18:07:56 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll
[2010.04.21 18:07:56 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll
[2010.04.21 18:07:56 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll
[2010.04.21 18:07:56 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll
[2010.04.21 18:07:56 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
[2010.04.21 18:07:55 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll
[2010.04.21 18:07:55 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
[2010.04.21 18:07:55 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll
[2010.04.21 18:07:55 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
[2010.04.21 18:07:55 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll
[2010.04.21 18:07:55 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll
[2010.04.21 18:07:54 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll
[2010.04.21 18:07:54 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll
[2010.04.21 18:07:54 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll
[2010.04.21 18:07:54 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_10.dll
[2010.04.21 18:07:53 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll
[2010.04.21 18:07:53 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2010.04.21 18:07:53 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll
[2010.04.21 18:07:53 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll
[2010.04.21 18:07:53 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll
[2010.04.21 18:07:52 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
[2010.04.21 18:07:52 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_34.dll
[2010.04.21 18:07:52 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll
[2010.04.21 18:07:52 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_8.dll
[2010.04.21 18:07:52 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
[2010.04.21 18:07:52 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_2.dll
[2010.04.21 18:07:51 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_7.dll
[2010.04.21 18:07:50 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_33.dll
[2010.04.21 18:07:49 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_33.dll
[2010.04.21 18:07:48 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll
[2010.04.21 18:07:48 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_6.dll
[2010.04.21 18:07:47 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2010.04.21 18:07:47 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_5.dll
[2010.04.21 18:07:47 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_4.dll
[2010.04.21 18:07:47 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_1.dll
[2010.04.21 18:07:45 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2010.04.21 18:07:45 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll
[2010.04.21 18:07:45 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll
[2010.04.21 18:07:45 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll
[2010.04.21 18:07:44 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll
[2010.04.21 18:07:42 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll
[2010.04.21 18:07:41 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2010.04.21 18:07:40 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2010.04.21 18:07:40 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll
[2010.04.21 18:07:40 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll
[2010.04.21 18:07:39 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2010.04.21 18:07:39 | 000,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll
[2010.04.21 18:07:38 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2010.04.21 18:07:38 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2010.04.21 18:07:37 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2010.04.21 18:07:35 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
[2010.04.21 18:07:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010.04.21 18:03:01 | 000,000,000 | ---D | C] -- C:\Program Files\The Tale of Despereaux
[2010.04.21 17:13:05 | 000,200,704 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\vbalExpBar6.ocx
[2010.04.21 17:13:04 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudFile.dll
[2010.04.21 17:13:04 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioInfos.dll
[2010.04.21 17:13:04 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\WMAFile.dll
[2010.04.21 17:13:04 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6FR.DLL
[2010.04.21 17:13:04 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msinet.OCX
[2010.04.21 17:13:04 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6STKIT.DLL
[2010.04.21 17:13:04 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\SSubTmr6.dll
[2010.04.21 17:13:04 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetfr.DLL
[2010.04.21 17:13:03 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71.dll
[2010.04.21 17:13:03 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\COMDLG32.OCX
[2010.04.21 17:13:03 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCMCFR.DLL
[2010.04.21 17:13:03 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml4r.dll
[2010.04.21 17:13:03 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml4a.dll
[2010.04.21 17:13:03 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CMDLGFR.DLL
[2010.04.21 17:13:03 | 000,000,000 | ---D | C] -- C:\Program Files\Free Easy Burner
[2010.04.13 07:08:51 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010.04.05 14:53:05 | 000,000,000 | ---D | C] -- C:\Program Files\Ledové Drahokamy
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.05.03 20:42:34 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\restore\Plocha\OTL.exe
[2010.05.03 20:28:04 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.05.03 20:28:00 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.05.03 20:27:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.05.03 20:14:34 | 000,490,232 | ---- | M] () -- C:\Documents and Settings\restore\Plocha\HelpAsst_mebroot_fix.exe
[2010.05.03 19:47:12 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\restore\Plocha\mbr.exe
[2010.05.03 19:46:28 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.05.03 19:45:41 | 001,048,576 | -H-- | M] () -- C:\Documents and Settings\restore\NTUSER.DAT
