VIRY.CZ

Zdravím!
Po včerajšom scane Gmer sa mi náhle drasticky spomalil disk. Veľmi pomalý a dlhý štart systému, pomalá práca s väčšími súbormi napr. konvertovanie hudby. V prílohe je ukážka z HD Tune programu, na pravej strane sú hodnoty, ktoré na disku dosahujem bežne v minulosti. Veľký rozdiel v Transfer a Burst Rate a tiež CPU.

Gmer log

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-11-01 17:05:17
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdePort0 Maxtor_6L200M0 rev.BANC1G10 189,92GB
Running: tool.exe.exe; Driver: C:\DOCUME~1\admin\LOCALS~1\Temp\pxtdapob.sys


---- System - GMER 2.1 ----

SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0xB2322690]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0xB23227B0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0xB2322010]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenThread [0xB2322490]
SSDT \??\C:\WINDOWS\system32\drivers\avgtpx86.sys ZwQueryValueKey [0xB3C741D6]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0xB23222D0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0xB23223B0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0xB2322110]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0xB23221F0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0xB2322590]

---- Kernel code sections - GMER 2.1 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6B523C0, 0x84E2FA, 0xE8000020]

---- Devices - GMER 2.1 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 48088
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EEDE4249-FAD0-4AB7-9874-4D7F1F0B8D92}@LeaseObtainedTime 1383315952
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EEDE4249-FAD0-4AB7-9874-4D7F1F0B8D92}@T1 1383317752
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EEDE4249-FAD0-4AB7-9874-4D7F1F0B8D92}@T2 1383319102
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EEDE4249-FAD0-4AB7-9874-4D7F1F0B8D92}@LeaseTerminatesTime 1383319552
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EEDE4249-FAD0-4AB7-9874-4D7F1F0B8D92}@DhcpRetryTime 1798
Reg HKLM\SYSTEM\CurrentControlSet\Services\{EEDE4249-FAD0-4AB7-9874-4D7F1F0B8D92}\Parameters\Tcpip@LeaseObtainedTime 1383315952
Reg HKLM\SYSTEM\CurrentControlSet\Services\{EEDE4249-FAD0-4AB7-9874-4D7F1F0B8D92}\Parameters\Tcpip@T1 1383317752
Reg HKLM\SYSTEM\CurrentControlSet\Services\{EEDE4249-FAD0-4AB7-9874-4D7F1F0B8D92}\Parameters\Tcpip@T2 1383319102
Reg HKLM\SYSTEM\CurrentControlSet\Services\{EEDE4249-FAD0-4AB7-9874-4D7F1F0B8D92}\Parameters\Tcpip@LeaseTerminatesTime 1383319552

---- EOF - GMER 2.1 ----

Zdravím!
Jak se vám mohl zpomalit disk po skenu GMER, nechápu. GMER je detekční utilita rootkitů. Zkuste tento postup: http://forum.viry.cz/viewtopic.php?f=24&t=132509 .

Ani ja tomu nerozumiem.
Len riešim problém cez podporu AVG, lebo sa mi po pár týždňoch vracajú do priečinka dočasných súborov infekcie, tak mi poradili gmer, a po ňom je disk úplne mimo.
Nebude problém aplikovať váš popstup pokiaľ to je rozrobené aj s ich podporou? Aby sa to prípadne nemiešalo.

Nemělo by. FRST je skener, ktrý detekuje AdWary a zbytečnosti a lze je jím též smazat. Osobně si myslím, že příčina problému není v GMERu, ale někde jinde.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013
Ran by admin (administrator) on PCPC on 02-11-2013 16:07:15
Running from C:\Documents and Settings\admin\Desktop
Systém Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(HP) C:\WINDOWS\system32\HPZipm12.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
() C:\Program Files\AVG Secure Search\vprot.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(forum.viry.cz) C:\Documents and Settings\admin\Desktop\FRSTLauncher.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [20053608 2011-05-12] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [vProt] - C:\Program Files\AVG Secure Search\vprot.exe [2404376 2013-10-02] ()
HKLM\...\Run: [nwiz] - nwiz.exe /install
HKLM\...\Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.avg.com/ww.special-uninstall ... 2decf7d34c
HKU\Default User\...\RunOnce: [_nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://shmu.sk/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = http://search.icq.com/search/results.ph ... &ch_id=osd
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKLM - (No Name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No File
SearchScopes: HKCU - DefaultScope {C460A616-D148-475C-A510-351BAF75FC43} URL = http://www.google.co.uk/search?hl=en&q= ... meta=&rlz=
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = http://search.icq.com/search/results.ph ... &ch_id=osd
SearchScopes: HKCU - {C460A616-D148-475C-A510-351BAF75FC43} URL = http://www.google.co.uk/search?hl=en&q= ... meta=&rlz=
SearchScopes: HKCU - {ECCE6A4D-2D03-4538-BDBD-C7B7FCAD0E4E} URL = http://uk.search.yahoo.com/search?p={se ... meta=vc%3D
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No File
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mv9VCM.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.20

