Problém se spuštěním Win XP - chyb.hlášení

[Jitka Hegerova]

Dobrý den, ráda bych Vás poprosila o pomoc a radu týkající se spouštění WIN XP. Už asi 4x za tento týden se mi stalo, že po zapnutí PC a spuštění WIN se počítač náhle zasekl, a to ve fázi, nevím, jak to mám popsat, předem se omlouvám za svoji neznalost v této oblasti, druhé tabulky - PCI Devices Listening... spousta čísel a v lévém rohu Boot from CD/DVD:_ Windows se rozběhl až po zmáčknutí ctrl-alt-delete a pak vše pracovalo naprosto běžně a v pořádku.

V nástrojích pro správu už asid3 týdny sleduji chybové hlášení (vždy dvě stejné po sobě), a to právě po startu PC - I2c return failed (zdroj ati2mtag, kategorie GCO, ID události 44044) a upozornění - Rom does not support this device, zdroj ati2mtag, kategorie LCD, ID události 48137 a ještě jedno upozornění - Nebylo možno obnovit adresu počítače ze sítě (ze serveru DHCP) pro síťovou kartu s adresou 001A4D4102EB. Došlo k následující chybě: Časový limit semaforu vypršel. . Počítač se bude pokoušet získat síťovou adresu samostatně ze serveru DHCP (zdroj Dhcp, Id události 1003).

Jinak, zdá se, běží PC v pořádku, i když jsem nedávno řešila problém s útokem Security tool a Trojana, který jsem tu snad vyřešila, díky Vám. Proto se na Vás obracím ještě jednou s prosbou a hlavně se schovívavostí a trpělivostí, protože jsem v oblasti PC skuteně neznalec. Předem díky.

[Jitka Hegerova]

Prosíím, není tu někdo, kdo by mi poradil?

[MiliNess]

To okolo ati2mtag je záležitost ovladačů grafické karty, ale s tím zásekem při startu to pravděpodobně nebude mít nic společného. Catalysty s tím mívaly problémy. Měla by to vyřešit instalace nových Catalystů. Nedošlo k tomu záseku, když jste měla při startu v CD\DVD mechanice nějaké medium?
Dochází k tomu tady ještě dříve, než se objeví logo MS?
Nevypisuje se nějaké chybové hlášení?

[Jitka Hegerova]

Dobrý večer, díky za odpověď. To okolo ati2mtag jsem tušila, že to nebude důležité, objevuje se to tam vždy, i když se PC rozběhne normálně, jako dnes. Při startu v mechanice nic nemívám. K tomu zamrznutí dochází dříve, než se objeví logo MS a chyb. hlášení to nevypisuje, to bych si všimla. Tak nevím, když jsem si ještě jednou procházela v prohlížeči události chyb. hlášení, tak jsem narazila na následující, bylo to po útoku Security TOOL. Možná to s tím bude souviset, fakt nevím, ale ti tak díky.

Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
Aavmker4
AFD
aswSP
aswTdi
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
sbhips
sptd
Tcpip

[MiliNess]

Pošlu vám sem kolegyni a ještě to spolu zkontrolujte.
Ty problémy s tím zakousnutím při startu se objevují od doby napadení počítače tím malwarem?
Je možné, že to bude způsobeno nějakou hardwarovou závadou, či chybným nastavením BIOSu, neboť v místě kde se vám to seká buď zavádění operačního systému ještě ani nezačalo nebo je ve velmi ranné fázi, kdy ještě nejsou zavedeny ovladače a komponenty jádra OS.

[motji]

Dobré ranko
Mrkneme na to

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
- otevře se okno, v něm zaškrtněte Scan All Users , File Scan,
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

netsvcs
%SYSTEMDRIVE%\*.exe
%SYSTEMDRIVE%\eventlog.dll /s /md5
%SYSTEMDRIVE%\scecli.dll /s /md5
%SYSTEMDRIVE%\netlogon.dll /s /md5
%SYSTEMDRIVE%\cngaudit.dll /s /md5
%SYSTEMDRIVE%\sceclt.dll /s /md5
%SYSTEMDRIVE%\ntelogon.dll /s /md5
%SYSTEMDRIVE%\logevent.dll /s /md5
%SYSTEMDRIVE%\iaStor.sys /s /md5
%SYSTEMDRIVE%\nvstor.sys /s /md5
%SYSTEMDRIVE%\atapi.sys /s /md5
%SYSTEMDRIVE%\IdeChnDr.sys /s /md5
%SYSTEMDRIVE%\viasraid.sys /s /md5
%SYSTEMDRIVE%\AGP440.sys /s /md5
%SYSTEMDRIVE%\vaxscsi.sys /s /md5
%SYSTEMDRIVE%\nvatabus.sys /s /md5
%SYSTEMDRIVE%\viamraid.sys /s /md5
%SYSTEMDRIVE%\nvata.sys /s /md5
CREATERESTOREPOINT

-klikněte na tlačítko Run scan.
-proběhne sken a objeví se dva logy, obsah obou vložte zde


Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log,který sem vložíte
(kdyby Gmer v normálním režimu zlobil - mrzl nebo restartoval pc, zkuste sken v nouzovém režimu)

[Jitka Hegerova]

Tak vkládám logy z OTL:

OTL logfile created on: 14.2.2010 19:01:43 - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Michal_H\Dokumenty\Stažené soubory
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1 022,00 Mb Total Physical Memory | 395,00 Mb Available Physical Memory | 39,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 98,64 Gb Total Space | 84,02 Gb Free Space | 85,17% Space Free | Partition Type: NTFS
Drive D: | 14,30 Gb Total Space | 14,24 Gb Free Space | 99,56% Space Free | Partition Type: NTFS
Drive E: | 273,97 Gb Total Space | 270,86 Gb Free Space | 98,87% Space Free | Partition Type: NTFS
Drive F: | 164,30 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MICHAL
Current User Name: Michal_H
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.02.06 14:39:14 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michal_H\Dokumenty\Stažené soubory\OTL.exe
PRC - [2010.02.02 00:23:30 | 002,002,160 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010.01.27 08:44:30 | 000,077,824 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
PRC - [2010.01.16 04:11:42 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.01.12 23:21:41 | 002,752,560 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\Setup\avast.setup
PRC - [2009.11.25 00:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009.11.25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009.11.25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009.11.25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009.11.25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009.10.30 12:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2008.10.31 07:24:28 | 001,365,288 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
PRC - [2008.10.31 07:24:28 | 000,095,528 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
PRC - [2008.10.31 07:24:26 | 001,705,256 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
PRC - [2008.06.24 16:06:06 | 001,840,424 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008.06.24 16:05:56 | 000,537,896 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
PRC - [2008.06.08 09:31:04 | 000,877,864 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
PRC - [2008.04.14 08:52:46 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\savedump.exe
PRC - [2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.12.19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\system32\IoctlSvc.exe
PRC - [2006.11.14 10:21:00 | 016,270,848 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
PRC - [2006.10.27 00:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2006.09.27 02:41:54 | 000,425,984 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2006.05.16 17:51:00 | 000,057,344 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
PRC - [2006.01.02 17:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005.04.30 17:02:26 | 000,086,016 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe


========== Modules (SafeList) ==========

MOD - [2010.02.06 14:39:14 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michal_H\Dokumenty\Stažené soubory\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2009.11.25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009.11.25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009.11.25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009.11.25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2008.10.31 07:24:28 | 001,365,288 | ---- | M] (Sunbelt Software, Inc.) [Auto | Running] -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe -- (SPF4)
SRV - [2008.10.31 07:24:28 | 000,095,528 | ---- | M] (Sunbelt Software, Inc.) [Auto | Running] -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe -- (SbPF.Launcher)
SRV - [2008.07.29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.06.24 16:05:56 | 000,537,896 | ---- | M] (Nero AG) [On_Demand | Running] -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2008.06.08 09:31:04 | 000,877,864 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3)
SRV - [2006.12.19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\WINDOWS\system32\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
SRV - [2006.10.27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006.10.26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.09.27 02:41:54 | 000,425,984 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2006.09.26 21:05:00 | 000,520,192 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2005.04.30 17:02:26 | 000,086,016 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\WINDOWS\system32\bgsvcgen.exe -- (bgsvcgen)