[2010.05.03 19:45:41 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\restore\ntuser.ini
[2010.05.03 19:45:34 | 004,828,594 | -H-- | M] () -- C:\Documents and Settings\restore\Local Settings\Data aplikací\IconCache.db
[2010.05.03 19:44:30 | 000,882,672 | ---- | M] (Duplex Secure Ltd.) -- C:\Documents and Settings\restore\Plocha\SPTDinst-v169-x86.exe
[2010.05.03 19:16:56 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.05.03 19:16:43 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.05.03 19:10:02 | 003,926,394 | R--- | M] () -- C:\Documents and Settings\restore\Plocha\ComboFix.exe
[2010.05.02 21:21:08 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\restore\Plocha\CCleaner.lnk
[2010.05.02 21:11:52 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010.05.02 21:08:04 | 000,390,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF28651.exe
[2010.05.02 20:52:05 | 000,069,232 | ---- | M] () -- C:\Documents and Settings\restore\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
[2010.05.02 19:55:19 | 000,002,553 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010.05.02 19:27:02 | 000,005,436 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010.04.27 20:16:31 | 000,000,155 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2010.04.26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010.04.21 18:07:27 | 000,000,843 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\The Tale of Despereaux.lnk
[2010.04.21 17:13:02 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010.04.17 23:03:06 | 000,051,200 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenty\otazky - rozhovor Pixel.doc
[2010.04.17 20:44:44 | 000,002,433 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[2010.04.14 18:47:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010.04.14 18:47:03 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010.04.14 18:35:47 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010.04.14 18:35:25 | 000,162,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010.04.14 18:31:39 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010.04.14 18:31:12 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010.04.14 18:31:09 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010.04.14 18:31:01 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010.04.14 18:30:45 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.05.03 20:14:29 | 000,490,232 | ---- | C] () -- C:\Documents and Settings\restore\Plocha\HelpAsst_mebroot_fix.exe
[2010.05.03 20:04:15 | 000,000,278 | ---- | C] () -- C:\Documents and Settings\restore\mbr.log
[2010.05.03 20:04:15 | 000,000,278 | ---- | C] () -- C:\Documents and Settings\restore\log.txt
[2010.05.03 19:47:12 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\restore\Plocha\mbr.exe
[2010.05.02 21:21:08 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\restore\Plocha\CCleaner.lnk
[2010.05.02 21:11:52 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010.05.02 21:11:48 | 000,261,312 | ---- | C] () -- C:\cmldr
[2010.05.02 21:10:46 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.05.02 21:10:46 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.05.02 21:10:45 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.05.02 21:10:45 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.05.02 21:10:45 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.05.02 21:07:29 | 003,926,394 | R--- | C] () -- C:\Documents and Settings\restore\Plocha\ComboFix.exe
[2010.05.02 20:51:49 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\restore\ntuser.ini
[2010.05.02 20:51:48 | 001,048,576 | -H-- | C] () -- C:\Documents and Settings\restore\NTUSER.DAT
[2010.05.02 20:51:48 | 000,028,672 | -H-- | C] () -- C:\Documents and Settings\restore\NTUSER.DAT.LOG
[2010.05.01 20:43:20 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\NetworkService\Data aplikací\wzmjhy.dat
[2010.04.21 18:07:27 | 000,000,843 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\The Tale of Despereaux.lnk
[2010.04.21 17:13:05 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2010.04.21 17:13:04 | 000,116,296 | ---- | C] () -- C:\WINDOWS\System32\NCTWMAProfiles.prx
[2010.04.21 17:13:03 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010.04.17 20:34:38 | 000,051,200 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenty\otazky - rozhovor Pixel.doc
[2010.01.24 22:56:15 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI
[2010.01.24 19:49:51 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010.01.24 19:49:49 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2010.01.24 19:49:49 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010.01.24 19:49:49 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010.01.24 19:49:48 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010.01.24 19:49:48 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010.01.24 19:49:17 | 000,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2010.01.24 11:11:33 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2010.01.24 11:03:42 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2010.01.24 11:03:31 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2010.01.24 11:01:31 | 000,002,017 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2010.01.24 11:00:58 | 000,005,436 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2010.01.24 10:49:21 | 000,000,494 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.02.01 09:18:14 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashSys.sys
[2006.11.02 10:27:46 | 000,000,518 | ---- | C] () -- C:\WINDOWS\System32\SP207.ini
[2006.10.22 13:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006.10.22 13:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006.10.22 13:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006.10.22 13:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006.10.22 13:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006.10.22 13:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006.10.22 13:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006.02.09 15:47:16 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\VSHP1020.DLL
[2005.04.08 11:46:18 | 000,162,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\PFC027.sys
[2005.01.25 16:15:42 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\PA207USD.DLL