FireFox:
========
FF ProfilePath: C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\d0vrzssq.default
FF Homepage: hxxp://www.shmu.sk/sk/?page=1
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\\npsitesafety.dll (AVG Technologies)
FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nullsoft.com/winampDetector;version=1 - C:\Program Files\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin: @playstation.com/PsndlCheck,version=1.00 - C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @spoon.net/Spoon Plugin 3.33 - C:\Documents and Settings\admin\Local Settings\Application Data\Spoon\3.33.3.13\npMozillaSpoonPlugin.dll (Code Systems Corporation)
FF Plugin HKCU: sony.com/MediaGoDetector - C:\Program Files\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)
FF SearchPlugin: C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\d0vrzssq.default\searchplugins\hadaj-video.xml
FF SearchPlugin: C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\d0vrzssq.default\searchplugins\icqplugin-1.xml
FF SearchPlugin: C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\d0vrzssq.default\searchplugins\icqplugin-10.xml
FF SearchPlugin: C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\d0vrzssq.default\searchplugins\icqplugin-11.xml
FF SearchPlugin: C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\d0vrzssq.default\searchplugins\icqplugin-12.xml
FF SearchPlugin: C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\d0vrzssq.default\searchplugins\icqplugin-13.xml
FF SearchPlugin: C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\d0vrzssq.default\searchplugins\icqplugin-14.xml
FF SearchPlugin: C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\d0vrzssq.default\searchplugins\icqplugin-15.xml
FF SearchPlugin: C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\d0vrzssq.default\searchplugins\icqplugin-16.xml
FF SearchPlugin: C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\d0vrzssq.default\searchplugins\icqplugin-17.xml
FF SearchPlugin: C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\d0vrzssq.default\searchplugins\icqplugin-18.xml
FF SearchPlugin: C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\d0vrzssq.default\searchplugins\icqplugin-19.xml
FF SearchPlugin: C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\d0vrzssq.default\searchplugins\icqplugin-2.xml
FF SearchPlugin: C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\d0vrzssq.default\searchplugins\icqplugin-20.xml
FF SearchPlugin: C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\d0vrzssq.default\searchplugins\icqplugin-21.xml
FF SearchPlugin: C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\d0vrzssq.default\searchplugins\icqplugin-22.xml
FF SearchPlugin: C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\d0vrzssq.default\searchplugins\icqplugin-3.xml
FF SearchPlugin: C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\d0vrzssq.default\searchplugins\icqplugin-4.xml
FF SearchPlugin: C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\d0vrzssq.default\searchplugins\icqplugin-5.xml
FF SearchPlugin: C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\d0vrzssq.default\searchplugins\icqplugin-6.xml
FF SearchPlugin: C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\d0vrzssq.default\searchplugins\icqplugin-7.xml
FF SearchPlugin: C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\d0vrzssq.default\searchplugins\icqplugin-8.xml
FF SearchPlugin: C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\d0vrzssq.default\searchplugins\icqplugin-9.xml
FF SearchPlugin: C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\d0vrzssq.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\d0vrzssq.default\searchplugins\ivsk.xml
FF SearchPlugin: C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\d0vrzssq.default\searchplugins\radiask.xml
FF SearchPlugin: C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\d0vrzssq.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\d0vrzssq.default\searchplugins\sweetim.xml
FF SearchPlugin: C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\d0vrzssq.default\searchplugins\youtube-video-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\atlas-sk.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\azet-sk.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\dunaj-sk.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slovnik-sk.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\zoznam-sk.xml
FF Extension: StatusbarEx - C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\d0vrzssq.default\Extensions\doudehou@gmail.com
FF Extension: Vacuum Places Improved - C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\d0vrzssq.default\Extensions\VacuumPlacesImproved@lultimouomo-gmail.com
FF Extension: Flagfox - C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\d0vrzssq.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\d0vrzssq.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: Blue Fox - C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\d0vrzssq.default\Extensions\{241aae70-0022-11de-87af-0800200c9a66}
FF Extension: cache - C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\d0vrzssq.default\Extensions\cache@status.org.xpi
FF Extension: jid1-F9UJ2thwoAm5gQ - C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\d0vrzssq.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi
FF Extension: personas - C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\d0vrzssq.default\Extensions\personas@christopher.beard.xpi
FF Extension: prefs - C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\d0vrzssq.default\Extensions\{30E08C68-889E-11E0-95EF-DA7E4824019B}.xpi
FF Extension: prefs - C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\d0vrzssq.default\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi
FF Extension: aniweatherdefault - C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\d0vrzssq.default\Extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.xpi
FF Extension: prefs - C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\d0vrzssq.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF Extension: prefs - C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\d0vrzssq.default\Extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi
FF Extension: No Name - C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\d0vrzssq.default\Extensions\{d122ad80-ff45-11dd-87af-0800200c9a66}.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\17.0.1.12
FF Extension: AVG Security Toolbar - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\17.0.1.12
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5

========================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)
S2 gupdate1c935ece674815e; C:\Program Files\Google\Update\GoogleUpdate.exe [136176 2012-02-28] (Google Inc.)
S4 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S4 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S4 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
S4 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
S4 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
S4 UserAccess7; C:\WINDOWS\system32\UAService7.exe [221184 2009-06-30] (Sony DADC Austria AG.)
R2 vToolbarUpdater17.0.12; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [1734680 2013-10-02] (AVG Secure Search)
S4 ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [x]
S4 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"

