PC-HELP.CZ

Ahoj, mam se nechat zkontrolovat, tak tady to je ...a diky za rady, uz fakt nevim co s tim... přesměrovéno z odsud
střídavě problem s grafikou, FW, antivir, BSOD, černá obrazovka po restartu, pomaly start

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:28:27, on 29.5.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)odsud
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\DOCUME~1\Ester\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://cs.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cs.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
O8 - Extra context menu item: Add to &Evernote - res://C:\Program Files\Evernote\Evernote3.5\enbar.dll/2000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se6087.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 7808216734
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos-be ... canner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5EB13B7-6964-469C-B595-E27F5E8665C5}: NameServer = 10.107.4.100,10.107.4.129
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\WINDOWS\
O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate1ca9d1ab21a2990) (gupdate1ca9d1ab21a2990) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 11045 bytes

---

log z Mbam...


Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org

Verze databáze: 6713

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

29.5.2011 18:00:45
mbam-log-2011-05-29 (18-00-22).txt

Typ kontroly: Úplný test (C:\|D:\|F:\|)
Testované objekty: 270808
Uplynulý čas: 54 minut, 31 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 1
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

Odinstaluj:
Spybot-S&D

+
zbytky po AVG tímto:
http://www.avg.com/cz-cs/stahnout-nastroje

http://www.avg.com/filedir/util/avg_arm ... emover.exe

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod



Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Malwarebytes' Anti-Malware:
. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujisti se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit nový log z MbAM.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

ahoj, měla jsem zas problem s pripojenim, tak to sem dávám až ted, něco ten AV stale blokuje...
oběvuje se hláška po startu: "Avast nebude schopen chránit mail/zprávy, chyba 10050. Zkontrolujte zda služba Avast neni blokována FW." Když dám Opravit v Avastu, tak nereaguje, když chci spustit službu Avast ručne ve Službach, tak napíše, že byla spuštěna a hned ukončena, protože nevyvíjí žádnou činnost. Když chci ve Službách zapnout FW tak vypíše: Chyba 2 - systém nemůže nalézt uvedený soubor. Takže restartuju jako blázen (brzy to prohodim voknem)
ve Správci jsem dala zakázat: Symantec Eraser Controler Driver (je ve skrytejch a byl s zlutym vykricnikem), je to OK?
jesi to něčemu pomůže tak jsem našla log z poslední kontroly Avastu:


- Spybot odinstalováno
- AVG remover opět poněkolikáté použit, snad už to klaplo...
- v Hjt vse fixnuto podle návodu
- ATF Cleaner vyčíšténo koš atd, FF a Operu už nemam
- Mbam nálezy odstraněny, nový scan bez nálezů


ComboFix 11-05-30.04 - Ester 30.05.2011 22:34:15.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.502.249 [GMT 2:00]
Spuštěný z: c:\documents and settings\Ester\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-28 do 2011-05-30 )))))))))))))))))))))))))))))))
.
.
2011-05-29 18:26 . 2007-06-05 12:25 176128 ----a-r- c:\windows\system32\igfxres.dll
2011-05-29 18:23 . 2007-06-05 15:24 204800 ----a-r- c:\windows\system32\igfxCoIn_v4837.dll
2011-05-29 18:23 . 2007-06-05 13:22 3293184 ----a-r- c:\windows\system32\igfxress.dll
2011-05-29 18:23 . 2007-06-13 11:56 252696 ----a-r- c:\windows\system32\igfxsrvc.exe
2011-05-29 18:23 . 2007-06-05 13:22 204800 ----a-r- c:\windows\system32\igfxpph.dll
2011-05-29 18:23 . 2007-06-05 13:22 47616 ----a-r- c:\windows\system32\igfxsrvc.dll
2011-05-29 18:23 . 2007-06-05 13:22 102400 ----a-r- c:\windows\system32\hccutils.dll
2011-05-29 18:23 . 2007-06-05 13:22 204800 ----a-r- c:\windows\system32\igfxdev.dll
2011-05-29 16:39 . 2007-06-13 10:55 527128 ----a-r- c:\windows\system32\igfxcfg.exe
2011-05-29 16:39 . 2007-06-05 12:22 122880 ----a-r- c:\windows\system32\igfxcpl.cpl
2011-05-29 16:39 . 2007-06-05 13:48 910464 ----a-r- c:\windows\system32\igmedkrn.dll
2011-05-29 16:39 . 2007-06-05 13:49 2681344 ----a-r- c:\windows\system32\igxpdx32.dll
2011-05-29 16:39 . 2007-06-05 13:48 5761728 ----a-r- c:\windows\system32\drivers\igxpmp32.sys
2011-05-29 16:39 . 2007-06-05 13:48 57344 ----a-r- c:\windows\system32\igxprd32.dll
2011-05-29 16:39 . 2007-06-05 13:48 150528 ----a-r- c:\windows\system32\igxpgd32.dll
2011-05-29 16:39 . 2007-06-05 13:48 1717504 ----a-r- c:\windows\system32\igxpdv32.dll
2011-05-29 13:05 . 2011-05-29 13:05 -------- d-----w- c:\documents and settings\Ester\Data aplikací\Malwarebytes
2011-05-29 13:05 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:05 . 2011-05-29 13:05 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-05-29 13:05 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-29 13:05 . 2011-05-29 13:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-29 11:40 . 2011-05-29 11:40 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-28 17:23 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-28 17:23 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-28 17:23 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-28 17:23 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-28 17:23 . 2011-05-10 12:02 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-28 17:23 . 2011-05-10 12:02 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-28 17:23 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-28 17:23 . 2011-05-10 11:59 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-28 17:22 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-05-28 17:22 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-28 17:22 . 2011-05-28 17:22 -------- d-----w- c:\program files\AVAST Software
2011-05-28 17:22 . 2011-05-28 17:22 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2011-05-25 09:53 . 2011-05-25 09:54 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Skype Extras
2011-05-25 09:53 . 2011-05-25 09:53 -------- d-----w- c:\program files\Common Files\Skype
2011-05-24 10:16 . 2011-05-24 10:16 -------- d-----w- c:\documents and settings\Ester\DoctorWeb
2011-05-22 23:01 . 2007-03-06 12:58 57344 ----a-w- c:\windows\system32\acpimof.dll
2011-05-22 23:01 . 2006-02-16 13:39 45056 ----a-w- c:\windows\system32\Epm-Po.dll
2011-05-22 16:55 . 2011-05-22 16:55 -------- d-----w- c:\documents and settings\All Users\Data aplikací\IObit
2011-05-22 11:48 . 2011-05-22 11:48 -------- d-----w- c:\documents and settings\Ester\Data aplikací\IObit
2011-05-22 11:48 . 2011-05-22 11:48 -------- d-----w- c:\program files\IObit
2011-05-22 10:55 . 2011-05-22 10:55 -------- d-----w- c:\program files\Trend Micro
2011-05-22 10:05 . 2011-05-22 10:05 -------- d-----w- c:\program files\CCleaner
2011-05-22 07:50 . 2011-05-22 07:50 -------- d-----w- c:\documents and settings\All Users\Uniblue
2011-05-22 07:50 . 2011-05-22 08:10 -------- d-----w- c:\documents and settings\Ester\Data aplikací\Uniblue
2011-05-22 07:42 . 2011-05-22 07:42 -------- d-----w- c:\documents and settings\Ester\Local Settings\Data aplikací\eSupport.com
2011-05-22 07:42 . 2011-05-14 13:15 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2011-05-22 07:01 . 2011-05-22 07:01 -------- d-----w- c:\documents and settings\Ester\Local Settings\Data aplikací\PackageAware
2011-05-17 18:28 . 2011-05-17 18:34 -------- d-----w- c:\program files\NirSoft
2011-05-15 15:37 . 2011-05-15 15:37 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-05 23:36 . 2011-05-05 23:36 -------- d-----w- c:\documents and settings\já\Local Settings\Data aplikací\Temp
2011-05-05 12:03 . 2011-05-05 12:04 -------- d-----w- c:\program files\ICQ7.5
2011-05-01 02:43 . 2011-05-03 01:38 -------- d-----w- c:\documents and settings\Ester\Data aplikací\langmaster.sz
2011-04-30 23:37 . 2011-04-30 23:37 -------- d-----w- c:\program files\LANGMaster
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-18 18:13 . 2008-02-02 01:29 90112 ----a-w- c:\windows\DUMP605f.tmp
2011-04-10 12:51 . 2011-04-10 12:51 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-10 12:51 . 2011-04-10 12:51 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-07 05:33 . 2007-05-16 15:18 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36 . 2004-08-18 03:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2007-03-08 15:36 1857920 ----a-w- c:\windows\system32\win32k.sys
2004-10-01 13:00 . 2010-07-24 19:32 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2007-10-03 471040]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 16132608]
"preload"="c:\windows\RUNXMLPL.exe" [2007-04-21 20480]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-18 59392]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-18 208952]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2007-07-11 421888]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2008-01-07 343552]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2011-5-23 45056]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\Common Files\\NewTech Infosystems\\LiveUpdate\\LiveUpdate.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [28.5.2011 19:23 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [28.5.2011 19:23 307928]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [22.5.2011 13:48 352656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28.5.2011 19:23 19544]
S2 gupdate1ca9d1ab21a2990;Služba Google Update (gupdate1ca9d1ab21a2990);c:\program files\Google\Update\GoogleUpdate.exe [24.1.2010 19:28 133104]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe --> c:\program files\ICQ6Toolbar\ICQ Service.exe [?]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [22.5.2011 9:42 23456]
S3 EC168BDA;TVGo DVB-T02PRO;c:\windows\system32\DRIVERS\EC168BDA.sys --> c:\windows\system32\DRIVERS\EC168BDA.sys [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [24.1.2010 19:28 133104]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [18.8.2004 5:00 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Obsah adresáře 'Naplánované úlohy'
.
2011-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc04f064f0bce4.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-24 17:28]
.
2011-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-24 17:28]
.
2011-05-30 c:\windows\Tasks\User_Feed_Synchronization-{8FDA357B-9004-4B4C-91DA-E15FEFCEFBDF}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
2011-05-30 c:\windows\Tasks\User_Feed_Synchronization-{DF03FE93-B93A-401F-99D3-3A5550EE3C8F}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE: Add to &Evernote - c:\program files\Evernote\Evernote3.5\enbar.dll/2000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: Interfaces\{E5EB13B7-6964-469C-B595-E27F5E8665C5}: NameServer = 10.107.4.100,10.107.4.129
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
Notify-!SASWinLogon - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-30 22:59
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2548)
c:\windows\system32\MSNCHATHOOK.DLL
c:\windows\system32\sysenv.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\MSVCP71.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Google\Update\1.3.21.53\GoogleCrashHandler.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\docume~1\Ester\LOCALS~1\Temp\RtkBtMnt.exe
.
**************************************************************************
.
Celkový čas: 2011-05-30 23:06:10 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-05-30 21:06
.
Před spuštěním: Volných bajtů: 18 441 568 256
Po spuštění: Volných bajtů: 18 296 954 880
.
- - End Of File - - CF14F3DC05C0E467E20704A6F11B73FB