========== LOP Check ==========

[2010.01.24 11:12:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2010.05.02 20:08:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2010.01.24 23:22:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miriamka\Data aplikací\BITS
[2010.01.24 22:54:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miriamka\Data aplikací\FlashGet
[2010.01.24 22:54:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miriamka\Data aplikací\FlashGetBHO
[2010.02.02 10:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miriamka\Data aplikací\Miranda
[2010.01.24 20:01:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miriamka\Data aplikací\XnView

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"SpybotSD TeaTimer" = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe -- File not found
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 05:22:17 | 000,015,360 | ---- | M] (Microsoft Corporation)

< c:\windows\*.* /U >
[4 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010.05.02 21:06:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\restore\Data aplikací\Adobe
[2010.05.02 21:01:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\restore\Data aplikací\Identities
[2010.05.02 21:06:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\restore\Data aplikací\Macromedia
[2010.05.03 18:29:10 | 000,000,000 | --SD | M] -- C:\Documents and Settings\restore\Data aplikací\Microsoft
[2010.05.02 21:06:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\restore\Data aplikací\Mozilla

< %APPDATA%\*.exe /s >


< MD5 for: AGP440.SYS >
[2010.01.24 11:16:44 | 022,286,602 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010.01.30 13:34:52 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010.01.24 11:16:44 | 022,286,602 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2010.01.30 13:34:52 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.04 08:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2003.04.16 14:00:00 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2010.01.24 11:16:44 | 022,286,602 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010.01.30 13:34:52 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010.01.24 11:16:44 | 022,286,602 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2010.01.30 13:34:52 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2003.04.16 14:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
[2003.04.16 14:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 07:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: CRYPTSVC.DLL >
[2004.08.18 00:49:03 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2004.08.18 00:49:06 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004.08.18 00:49:22 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\system32\VITrans\explorer.exe
[2004.08.18 00:49:22 | 001,422,848 | ---- | M] (Microsoft Corporation) MD5=EFF9B7D4E4AE0EE895E0172AC54218D9 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: HAL.DLL >
[2003.04.16 14:00:00 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:hal.dll
[2010.01.24 11:16:44 | 022,286,602 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2010.01.30 13:34:52 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2010.01.24 11:16:44 | 022,286,602 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:hal.dll
[2010.01.30 13:34:52 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2008.04.13 20:31:28 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=6F61D3287A6A15A08A9433222C09D17F -- C:\WINDOWS\system32\HAL.DLL
[2004.08.04 07:59:09 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll

< MD5 for: CHANGER.SYS >
[2010.01.24 11:16:44 | 022,286,602 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2010.01.30 13:34:52 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2010.01.24 11:16:44 | 022,286,602 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:Changer.sys
[2010.01.30 13:34:52 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys
[2008.04.13 19:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\system32\dllcache\changer.sys
[2008.04.13 19:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\system32\drivers\changer.sys
[2004.08.04 08:00:12 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=DAF1A8193B6CAF0FB858CADCC5C4AF4A -- C:\WINDOWS\$NtServicePackUninstall$\changer.sys