========== Driver Services (SafeList) ==========

DRV - [2010.01.12 23:41:47 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.01.12 21:45:40 | 000,014,656 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2009.11.25 00:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009.11.25 00:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009.11.25 00:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009.09.15 12:56:14 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009.09.15 12:55:30 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009.09.15 12:55:19 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009.09.15 11:42:48 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009.09.15 11:42:46 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009.09.15 11:42:44 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008.10.31 07:09:06 | 000,270,888 | R--- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SbFw.sys -- (SbFw)
DRV - [2008.06.21 04:54:54 | 000,066,600 | R--- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbhips.sys -- (sbhips)
DRV - [2008.06.21 04:54:54 | 000,065,576 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2008.04.13 22:09:16 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008.04.13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006.11.22 08:01:00 | 000,250,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006.11.21 19:27:58 | 000,043,648 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2006.11.15 07:34:00 | 004,225,920 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006.09.27 02:50:04 | 001,754,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006.02.08 04:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys -- (JGOGO)
DRV - [2005.05.11 00:33:12 | 000,032,256 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV - [2001.10.25 13:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1060284298-220523388-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKU\S-1-5-21-1060284298-220523388-682003330-1003\S-1-5-21-1060284298-220523388-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.02.10 13:06:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.02.10 13:06:32 | 000,000,000 | ---D | M]

[2010.01.12 22:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michal_H\Data aplikací\Mozilla\Extensions
[2010.02.10 19:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michal_H\Data aplikací\Mozilla\Firefox\Profiles\x8t6ayop.default\extensions
[2010.01.12 22:22:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.01.16 01:50:40 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.01.16 01:50:40 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.01.16 01:50:40 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.01.16 01:50:40 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.01.16 01:50:40 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.01.15 19:52:00 | 000,373,454 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 12872 more lines...
O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1060284298-220523388-682003330-1003\..\Toolbar\WebBrowser: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\JMRaidSetup.exe (Gigabyte Technology Corp.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-21-1060284298-220523388-682003330-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1060284298-220523388-682003330-1003..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-1060284298-220523388-682003330-1003..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKU\S-1-5-21-1060284298-220523388-682003330-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Michal_H\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1060284298-220523388-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1060284298-220523388-682003330-1003\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.10.1.3
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Michal_H\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Michal_H\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [1999.09.12 17:37:22 | 000,000,047 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.02.10 19:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\Seagate
[2010.02.08 06:05:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Michal_H\Recent
[2010.02.03 23:38:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010.02.01 23:51:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
[2010.02.01 23:50:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michal_H\Data aplikací\SUPERAntiSpyware.com
[2010.02.01 23:50:47 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010.02.01 23:48:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010.01.27 18:09:22 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Michal_H\IECompatCache
[2010.01.27 16:14:37 | 000,018,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010.01.27 16:08:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Michal_H\Dokumenty\Filmy
[2010.01.27 16:08:20 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Data aplikací\Microsoft
[2010.01.27 16:06:45 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010.01.27 16:05:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010.01.27 16:05:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010.01.27 08:52:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michal_H\Data aplikací\OLYMPUS
[2010.01.27 08:49:59 | 000,000,000 | ---D | C] -- C:\Program Files\OLYMPUS
[2010.01.27 08:49:38 | 000,319,488 | ---- | C] (Pegasus Imaging Corporation) -- C:\WINDOWS\System32\Pvmjpg21.dll
[2010.01.27 08:49:32 | 000,086,016 | ---- | C] (B.H.A Corporation) -- C:\WINDOWS\System32\bgsvcgen.exe
[2010.01.27 08:49:32 | 000,057,344 | ---- | C] (B.H.A Corporation) -- C:\WINDOWS\System32\GenSvcInst.exe
[2010.01.27 08:49:30 | 000,032,256 | ---- | C] (B.H.A Corporation) -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys
[2010.01.27 08:49:08 | 000,000,000 | ---D | C] -- C:\Program Files\PIXELA
[2010.01.27 08:44:28 | 000,086,016 | ---- | C] (MindVision) -- C:\WINDOWS\unvise32qt.exe
[2010.01.27 08:44:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2010.01.27 08:44:20 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010.01.27 08:43:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\QuickTime
[2010.01.25 16:56:55 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010.01.25 14:15:15 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.01.25 12:45:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010.01.21 21:40:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010.01.21 13:45:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michal_H\Local Settings\Data aplikací\Adobe
[2010.01.21 13:45:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Adobe
[2010.01.21 13:44:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010.01.21 13:44:56 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010.01.16 00:59:38 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010.01.12 22:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[2010.01.12 21:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[2010.01.12 21:26:31 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.02.14 18:57:06 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.02.14 18:56:41 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.02.14 18:56:39 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010.02.14 18:56:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.02.10 23:48:02 | 007,077,888 | -H-- | M] () -- C:\Documents and Settings\Michal_H\NTUSER.DAT
[2010.02.10 23:48:02 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Michal_H\ntuser.ini
[2010.02.10 23:47:54 | 003,745,256 | -H-- | M] () -- C:\Documents and Settings\Michal_H\Local Settings\Data aplikací\IconCache.db
[2010.02.10 19:20:05 | 000,002,329 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\SeaTools for Windows.lnk
[2010.02.10 19:15:49 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010.02.10 13:06:34 | 000,001,608 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Mozilla Firefox.lnk
[2010.02.10 11:15:30 | 1072,193,536 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010.02.10 11:00:11 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.02.10 00:37:17 | 000,002,563 | ---- | M] () -- C:\Documents and Settings\Michal_H\Plocha\Microsoft Office Word 2007.lnk
[2010.02.08 15:27:52 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.02.08 15:27:51 | 000,007,680 | ---- | M] () -- C:\Documents and Settings\Michal_H\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.08 14:27:19 | 000,000,207 | ---- | M] () -- C:\Documents and Settings\Michal_H\Data aplikací\default.pls
[2010.02.06 14:58:42 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\Michal_H\Plocha\CCleaner.lnk
[2010.02.06 14:54:15 | 000,000,930 | ---- | M] () -- C:\Documents and Settings\Michal_H\Plocha\Zástupce - OTL.lnk
[2010.02.01 23:50:50 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\SUPERAntiSpyware Free Edition.lnk
[2010.01.27 16:14:21 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010.01.27 16:14:21 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010.01.27 16:06:53 | 000,000,582 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.01.27 16:05:16 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010.01.27 08:51:05 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\OLYMPUS Master.lnk
[2010.01.27 08:49:38 | 000,000,268 | ---- | M] () -- C:\WINDOWS\System.ini
[2010.01.27 08:49:33 | 000,001,686 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\ImageMixer VCD DVD2 for OLYMPUS 2.0.lnk
[2010.01.27 08:44:23 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\QuickTime Player.lnk
[2010.01.25 20:26:07 | 000,069,232 | ---- | M] () -- C:\Documents and Settings\Michal_H\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
[2010.01.25 20:24:44 | 000,270,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.01.21 13:45:16 | 000,001,735 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Adobe Reader 9.lnk
[2010.01.16 01:02:39 | 000,978,014 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.01.16 01:02:39 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.01.16 01:02:39 | 000,428,750 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.01.16 01:02:39 | 000,077,872 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.01.16 01:02:39 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.01.15 19:56:39 | 000,002,477 | ---- | M] () -- C:\Documents and Settings\Michal_H\Plocha\Microsoft Office Excel 2007.lnk
[2010.01.15 19:52:00 | 000,373,454 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.02.10 19:16:36 | 000,002,329 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\SeaTools for Windows.lnk
[2010.02.10 13:06:34 | 000,001,608 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Mozilla Firefox.lnk
[2010.02.10 10:58:41 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010.02.08 14:27:19 | 000,000,207 | ---- | C] () -- C:\Documents and Settings\Michal_H\Data aplikací\default.pls
[2010.02.06 14:54:15 | 000,000,930 | ---- | C] () -- C:\Documents and Settings\Michal_H\Plocha\Zástupce - OTL.lnk
[2010.02.01 23:50:50 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\SUPERAntiSpyware Free Edition.lnk
[2010.02.01 15:12:50 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Michal_H\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.01 01:06:05 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010.01.27 16:05:16 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010.01.27 08:51:05 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\OLYMPUS Master.lnk
[2010.01.27 08:49:33 | 000,001,686 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\ImageMixer VCD DVD2 for OLYMPUS 2.0.lnk
[2010.01.27 08:44:24 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010.01.27 08:44:24 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010.01.27 08:44:23 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\QuickTime Player.lnk
[2010.01.21 13:45:16 | 000,001,735 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Adobe Reader 9.lnk
[2010.01.12 23:41:47 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
< End of report >

a z ruhého souboru

OTL Extras logfile created on: 14.2.2010 19:01:43 - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Michal_H\Dokumenty\Stažené soubory
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1 022,00 Mb Total Physical Memory | 395,00 Mb Available Physical Memory | 39,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 98,64 Gb Total Space | 84,02 Gb Free Space | 85,17% Space Free | Partition Type: NTFS
Drive D: | 14,30 Gb Total Space | 14,24 Gb Free Space | 99,56% Space Free | Partition Type: NTFS
Drive E: | 273,97 Gb Total Space | 270,86 Gb Free Space | 98,87% Space Free | Partition Type: NTFS
Drive F: | 164,30 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MICHAL
Current User Name: Michal_H
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1060284298-220523388-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}" = ImageMixer VCD/DVD2 for OLYMPUS
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{47148AA6-59BD-4269-94EA-C6748A126575}" = ATI Catalyst Control Center
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D45EF03-E8EE-4355-81C3-F918CBCF1029}" = Nero 8
"{82B1150E-9B37-49FC-83EB-D52197D900D0}" = Sunbelt Personal Firewall
"{90120000-0010-0405-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Czech) 12
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1029-7B44-A93000000001}" = Adobe Reader 9.3 - Czech
"{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}" = AVIVO Codecs
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = Softarová utilita ATI - Odinstalovat
"ATI Display Driver" = ATI Display Driver
"avast!" = avast! Antivirus
"CCleaner" = CCleaner
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"QuickTime" = QuickTime
"Totalcmd" = Total Commander (Remove or Repair)
"VLC media player" = VLC media player 1.0.3
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Companion

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 10.2.2010 8:05:02 | Computer Name = MICHAL | Source = avast! | ID = 33554522
Description = Nastala interní chyba v modulu aswar scan function failed!, funkce
C0000005.

[ Application Events ]
Error - 10.2.2010 14:02:13 | Computer Name = MICHAL | Source = Application Error | ID = 1000
Description = Chybující aplikace SbPFSvc.exe, verze 4.6.1861.0, chybující modul
SbPFSvc.exe, verze 4.6.1861.0, adresa chyby 0x00092fa9.

Error - 10.2.2010 14:16:39 | Computer Name = MICHAL | Source = Application Error | ID = 1000
Description = Chybující aplikace explorer.exe, verze 6.0.2900.5512, chybující modul
shlwapi.dll, verze 6.0.2900.5912, adresa chyby 0x0001b55c.

Error - 10.2.2010 14:16:56 | Computer Name = MICHAL | Source = Application Error | ID = 1000
Description = Chybující aplikace explorer.exe, verze 6.0.2900.5512, chybující modul
unknown, verze 0.0.0.0, adresa chyby 0x00000000.

Error - 14.2.2010 13:57:47 | Computer Name = MICHAL | Source = ESENT | ID = 474
Description = wuauclt (2780) Ověření načtení stránky databáze ze souboru C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb
na posunu 7622656 (0x0000000000745000) o velikosti 4096 (0x00001000) bajtů se nezdařilo.
Došlo k neshodě kontrolního součtu stránky. Byl očekáván kontrolní součet 580136038
(0x22942c66), ale skutečný kontrolní součet byl 580157030 (0x22947e66). Operace
čtení se nezdaří a dojde k chybě -1018 (0xfffffc06). Pokud potíže potrvají, obnovte
databázi ze záložní kopie.

[ System Events ]
Error - 1.2.2010 10:12:23 | Computer Name = MICHAL | Source = ati2mtag | ID = 44044
Description = I2c return failed

Error - 1.2.2010 13:04:20 | Computer Name = MICHAL | Source = ati2mtag | ID = 44044
Description = I2c return failed

Error - 1.2.2010 13:04:20 | Computer Name = MICHAL | Source = ati2mtag | ID = 44044
Description = I2c return failed

Error - 1.2.2010 19:18:57 | Computer Name = MICHAL | Source = ati2mtag | ID = 44044
Description = I2c return failed

Error - 1.2.2010 19:18:57 | Computer Name = MICHAL | Source = ati2mtag | ID = 44044
Description = I2c return failed

Error - 1.2.2010 19:23:41 | Computer Name = MICHAL | Source = Service Control Manager | ID = 7000
Description = Služba SASDIFSV neuspěla při spuštění v důsledku následující chyby:
%%183

Error - 2.2.2010 3:51:05 | Computer Name = MICHAL | Source = ati2mtag | ID = 44044
Description = I2c return failed

Error - 2.2.2010 3:51:05 | Computer Name = MICHAL | Source = ati2mtag | ID = 44044
Description = I2c return failed

Error - 2.2.2010 19:24:47 | Computer Name = MICHAL | Source = ati2mtag | ID = 44044
Description = I2c return failed

Error - 2.2.2010 19:24:47 | Computer Name = MICHAL | Source = ati2mtag | ID = 44044
Description = I2c return failed


< End of report >

[Jitka Hegerova]

A tady vkládám logy z Gmeru:
1.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-02-14 19:19:57
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Michal_H\LOCALS~1\Temp\uxtdypob.sys

---- System - GMER 1.0.15 ----

SSDT spdc.sys ZwEnumerateKey [0xF7435DA4]
SSDT spdc.sys ZwEnumerateValueKey [0xF7436132]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xAA975678]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)
Device \FileSystem\Ntfs \Ntfs 867521F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

ten druhy má tolik znaků, že už ho sem nemůžu vložit. Můžu ho poslat mailem.

[motji]

Ten druhý log dejte třeba sem - http://www.leteckaposta.cz a sem vložte link ke stránce

Co je jednotka F?

Jak to ted vypadá s počítačem?

Stáhněte SecurityCheck http://screen317.spywareinfoforum.org/SecurityCheck.exe
-program spusťte a postupujte podle instrukcí. Log vložte zde

[hippo_76]

Zdravím,

tak s počítačem je to nyní tak, že jsem ho dostal do rukou od majitele, abych se na to podíval, protože vykázal modrou smrt. A to již několikrát. Jedná se o nenáročného majitele, kterému jsem nedávno systém na tomto PC přeinstaloval na jeho žádost. V počítači mu odešel zdroj, tak jsem tam dával úplně nový a současně provedl formát HDD a komplet instalaci, protože jak jsem již uvedl, majitel si to přál, kdy chtěl mít dle jeho slov systém čistý. Vše následně fungovalo bez problémů. Počítač fungoval do doby, kdy se stalo něco s napadením nějakého viru a majitel se snažil různými nástroji ho odstranit a počítač vyčistit. Z tohoto moc nejsem moudrý, protože nevím co se jim přesně stalo.

Chování počítače mě vede k tomu, že může být problém s RAM nebo HDD. Provedl jsem Memtest (cca 24 hod.) a žádné chyby. Na HDD také testováno a žádné chyby. Ovšem někdy začne HDD vykazovat hrozné zvuky (vyloženě mechanicky hrčí až moc nahlas) a pak je vidět při práci v systému zpomalení odezvy.

Opět jsme se s majitelem dohodli, že PC přeinstalujeme, což není problém, kdy majitel používá minimum aplikací a software. Ovšem i zde nastal problém. Po formátu HDD a v průběhu samotné instalaci Windows mi vyskočí opakovaně okno:

Koordinátor DTC Setup Error
Podkomponenta Koordinátor DTC způsobila vyjímku při zpracování zprávy instalačního programu OC_COMPLETE_INSTALATION. d:\nt\com\com1x\dtc\ntdtcsetup\src\csetuputil.cpp (řádek 2746) Kód chyby = 0x80070428
Při obsluze řídící žádosti došlo ve službě k vyjímce. Nelze provést funkci DllRegisterServer () v C:\WINDOWS\system32\msdtctm.dll.

Zvažuji vyzkoušet instalaci systému na jiný HDD a ukáže se jak se bude PC chovat dál.

Pokud budete mít nějaké podněty k tomu co jsem napsal budu rád.

[motji]

hippo_76
Hezké poledne
souvisí to nějak s tím počítačem, který v tomto topicu řešíme? Pokud ne, poprosím Vás, založte si vlastní topic a zkopírujte tam problém, co jste popsal. Tady by se nám ty rady pletli . Kolega se určitě podívá
Děkuji

[hippo_76]

Dobrý večer,

ano jedná se o ten stejný počítač. Proto jsem to také umístil zde .

[MiliNess]

Už podle těch příznaků - zásek zřejmě ještě před tím, než BIOS předá řízení MBR, hluk HDD - bych hádal ten disk, (eventuelně by mohl být vadný řadič disku) Tomu by odpovídala ta chyba při registraci komponenty (pravděpodobně chybně zkopírovaná knihovna msdtctm.dll nebo jiný modul). Pokud je v pořádku instalační médium, začal bych výměnou disku a kabelů. Pokud ani to nepomůže, pak už jedině vyměnit MB.

[MiliNess]

Pak mě napadla ještě jedna možnost. To by snad připadalo v úvahu jedině pokud by se jednalo o disk s rozhraním SATA, s řadičem v módu AHCI (nebo RAID) a při instalaci byste používal chybný ovladač miniportu řadiče disku, (pro jiný typ řadiče) eventuelně by ovladač miniportu řadiče mohl být pro správný typ, ale obsahoval by chybu.
To by se dalo zjistit tak, že byste v nastavení BIOSu nastavil řadič z módu AHCI do módu IDE.