Odinstaluj:
IObit\Advanced SystemCare

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT


Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.

ahoj, zatim vse při starem plus když už FW + AV náhodou jednou naskočí, tak net stejně nejde, Chyba 101 - připojení bylo resetováno,tak aspon že jede nouzák.

- Advanced SystemCare odinstalováno


ComboFix 11-05-30.04 - Ester 02.06.2011 23:10:29.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.502.230 [GMT 2:00]
Spuštěný z: c:\documents and settings\Ester\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Ester\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\docume~1\Ester\LOCALS~1\Temp\RtkBtMnt.exe"
"c:\windows\DUMP605f.tmp"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc04f064f0bce4.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Ester\LOCALS~1\Temp\RtkBtMnt.exe
c:\windows\DUMP605f.tmp
c:\windows\system32\autorun.ini
c:\windows\system32\Thumbs.db
c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc04f064f0bce4.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ERASERUTILREBOOTDRV
-------\Legacy_ICQ_SERVICE
-------\Service_EC168BDA
-------\Service_EraserUtilRebootDrv
-------\Service_ICQ Service
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-05-02 do 2011-06-02 )))))))))))))))))))))))))))))))
.
.
2011-05-29 18:26 . 2007-06-05 12:25 176128 ----a-r- c:\windows\system32\igfxres.dll
2011-05-29 18:23 . 2007-06-05 15:24 204800 ----a-r- c:\windows\system32\igfxCoIn_v4837.dll
2011-05-29 18:23 . 2007-06-05 13:22 3293184 ----a-r- c:\windows\system32\igfxress.dll
2011-05-29 18:23 . 2007-06-13 11:56 252696 ----a-r- c:\windows\system32\igfxsrvc.exe
2011-05-29 18:23 . 2007-06-05 13:22 204800 ----a-r- c:\windows\system32\igfxpph.dll
2011-05-29 18:23 . 2007-06-05 13:22 47616 ----a-r- c:\windows\system32\igfxsrvc.dll
2011-05-29 18:23 . 2007-06-05 13:22 102400 ----a-r- c:\windows\system32\hccutils.dll
2011-05-29 18:23 . 2007-06-05 13:22 204800 ----a-r- c:\windows\system32\igfxdev.dll
2011-05-29 16:39 . 2007-06-13 10:55 527128 ----a-r- c:\windows\system32\igfxcfg.exe
2011-05-29 16:39 . 2007-06-05 12:22 122880 ----a-r- c:\windows\system32\igfxcpl.cpl
2011-05-29 16:39 . 2007-06-05 13:48 910464 ----a-r- c:\windows\system32\igmedkrn.dll
2011-05-29 16:39 . 2007-06-05 13:49 2681344 ----a-r- c:\windows\system32\igxpdx32.dll
2011-05-29 16:39 . 2007-06-05 13:48 5761728 ----a-r- c:\windows\system32\drivers\igxpmp32.sys
2011-05-29 16:39 . 2007-06-05 13:48 57344 ----a-r- c:\windows\system32\igxprd32.dll
2011-05-29 16:39 . 2007-06-05 13:48 150528 ----a-r- c:\windows\system32\igxpgd32.dll
2011-05-29 16:39 . 2007-06-05 13:48 1717504 ----a-r- c:\windows\system32\igxpdv32.dll
2011-05-29 13:05 . 2011-05-29 13:05 -------- d-----w- c:\documents and settings\Ester\Data aplikací\Malwarebytes
2011-05-29 13:05 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:05 . 2011-05-29 13:05 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-05-29 13:05 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-29 13:05 . 2011-05-29 13:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-29 11:40 . 2011-05-29 11:40 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-28 17:23 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-28 17:23 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-28 17:23 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-28 17:23 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-28 17:23 . 2011-05-10 12:02 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-28 17:23 . 2011-05-10 12:02 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-28 17:23 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-28 17:23 . 2011-05-10 11:59 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-28 17:22 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-05-28 17:22 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-28 17:22 . 2011-05-28 17:22 -------- d-----w- c:\program files\AVAST Software
2011-05-28 17:22 . 2011-05-28 17:22 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2011-05-25 09:53 . 2011-05-25 09:54 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Skype Extras
2011-05-25 09:53 . 2011-05-25 09:53 -------- d-----w- c:\program files\Common Files\Skype
2011-05-24 10:16 . 2011-05-24 10:16 -------- d-----w- c:\documents and settings\Ester\DoctorWeb
2011-05-22 23:01 . 2007-03-06 12:58 57344 ----a-w- c:\windows\system32\acpimof.dll
2011-05-22 23:01 . 2006-02-16 13:39 45056 ----a-w- c:\windows\system32\Epm-Po.dll
2011-05-22 16:55 . 2011-05-22 16:55 -------- d-----w- c:\documents and settings\All Users\Data aplikací\IObit
2011-05-22 11:48 . 2011-05-22 11:48 -------- d-----w- c:\documents and settings\Ester\Data aplikací\IObit
2011-05-22 11:48 . 2011-05-22 11:48 -------- d-----w- c:\program files\IObit
2011-05-22 10:55 . 2011-05-22 10:55 -------- d-----w- c:\program files\Trend Micro
2011-05-22 10:05 . 2011-06-02 20:34 -------- d-----w- c:\program files\CCleaner
2011-05-22 07:50 . 2011-05-22 07:50 -------- d-----w- c:\documents and settings\All Users\Uniblue
2011-05-22 07:50 . 2011-05-22 08:10 -------- d-----w- c:\documents and settings\Ester\Data aplikací\Uniblue
2011-05-22 07:42 . 2011-05-22 07:42 -------- d-----w- c:\documents and settings\Ester\Local Settings\Data aplikací\eSupport.com
2011-05-22 07:42 . 2011-05-14 13:15 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2011-05-22 07:01 . 2011-05-22 07:01 -------- d-----w- c:\documents and settings\Ester\Local Settings\Data aplikací\PackageAware
2011-05-17 18:28 . 2011-05-17 18:34 -------- d-----w- c:\program files\NirSoft
2011-05-15 15:37 . 2011-05-15 15:37 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-05 23:36 . 2011-05-05 23:36 -------- d-----w- c:\documents and settings\já\Local Settings\Data aplikací\Temp
2011-05-05 12:03 . 2011-05-05 12:04 -------- d-----w- c:\program files\ICQ7.5
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-10 12:51 . 2011-04-10 12:51 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-10 12:51 . 2011-04-10 12:51 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-07 05:33 . 2007-05-16 15:18 692736 ----a-w- c:\windows\system32\inetcomm.dll
2004-10-01 13:00 . 2010-07-24 19:32 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2007-10-03 471040]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 16132608]
"preload"="c:\windows\RUNXMLPL.exe" [2007-04-21 20480]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-18 59392]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-18 208952]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2007-07-11 421888]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2008-01-07 343552]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2011-5-23 45056]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\Common Files\\NewTech Infosystems\\LiveUpdate\\LiveUpdate.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [28.5.2011 19:23 441176]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [28.5.2011 19:23 307928]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28.5.2011 19:23 19544]
S2 gupdate1ca9d1ab21a2990;Služba Google Update (gupdate1ca9d1ab21a2990);c:\program files\Google\Update\GoogleUpdate.exe [24.1.2010 19:28 133104]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [22.5.2011 9:42 23456]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [24.1.2010 19:28 133104]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [18.8.2004 5:00 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Obsah adresáře 'Naplánované úlohy'
.
2011-06-02 c:\windows\Tasks\User_Feed_Synchronization-{8FDA357B-9004-4B4C-91DA-E15FEFCEFBDF}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
2011-06-02 c:\windows\Tasks\User_Feed_Synchronization-{DF03FE93-B93A-401F-99D3-3A5550EE3C8F}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE: Add to &Evernote - c:\program files\Evernote\Evernote3.5\enbar.dll/2000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E5EB13B7-6964-469C-B595-E27F5E8665C5}: NameServer = 10.107.4.100,10.107.4.129
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-02 23:30
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3284)
c:\windows\system32\MSNCHATHOOK.DLL
c:\windows\system32\sysenv.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\MSVCP71.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Google\Update\1.3.21.53\GoogleCrashHandler.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2011-06-02 23:36:28 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-06-02 21:36
ComboFix2.txt 2011-05-30 21:06
.
Před spuštěním: Volných bajtů: 18 148 167 680
Po spuštění: Volných bajtů: 18 148 892 672
.
- - End Of File - - 47086F2D5B40E7497CF4662B10187B0B

---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:35:08, on 4.6.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
O8 - Extra context menu item: Add to &Evernote - res://C:\Program Files\Evernote\Evernote3.5\enbar.dll/2000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 7808216734
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5EB13B7-6964-469C-B595-E27F5E8665C5}: NameServer = 10.107.4.100,10.107.4.129
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate1ca9d1ab21a2990) (gupdate1ca9d1ab21a2990) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 7814 bytes
---------------------------------------

EDIT: tak Avasta jsem zas odinstalovala, a FW i net jede normal....ale je teda blbost lítat po netu bez, vid.....? problém je, že tohle dělaj všechny AV, nemam tu FW treba nak blbe nastavenou?