< MD5 for: LSASS.EXE >
[2004.08.18 00:49:23 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ERDNT\cache\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004.08.04 08:14:28 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004.08.18 00:49:13 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2004.06.03 11:40:46 | 000,079,360 | ---- | M] (NVIDIA Corporation) MD5=46DEED4C6C5FA765F9A2C723BE60348D -- C:\Program Files\Setup Files\NVIDIA nForce3 System Driver v5.03\IDE\Win2K\NvAtaBus.sys
[2004.06.03 11:40:46 | 000,079,360 | ---- | M] (NVIDIA Corporation) MD5=46DEED4C6C5FA765F9A2C723BE60348D -- C:\Program Files\Setup Files\NVIDIA nForce3 System Driver v5.03\IDE\WinXP\NvAtaBus.sys
[2004.06.03 11:40:46 | 000,079,360 | ---- | M] (NVIDIA Corporation) MD5=46DEED4C6C5FA765F9A2C723BE60348D -- C:\WINDOWS\system32\drivers\nvatabus.sys

< MD5 for: NVRAID.SYS >
[2004.06.03 11:40:50 | 000,068,224 | ---- | M] (NVIDIA Corporation) MD5=A5C77D944410FADEE380FB20B432760D -- C:\Program Files\Setup Files\NVIDIA nForce3 System Driver v5.03\IDE\Win2K\nvraid.sys
[2004.06.03 11:40:50 | 000,068,224 | ---- | M] (NVIDIA Corporation) MD5=A5C77D944410FADEE380FB20B432760D -- C:\Program Files\Setup Files\NVIDIA nForce3 System Driver v5.03\IDE\WinXP\nvraid.sys

< MD5 for: SCECLI.DLL >
[2004.08.18 00:49:16 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.18 00:49:27 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2004.08.17 15:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2004.08.18 00:49:27 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2006.04.20 13:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2GDR\tcpip.sys
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006.04.20 14:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2004.08.18 00:49:27 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.18 00:49:27 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2004.08.18 00:49:20 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010.01.23 22:06:44 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010.01.23 22:06:44 | 000,606,208 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010.01.23 22:06:44 | 000,405,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

========== Alternate Data Streams ==========

@Alternate Data Stream - 60 bytes -> C:\Documents and Settings\All Users\Dokumenty\otazky - rozhovor Pixel.doc:AFP_AfpInfo
@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:D282699C
< End of report >

Re: Prosim o kontrolu logu a popis odstraneni problemu

Napsal: 03 kvě 2010 19:55
od server123
a druhy:
OTL Extras logfile created on: 3.5.2010 20:44:41 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\restore\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1 023,00 Mb Total Physical Memory | 646,00 Mb Available Physical Memory | 63,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111,78 Gb Total Space | 83,05 Gb Free Space | 74,30% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive T: | 596,17 Gb Total Space | 262,08 Gb Free Space | 43,96% Space Free | Partition Type: NTFS
Drive Z: | 232,88 Gb Total Space | 23,46 Gb Free Space | 10,07% Space Free | Partition Type: NTFS