==================== Drivers (Whitelisted) ====================

S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
S1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [36352 2005-03-09] (Advanced Micro Devices)
S3 ASPI; C:\WINDOWS\System32\DRIVERS\ASPI32.sys [16512 2002-07-17] (Adaptec)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120632 2013-09-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [209208 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [145720 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22840 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [223032 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102200 2013-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-10-02] (AVG Technologies)
S3 CrystalSysInfo; C:\Program Files\AudioCoder\SysInfo.sys [15152 2007-09-25] ()
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51120 2005-03-08] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2005-03-08] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21744 2005-03-08] (HP)
R0 m5288; C:\Windows\System32\DRIVERS\m5288.sys [210304 2005-12-23] (ULi Electronics Inc.)
S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-07-03] (Secunia)
S3 PSSDK42; C:\WINDOWS\system32\Drivers\pssdk42.sys [38976 2013-01-28] (microOLAP Technologies LTD)
S3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Realtek Semiconductor Corporation)
R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
S3 ULI5261XP; C:\Windows\System32\DRIVERS\ULILAN51.SYS [28672 2005-03-22] (ULi Electronics Inc.)
S3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [x]
S0 Lbd; system32\DRIVERS\Lbd.sys [x]
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
U3 TlntSvr;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-02 16:06 - 2013-11-02 16:06 - 00000000 ____D C:\FRST
2013-11-02 16:04 - 2013-11-02 16:04 - 00112128 _____ (forum.viry.cz) C:\Documents and Settings\admin\Desktop\FRSTLauncher.exe
2013-11-02 15:57 - 2013-11-02 15:57 - 01089445 _____ (Farbar) C:\Documents and Settings\admin\Desktop\FRST.exe
2013-11-01 17:14 - 2013-11-01 17:14 - 02033232 _____ ( ) C:\Documents and Settings\admin\Desktop\AVG_Autoruns_cz.exe
2013-11-01 17:05 - 2013-11-01 17:05 - 00004556 _____ C:\Documents and Settings\admin\Desktop\gmer log.log
2013-10-29 17:55 - 2013-10-29 17:56 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-25 07:49 - 2013-10-25 07:49 - 00000000 ____D C:\Documents and Settings\admin\Application Data\Microsoft Corporation
2013-10-23 18:46 - 2013-10-23 18:46 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2013-10-23 18:46 - 2013-10-08 06:50 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-10-23 18:46 - 2013-10-08 06:46 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-10-23 18:46 - 2013-10-08 06:46 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-10-23 18:46 - 2013-10-08 06:46 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-10-23 18:46 - 2013-10-08 06:29 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2013-10-23 18:45 - 2013-10-23 18:46 - 00004113 _____ C:\WINDOWS\system32\jupdate-1.7.0_45-b18.log
2013-10-22 20:19 - 2013-10-22 20:19 - 00000000 ____D C:\Documents and Settings\admin\My Documents\Environmentálna Fyzika
2013-10-19 16:31 - 2013-10-19 16:32 - 00000388 _____ C:\Documents and Settings\admin\My Documents\cc_20131019_173158.reg
2013-10-16 14:40 - 2013-10-16 14:40 - 00000000 ____D C:\Program Files\Auslogics
2013-10-16 14:40 - 2013-10-16 14:40 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
2013-10-14 16:38 - 2013-11-01 18:19 - 00000000 ____D C:\Documents and Settings\admin\My Documents\Metrológia
2013-10-11 11:02 - 2013-10-16 14:40 - 00000822 _____ C:\Documents and Settings\admin\Desktop\Auslogics DiskDefrag.lnk
2013-10-11 11:02 - 2013-10-11 11:02 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Auslogics
2013-10-11 08:51 - 2013-10-11 08:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-10-11 08:51 - 2013-10-11 08:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-10-11 08:40 - 2013-10-11 08:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2884256$
2013-10-11 08:39 - 2013-10-11 08:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$
2013-10-11 08:39 - 2013-10-11 08:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-10-11 07:58 - 2013-07-03 03:12 - 00025088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys
2013-10-11 07:57 - 2013-08-09 01:55 - 00144128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbport.sys
2013-10-11 07:57 - 2013-08-09 01:55 - 00005376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys
2013-10-11 07:57 - 2009-03-18 12:02 - 00030336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbehci.sys
2013-10-10 19:05 - 2013-10-10 19:05 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2013-10-06 07:43 - 2013-10-06 07:43 - 00000000 ____D C:\Documents and Settings\All Users\Documents\sun
2013-10-06 07:42 - 2013-10-22 20:06 - 00000000 ____D C:\Documents and Settings\admin\My Documents\Konštrukčné materiály
2013-10-05 17:38 - 2013-10-05 17:39 - 00000000 ___SD C:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice 4.0.1
2013-10-05 17:38 - 2013-10-05 17:38 - 00000865 _____ C:\Documents and Settings\All Users\Desktop\OpenOffice 4.0.1.lnk
2013-10-05 09:50 - 2013-10-05 09:50 - 00000680 _____ C:\Documents and Settings\All Users\Desktop\PDF Architect.lnk
2013-10-05 09:49 - 2013-10-05 09:50 - 00000000 ____D C:\Program Files\PDF Architect
2013-10-05 09:49 - 2013-10-05 09:49 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\PDF Architect
2013-10-05 09:49 - 2013-10-05 09:49 - 00000000 ____D C:\Documents and Settings\admin\My Documents\PDF Architect Files
2013-10-05 09:47 - 2013-10-05 09:50 - 00000000 ____D C:\Program Files\Common Files\PDF Architect
2013-10-05 09:47 - 2013-10-05 09:47 - 00000000 ____D C:\Documents and Settings\admin\Application Data\PDF Software
2013-10-05 09:39 - 2013-10-19 16:35 - 00000000 ____D C:\Program Files\PDFCreator
2013-10-05 09:39 - 2013-10-05 09:39 - 00000706 _____ C:\Documents and Settings\All Users\Desktop\PDFCreator.lnk
2013-10-05 09:39 - 2013-10-05 09:39 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\PDFCreator
2013-10-05 09:39 - 2013-10-05 09:39 - 00000000 ____D C:\Documents and Settings\admin\Application Data\pdfforge
2013-10-05 09:39 - 2012-05-05 10:54 - 00137000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMAPI32.OCX
2013-10-05 09:39 - 2012-05-05 10:54 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPIDE.DLL
2013-10-04 20:01 - 2013-10-04 20:01 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-04 20:00 - 2013-10-23 18:46 - 00000000 ____D C:\Program Files\Java
2013-10-04 19:56 - 2013-10-04 19:56 - 00000682 _____ C:\Documents and Settings\All Users\Desktop\Audacity.lnk
2013-10-04 09:32 - 2013-10-27 19:54 - 00000000 ____D C:\Documents and Settings\admin\My Documents\Diagnostika

==================== One Month Modified Files and Folders =======

2013-11-02 16:06 - 2013-11-02 16:06 - 00000000 ____D C:\FRST
2013-11-02 16:04 - 2013-11-02 16:04 - 00112128 _____ (forum.viry.cz) C:\Documents and Settings\admin\Desktop\FRSTLauncher.exe
2013-11-02 15:57 - 2013-11-02 15:57 - 01089445 _____ (Farbar) C:\Documents and Settings\admin\Desktop\FRST.exe
2013-11-02 15:48 - 2008-10-03 08:40 - 01617219 _____ C:\WINDOWS\WindowsUpdate.log
2013-11-02 15:46 - 2008-10-03 10:27 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-11-02 15:46 - 2008-10-03 10:27 - 00000051 _____ C:\WINDOWS\wiaservc.log
2013-11-02 15:46 - 2008-10-03 08:44 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-11-02 12:28 - 2008-10-03 08:44 - 00032512 _____ C:\WINDOWS\SchedLgU.Txt
2013-11-02 12:27 - 2008-10-03 08:44 - 00000178 ___SH C:\Documents and Settings\admin\ntuser.ini
2013-11-02 11:15 - 2013-02-22 19:28 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2013-11-02 10:51 - 2008-10-05 13:00 - 00000000 ____D C:\Documents and Settings\admin\Application Data\Kingston
2013-11-02 10:37 - 2013-06-22 20:00 - 00000000 ____D C:\Documents and Settings\admin\Application Data\AIMP3
2013-11-02 10:37 - 2008-10-03 08:44 - 00000000 ____D C:\Documents and Settings\admin
2013-11-02 10:32 - 2013-01-10 09:59 - 00000000 ____D C:\Documents and Settings\admin\Application Data\foobar2000
2013-11-02 08:50 - 2010-07-12 16:51 - 00000000 ____D C:\Program Files\SpeedFan
2013-11-01 18:38 - 2013-02-26 19:43 - 00043520 _____ C:\Documents and Settings\admin\My Documents\Cyklo 2013.xls
2013-11-01 18:32 - 2013-02-15 11:08 - 00000000 ____D C:\Program Files\streamWriter
2013-11-01 18:19 - 2013-10-14 16:38 - 00000000 ____D C:\Documents and Settings\admin\My Documents\Metrológia
2013-11-01 17:14 - 2013-11-01 17:14 - 02033232 _____ ( ) C:\Documents and Settings\admin\Desktop\AVG_Autoruns_cz.exe
2013-11-01 17:05 - 2013-11-01 17:05 - 00004556 _____ C:\Documents and Settings\admin\Desktop\gmer log.log
2013-10-31 10:38 - 2010-02-13 22:27 - 00000682 _____ C:\Documents and Settings\admin\My Documents\abc.txt
2013-10-31 10:24 - 2011-04-06 14:38 - 00000000 ____D C:\Documents and Settings\admin\Application Data\Audacity
2013-10-30 20:52 - 2010-11-01 12:34 - 00000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2013-10-30 20:52 - 2009-07-21 09:11 - 00000000 ____D C:\Program Files\CCleaner
2013-10-30 18:50 - 2010-03-26 15:04 - 00000000 ____D C:\Documents and Settings\admin\Application Data\ICQ
2013-10-30 09:42 - 2012-04-24 18:35 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-29 21:42 - 2013-10-01 20:23 - 00554736 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-73586283-1614895754-1801674531-1003-0.dat
2013-10-29 21:42 - 2013-10-01 20:23 - 00143142 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2013-10-29 20:33 - 2013-10-01 18:53 - 00000000 ____D C:\Documents and Settings\admin\My Documents\Programovanie
2013-10-29 17:56 - 2013-10-29 17:55 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-29 17:52 - 2006-02-28 13:00 - 00012598 _____ C:\WINDOWS\system32\wpa.dbl
2013-10-27 19:54 - 2013-10-04 09:32 - 00000000 ____D C:\Documents and Settings\admin\My Documents\Diagnostika
2013-10-27 12:25 - 2011-09-21 19:59 - 00000000 ____D C:\Documents and Settings\admin\My Documents\IKP
2013-10-27 08:19 - 2008-10-03 10:24 - 00590908 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-25 07:49 - 2013-10-25 07:49 - 00000000 ____D C:\Documents and Settings\admin\Application Data\Microsoft Corporation
2013-10-24 17:47 - 2008-10-03 10:22 - 00000211 ___SH C:\boot.ini
2013-10-24 17:47 - 2006-02-28 13:00 - 00000532 _____ C:\WINDOWS\win.ini
2013-10-24 17:47 - 2006-02-28 13:00 - 00000256 _____ C:\WINDOWS\system.ini
2013-10-23 19:02 - 2013-10-01 18:09 - 00000000 ____D C:\Documents and Settings\admin\My Documents\Visual Studio 2010
2013-10-23 18:46 - 2013-10-23 18:46 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2013-10-23 18:46 - 2013-10-23 18:45 - 00004113 _____ C:\WINDOWS\system32\jupdate-1.7.0_45-b18.log
2013-10-23 18:46 - 2013-10-04 20:00 - 00000000 ____D C:\Program Files\Java
2013-10-22 20:19 - 2013-10-22 20:19 - 00000000 ____D C:\Documents and Settings\admin\My Documents\Environmentálna Fyzika
2013-10-22 20:06 - 2013-10-06 07:42 - 00000000 ____D C:\Documents and Settings\admin\My Documents\Konštrukčné materiály
2013-10-22 18:12 - 2010-06-17 18:44 - 00000000 ____D C:\Program Files\PokerStars
2013-10-20 18:30 - 2012-03-30 18:25 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-10-20 18:30 - 2011-05-14 18:14 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-10-20 18:30 - 2008-10-03 09:32 - 00000000 ____D C:\Documents and Settings\admin\Local Settings\Application Data\Adobe
2013-10-19 16:38 - 2008-10-03 10:23 - 00262144 _____ C:\WINDOWS\system32\config\SECURITY.bak
2013-10-19 16:38 - 2008-10-03 10:23 - 00262144 _____ C:\WINDOWS\system32\config\SAM.bak
2013-10-19 16:38 - 2008-10-03 10:22 - 40632320 _____ C:\WINDOWS\system32\config\software.bak
2013-10-19 16:38 - 2008-10-03 10:22 - 01835008 _____ C:\WINDOWS\system32\config\default.bak
2013-10-19 16:38 - 2008-10-03 08:44 - 00262144 _____ C:\Documents and Settings\NetworkService\NTUSER.bak
2013-10-19 16:38 - 2008-10-03 08:44 - 00249856 _____ C:\Documents and Settings\LocalService\NTUSER.bak
2013-10-19 16:37 - 2010-06-29 10:34 - 15990784 _____ C:\Documents and Settings\admin\ntuser.bak
2013-10-19 16:37 - 2008-10-03 08:44 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-10-19 16:37 - 2008-10-03 08:44 - 00000000 __SHD C:\Documents and Settings\LocalService
2013-10-19 16:35 - 2013-10-05 09:39 - 00000000 ____D C:\Program Files\PDFCreator
2013-10-19 16:32 - 2013-10-19 16:31 - 00000388 _____ C:\Documents and Settings\admin\My Documents\cc_20131019_173158.reg
2013-10-19 16:22 - 2011-09-10 08:54 - 00000803 _____ C:\Documents and Settings\All Users\Desktop\Wise Registry Cleaner.lnk
2013-10-19 16:22 - 2011-09-10 08:54 - 00000000 ____D C:\Program Files\Wise Registry Cleaner
2013-10-19 16:22 - 2011-09-10 08:54 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Wise Registry Cleaner
2013-10-19 10:05 - 2013-02-05 13:15 - 00000000 ____D C:\Documents and Settings\admin\My Documents\Jaytech Music Podcast
2013-10-18 10:25 - 2008-10-03 08:38 - 00000000 ____D C:\WINDOWS\Registration
2013-10-16 14:40 - 2013-10-16 14:40 - 00000000 ____D C:\Program Files\Auslogics
2013-10-16 14:40 - 2013-10-16 14:40 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
2013-10-16 14:40 - 2013-10-11 11:02 - 00000822 _____ C:\Documents and Settings\admin\Desktop\Auslogics DiskDefrag.lnk
2013-10-13 18:31 - 2009-12-24 20:42 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-10-11 11:02 - 2013-10-11 11:02 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Auslogics
2013-10-11 08:56 - 2008-11-02 20:56 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-11 08:56 - 2008-10-03 10:23 - 00133280 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-11 08:51 - 2013-10-11 08:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-10-11 08:51 - 2013-10-11 08:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-10-11 08:49 - 2013-08-13 10:11 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-10-11 08:45 - 2010-06-04 13:04 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2013-10-11 08:45 - 2008-10-08 19:05 - 78106760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-10-11 08:40 - 2013-10-11 08:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2884256$
2013-10-11 08:39 - 2013-10-11 08:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$
2013-10-11 08:39 - 2013-10-11 08:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-10-11 08:39 - 2010-02-12 12:10 - 00000000 ____D C:\WINDOWS\ie8updates
2013-10-10 19:05 - 2013-10-10 19:05 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2013-10-10 19:05 - 2013-09-04 19:13 - 00000702 _____ C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
2013-10-08 17:43 - 2009-06-25 16:56 - 00021080 _____ C:\Documents and Settings\admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-10-08 06:50 - 2013-10-23 18:46 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-10-08 06:46 - 2013-10-23 18:46 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-10-08 06:46 - 2013-10-23 18:46 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-10-08 06:46 - 2013-10-23 18:46 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-10-08 06:29 - 2013-10-23 18:46 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2013-10-06 07:43 - 2013-10-06 07:43 - 00000000 ____D C:\Documents and Settings\All Users\Documents\sun
2013-10-05 17:39 - 2013-10-05 17:38 - 00000000 ___SD C:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice 4.0.1
2013-10-05 17:38 - 2013-10-05 17:38 - 00000865 _____ C:\Documents and Settings\All Users\Desktop\OpenOffice 4.0.1.lnk
2013-10-05 17:37 - 2013-07-29 18:33 - 00000000 ____D C:\Program Files\OpenOffice 4
2013-10-05 09:50 - 2013-10-05 09:50 - 00000680 _____ C:\Documents and Settings\All Users\Desktop\PDF Architect.lnk
2013-10-05 09:50 - 2013-10-05 09:49 - 00000000 ____D C:\Program Files\PDF Architect
2013-10-05 09:50 - 2013-10-05 09:47 - 00000000 ____D C:\Program Files\Common Files\PDF Architect
2013-10-05 09:49 - 2013-10-05 09:49 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\PDF Architect
2013-10-05 09:49 - 2013-10-05 09:49 - 00000000 ____D C:\Documents and Settings\admin\My Documents\PDF Architect Files
2013-10-05 09:47 - 2013-10-05 09:47 - 00000000 ____D C:\Documents and Settings\admin\Application Data\PDF Software
2013-10-05 09:39 - 2013-10-05 09:39 - 00000706 _____ C:\Documents and Settings\All Users\Desktop\PDFCreator.lnk
2013-10-05 09:39 - 2013-10-05 09:39 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\PDFCreator
2013-10-05 09:39 - 2013-10-05 09:39 - 00000000 ____D C:\Documents and Settings\admin\Application Data\pdfforge
2013-10-04 20:01 - 2013-10-04 20:01 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-04 19:56 - 2013-10-04 19:56 - 00000682 _____ C:\Documents and Settings\All Users\Desktop\Audacity.lnk
2013-10-04 19:56 - 2012-03-23 15:44 - 00000688 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Audacity.lnk
2013-10-04 19:56 - 2012-03-23 15:44 - 00000000 ____D C:\Program Files\Audacity
2013-10-04 09:20 - 2013-09-04 19:09 - 00000000 ____D C:\Documents and Settings\admin\Local Settings\Application Data\Avg2014

Files to move or delete:
====================
C:\Documents and Settings\All Users\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini


Some content of TEMP:
====================
C:\Documents and Settings\admin\Local Settings\temp\sfamcc00001.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:189.91 GB) (Free:44.6 GB) NTFS ==>[Drive with boot components (Windows XP)]

Available physical RAM: 1314.19 MB
Total physical RAM: 2046.42 MB
Percentage of memory in use: 35%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows XP) (Size: 190 GB) (Disk ID: E5E8E5E8)
Partition 1: (Active) - (Size=190 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================


==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: AVG AntiVirus 2014 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 28_09_2013 (06)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\admin\Desktop" je 3 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
"C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer
C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate
"C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig
C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion
"C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
"C:\Program Files\Common Files\Java\Java Update\jusched.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe
"C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^admin^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk
C:\PROGRA~1\OPENOF~1.OR~\program\QUICKS~1.EXE [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^admin^Start Menu^Programs^Startup^Spoon Sandbox Manager 3.25.lnk
C:\DOCUME~1\admin\LOCALS~1\APPLIC~1\Spoon\3250~1.15\SPOON-~2.EXE Startup [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^admin^Start Menu^Programs^Startup^Spoon.net Console.lnk
C:\DOCUME~1\admin\LOCALS~1\APPLIC~1\Spoon\3333~1.13\SPOON-~3.EXE -startup [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^admin^Start Menu^Programs^Startup^Spoon.net Sandbox Manager 3.33.lnk
C:\DOCUME~1\admin\LOCALS~1\APPLIC~1\Spoon\3333~1.13\SPOON-~2.EXE Startup [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk
C:\PROGRA~1\Secunia\PSI\psi_tray.exe


HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services
TomTomHOMEService REG_DWORD 0x2
Apple Mobile Device REG_DWORD 0x2
RichVideo REG_DWORD 0x2
IswSvc REG_DWORD 0x2
ICQ Service REG_DWORD 0x2
Secunia PSI Agent REG_DWORD 0x3
ServiceLayer REG_DWORD 0x3
UserAccess7 REG_DWORD 0x2
gusvc REG_DWORD 0x2
Sony Ericsson PCCompanion REG_DWORD 0x3
AdobeFlashPlayerUpdateSvc REG_DWORD 0x3
NVSvc REG_DWORD 0x2
JavaQuickStarterService REG_DWORD 0x2
Sony PC Companion REG_DWORD 0x3
Secunia Update Agent REG_DWORD 0x2
!SASCORE REG_DWORD 0x2
PDF Architect Service REG_DWORD 0x2
PDF Architect Helper Service REG_DWORD 0x2

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DoNotAllowExceptions REG_DWORD 0x0
DisableNotifications REG_DWORD 0x0


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\ICQ7.7\\ICQ.exe"="C:\\Program Files\\ICQ7.7\\ICQ.exe:*:Enabled:ICQ7.7"
"C:\\Program Files\\Winamp\\winamp.exe"="C:\\Program Files\\Winamp\\winamp.exe:*:Enabled:Winamp"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"="C:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe:*:Disabled:Google Earth"
"C:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"="C:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe:*:Disabled:Google Earth"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\ICQ7.7\\ICQ.exe"="C:\\Program Files\\ICQ7.7\\ICQ.exe:*:Enabled:ICQ7.7"
"C:\\Program Files\\Winamp\\winamp.exe"="C:\\Program Files\\Winamp\\winamp.exe:*:Enabled:Winamp"
"C:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"="C:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe:*:Enabled:AVG Installer"
"C:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG2014\\avgnsx.exe:*:Enabled:Online Shield"
"C:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"="C:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe:*:Enabled:AVG Diagnostics 2014"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008"


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000


==================== End Of Log ==============================

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKU\Default User\...\RunOnce: [_nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = http://search.icq.com/search/results.ph ... &ch_id=osd
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKLM - (No Name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No File
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = http://search.icq.com/search/results.ph ... &ch_id=osd
SearchScopes: HKCU - {ECCE6A4D-2D03-4538-BDBD-C7B7FCAD0E4E} URL = http://uk.search.yahoo.com/search?p={se ... meta=vc%3D
BHO: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No File
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
S4 ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [x]
C:\Documents and Settings\All Users\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Documents and Settings\admin\Local Settings\temp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
"C:\Program Files\Common Files\Java\Java Update\jusched.exe"
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 31-10-2013
Ran by admin at 2013-11-02 19:40:43 Run:1
Running from C:\Documents and Settings\admin\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKU\Default User\...\RunOnce: [_nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = http://search.icq.com/search/results.ph ... &ch_id=osd
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKLM - (No Name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No File
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = http://search.icq.com/search/results.ph ... &ch_id=osd
SearchScopes: HKCU - {ECCE6A4D-2D03-4538-BDBD-C7B7FCAD0E4E} URL = http://uk.search.yahoo.com/search?p={se ... meta=vc%3D
BHO: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No File
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
S4 ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [x]
C:\Documents and Settings\All Users\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Documents and Settings\admin\Local Settings\temp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
"C:\Program Files\Common Files\Java\Java Update\jusched.exe"
End
*****************

HKU\Default User\Software\Microsoft\Windows\CurrentVersion\RunOnce\\_nltide_3 => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\ICQ Search => Value deleted successfully.
HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => Value deleted successfully.
HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ECCE6A4D-2D03-4538-BDBD-C7B7FCAD0E4E} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{ECCE6A4D-2D03-4538-BDBD-C7B7FCAD0E4E} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key deleted successfully.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => Value deleted successfully.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} => Value deleted successfully.
HKCR\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => Value deleted successfully.
HKCR\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value deleted successfully.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key deleted successfully.
ICQ Service => Service deleted successfully.
C:\Documents and Settings\All Users\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => Moved successfully.
C:\Documents and Settings\admin\Local Settings\temp => Moved successfully.
C:\Program Files\Common Files\Java\Java Update\jusched.exe => Moved successfully.

==== End of Fixlog ====

Smazáno. Nastala nějaká změna?

Ohladom disku či malware? Tie súbory čo sa vracali sa vrátili tak po týždni dvoch, takže teraz to určiť ešte neviem. Ale disk stále zaspatý okolo 3 MB/s. Chcel som urobiť ešte error scan, no ale to by týmto tempom bežalo deň a noc, takže neviem, nechápem.

Disk můžeme zkontrolovat podstatně rychleji. Stáhněte, nainstalujte a spusťte CrystalDiskInfo: http://www.stahuj.centrum.cz/utility_a_ ... ldiskinfo/ a přes Úpravy>kopírovat sem dejte log.

----------------------------------------------------------------------------
CrystalDiskInfo 6.0.0 (C) 2008-2013 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows XP Home Edition SP3 [5.1 Build 2600] (x86)
Date : 2013/11/02 20:43:24

-- Controller Map ----------------------------------------------------------
+ Intel(R) N10/ICH7 Family Serial ATA Storage Controller - 27C0 [ATA]
+ Primary IDE Channel (0)
- Maxtor 6L200M0
+ Secondary IDE Channel (1)
- HL-DT-ST DVDRAM GSA-H10N

-- Disk List ---------------------------------------------------------------
(1) Maxtor 6L200M0 : 203,9 GB [0/0/0, pd1]

----------------------------------------------------------------------------
(1) Maxtor 6L200M0
----------------------------------------------------------------------------
Model : Maxtor 6L200M0
Firmware : BANC1G10
Serial Number : L408ZBZH
Disk Size : 203,9 GB (8,4/137,4/203,9/203,9)
Buffer Size : 8192 KB
Queue Depth : 32
# of Sectors : 398297088
Rotation Rate : Neznámy údaj
Interface : Serial ATA
Major Version : ATA/ATAPI-7
Minor Version : ATA/ATAPI-7 T13 1532D version 0
Transfer Mode : ---- | SATA/150
Power On Hours : 598 hod. (?)
Power On Count : 4398 krát
Temparature : 43 C (109 F)
Health Status : Dobrý
Features : S.M.A.R.T., APM, AAM, 48bit LBA, NCQ
APM Level : 0000h [OFF]
AAM Level : C0FEh [ON]

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
03 207 207 _63 0000000035DB Čas na roztočenie platní
04 251 251 __0 0000000011AB Počet spustení/zastavení
05 253 253 _63 000000000000 Počet premapovaných sektorov
06 253 253 100 000000000000 Počet dosiahnutí konca kanála pri čítaní
07 253 252 __0 000000000000 Počet chybných vyhľadávaní
08 246 239 187 000000008721 Čas potrebný na vyhľadanie
09 208 208 __0 000000008C2A Počet odpracovaných hodín
0A 253 252 157 000000000000 Počet opakovaných pokusov o roztočenie platní
0B 253 252 223 000000000000 Počet pokusov o prekalibrovanie
0C 242 242 __0 00000000112E Počet cyklov zapnutia zariadenia
C0 253 253 __0 000000000000 Počet vypnutí disku
C1 253 253 __0 000000000000 Počet cyklov načítania/vymazania
C2 _41 253 __0 00000000002B Teplota
C3 253 251 __0 000000009888 Počet opráv chybného čítania
C4 253 253 __0 000000000000 Počet udalostí s cieľom realokovania sektorov
C5 253 253 __0 000000000000 Počet podozrivých sektorov
C6 253 253 __0 000000000000 Počet neopraviteľných sektorov
C7 199 199 __0 000000000000 Počet chýb v kontrolnom súčte UltraDMA
C8 253 252 __0 000000000000 Počet chýb pri zápise sektorov
C9 253 252 __0 000000000001 Počet soft. chýb pri čítaní
CA 253 239 __0 000000000000 Počet chýb pri adresovaní údajov
CB 253 252 180 000000000001 Počet chýb v kódoch na opravu chýb
CC 253 252 __0 000000000000 Počet softvérovo opravených chýb v opravných kódoch
CD 253 252 __0 000000000000 Počet chýb spôsobených vysokou teplotou
CF 253 252 __0 000000000000 Množstvo napätia potrebného na roztočenie disku
D0 253 252 __0 000000000000 Počet vyslaných impulzov na roztočenie disku pri nedostatočnom napájaní
D1 240 240 __0 0000000000A4 Výkon pri vyhľadávaní na disku pri interných testoch disku
D2 253 252 __0 000000000000 Špecifický pre výrobcu
D3 253 252 __0 000000000000 Počet vibrácií pri zápise
D4 253 252 __0 000000000000 Počet otrasov pri zápise