Antivir zatím neinstaluj.

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner

http://www.edisk.cz/stahni/29485/T-Clea ... 8.5KB.html

smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj antivir a antispyware ,následně T-Cleaner smaž a zapni si znovu antivir a antispyware.


Stáhni si CrystalDiskInfo

Spusť program a klikni na Úpravy-Kopírovat. Poté sem vlož pomocí Ctrl+V obsah logu.

Stáhni si OTH
na svojí plochu( pokud používáš Firefox , pravým klikni na OTH link a vyber uložit jako (Save as..).

Stáhni si OTL
na svojí plochu (pokud používáš Firefox , pravým klikni na OTL link a vyber uložit jako (Save as..).

Stáhni si soubor Scan.txt
na svojí plochu (pokud používáš Firefox , pravým klikni na OTL link a vyber uložit jako (Save as..).

Poklepej na soubor OTH na ploše , po spuštění programu klikni na Kill All Processes.Poté klikni na Start OTL .Poklepej Do prázdného okna pod Vlastní skenování /opravy ( Custom Scans box). Objeví se zpráva: Kliknutím na OK vyberete cestu k souboru, kliknutím na Zrušit zrušíte výběr.
Klikni na OK. Objeví se okno průzkumníku , zde klikneš na plochu a najdeš na ní soubor Scan.txt .Klikni na Otevřít.
Poté klikni na Rychle prohledat (Quick Scan). Neměň žádná jiná nastavení . Sken může trvat dlouho.
Kdy sken skončí , objeví se na ploše dva logy:
OTL.Txt a Extras.Txt , jsou uloženy ve stejném místě jako OTL.
Zkopíruj sem prosím celý obsah obou logů.

OK, neinstaluju. Našla jsem si jeste removery Nortna a Avasta, tak si něco odnesly. Pak jsem ještě zkusila dát výchozí nastavení FW, ale žádný rozdíl, ona funguje jak kdy, i bez AV.
Jak jsem smázla tu složku zavirovaný karantény od Nortona Unlockerem (nešla normálně), tak ted nejde smazat ani z koše, vždy si vytvoří novou kopii s jiným jmenem, Dc56, Dc59...Přitom se hlásí jako prázdná... Nemuze to bejt vir a jak s tim pryc?

- combofix odinstalováno
- vyčištěno obouma
- první instalaci CrystalDiskInfo přerušila BSOD
- OTL se v normálním režimu pokaždý zaseklo, takze nouzak... a přeju přájemný počteníčko :-) (nezávidím) a dík za čas :-)


----------------------------------------------------------------------------
CrystalDiskInfo 4.0.1 (C) 2008-2011 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows XP Professional SP3 [5.1 Build 2600] (x86)
Date : 2011/06/06 20:38:17

-- Controller Map ----------------------------------------------------------
+ Intel(R) ICH8M Ultra ATA Storage Controllers - 2850 [ATA]
+ Primární kanál IDE (0)
- HL-DT-ST DVDRAM GSA-T20N
- Sekundární kanál IDE (1)
+ Intel(R) 82801HEM/HBM SATA AHCI Controller [ATA]
- Hitachi HTS541680J9SA00

-- Disk List ---------------------------------------------------------------
(1) Hitachi HTS541680J9SA00 : 80.0 GB [0-1-0, pd1]

----------------------------------------------------------------------------
(1) Hitachi HTS541680J9SA00
----------------------------------------------------------------------------
Model : Hitachi HTS541680J9SA00
Firmware : SB2OC70P
Serial Number : SB2241KGE60BUE
Disk Size : 80.0 GB (8.4/80.0/80.0)
Buffer Size : 7516 KB
Queue Depth : 32
# of Sectors : 156301488
Rotation Rate : Neznámy údaj
Interface : Serial ATA
Major Version : ATA/ATAPI-7
Minor Version : ATA/ATAPI-7 T13 1532D version 1
Transfer Mode : SATA/150
Power On Hours : 13688 hod.
Power On Count : 2047 krát
Temparature : 47 C (116 F)
Health Status : Dobrý
Features : S.M.A.R.T., APM, AAM, 48bit LBA, NCQ
APM Level : 4080h [ON]
AAM Level : 80FEh [OFF]

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 100 100 _62 000000000000 Počet chyb čtení
02 100 100 _40 000000000000 Průchodnost disku
03 253 253 _33 000E00000001 Čas na roztočení ploten
04 _99 _99 __0 000000000873 Počet spuštění/zastavení
05 100 100 __5 000000000000 Počet přemapovaných sektorů
07 100 100 _67 000000000000 Počet chybných hledání
08 100 100 _40 000000000000 Čas potřebný na vyhledání
09 _69 _69 __0 000000003578 Hodin v činnosti
0A 100 100 _60 000000000000 Počet opakovaných pokusů o roztočení ploten
0C _99 _99 __0 0000000007FF Počet cyklů zapnutí zařízení
BF 100 100 __0 000000000000 Počet udalostí zaznamenaných otřesovým senzorem
C0 100 100 __0 000000000036 Počet vypnutí disku
C1 _82 _82 __0 00000002DA57 Počet cyklů načítání/vymazání
C2 117 117 __0 0035000E002F Teplota
C4 100 100 __0 000000000000 Počet udalostí s číslem realokování sektorů
C5 100 100 __0 000000000000 Počet podezřelých sektorů
C6 100 100 __0 000000000000 Počet neopravitelných sektorů
C7 200 253 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
DF 100 100 __0 000000000000 Zatížení budiče magnetických hlav způsobené opakovanými úkony

-- IDENTIFY_DEVICE ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 04 5A 3F FF C8 37 00 10 00 00 00 00 00 3F 00 00
010: 00 00 00 00 20 20 20 20 20 20 53 42 32 32 34 31
020: 4B 47 45 36 30 42 55 45 00 03 3A B8 00 04 53 42
030: 32 4F 43 37 30 50 48 69 74 61 63 68 69 20 48 54
040: 53 35 34 31 36 38 30 4A 39 53 41 30 30 20 20 20
050: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 80 10
060: 00 00 0F 00 40 00 02 00 02 00 00 07 3F FF 00 10
070: 00 3F FC 10 00 FB 01 10 F8 B0 09 50 00 00 00 07
080: 00 03 00 78 00 78 00 78 00 78 00 00 00 00 00 00
090: 00 00 00 00 00 00 00 1F 07 02 00 00 00 5E 00 4C
0A0: 00 FC 00 1A 74 6B 7F 69 61 63 74 69 3C 49 61 63
0B0: 20 3F 00 15 00 00 40 80 FF FE 00 00 80 FE 00 00
0C0: 00 00 00 00 00 00 00 00 F8 B0 09 50 00 00 00 00
0D0: 00 00 00 00 00 00 88 48 50 00 CC A5 51 DE EA AA
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00
0F0: 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 09 00 0B 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 40 01 00 00 80 00 00 00
130: 32 4A 00 00 00 00 42 51 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 80 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9E A5

---

OTL logfile created on: 8.6.2011 7:03:51 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Ester\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

502,36 Mb Total Physical Memory | 326,50 Mb Available Physical Memory | 64,99% Memory free
1,44 Gb Paging File | 1,35 Gb Available in Paging File | 94,25% Paging File free
Paging file location(s): C:\pagefile.sys 1000 2000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34,08 Gb Total Space | 19,09 Gb Free Space | 56,00% Space Free | Partition Type: NTFS
Drive D: | 34,58 Gb Total Space | 5,98 Gb Free Space | 17,30% Space Free | Partition Type: FAT32

Computer Name: ACER-109CD108E4 | User Name: Ester | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.06.07 07:31:35 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ester\Plocha\OTL.exe
PRC - [2011.06.06 19:58:13 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ester\Plocha\OTH.scr


========== Modules (SafeList) ==========

MOD - [2011.06.07 07:31:35 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ester\Plocha\OTL.exe
MOD - [2011.01.11 10:59:44 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcr90.dll
MOD - [2011.01.11 10:59:44 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcp90.dll
MOD - [2010.11.15 21:02:22 | 000,390,552 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll
MOD - [2010.10.23 02:47:27 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\GdiPlus.dll
MOD - [2010.08.23 18:12:33 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010.02.16 17:03:24 | 000,398,848 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
MOD - [2010.02.15 13:27:12 | 000,597,504 | ---- | M] (STLport Consulting, Inc.) -- C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\stlport_vc7145.dll
MOD - [2008.04.14 05:21:51 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui1.dll
MOD - [2008.04.14 05:21:51 | 000,141,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\nwprovau.dll
MOD - [2008.04.14 05:21:51 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui0.dll
MOD - [2008.04.14 05:21:51 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntlanman.dll
MOD - [2008.04.14 05:21:50 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netrap.dll
MOD - [2008.04.14 05:21:46 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msacm32.dll
MOD - [2008.04.14 05:21:39 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\davclnt.dll
MOD - [2008.04.14 05:21:39 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drprov.dll
MOD - [2008.04.14 05:21:36 | 001,852,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\acgenral.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011.03.01 09:56:36 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2007.03.21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2005.07.08 17:24:46 | 000,871,424 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)


========== Driver Services (SafeList) ==========

DRV - [2011.05.14 15:15:13 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2008.04.13 20:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008.04.13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2007.05.30 20:04:56 | 004,424,192 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.05.02 03:52:00 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2007.02.16 15:46:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006.12.22 20:56:44 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006.12.22 20:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006.12.22 20:55:56 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006.10.13 00:28:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005.07.08 17:17:54 | 000,099,584 | ---- | M] (Nero AG) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005.07.08 17:17:36 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2005.07.08 17:17:31 | 000,028,672 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)
DRV - [2005.01.13 15:46:16 | 000,069,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)
DRV - [2004.08.18 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004.08.18 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.6.0
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.2.1
FF - prefs.js..extensions.enabledItems: {942cd1d4-9cc1-4d31-876a-ea8f489f7a59}:3.3.2.1
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="



[2008.12.21 08:25:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ester\Data aplikací\Mozilla\Extensions
[2011.05.22 07:48:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ester\Data aplikací\Mozilla\Firefox\Profiles\sgetugha.default\extensions
[2011.05.15 14:06:33 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Ester\Data aplikací\Mozilla\Firefox\Profiles\sgetugha.default\searchplugins\icqplugin-1.xml
[2010.02.19 07:29:08 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Ester\Data aplikací\Mozilla\Firefox\Profiles\sgetugha.default\searchplugins\icqplugin-10.xml
[2010.03.28 02:58:07 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Ester\Data aplikací\Mozilla\Firefox\Profiles\sgetugha.default\searchplugins\icqplugin-11.xml
[2010.04.03 15:12:59 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Ester\Data aplikací\Mozilla\Firefox\Profiles\sgetugha.default\searchplugins\icqplugin-12.xml
[2010.05.04 11:26:17 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Ester\Data aplikací\Mozilla\Firefox\Profiles\sgetugha.default\searchplugins\icqplugin-13.xml
[2011.01.06 21:32:20 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Ester\Data aplikací\Mozilla\Firefox\Profiles\sgetugha.default\searchplugins\icqplugin-14.xml
[2008.03.31 09:52:00 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\Ester\Data aplikací\Mozilla\Firefox\Profiles\sgetugha.default\searchplugins\icqplugin-15.xml
[2011.03.27 01:58:48 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Ester\Data aplikací\Mozilla\Firefox\Profiles\sgetugha.default\searchplugins\icqplugin-16.xml
[2011.03.27 02:11:07 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Ester\Data aplikací\Mozilla\Firefox\Profiles\sgetugha.default\searchplugins\icqplugin-17.xml
[2008.12.21 05:45:51 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Ester\Data aplikací\Mozilla\Firefox\Profiles\sgetugha.default\searchplugins\icqplugin-2.xml
[2008.12.21 08:26:16 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Ester\Data aplikací\Mozilla\Firefox\Profiles\sgetugha.default\searchplugins\icqplugin-3.xml
[2009.05.04 23:08:11 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Ester\Data aplikací\Mozilla\Firefox\Profiles\sgetugha.default\searchplugins\icqplugin-4.xml
[2009.10.17 14:09:15 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Ester\Data aplikací\Mozilla\Firefox\Profiles\sgetugha.default\searchplugins\icqplugin-5.xml
[2009.10.17 15:38:52 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Ester\Data aplikací\Mozilla\Firefox\Profiles\sgetugha.default\searchplugins\icqplugin-6.xml
[2009.11.22 04:14:14 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Ester\Data aplikací\Mozilla\Firefox\Profiles\sgetugha.default\searchplugins\icqplugin-7.xml
[2009.12.18 01:24:36 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Ester\Data aplikací\Mozilla\Firefox\Profiles\sgetugha.default\searchplugins\icqplugin-8.xml
[2010.01.24 12:28:24 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Ester\Data aplikací\Mozilla\Firefox\Profiles\sgetugha.default\searchplugins\icqplugin-9.xml
[2011.05.05 14:03:46 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Ester\Data aplikací\Mozilla\Firefox\Profiles\sgetugha.default\searchplugins\icqplugin.gif
[2011.05.05 14:03:46 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\Ester\Data aplikací\Mozilla\Firefox\Profiles\sgetugha.default\searchplugins\icqplugin.src
[2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Documents and Settings\Ester\Data aplikací\Mozilla\Firefox\Profiles\sgetugha.default\searchplugins\icqplugin.xml
[2008.06.22 22:13:22 | 000,000,656 | ---- | M] () -- C:\Documents and Settings\Ester\Data aplikací\Mozilla\Firefox\Profiles\sgetugha.default\searchplugins\yahoo.xml
File not found (No name found) --
[2011.04.10 14:51:44 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

O1 HOSTS File: ([2011.06.02 23:30:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe ()
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [preload] C:\WINDOWS\RunXMLPL.exe (Wistron Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe (Acer Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to &Evernote - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKCU\..Trusted Domains: internet ([]about in Místní intranet)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 7808216734 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Ester\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ester\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Unable to start service SrService!

========== Files/Folders - Created Within 30 Days ==========

[2011.06.07 07:31:47 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ester\Plocha\OTL.exe
[2011.06.06 20:19:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011.06.06 20:18:41 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2011.06.06 20:18:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Real
[2011.06.06 20:18:30 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2011.06.06 20:18:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Real
[2011.06.06 20:18:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ester\Data aplikací\Real
[2011.06.06 20:16:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ester\Local Settings\Data aplikací\OpenCandy
[2011.06.06 20:16:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ester\Data aplikací\OpenCandy
[2011.06.06 20:16:55 | 000,000,000 | ---D | C] -- C:\Program Files\CrystalDiskInfo
[2011.06.06 20:16:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\CrystalDiskInfo
[2011.06.06 19:58:21 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ester\Plocha\OTH.scr
[2011.06.05 15:57:19 | 000,306,736 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Ester\Plocha\aswclear.exe
[2011.06.05 15:14:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Norton
[2011.06.05 15:13:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ester\Local Settings\Data aplikací\NPE
[2011.06.05 14:52:32 | 006,141,880 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Ester\Plocha\NPE.exe
[2011.06.05 05:29:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ester\Data aplikací\HD Tune Pro
[2011.06.05 05:29:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\HD Tune Pro
[2011.06.05 05:29:25 | 000,000,000 | ---D | C] -- C:\Program Files\HD Tune Pro
[2011.06.04 23:48:54 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2011.06.04 23:48:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ester\Nabídka Start\Programy\Unlocker
[2011.06.04 21:33:30 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011.06.04 21:32:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ester\Recent
[2011.06.02 23:26:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011.05.30 21:08:09 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011.05.30 19:28:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011.05.29 15:05:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ester\Data aplikací\Malwarebytes
[2011.05.29 15:05:34 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.05.29 15:05:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes' Anti-Malware
[2011.05.29 15:05:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2011.05.29 15:05:28 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.05.29 15:05:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.05.28 19:22:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
[2011.05.25 11:53:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Skype Extras
[2011.05.25 11:53:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011.05.25 11:53:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Skype
[2011.05.24 12:16:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ester\DoctorWeb
[2011.05.23 01:01:22 | 000,045,056 | ---- | C] (Acer Labs USA) -- C:\WINDOWS\System32\Epm-Po.dll
[2011.05.22 18:55:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\IObit
[2011.05.22 13:48:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ester\Data aplikací\IObit
[2011.05.22 13:48:31 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011.05.22 12:55:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\HijackThis
[2011.05.22 12:55:33 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011.05.22 12:05:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\CCleaner
[2011.05.22 12:05:34 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.05.22 11:24:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ester\Dokumenty\CyberLink
[2011.05.22 09:50:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Uniblue
[2011.05.22 09:50:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ester\Data aplikací\Uniblue
[2011.05.22 09:42:23 | 000,023,456 | ---- | C] (Phoenix Technologies) -- C:\WINDOWS\System32\drivers\DrvAgent32.sys
[2011.05.22 09:42:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ester\Local Settings\Data aplikací\eSupport.com
[2011.05.22 09:01:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ester\Local Settings\Data aplikací\PackageAware
[2011.05.21 01:15:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ester\Dokumenty\iobit_toolbox_1,2
[2011.05.17 20:28:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ester\Nabídka Start\Programy\NirSoft BlueScreenView
[2011.05.17 20:28:22 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft
[2008.02.02 03:42:00 | 000,016,384 | ---- | C] ( ) -- C:\WINDOWS\System32\ClearEvent.exe
[2008.02.02 03:39:19 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\SysMonitor.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.06.08 06:57:20 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.06.08 06:56:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.06.08 06:53:42 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc04f064f0bce4.job
[2011.06.07 21:23:11 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.06.07 18:19:47 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\Ester\Plocha\Microsoft Word.lnk
[2011.06.07 17:41:00 | 000,000,466 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8FDA357B-9004-4B4C-91DA-E15FEFCEFBDF}.job
[2011.06.07 17:38:47 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1871938407-2727508527-3954083314-1008.job
[2011.06.07 17:37:00 | 000,000,460 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{DF03FE93-B93A-401F-99D3-3A5550EE3C8F}.job
[2011.06.07 08:04:53 | 000,492,770 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.06.07 08:04:53 | 000,489,572 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2011.06.07 08:04:53 | 000,102,612 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2011.06.07 08:04:53 | 000,090,790 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.06.07 07:31:35 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ester\Plocha\OTL.exe
[2011.06.06 20:19:56 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1871938407-2727508527-3954083314-1008.job
[2011.06.06 20:19:25 | 000,001,605 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Free Offers.lnk
[2011.06.06 20:19:25 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\RealPlayer.lnk
[2011.06.06 20:18:41 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2011.06.06 20:16:56 | 000,001,647 | ---- | M] () -- C:\Documents and Settings\Ester\Plocha\CrystalDiskInfo.lnk
[2011.06.06 19:58:13 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ester\Plocha\OTH.scr
[2011.06.05 17:35:20 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2011.06.05 16:32:32 | 000,002,504 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011.06.05 15:57:20 | 000,306,736 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Ester\Plocha\aswclear.exe
[2011.06.05 15:19:23 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2011.06.05 15:03:45 | 000,932,400 | ---- | M] () -- C:\Documents and Settings\Ester\Plocha\Norton_Removal_Tool.exe
[2011.06.05 14:52:41 | 006,141,880 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Ester\Plocha\NPE.exe
[2011.06.05 05:29:26 | 000,000,712 | ---- | M] () -- C:\Documents and Settings\Ester\Plocha\HD Tune Pro.lnk
[2011.06.02 23:30:41 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011.06.02 22:34:20 | 000,000,686 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\CCleaner.lnk
[2011.05.30 21:40:59 | 000,000,426 | ---- | M] () -- C:\Documents and Settings\Ester\Plocha\Zástupce - Systém.lnk
[2011.05.29 21:16:27 | 000,434,065 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110529-211858.backup
[2011.05.29 21:13:11 | 000,434,065 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110529-211627.backup
[2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.05.29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.05.28 14:26:48 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[2011.05.24 13:09:05 | 000,000,789 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110529-211311.backup
[2011.05.23 04:19:25 | 000,000,212 | ---- | M] () -- C:\Boot.bak
[2011.05.23 01:06:20 | 000,283,729 | ---- | M] () -- C:\WINDOWS\System32\setup.inx
[2011.05.23 00:56:13 | 000,001,573 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Empowering Technology.lnk
[2011.05.22 12:55:34 | 000,001,738 | ---- | M] () -- C:\Documents and Settings\Ester\Plocha\HijackThis.lnk
[2011.05.22 11:15:29 | 000,001,762 | ---- | M] () -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Acer Empowering Technology.lnk
[2011.05.22 09:49:18 | 000,080,147 | ---- | M] () -- C:\Documents and Settings\Ester\Plocha\DriverAgent_scan_results.mhtml
[2011.05.22 09:42:25 | 000,001,045 | ---- | M] () -- C:\Documents and Settings\Ester\Plocha\Find Drivers with DriverAgent.lnk
[2011.05.22 08:19:23 | 000,001,097 | ---- | M] () -- C:\Documents and Settings\Ester\Plocha\BlueScreenView.lnk
[2011.05.22 02:03:28 | 000,000,189 | ---- | M] () -- C:\Documents and Settings\Ester\Plocha\Zástupce - ADATA SH93 (F).lnk
[2011.05.21 01:15:59 | 000,000,698 | ---- | M] () -- C:\Documents and Settings\Ester\Plocha\Zástupce - Toolbox.exe.lnk
[2011.05.16 18:23:04 | 000,000,783 | ---- | M] () -- C:\WINDOWS\NTIWVEDT.INI
[2011.05.15 17:55:42 | 000,874,422 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110517-181435.backup
[2011.05.14 15:15:13 | 000,023,456 | ---- | M] (Phoenix Technologies) -- C:\WINDOWS\System32\drivers\DrvAgent32.sys
[2011.05.13 00:44:52 | 000,874,422 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110515-175542.backup
[2011.05.12 23:20:07 | 000,874,422 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110513-004452.backup
[2011.05.12 23:18:28 | 000,874,422 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110512-232007.backup
[2011.05.12 23:17:45 | 000,874,422 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110512-231828.backup
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.06.08 06:53:42 | 000,000,936 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc04f064f0bce4.job
[2011.06.06 20:19:56 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1871938407-2727508527-3954083314-1008.job
[2011.06.06 20:19:55 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1871938407-2727508527-3954083314-1008.job
[2011.06.06 20:19:25 | 000,001,605 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Free Offers.lnk
[2011.06.06 20:19:25 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\RealPlayer.lnk
[2011.06.06 20:16:56 | 000,001,647 | ---- | C] () -- C:\Documents and Settings\Ester\Plocha\CrystalDiskInfo.lnk
[2011.06.05 15:03:44 | 000,932,400 | ---- | C] () -- C:\Documents and Settings\Ester\Plocha\Norton_Removal_Tool.exe
[2011.06.05 05:29:26 | 000,000,712 | ---- | C] () -- C:\Documents and Settings\Ester\Plocha\HD Tune Pro.lnk
[2011.05.30 21:40:59 | 000,000,426 | ---- | C] () -- C:\Documents and Settings\Ester\Plocha\Zástupce - Systém.lnk
[2011.05.30 21:08:14 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2011.05.30 21:08:10 | 000,261,312 | RHS- | C] () -- C:\cmldr
[2011.05.29 20:23:44 | 000,204,800 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4837.dll
[2011.05.29 18:39:53 | 000,910,464 | R--- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2011.05.29 18:39:53 | 000,026,320 | R--- | C] () -- C:\WINDOWS\System32\igxpxs32.vp
[2011.05.29 18:39:53 | 000,002,096 | R--- | C] () -- C:\WINDOWS\System32\igxpxk32.vp
[2011.05.29 15:05:34 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2011.05.23 04:19:27 | 000,001,762 | ---- | C] () -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Acer Empowering Technology.lnk
[2011.05.23 01:07:13 | 000,283,729 | ---- | C] () -- C:\WINDOWS\System32\setup.inx
[2011.05.23 00:56:13 | 000,001,573 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Empowering Technology.lnk
[2011.05.22 12:55:34 | 000,001,738 | ---- | C] () -- C:\Documents and Settings\Ester\Plocha\HijackThis.lnk
[2011.05.22 12:05:35 | 000,000,686 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\CCleaner.lnk
[2011.05.22 09:49:16 | 000,080,147 | ---- | C] () -- C:\Documents and Settings\Ester\Plocha\DriverAgent_scan_results.mhtml
[2011.05.22 09:42:25 | 000,001,045 | ---- | C] () -- C:\Documents and Settings\Ester\Plocha\Find Drivers with DriverAgent.lnk
[2011.05.22 08:19:23 | 000,001,097 | ---- | C] () -- C:\Documents and Settings\Ester\Plocha\BlueScreenView.lnk
[2011.05.22 02:03:28 | 000,000,189 | ---- | C] () -- C:\Documents and Settings\Ester\Plocha\Zástupce - ADATA SH93 (F).lnk
[2011.05.21 01:15:59 | 000,000,698 | ---- | C] () -- C:\Documents and Settings\Ester\Plocha\Zástupce - Toolbox.exe.lnk
[2011.05.06 01:28:26 | 000,000,032 | -H-- | C] () -- C:\Documents and Settings\All Users\Data aplikací\ezsidmv.dat
[2011.03.16 20:43:28 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011.02.05 01:41:51 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011.01.30 20:30:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\N360BUOptions.ini
[2011.01.25 17:36:53 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011.01.07 00:26:39 | 001,189,496 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2010.11.20 18:57:54 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\igfxtvcx.dll
[2010.07.25 12:58:40 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.07.24 23:58:37 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010.07.24 21:50:51 | 000,000,361 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2010.07.24 21:32:07 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2010.03.07 19:43:41 | 000,057,936 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010.01.24 18:15:39 | 000,000,082 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008.05.25 11:17:21 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008.04.13 13:08:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Jcmkr32.INI
[2008.03.24 02:53:25 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ImageItEncrypt.exe
[2008.03.22 01:05:18 | 000,001,492 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008.03.16 17:27:02 | 000,000,783 | ---- | C] () -- C:\WINDOWS\NTIWVEDT.INI
[2008.03.13 20:58:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\graphedit.INI
[2008.03.12 16:51:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008.03.01 13:59:26 | 000,000,188 | ---- | C] () -- C:\WINDOWS\System32\eDataSecurity.dat
[2008.02.16 17:44:59 | 000,000,761 | ---- | C] () -- C:\WINDOWS\m3jp2k.ini
[2008.02.16 17:44:59 | 000,000,702 | ---- | C] () -- C:\WINDOWS\mmtvmj.ini
[2008.02.16 17:44:58 | 000,000,714 | ---- | C] () -- C:\WINDOWS\m3jpeg.ini
[2008.02.16 17:44:54 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2008.02.16 17:44:52 | 000,152,064 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008.02.09 21:02:18 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Ester\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.02.02 21:15:48 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008.02.02 12:27:48 | 000,000,037 | ---- | C] () -- C:\WINDOWS\PreLaunch.ini
[2008.02.02 03:34:45 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\Ester\Local Settings\Data aplikací\fusioncache.dat
[2008.01.18 00:33:12 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll
[2008.01.18 00:32:30 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\InstallCheck.dll
[2008.01.15 18:33:14 | 001,504,768 | ---- | C] () -- C:\WINDOWS\System32\UIVCL.dll
[2007.08.14 09:09:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007.08.14 09:09:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007.08.14 08:53:20 | 000,492,770 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2007.08.14 08:53:20 | 000,489,572 | ---- | C] () -- C:\WINDOWS\System32\perfh005.dat
[2007.08.14 08:53:20 | 000,102,612 | ---- | C] () -- C:\WINDOWS\System32\perfc005.dat
[2007.08.14 08:53:20 | 000,090,790 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2007.08.14 08:48:34 | 000,288,496 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007.08.14 08:10:04 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2007.08.14 08:09:32 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2007.08.14 08:09:32 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2007.08.14 08:09:32 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2007.04.26 20:54:14 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\HTCA_SelfExtract.bin
[2006.08.28 19:30:04 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2006.08.01 15:02:32 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006.07.24 13:33:30 | 000,003,218 | ---- | C] () -- C:\WINDOWS\System32\drivers\WINIO.sys
[2006.03.10 14:18:16 | 000,036,404 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004.10.15 08:46:18 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004.10.15 08:43:46 | 000,021,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004.08.18 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.18 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.18 05:00:00 | 000,269,162 | ---- | C] () -- C:\WINDOWS\System32\perfi005.dat
[2004.08.18 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.18 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.18 05:00:00 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\perfd005.dat
[2004.08.18 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.18 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.18 05:00:00 | 000,003,568 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004.08.18 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.08.18 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004.05.14 13:04:36 | 000,049,152 | ---- | C] () -- C:\WINDOWS\XMLaunch.exe
[2003.11.24 15:55:48 | 000,743,424 | ---- | C] () -- C:\WINDOWS\libxml2.dll
[2003.11.24 15:55:32 | 000,872,448 | ---- | C] () -- C:\WINDOWS\iconv.dll
[2002.09.12 22:41:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002.09.12 22:41:26 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2011.06.04 20:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
[2010.11.21 03:25:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\Common Files
[2011.05.05 14:03:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2011.05.22 18:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\IObit
[2008.04.13 13:04:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\LightScribe
[2011.01.08 20:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\MFAData
[2010.07.25 01:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\NtiDvdCopy
[2011.05.03 03:38:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2008.02.02 12:21:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2010.04.07 21:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.03.07 17:36:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011.05.15 20:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ester\Data aplikací\EssentialPIM
[2011.06.05 05:29:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ester\Data aplikací\HD Tune Pro
[2011.05.22 06:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ester\Data aplikací\ICQ
[2008.07.12 18:54:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ester\Data aplikací\ICQ Toolbar
[2010.07.24 21:44:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ester\Data aplikací\InterTrust
[2011.05.22 13:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ester\Data aplikací\IObit
[2011.05.03 03:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ester\Data aplikací\langmaster.sz
[2011.06.06 20:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ester\Data aplikací\OpenCandy
[2010.03.05 11:17:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ester\Data aplikací\OpenOffice.org
[2010.12.30 16:05:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ester\Data aplikací\Tific
[2011.05.22 10:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ester\Data aplikací\Uniblue
[2011.06.07 17:41:00 | 000,000,466 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{8FDA357B-9004-4B4C-91DA-E15FEFCEFBDF}.job
[2011.06.07 17:37:00 | 000,000,460 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{DF03FE93-B93A-401F-99D3-3A5550EE3C8F}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008.03.12 17:59:25 | 000,000,036 | RHS- | M] () -- C:\.uid_xxx
[2011.05.23 04:19:25 | 000,000,212 | ---- | M] () -- C:\Boot.bak
[2011.06.05 15:19:23 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2004.08.18 05:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2004.10.15 08:26:46 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2004.08.03 23:00:04 | 000,261,312 | RHS- | M] () -- C:\cmldr
[2011.06.04 21:05:30 | 000,000,114 | ---- | M] () -- C:\delrepxp.log
[2008.03.02 07:27:30 | 115,343,872 | -HS- | M] () -- C:\eDS_PSD_drive.vmdf
[2004.10.15 08:46:40 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008.03.24 06:02:55 | 000,000,007 | ---- | M] () -- C:\ISACER.id
[2004.10.15 08:46:40 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004.08.18 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009.02.22 08:31:43 | 000,250,576 | RHS- | M] () -- C:\ntldr
[2011.06.08 06:56:43 | 1048,576,000 | -HS- | M] () -- C:\pagefile.sys
[2007.10.25 06:52:52 | 000,003,179 | -HS- | M] () -- C:\Patch.rev
[2007.04.26 08:45:58 | 000,000,631 | ---- | M] () -- C:\PDVD.iss
[2007.08.14 18:16:26 | 000,000,072 | RHS- | M] () -- C:\preload.aaa
[2007.08.14 18:16:26 | 000,000,072 | RHS- | M] () -- C:\Preload.rev
[2007.08.14 07:49:18 | 000,000,004 | ---- | M] () -- C:\wps.dat
[1 C:\*.tmp files -> C:\*.tmp -> ]

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004.10.15 08:37:06 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004.10.15 08:37:06 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004.10.15 08:37:06 | 000,471,040 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2011.05.14 15:15:13 | 000,023,456 | ---- | M] (Phoenix Technologies) -- C:\WINDOWS\system32\drivers\DrvAgent32.sys
[2011.05.29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:D724DE2C
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:0B4227B4
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:D1B5B4F1

< End of report >

nevešlo se ...


OTL Extras logfile created on: 8.6.2011 7:03:51 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Ester\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

502,36 Mb Total Physical Memory | 326,50 Mb Available Physical Memory | 64,99% Memory free
1,44 Gb Paging File | 1,35 Gb Available in Paging File | 94,25% Paging File free
Paging file location(s): C:\pagefile.sys 1000 2000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34,08 Gb Total Space | 19,09 Gb Free Space | 56,00% Space Free | Partition Type: NTFS
Drive D: | 34,58 Gb Total Space | 5,98 Gb Free Space | 17,30% Space Free | Partition Type: FAT32

Computer Name: ACER-109CD108E4 | User Name: Ester | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00020405-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Standard
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AD13F68-CADA-4C6B-9759-C33753F89908}" = Acer eDataSecurity Management
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5DE71D48-01EB-4BF2-A643-50FE6C9B6AC9}" = OpenOffice.org 3.2
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{90A40405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Součásti připojení sady Microsoft Office Small Business
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1029-7B44-AA0000000001}" = Adobe Reader X - Czech
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = TIPCI
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"{FFFF6D5C-E2F1-4B40-BC89-8923312E89EB}}_is1" = ACE Mega CoDecS Pack
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Atf" = All Ten Fingers
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"CrystalDiskInfo_is1" = CrystalDiskInfo 4.0.1
"EssentialPIM" = EssentialPIM
"Google Chrome" = Google Chrome
"GridVista" = Acer GridVista
"HD Tune Pro_is1" = HD Tune Pro 4.61
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InCD!UninstallKey" = InCD
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"InstallShield_{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Lingea Pocket ENCZ" = Lingea kapesní knižní slovník
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware verze 1.51.0.1200
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSWord2000_sz_cs_cz_MSWord2000_is1" = LANGMaster Výuka: MS Word 2000
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NirSoft BlueScreenView" = NirSoft BlueScreenView
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RealPlayer 12.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TVWiz" = Intel(R) TV Wizard
"Unlocker" = Unlocker 1.9.1
"VLC media player" = VLC media player 1.1.4
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7.6.2011 11:35:24 | Computer Name = ACER-109CD108E4 | Source = MSSQL$MSSMLBIZ | ID = 17207
Description = FCB::Open: Operating system error 5(Přístup byl odepřen.) occurred
while creating or opening file 'C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\mastlog.ldf'.
Diagnose and correct the operating system error, and retry the operation.

Error - 7.6.2011 11:35:24 | Computer Name = ACER-109CD108E4 | Source = MSSQL$MSSMLBIZ | ID = 17204
Description = FCB::Open failed: Could not open file C:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\DATA\mastlog.ldf for file number 2. OS error: 5(Přístup byl
odepřen.).

Error - 7.6.2011 11:43:48 | Computer Name = ACER-109CD108E4 | Source = MSSQL$MSSMLBIZ | ID = 17207
Description = FCB::Open: Operating system error 5(Přístup byl odepřen.) occurred
while creating or opening file 'C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\master.mdf'.
Diagnose and correct the operating system error, and retry the operation.

Error - 7.6.2011 11:43:48 | Computer Name = ACER-109CD108E4 | Source = MSSQL$MSSMLBIZ | ID = 17204
Description = FCB::Open failed: Could not open file C:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\DATA\master.mdf for file number 1. OS error: 5(Přístup byl
odepřen.).

Error - 7.6.2011 11:43:48 | Computer Name = ACER-109CD108E4 | Source = MSSQL$MSSMLBIZ | ID = 17207
Description = FCB::Open: Operating system error 5(Přístup byl odepřen.) occurred
while creating or opening file 'C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\mastlog.ldf'.
Diagnose and correct the operating system error, and retry the operation.

Error - 7.6.2011 11:43:48 | Computer Name = ACER-109CD108E4 | Source = MSSQL$MSSMLBIZ | ID = 17204
Description = FCB::Open failed: Could not open file C:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\DATA\mastlog.ldf for file number 2. OS error: 5(Přístup byl
odepřen.).

Error - 8.6.2011 0:53:22 | Computer Name = ACER-109CD108E4 | Source = MSSQL$MSSMLBIZ | ID = 17207
Description = FCB::Open: Operating system error 5(Přístup byl odepřen.) occurred
while creating or opening file 'C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\master.mdf'.
Diagnose and correct the operating system error, and retry the operation.

Error - 8.6.2011 0:53:22 | Computer Name = ACER-109CD108E4 | Source = MSSQL$MSSMLBIZ | ID = 17204
Description = FCB::Open failed: Could not open file C:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\DATA\master.mdf for file number 1. OS error: 5(Přístup byl
odepřen.).

Error - 8.6.2011 0:53:22 | Computer Name = ACER-109CD108E4 | Source = MSSQL$MSSMLBIZ | ID = 17207
Description = FCB::Open: Operating system error 5(Přístup byl odepřen.) occurred
while creating or opening file 'C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\mastlog.ldf'.
Diagnose and correct the operating system error, and retry the operation.

Error - 8.6.2011 0:53:22 | Computer Name = ACER-109CD108E4 | Source = MSSQL$MSSMLBIZ | ID = 17204
Description = FCB::Open failed: Could not open file C:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\DATA\mastlog.ldf for file number 2. OS error: 5(Přístup byl
odepřen.).

[ System Events ]
Error - 7.6.2011 0:56:51 | Computer Name = ACER-109CD108E4 | Source = Service Control Manager | ID = 7024
Description = Služba SQL Server (MSSMLBIZ) ukončena s chybou 3417 (0xD59), specifickou
pro službu.

Error - 7.6.2011 0:56:51 | Computer Name = ACER-109CD108E4 | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: AFD MRxSmb NetBT Rdbss Tcpip

Error - 7.6.2011 0:57:19 | Computer Name = ACER-109CD108E4 | Source = DCOM | ID = 10010
Description = Server {4EB61BAC-A3B6-4760-9581-655041EF4D69} se v daném časovém limitu
neregistroval u služby DCOM.

Error - 7.6.2011 11:35:24 | Computer Name = ACER-109CD108E4 | Source = Service Control Manager | ID = 7001
Description = Služba Klient DHCP závisí na službě Rozhraní NetBios nad protokolem
TCP/IP, která neuspěla při spuštění v důsledku následující chyby: %%31

Error - 7.6.2011 11:35:24 | Computer Name = ACER-109CD108E4 | Source = Service Control Manager | ID = 7001
Description = Služba Klient DNS závisí na službě Ovladač protokolu TCP/IP, která
neuspěla při spuštění v důsledku následující chyby: %%31

Error - 7.6.2011 11:35:24 | Computer Name = ACER-109CD108E4 | Source = Service Control Manager | ID = 7001
Description = Služba Podpora rozhraní NetBIOS nad protokolem TCP/IP závisí na službě
AFD, která neuspěla při spuštění v důsledku následující chyby: %%31

Error - 7.6.2011 11:35:24 | Computer Name = ACER-109CD108E4 | Source = Service Control Manager | ID = 7001
Description = Služba Služby IPSEC závisí na službě Ovladač protokolu TCP/IP, která
neuspěla při spuštění v důsledku následující chyby: %%31

Error - 7.6.2011 11:35:24 | Computer Name = ACER-109CD108E4 | Source = Service Control Manager | ID = 7023
Description = Služba Brána Firewall / Sdílení připojení k Internetu (ICS) byla ukončena
s následující chybou: %%2

Error - 7.6.2011 11:35:24 | Computer Name = ACER-109CD108E4 | Source = Service Control Manager | ID = 7024
Description = Služba SQL Server (MSSMLBIZ) ukončena s chybou 3417 (0xD59), specifickou
pro službu.

Error - 7.6.2011 11:35:26 | Computer Name = ACER-109CD108E4 | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: AFD MRxSmb NetBT Rdbss Tcpip


< End of report >

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:

Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
C:\WINDOWS\System32\APISlice.dll
C:\WINDOWS\System32\NTIBUN4.dll
C:\WINDOWS\System32\HTCA_SelfExtract.bin
C:\WINDOWS\System32\drivers\WINIO.sys

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

*****************************************************************************************************************************************
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna ale nespouštěj ho!!
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT


Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.


Pokud budou problémy , spusť ho v nouz. režimu.

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
No active process named firefox.exe was found!
Service HidServ stopped successfully!
Service HidServ deleted successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultName| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL| /E : value set successfully!
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: engine@conduit.com:3.3.2.1 removed from extensions.enabledItems
Prefs.js: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=" removed from keyword.URL
C:\Documents and Settings\Ester\Data aplikací\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} folder moved successfully.
C:\Documents and Settings\Ester\Data aplikací\Mozilla\Extensions folder moved successfully.
C:\Documents and Settings\Ester\Data aplikací\Mozilla\Firefox\Profiles\sgetugha.default\extensions folder moved successfully.
C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF\chrome\content folder moved successfully.
C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF\chrome folder moved successfully.
C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF folder moved successfully.
127.0.0.1 localhost removed from HOSTS file successfully
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
C:\WINDOWS\system32\perfh009.dat moved successfully.
C:\WINDOWS\system32\perfh005.dat moved successfully.
C:\WINDOWS\system32\perfc005.dat moved successfully.
C:\WINDOWS\system32\perfc009.dat moved successfully.
File C:\WINDOWS\System32\perfh009.dat not found.
File C:\WINDOWS\System32\perfh005.dat not found.
File C:\WINDOWS\System32\perfc005.dat not found.
File C:\WINDOWS\System32\perfc009.dat not found.
C:\WINDOWS\system32\perfi009.dat moved successfully.
C:\WINDOWS\system32\perfi005.dat moved successfully.
C:\WINDOWS\system32\perfd005.dat moved successfully.
C:\WINDOWS\system32\perfd009.dat moved successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:D724DE2C deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:0B4227B4 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:D1B5B4F1 deleted successfully.
========== FILES ==========
C:\WINDOWS\System32\CONFIG.TMP moved successfully.
C:\WINDOWS\002981_.tmp moved successfully.
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\System32\dllcache\*.tmp not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc04f064f0bce4.job moved successfully.
c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1871938407-2727508527-3954083314-1008.job moved successfully.
c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1871938407-2727508527-3954083314-1008.job moved successfully.
c:\windows\Tasks\User_Feed_Synchronization-{8FDA357B-9004-4B4C-91DA-E15FEFCEFBDF}.job moved successfully.
c:\windows\Tasks\User_Feed_Synchronization-{DF03FE93-B93A-401F-99D3-3A5550EE3C8F}.job moved successfully.
C:\TESTFILE.TMP moved successfully.
File\Folder C:\Documents and Settings\All Users\Data aplikací\*.tmp not found.
C:\Documents and Settings\Ester\Plocha\aswclear.exe moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Norton\{086A63F0-6B13-4F29-9695-134E7A01E963} folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Norton\NPE folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Norton folder moved successfully.
C:\Documents and Settings\Ester\Plocha\NPE.exe moved successfully.
Folder move failed. C:\Documents and Settings\Ester\Local Settings\Data aplikací\NPE scheduled to be moved on reboot.
C:\WINDOWS\System32\d3d9caps.dat moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110529-211858.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110529-211627.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110529-211311.backup moved successfully.
C:\WINDOWS\System32\setup.inx moved successfully.
C:\WINDOWS\NTIWVEDT.INI moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110517-181435.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110515-175542.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110513-004452.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110512-232007.backup moved successfully.
C:\WINDOWS\System32\drivers\etc\hosts.20110512-231828.backup moved successfully.
C:\Documents and Settings\Ester\Plocha\Norton_Removal_Tool.exe moved successfully.
C:\Documents and Settings\All Users\Data aplikací\ezsidmv.dat moved successfully.
C:\Documents and Settings\All Users\Data aplikací\N360BUOptions.ini moved successfully.
C:\WINDOWS\System32\mlfcache.dat moved successfully.
C:\WINDOWS\Jcmkr32.INI moved successfully.
C:\Documents and Settings\Ester\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
C:\Documents and Settings\All Users\Data aplikací\AVAST Software folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\MFAData\SelfUpd folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\MFAData\pack\bins folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\MFAData\pack folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\MFAData\mkt\res folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\MFAData\mkt\hi folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\MFAData\mkt\cz folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\MFAData\mkt folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\MFAData\logs folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\MFAData folder moved successfully.
C:\Documents and Settings\Ester\Data aplikací\ICQ Toolbar folder moved successfully.
< ipconfig /flushdns /c >
Konfigurace protokolu IP systému Windows
Mezipaměť překládání DNS byla úspěšně vyprázdněna.
C:\Documents and Settings\Ester\Plocha\cmd.bat deleted successfully.
C:\Documents and Settings\Ester\Plocha\cmd.txt deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 15426041 bytes
->Google Chrome cache emptied: 6159231 bytes
->Flash cache emptied: 680 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Ester
->Temp folder emptied: 32997119 bytes
->Temporary Internet Files folder emptied: 28801840 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 37371965 bytes
->Google Chrome cache emptied: 37856718 bytes
->Flash cache emptied: 2444 bytes

User: já
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 30611126 bytes
->FireFox cache emptied: 17677364 bytes
->Google Chrome cache emptied: 44479777 bytes
->Flash cache emptied: 26893 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 131577 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 4855 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 3672076 bytes

Total Files Cleaned = 244,00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: Ester
->Flash cache emptied: 0 bytes

User: já
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.23.0 log created on 06082011_165414

Files\Folders moved on Reboot...
Folder move failed. C:\Documents and Settings\Ester\Local Settings\Data aplikací\NPE scheduled to be moved on reboot.

Registry entries deleted on Reboot...

---

http://www.virustotal.com/file-scan/rep ... 1307546972
http://www.virustotal.com/file-scan/rep ... 1307547524
http://www.virustotal.com/file-scan/rep ... 1307547962
http://www.virustotal.com/file-scan/rep ... 1307548418

---

ComboFix 11-06-08.01 - Ester 08.06.2011 19:27:02.3.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.502.311 [GMT 2:00]
Spuštěný z: c:\documents and settings\Ester\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Ester\Plocha\CFScript00.txt
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-05-08 do 2011-06-08 )))))))))))))))))))))))))))))))
.
.
2011-06-08 14:54 . 2011-06-08 14:54 -------- d-----w- C:\_OTL
2011-06-06 18:18 . 2011-06-06 18:19 -------- d-----w- c:\program files\Real
2011-06-06 18:16 . 2011-06-06 18:16 -------- d-----w- c:\documents and settings\Ester\Local Settings\Data aplikací\OpenCandy
2011-06-06 18:16 . 2011-06-06 18:31 -------- d-----w- c:\program files\CrystalDiskInfo
2011-06-06 18:16 . 2011-06-06 18:16 -------- d-----w- c:\documents and settings\Ester\Data aplikací\OpenCandy
2011-06-05 13:13 . 2011-06-05 13:23 -------- d-----w- c:\documents and settings\Ester\Local Settings\Data aplikací\NPE
2011-06-05 03:29 . 2011-06-05 03:29 -------- d-----w- c:\documents and settings\Ester\Data aplikací\HD Tune Pro
2011-06-05 03:29 . 2011-06-05 03:29 -------- d-----w- c:\program files\HD Tune Pro
2011-06-04 21:48 . 2011-06-04 21:48 -------- d-----w- c:\program files\Unlocker
2011-06-04 19:08 . 2011-06-04 19:08 -------- d-----w- c:\windows\system32\wbem\Repository\FS
2011-06-04 19:08 . 2011-06-04 19:08 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-29 18:26 . 2007-06-05 12:25 176128 ----a-r- c:\windows\system32\igfxres.dll
2011-05-29 18:23 . 2007-06-05 15:24 204800 ----a-r- c:\windows\system32\igfxCoIn_v4837.dll
2011-05-29 18:23 . 2007-06-05 13:22 3293184 ----a-r- c:\windows\system32\igfxress.dll
2011-05-29 18:23 . 2007-06-13 11:56 252696 ----a-r- c:\windows\system32\igfxsrvc.exe
2011-05-29 18:23 . 2007-06-05 13:22 204800 ----a-r- c:\windows\system32\igfxpph.dll
2011-05-29 18:23 . 2007-06-05 13:22 47616 ----a-r- c:\windows\system32\igfxsrvc.dll
2011-05-29 18:23 . 2007-06-05 13:22 102400 ----a-r- c:\windows\system32\hccutils.dll
2011-05-29 18:23 . 2007-06-05 13:22 204800 ----a-r- c:\windows\system32\igfxdev.dll
2011-05-29 16:39 . 2007-06-13 10:55 527128 ----a-r- c:\windows\system32\igfxcfg.exe
2011-05-29 16:39 . 2007-06-05 12:22 122880 ----a-r- c:\windows\system32\igfxcpl.cpl
2011-05-29 16:39 . 2007-06-05 13:48 910464 ----a-r- c:\windows\system32\igmedkrn.dll
2011-05-29 16:39 . 2007-06-05 13:49 2681344 ----a-r- c:\windows\system32\igxpdx32.dll
2011-05-29 16:39 . 2007-06-05 13:48 5761728 ----a-r- c:\windows\system32\drivers\igxpmp32.sys
2011-05-29 16:39 . 2007-06-05 13:48 57344 ----a-r- c:\windows\system32\igxprd32.dll
2011-05-29 16:39 . 2007-06-05 13:48 150528 ----a-r- c:\windows\system32\igxpgd32.dll
2011-05-29 16:39 . 2007-06-05 13:48 1717504 ----a-r- c:\windows\system32\igxpdv32.dll
2011-05-29 13:05 . 2011-05-29 13:05 -------- d-----w- c:\documents and settings\Ester\Data aplikací\Malwarebytes
2011-05-29 13:05 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:05 . 2011-05-29 13:05 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-05-29 13:05 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-29 13:05 . 2011-06-05 15:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-29 11:40 . 2011-05-29 11:40 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-25 09:53 . 2011-05-25 09:54 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Skype Extras
2011-05-25 09:53 . 2011-05-25 09:53 -------- d-----w- c:\program files\Common Files\Skype
2011-05-24 10:16 . 2011-05-24 10:16 -------- d-----w- c:\documents and settings\Ester\DoctorWeb
2011-05-22 23:01 . 2007-03-06 12:58 57344 ----a-w- c:\windows\system32\acpimof.dll
2011-05-22 23:01 . 2006-02-16 13:39 45056 ----a-w- c:\windows\system32\Epm-Po.dll
2011-05-22 16:55 . 2011-05-22 16:55 -------- d-----w- c:\documents and settings\All Users\Data aplikací\IObit
2011-05-22 11:48 . 2011-05-22 11:48 -------- d-----w- c:\documents and settings\Ester\Data aplikací\IObit
2011-05-22 11:48 . 2011-05-22 11:48 -------- d-----w- c:\program files\IObit
2011-05-22 10:55 . 2011-05-22 10:55 -------- d-----w- c:\program files\Trend Micro
2011-05-22 10:05 . 2011-06-02 20:34 -------- d-----w- c:\program files\CCleaner
2011-05-22 07:50 . 2011-05-22 07:50 -------- d-----w- c:\documents and settings\All Users\Uniblue
2011-05-22 07:50 . 2011-05-22 08:10 -------- d-----w- c:\documents and settings\Ester\Data aplikací\Uniblue
2011-05-22 07:42 . 2011-06-08 16:44 -------- d-----w- c:\documents and settings\Ester\Local Settings\Data aplikací\eSupport.com
2011-05-22 07:42 . 2011-05-14 13:15 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2011-05-22 07:01 . 2011-05-22 07:01 -------- d-----w- c:\documents and settings\Ester\Local Settings\Data aplikací\PackageAware
2011-05-17 18:28 . 2011-05-17 18:34 -------- d-----w- c:\program files\NirSoft
2011-05-15 15:37 . 2011-05-15 15:37 -------- d-----w- c:\windows\system32\wbem\repository.old
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-06 18:18 . 2003-02-21 03:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-04-10 12:51 . 2011-04-10 12:51 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-10 12:51 . 2011-04-10 12:51 472808 ----a-w- c:\windows\system32\deployJava1.dll
2004-10-01 13:00 . 2010-07-24 19:32 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
.
(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2007-10-03 471040]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 16132608]
"preload"="c:\windows\RUNXMLPL.exe" [2007-04-21 20480]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-18 59392]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-18 208952]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2007-07-11 421888]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2008-01-07 343552]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2011-5-23 45056]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
.
S2 gupdate1ca9d1ab21a2990;Služba Google Update (gupdate1ca9d1ab21a2990);c:\program files\Google\Update\GoogleUpdate.exe [24.1.2010 19:28 133104]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [22.5.2011 9:42 23456]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [24.1.2010 19:28 133104]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [18.8.2004 5:00 14336]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MDMXSDK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL =
IE: Add to &Evernote - c:\program files\Evernote\Evernote3.5\enbar.dll/2000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E5EB13B7-6964-469C-B595-E27F5E8665C5}: NameServer = 10.107.4.100,10.107.4.129
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-08 19:34
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1276)
c:\progra~1\WINDOW~2\wmpband.dll
.
Celkový čas: 2011-06-08 19:37:21
ComboFix-quarantined-files.txt 2011-06-08 17:37
.
Před spuštěním: Volných bajtů: 20 685 824 000
Po spuštění: Volných bajtů: 20 660 281 344
.
- - End Of File - - 0FC1CA97A23EC35BC3BA5381987EF137

---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:56:08, on 8.6.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
O8 - Extra context menu item: Add to &Evernote - res://C:\Program Files\Evernote\Evernote3.5\enbar.dll/2000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 7808216734
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5EB13B7-6964-469C-B595-E27F5E8665C5}: NameServer = 10.107.4.100,10.107.4.129
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Služba Google Update (gupdate1ca9d1ab21a2990) (gupdate1ca9d1ab21a2990) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 7161 bytes

Koukni , zda je tento soubor na svém místě:
C:\WINDOWS\system32\srsvc.dll


Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:


Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

Pak napiš , jak to vypadá s compem..

jj, ten soubor tam je


All processes killed
========== OTL ==========
Process explorer.exe killed successfully!
No active process named firefox.exe was found!
========== FILES ==========
C:\WINDOWS\System32\NTIBUN4.dll moved successfully.
C:\WINDOWS\System32\HTCA_SelfExtract.bin moved successfully.
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Ester
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 5276161 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 18703828 bytes
->Flash cache emptied: 449 bytes

User: já
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16867 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 23,00 mb


OTL by OldTimer - Version 3.2.23.0 log created on 06092011_075720

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
--------------------------------------------------------
v průběhu otl vyskocila zase stejna tabulka jako prve - "Chyba při odstraňování souboru nebo složky: Dc60 nelze odstranit. Přístup byl odepřen. Ověřte zda disk neni zaplněn nebo chráněn proti přepsání a zda soubor není právě používán." To vypadá podobně jako ta složka co mi nešla zmazat pak ani z koše (už tam není).

no po tom combofixu a tcleaneru znatelně rychlejší a dobrý start, ale jen do BSOD při instal, Crystaldisk. po startu se opět objeví tabulka - "lsass.exe - Systémová chyba: Formát koncového bodu není platný." pak se to celé restartuje a stále dokola. řekla bych, že při načítání, na obrazovce jak se leze do Biosu, ten modrej prouzek dojde jen do třičtvrtě, když dojede skoro celej, tak pak chyba není... restart uz je dobrej, neseká se to, až na tuhle chybu. a někdy se nenačtou USB.je to tak na všech účtech. Při nouzáku je vše OK

Takže co navrhuješ? a viry tam teda uz nejsou? třeba je jen vevnitř zaprášenej.asi to nemá smysl dál co, bych to asi viděla na novej noták :-).