Computer Name: MAXIM
Current User Name: restore
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1060284298-1425521274-725345543-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotolab Fotosvet 3] -- "C:\Program Files\Fotolab\Fotolab Fotosvet 3\Fotolab Fotosvet 3.exe" "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashGet\flashget.exe" = C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget -- (FlashGet.com)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\The Tale of Despereaux\TalesLauncher.exe" = C:\Program Files\The Tale of Despereaux\TalesLauncher.exe:*:Enabled:TalesLauncher -- ()
"C:\Program Files\The Tale of Despereaux\TalesD.exe" = C:\Program Files\The Tale of Despereaux\TalesD.exe:*:Enabled:Tales -- ()
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Konzola Microsoft Management Console -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{088B7BF8-AC95-4348-B77B-619AEB3A74A5}" = VideoCAM GE111
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{409ECFF1-9CC7-43A8-B28A-B7F0B7CB04D1}_is1" = Classic Menu 1.51 for Office
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{88B8ECED-D1DF-4195-86CF-A48B106C8FA4}" = The Tale of Despereaux
"{90120000-0010-0405-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Czech) 12
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_ENTERPRISE_{294B4278-CF7B-40B9-86A1-2D3FF0C2C524}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_ENTERPRISE_{10EC59E5-9BCE-4884-BB1A-E28627220232}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_ENTERPRISE_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{AC76BA86-7AD7-1029-7646-CE0000000001}" = Adobe Reader 6.0 CE
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner
"CobBackup9" = Cobian Backup 9
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FlashGet" = FlashGet 1.9.6.1073
"Fotolab Fotosvet 3" = Fotolab Fotosvet 3
"Free Easy Burner_is1" = Free Easy Burner V 3.0
"HijackThis" = HijackThis 1.99.1
"InstallShield_{088B7BF8-AC95-4348-B77B-619AEB3A74A5}" = VideoCAM GE111
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.3.5 Full
"Ledové Drahokamy" = Ledové Drahokamy
"Miranda IM" = Miranda IM 0.8.13
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NVIDIA Drivers" = NVIDIA Drivers
"Totalcmd" = Total Commander (Remove or Repair)
"Vista Transformation Pack" = Vista Transformation Pack 8.0
"Winamp" = Winamp (remove only)
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = Archivátor WinRAR
"XnView_is1" = XnView 1.82.4

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2.5.2010 14:06:48 | Computer Name = MAXIM | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace firefox.exe, verze 1.9.2.3743, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 2.5.2010 14:06:52 | Computer Name = MAXIM | Source = Application Hang | ID = 1001
Description = Chybný blok 1788811432

Error - 2.5.2010 14:26:30 | Computer Name = MAXIM | Source = EventSystem | ID = 4609
Description = Systém událostí modelu COM+ zjistil při vnitřním zpracovávání chybný
návratový kód. Hodnota HRESULT byla 800706BF z řádku 44 v d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.Obraťte
se na služby odborné pomoci společnosti Microsoft a informujte je o této chyb

Error - 2.5.2010 14:26:30 | Computer Name = MAXIM | Source = VSS | ID = 8193
Description = Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance
došlo k neočekávané chybě. hr= 0x80040206.

Error - 2.5.2010 14:28:03 | Computer Name = MAXIM | Source = EventSystem | ID = 4609
Description = Systém událostí modelu COM+ zjistil při vnitřním zpracovávání chybný
návratový kód. Hodnota HRESULT byla 800706BA z řádku 44 v d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.Obraťte
se na služby odborné pomoci společnosti Microsoft a informujte je o této chyb

Error - 2.5.2010 14:28:03 | Computer Name = MAXIM | Source = VSS | ID = 8193
Description = Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance
došlo k neočekávané chybě. hr= 0x80040206.

Error - 2.5.2010 16:23:27 | Computer Name = MAXIM | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Daná operace se vrátila, protože vypršel časový limit.

Error - 3.5.2010 11:43:42 | Computer Name = MAXIM | Source = SecurityCenter | ID = 1802
Description = Službě Centrum zabezpečení systému Windows se nepodařilo vytvořit
dotazy na události na službu WMI v zájmu sledování antivirového programu a brány
firewall třetí strany.