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0040 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 4C34 3038 5A42 5A48 2020 2020 2020 2020 2020 2020
020: 0003 4000 0004 4241 4E43 3147 3130 4D61 7874 6F72
030: 2036 4C32 3030 4D30 2020 2020 2020 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 0000 2F00
050: 4000 0200 0000 0007 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F 0102 0000 0040 0000
080: 00FE 001E 7C6B 7F09 4673 7C69 3E21 4663 207F 0000
090: 0000 0000 FFFE 0000 C0FE 0008 0029 00D5 C350 0000
100: 8800 17BD 0000 0000 0029 0000 0000 0000 0000 0000
110: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
120: 0000 0000 0000 0000 0000 0000 0000 0000 0009 0000
130: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
140: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
150: 0113 0000 FFFF FFFF 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 0021 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
220: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 E1A5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 03 27 00 CF CF DB 35 00 00 00 00 00 04 32
010: 00 FB FB AB 11 00 00 00 00 00 05 33 00 FD FD 00
020: 00 00 00 00 00 00 06 01 00 FD FD 00 00 00 00 00
030: 00 00 07 0A 00 FD FC 00 00 00 00 00 00 00 08 27
040: 00 F6 EF 21 87 00 00 00 00 00 09 32 00 D0 D0 2A
050: 8C 00 00 00 00 00 0A 2B 00 FD FC 00 00 00 00 00
060: 00 00 0B 2B 00 FD FC 00 00 00 00 00 00 00 0C 32
070: 00 F2 F2 2E 11 00 00 00 00 00 C0 32 00 FD FD 00
080: 00 00 00 00 00 00 C1 32 00 FD FD 00 00 00 00 00
090: 00 00 C2 32 00 29 FD 2B 00 00 00 00 00 00 C3 0A
0A0: 00 FD FB 88 98 00 00 00 00 00 C4 08 00 FD FD 00
0B0: 00 00 00 00 00 00 C5 08 00 FD FD 00 00 00 00 00
0C0: 00 00 C6 08 00 FD FD 00 00 00 00 00 00 00 C7 08
0D0: 00 C7 C7 00 00 00 00 00 00 00 C8 0A 00 FD FC 00
0E0: 00 00 00 00 00 00 C9 0A 00 FD FC 01 00 00 00 00
0F0: 00 00 CA 0A 00 FD EF 00 00 00 00 00 00 00 CB 0B
100: 00 FD FC 01 00 00 00 00 00 00 CC 0A 00 FD FC 00
110: 00 00 00 00 00 00 CD 0A 00 FD FC 00 00 00 00 00
120: 00 00 CF 2A 00 FD FC 00 00 00 00 00 00 00 D0 2A
130: 00 FD FC 00 00 00 00 00 00 00 D1 24 00 F0 F0 A4
140: 00 00 00 00 00 00 D2 32 00 FD FC 00 00 00 00 00
150: 00 00 D3 32 00 FD FC 00 00 00 00 00 00 00 D4 32
160: 00 FD FC 00 00 00 00 00 00 00 80 00 1A 06 01 5B
170: 03 00 01 00 02 51 00 00 00 00 00 00 00 00 00 00
180: 00 00 39 00 00 00 00 00 00 00 00 01 00 00 01 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF 87
1A0: BD 17 10 00 00 00 00 00 2F 00 00 88 BD 17 30 00
1B0: 00 00 00 88 BD 17 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 06 00 FF

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 03 3F 00 00 00 00 00 00 00 00 00 00 04 00
010: 00 00 00 00 00 00 00 00 00 00 05 3F 00 00 00 00
020: 00 00 00 00 00 00 06 64 00 00 00 00 00 00 00 00
030: 00 00 07 00 00 00 00 00 00 00 00 00 00 00 08 BB
040: 00 00 00 00 00 00 00 00 00 00 09 00 00 00 00 00
050: 00 00 00 00 00 00 0A 9D 00 00 00 00 00 00 00 00
060: 00 00 0B DF 00 00 00 00 00 00 00 00 00 00 0C 00
070: 00 00 00 00 00 00 00 00 00 00 C0 00 00 00 00 00
080: 00 00 00 00 00 00 C1 00 00 00 00 00 00 00 00 00
090: 00 00 C2 00 00 00 00 00 00 00 00 00 00 00 C3 00
0A0: 00 00 00 00 00 00 00 00 00 00 C4 00 00 00 00 00
0B0: 00 00 00 00 00 00 C5 00 00 00 00 00 00 00 00 00
0C0: 00 00 C6 00 00 00 00 00 00 00 00 00 00 00 C7 00
0D0: 00 00 00 00 00 00 00 00 00 00 C8 00 00 00 00 00
0E0: 00 00 00 00 00 00 C9 00 00 00 00 00 00 00 00 00
0F0: 00 00 CA 00 00 00 00 00 00 00 00 00 00 00 CB B4
100: 00 00 00 00 00 00 00 00 00 00 CC 00 00 00 00 00
110: 00 00 00 00 00 00 CD 00 00 00 00 00 00 00 00 00
120: 00 00 CF 00 00 00 00 00 00 00 00 00 00 00 D0 00
130: 00 00 00 00 00 00 00 00 00 00 D1 00 00 00 00 00
140: 00 00 00 00 00 00 D2 00 00 00 00 00 00 00 00 00
150: 00 00 D3 00 00 00 00 00 00 00 00 00 00 00 D4 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 14

Sisk je v pořádku. Podívejte se ještě do správce zařízení>řadiče IDE/ATA. Rozklikněte a pak pravým myšítkem na jednotlivé kanály>vlastnosti>upřesnit se přesvědčte, zda je zapnut DMA režim. Pokud ne, zapněte, nastavení uložte a restartujte PC.

Vyzerá to nejak takto, ten prvý kanál má ako keby zapnutý PIO mode. Ako zapnem DMA netuším, skúsil som odkliknúť DMA if available - OK - reštart a nič je to stále PIO mode a disk stále pomalý.

Ono to znamená:

DMA, je-li k dispozici. Pokud ne, zapne se samočinně PIO. Pokud je disk připojen k sekundárním kanálu (tam je DMA zapnut) je to v pořádku. Podle logu z Crystalu, je ale disk připojen k některému SATA kanálu a ty obrázky jsou z klalsických IDE.

Som z toho jeleň čiže tie hodnoty nemajú s mojim diskom nič spoločné?
Iné možnosti, kde zapnúť DMA režim nevidím.
V system event logu mám približne z toho času kedy mi disk začal blbnúť desiatky rovnakých chýb, niečo s IDE. Do prílohy som jednu dal. V iných dňoch sa nevyskytujú.