Error - 3.5.2010 11:50:23 | Computer Name = MAXIM | Source = Microsoft Office 12 | ID = 5000
Description = EventType officelifeboathang, P1 outlook.exe, P2 12.0.6514.5000, P3
ntdll.dll, P4 5.1.2600.5755, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

Error - 3.5.2010 12:02:07 | Computer Name = MAXIM | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace firefox.exe, verze 1.9.2.3743, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

[ OSession Events ]
Error - 13.3.2010 7:50:29 | Computer Name = MAXIM | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 30
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2.5.2010 14:49:42 | Computer Name = MAXIM | Source = Service Control Manager | ID = 7001
Description = Služba Klient DHCP závisí na službě Rozhraní NetBios nad protokolem
TCP/IP, která neuspěla při spuštění v důsledku následující chyby: %%31

Error - 2.5.2010 14:49:42 | Computer Name = MAXIM | Source = Service Control Manager | ID = 7001
Description = Služba Klient DNS závisí na službě Ovladač protokolu TCP/IP, která
neuspěla při spuštění v důsledku následující chyby: %%31

Error - 2.5.2010 14:49:42 | Computer Name = MAXIM | Source = Service Control Manager | ID = 7001
Description = Služba Podpora rozhraní NetBIOS nad protokolem TCP/IP závisí na službě
Prostředí pro podporu sítě AFD, která neuspěla při spuštění v důsledku následující
chyby: %%31

Error - 2.5.2010 14:49:42 | Computer Name = MAXIM | Source = Service Control Manager | ID = 7001
Description = Služba Služby IPSEC závisí na službě Ovladač IPSEC, která neuspěla
při spuštění v důsledku následující chyby: %%31

Error - 2.5.2010 14:49:42 | Computer Name = MAXIM | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: Aavmker4 AFD aswSP aswTdi Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss
Tcpip

Error - 2.5.2010 14:51:04 | Computer Name = MAXIM | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby EventSystem
s argumenty za účelem spuštění serveru: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 3.5.2010 13:11:31 | Computer Name = MAXIM | Source = Service Control Manager | ID = 7034
Description = Služba NVIDIA Display Driver Service byla neočekávaně ukončena. Tento
stav nastal již 1krát.

Error - 3.5.2010 13:11:31 | Computer Name = MAXIM | Source = Service Control Manager | ID = 7034
Description = Služba Zařazování tisku byla neočekávaně ukončena. Tento stav nastal
již 1krát.

Error - 3.5.2010 13:11:31 | Computer Name = MAXIM | Source = Service Control Manager | ID = 7034
Description = Služba Služba brány aplikačního rozhraní byla neočekávaně ukončena.
Tento stav nastal již 1krát.

Error - 3.5.2010 13:11:31 | Computer Name = MAXIM | Source = Service Control Manager | ID = 7034
Description = Služba Cobian Backup 9 služba byla neočekávaně ukončena. Tento stav
nastal již 1krát.


< End of report >
a ted uz o mem pc musis vedet uplne vsecko :)

Re: Prosim o kontrolu logu a popis odstraneni problemu

Napsal: 03 kvě 2010 20:09
od stell
:arrow: klik start-spustit-napis cmd [enter]
do prikazoveho riadku skopiruj tento prikaz
extrac32 /L %systemdrive%\ "C:\WINDOWS\Driver Cache\i386\sp3.cab" atapi.sys

:arrow: stiahni na plochu AVANGER
Stiahnes>>AVANGER
podla navodu vloz zeleny text,log po restarte vloz sem
:arrow:

Kód: Vybrat vše

Files to move:
C:\atapi.sys | C:\WINDOWS\system32\drivers\atapi.sys
:arrow: spust OTL
do okna vlastniskenovani/opravy vloz zeleny text a klik-RunFix
log po restarte vloz sem

Kód: Vybrat vše

:OTL
O4 - HKU\S-1-5-21-1060284298-1425521274-725345543-1006..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe File not found
[2010.05.02 22:24:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
[2010.05.02 22:24:35 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
@Alternate Data Stream - 60 bytes -> C:\Documents and Settings\All Users\Dokumenty\otazky - rozhovor Pixel.doc:AFP_AfpInfo
@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:D282699C
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp ->  ]
:commands
[emptytemp]
[emptyflash]
[resethosts]
[start explorer]
[Reboot]
Všechny časy jsou v UTC+01:00
Stránka 1 z 3

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz