problém se zapínáním a restartem PC

[Lojza]

Helet udelam to asi az zitra. Zatim diky!

[Reklama]

[Damned]

Jasně, dá se to udělat i krok za krokem, položka po položce. Rychlejší bude ComboFix spustit a pak ho odinstalovat a zbytky po něm smazat.

[Lojza]

Tak ani combofix nerestartoval tak nevim jesli je to v cajku. Radsi pockam co mi napises, nez budu restartovat.

ComboFix 09-09-03.02 - Bílek 04.09.2009 7:53.1.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.2855 [GMT 2:00]
Spuštěný z: c:\documents and settings\Bílek\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 090903-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *disabled* {BFD080F6-3BF0-40E1-9507-9CA969C35870}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Bˇlek\Dokumenty\cc_20090818_175729.reg
c:\documents and settings\Bˇlek\Dokumenty\cc_20090903_101240.reg
c:\windows\AUTOLNCH.REG
c:\windows\system32\ieuinit.inf

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-08-04 do 2009-09-04 )))))))))))))))))))))))))))))))
.

2009-09-03 14:18 . 2009-09-03 14:18 -------- d-----w- C:\rsit
2009-09-01 16:51 . 2009-09-01 16:51 -------- d-----w- c:\windows\system32\wbem\Repository
2009-09-01 14:43 . 2009-09-01 16:50 -------- d-sh--w- C:\RECYCLER(2)
2009-09-01 14:06 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-01 14:06 . 2009-09-01 14:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-01 14:06 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-01 13:26 . 2009-09-03 13:41 -------- d-----w- c:\program files\Trend Micro
2009-08-11 18:12 . 2009-08-11 18:12 -------- d-----w- c:\program files\7-Zip

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-04 05:49 . 2001-10-25 14:00 78156 ----a-w- c:\windows\system32\perfc005.dat
2009-09-04 05:49 . 2001-10-25 14:00 429206 ----a-w- c:\windows\system32\perfh005.dat
2009-09-03 14:26 . 2008-11-20 18:35 713698 ----a-w- c:\windows\system32\drivers\fwdrv.err
2009-09-01 06:36 . 2008-11-20 18:22 -------- d-----w- c:\program files\FlashGet
2009-08-17 16:10 . 2009-02-18 14:33 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-02-18 14:33 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-02-18 14:33 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-02-18 14:33 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-02-18 14:33 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-02-18 14:33 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-02-18 14:33 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-02-18 14:33 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-02-18 14:33 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-16 07:34 . 2008-11-19 18:23 -------- d-----w- c:\program files\QIP
2009-08-06 07:46 . 2008-11-20 18:21 -------- d-----w- c:\program files\IrfanView
2009-08-05 10:57 . 2008-11-20 18:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-05 10:54 . 2008-11-15 19:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-30 05:40 . 2009-07-30 05:40 -------- d-----w- c:\program files\Microsoft WSE
2009-07-25 07:03 . 2009-03-01 08:55 -------- d-----w- c:\program files\rajce
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-07-13 288048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-06-13 16871936]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^ImageMixer 3 SE Camera Monitor for SD.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\ImageMixer 3 SE Camera Monitor for SD.lnk
backup=c:\windows\pss\ImageMixer 3 SE Camera Monitor for SD.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^LUMIX Simple Viewer.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\LUMIX Simple Viewer.lnk
backup=c:\windows\pss\LUMIX Simple Viewer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Bílek^Nabídka Start^Programy^Po spuštění^Adobe Gamma.lnk]
path=c:\documents and settings\Bílek\Nabídka Start\Programy\Po spuštění\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Sports Interactive\\Football Manager 2009\\fm.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\hry\\Far Cry 2\\bin\\FarCry2.exe"=
"d:\\hry\\Far Cry 2\\bin\\FC2Launcher.exe"=
"d:\\hry\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"d:\\hry\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"d:\\hry\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"d:\\hry\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [18.2.2009 16:33 114768]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [26.4.2007 11:21 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [26.4.2007 11:21 72624]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [23.4.2007 18:08 81688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [18.2.2009 16:33 20560]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe [26.4.2007 11:21 1234480]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [19.11.2008 13:31 93696]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [15.11.2008 21:36 36864]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [23.1.2009 21:00 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [23.1.2009 21:12 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [23.1.2009 21:12 107304]
.
Obsah adresáře 'Naplánované úlohy'

2009-08-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 13:21]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Bílek\Data aplikací\Mozilla\Firefox\Profiles\y7g2a0zj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-04 07:57
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-484763869-764733703-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:6e,77,40,02,7d,23,b5,f2,2c,c7,f9,aa,8b,a0,f3,ef,38,c1,ac,42,13,
85,03,23,e3,3a,59,15,76,41,3c,11,08,c9,ea,1a,b6,58,5e,13,ce,27,1c,6e,8d,73,\
"rkeysecu"=hex:3b,22,38,82,2e,fe,c4,bf,17,a0,03,d4,a6,cc,3b,3d

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,87,18,b1,c1,af,
c6,23,03,c8,28,51,af,b0,29,a3,98,d5,5d,ba,af,b5,3a,47,f0,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,72,91,f0,c5,21,
1c,f2,06,71,3b,04,66,8b,46,0d,96,1c,56,97,38,6f,10,70,30,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,5c,19,9c,eb,27,
42,20,32,25,da,ec,7e,55,20,c9,26,d3,0b,31,93,cd,cb,44,58,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,52,0d,15,1e,05,
6f,eb,1c,3e,1e,9e,e0,57,5a,93,61,f7,0e,11,6a,c8,c6,cf,ee,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,1f,55,99,27,30,
35,df,d5,cd,44,cd,b9,a6,33,6c,cd,49,d1,bd,eb,29,be,ea,4a,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,9d,2a,21,d6,c0,
85,40,be,b0,18,ed,a7,3f,8d,37,a4,7a,20,20,a0,dc,d3,85,40,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,8f,a8,2f,fa,c2,
ae,93,1c,31,77,e1,ba,b1,f8,68,02,35,e1,92,77,40,2e,07,e7,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,87,1d,50,95,59,
e3,f9,b9,83,6c,56,8b,a0,85,96,ab,ce,f6,90,f6,08,30,04,30,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,c8,36,62,19,9f,
43,44,63,51,fa,6e,91,28,9e,14,cc,ec,ff,a8,b9,7f,e1,7b,a3,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,e1,ab,94,c3,29,
74,20,f9,b1,cd,45,5a,a8,c4,f8,b9,f8,38,ea,3d,d5,da,a9,64,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,ff,b0,df,ef,58,
fa,20,1e,e3,0e,66,d5,eb,bc,2f,6b,2f,94,c7,03,a1,0b,38,88,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,82,ee,0d,1a,b2,
5f,69,41,fa,ea,66,7f,d4,3b,6b,70,11,7c,60,5a,1b,08,03,6c,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(860)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2009-09-04 7:59
ComboFix-quarantined-files.txt 2009-09-04 05:59

Před spuštěním: Volných bajtů: 13 179 719 680
Po spuštění: Volných bajtů: 13 150 973 952

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

236

[Damned]

For Steblo: Založ nové téma (pro sebe) a vlož tam log z HijackThis.
*****************************************************************************************************************************************
Lojza: Pokud nerestartoval, asi nepovažoval za nutné.
log je celkem OK, je pár neplatných a zbytečných záznamů v registru.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
C:\WINDOWS\system32\DRIVERS\ENTECH.sys
C:\Program Files\CyberLink\PowerDVD\000.fcl

Driver::
{95808DC4-FA4A-4c74-92FE-5B863F82066B}
ENTECH;ENTECH
ENTECH

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]

RegNull::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]




Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z RSIT a popiš chování počítače

[Lojza]

Tak jsem to udelal a Combofix, zase restartoval. Tak to normalne vyjelo z windows a opet klasicky zamrzlo. Tak jsem cekal 20 minut jesli se nechytne. Jenze celou dobu hucel jen vetrak a hadr nic. Tak jsem ho po 20 minutach restartoval vypnout/zapnout, protoze na tlacitko restartu nereagoval. Teda reagoval jen tim ze se zhasnul a rozsvitila kontrolka a jinak byl stale normalne zamrzlej.

ComboFix 09-09-03.02 - Bílek 04.09.2009 12:01.2.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.2780 [GMT 2:00]
Spuštěný z: c:\documents and settings\Bílek\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Bílek\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 090903-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *disabled* {BFD080F6-3BF0-40E1-9507-9CA969C35870}

FILE ::
"c:\program files\CyberLink\PowerDVD\000.fcl"
"c:\windows\system32\DRIVERS\ENTECH.sys"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Bˇlek\Dokumenty\cc_20090818_175729.reg
c:\documents and settings\Bˇlek\Dokumenty\cc_20090903_101240.reg
c:\program files\CyberLink\PowerDVD\000.fcl
c:\windows\system32\DRIVERS\ENTECH.sys

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ENTECH
-------\Legacy_{95808DC4-FA4A-4C74-92FE-5B863F82066B}
-------\Service_ENTECH


((((((((((((((((((((((((( Soubory vytvořené od 2009-08-04 do 2009-09-04 )))))))))))))))))))))))))))))))
.

2009-09-04 07:58 . 2009-09-04 07:58 -------- d-----w- c:\program files\Lavalys
2009-09-03 14:18 . 2009-09-03 14:18 -------- d-----w- C:\rsit
2009-09-01 16:51 . 2009-09-01 16:51 -------- d-----w- c:\windows\system32\wbem\Repository
2009-09-01 14:43 . 2009-09-01 16:50 -------- d-sh--w- C:\RECYCLER(2)
2009-09-01 14:06 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-01 14:06 . 2009-09-01 14:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-01 14:06 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-01 13:26 . 2009-09-03 13:41 -------- d-----w- c:\program files\Trend Micro
2009-08-11 18:12 . 2009-08-11 18:12 -------- d-----w- c:\program files\7-Zip

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-04 07:56 . 2008-11-20 18:35 715379 ----a-w- c:\windows\system32\drivers\fwdrv.err
2009-09-04 05:49 . 2001-10-25 14:00 78156 ----a-w- c:\windows\system32\perfc005.dat
2009-09-04 05:49 . 2001-10-25 14:00 429206 ----a-w- c:\windows\system32\perfh005.dat
2009-09-01 06:36 . 2008-11-20 18:22 -------- d-----w- c:\program files\FlashGet
2009-08-17 16:10 . 2009-02-18 14:33 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-02-18 14:33 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-02-18 14:33 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-02-18 14:33 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-02-18 14:33 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-02-18 14:33 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-02-18 14:33 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-02-18 14:33 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-02-18 14:33 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-16 07:34 . 2008-11-19 18:23 -------- d-----w- c:\program files\QIP
2009-08-06 07:46 . 2008-11-20 18:21 -------- d-----w- c:\program files\IrfanView
2009-08-05 10:57 . 2008-11-20 18:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-05 10:54 . 2008-11-15 19:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-30 05:40 . 2009-07-30 05:40 -------- d-----w- c:\program files\Microsoft WSE
2009-07-25 07:03 . 2009-03-01 08:55 -------- d-----w- c:\program files\rajce
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-09-04_05.57.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-04 10:28 . 2009-09-04 10:28 32768 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2009-09-04 10:28 . 2009-09-04 10:28 16384 c:\windows\Temp\Perflib_Perfdata_65c.dat
+ 2009-09-04 10:28 . 2009-09-04 10:28 16384 c:\windows\Temp\Perflib_Perfdata_4f4.dat
+ 2009-09-04 10:28 . 2009-09-04 10:29 32768 c:\windows\Temp\History\History.IE5\index.dat
+ 2009-09-04 10:28 . 2009-09-04 10:28 16384 c:\windows\Temp\Cookies\index.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-07-13 288048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-06-13 16871936]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^ImageMixer 3 SE Camera Monitor for SD.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\ImageMixer 3 SE Camera Monitor for SD.lnk
backup=c:\windows\pss\ImageMixer 3 SE Camera Monitor for SD.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^LUMIX Simple Viewer.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\LUMIX Simple Viewer.lnk
backup=c:\windows\pss\LUMIX Simple Viewer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Bílek^Nabídka Start^Programy^Po spuštění^Adobe Gamma.lnk]
path=c:\documents and settings\Bílek\Nabídka Start\Programy\Po spuštění\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Sports Interactive\\Football Manager 2009\\fm.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\hry\\Far Cry 2\\bin\\FarCry2.exe"=
"d:\\hry\\Far Cry 2\\bin\\FC2Launcher.exe"=
"d:\\hry\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"d:\\hry\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"d:\\hry\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"d:\\hry\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [18.2.2009 16:33 114768]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [26.4.2007 11:21 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [26.4.2007 11:21 72624]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [23.4.2007 18:08 81688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [18.2.2009 16:33 20560]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe [26.4.2007 11:21 1234480]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [19.11.2008 13:31 93696]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [15.11.2008 21:36 36864]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [23.1.2009 21:00 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [23.1.2009 21:12 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [23.1.2009 21:12 107304]
.
Obsah adresáře 'Naplánované úlohy'

2009-08-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 13:21]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Bílek\Data aplikací\Mozilla\Firefox\Profiles\y7g2a0zj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-04 12:29
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-484763869-764733703-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:6e,77,40,02,7d,23,b5,f2,2c,c7,f9,aa,8b,a0,f3,ef,38,c1,ac,42,13,
85,03,23,e3,3a,59,15,76,41,3c,11,08,c9,ea,1a,b6,58,5e,13,ce,27,1c,6e,8d,73,\
"rkeysecu"=hex:3b,22,38,82,2e,fe,c4,bf,17,a0,03,d4,a6,cc,3b,3d

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(864)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3408)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NetLimiter 2 Monitor\nlsvc.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\NetLimiter 2 Monitor\NLClient.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2009-09-04 12:32 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-09-04 10:32
ComboFix2.txt 2009-09-04 05:59

Před spuštěním: Volných bajtů: 13 148 176 384
Po spuštění: Volných bajtů: 13 045 846 016

208

[Damned]

Tento log je v pořádku. Vlož mi sem ještě ten log z RSIT, ale až po odinstalování ComboFixu.

Odinstaluj ComboFix.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš

(pozn.Pokud máš AVG, avast! nebo Aviru, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG, avast! i Aviru (i rezidenty), následně T-Cleaner smaž a zapni si AVG,avast!, Aviru.)


Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.

ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache,
cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer,
Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si ToolsCleaner2( by de A.Rothstein & Dj Quiou )

na Plochu a spusť ho.
Klikni na Pt. Restauration (obnova) a poté na OK.
Klikni na Corbeille (koš) a poté na OK.
Klikni na Fichiers temp (temp složky) a poté na OK.
Klikni na Recherche (hledání) a nech Cleaner pracovat. Může se během čištění zastavit , ale nech ho pokračovat.
Když program skončí , klikni na Suppression (odstranění) a odstraň nalezené.
Zavři program.
Program maže i všechny nástroje na odvirování a vytváření logů , které se zde používají (HJT, Combofix, OTM, OTL, OTS atd.)

A teď udělej ten log z RSIT a vlož mi ho sem.

[Lojza]

Log z Ersit a jeste mi to udelalo nejaky info.txt. Tak ti to sem taky prihodim, nevim jesli to k necemu je.

log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by Bílek at 2009-09-04 13:07:15
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 13 GB (21%) free of 60 GB
Total RAM: 3327 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:07:22, on 4.9.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NetLimiter 2 Monitor\NLClient.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Sports Interactive\Football Manager 2009\fm.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Bílek\Plocha\RSIT.exe
C:\Program Files\trend micro\Bílek.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

--
End of file - 7406 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-05-26 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-08-06 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-18 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-18 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-18 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-05-18 163840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-06-13 16871936]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-08-17 81000]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2009-07-13 288048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [2001-09-12 196608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-02-07 54832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rapget]
D:\Zal_MH\martin\rapget141\rapget.exe [2008-06-03 171008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-02-07 71216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
D:\hry\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2009-06-01 306088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Six Engine]
C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe [2008-06-25 5625344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-05-26 24264488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-18 136600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^ImageMixer 3 SE Camera Monitor for SD.lnk]
C:\PROGRA~1\PIXELA\IMAGEM~1\CAMERA~1.EXE [2008-02-08 253952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^LUMIX Simple Viewer.lnk]
C:\PROGRA~1\PANASO~1\LUMIXS~1\PHLEAU~1.EXE [2005-11-14 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Bílek^Nabídka Start^Programy^Po spuštění^Adobe Gamma.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2005-03-16 113664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-10-29 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe"="C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe:*:Enabled:Sunbelt Firewall GUI"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"D:\Sports Interactive\Football Manager 2009\fm.exe"="D:\Sports Interactive\Football Manager 2009\fm.exe:*:Enabled:Football Manager 2009"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"D:\hry\Far Cry 2\bin\FarCry2.exe"="D:\hry\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2"
"D:\hry\Far Cry 2\bin\FC2Launcher.exe"="D:\hry\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater"
"D:\hry\Far Cry 2\bin\FC2Editor.exe"="D:\hry\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editor"
"C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi"
"D:\hry\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"="D:\hry\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"
"D:\hry\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="D:\hry\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"D:\hry\Rockstar Games\Grand Theft Auto IV\GTAIV.exe"="D:\hry\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-09-04 13:07:15 ----D---- C:\rsit
2009-09-04 13:02:04 ----SHD---- C:\RECYCLER
2009-09-04 09:58:38 ----D---- C:\Program Files\Lavalys
2009-09-04 07:51:46 ----RASHD---- C:\cmdcons
2009-09-01 16:43:30 ----SHD---- C:\RECYCLER(2)
2009-09-01 16:28:29 ----A---- C:\Boot.bak
2009-09-01 16:06:23 ----D---- C:\Documents and Settings\Bílek\Data aplikací\Malwarebytes
2009-09-01 16:06:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-01 16:06:18 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2009-09-01 15:26:52 ----D---- C:\Program Files\Trend Micro
2009-08-11 20:12:01 ----D---- C:\Program Files\7-Zip

======List of files/folders modified in the last 1 months======

2009-09-04 13:05:35 ----D---- C:\WINDOWS\Prefetch
2009-09-04 13:05:24 ----D---- C:\WINDOWS\Temp
2009-09-04 13:02:52 ----SHD---- C:\System Volume Information
2009-09-04 13:02:52 ----D---- C:\WINDOWS\system32\Restore
2009-09-04 13:02:49 ----D---- C:\WINDOWS
2009-09-04 13:01:08 ----D---- C:\WINDOWS\system32
2009-09-04 13:01:00 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-04 12:41:30 ----D---- C:\Documents and Settings\Bílek\Data aplikací\AIMP
2009-09-04 12:32:52 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-09-04 12:32:25 ----D---- C:\Program Files\Mozilla Firefox
2009-09-04 12:32:20 ----D---- C:\WINDOWS\system32\drivers
2009-09-04 12:29:12 ----A---- C:\WINDOWS\system.ini
2009-09-04 12:29:07 ----D---- C:\Documents and Settings\Bílek\Data aplikací\uTorrent
2009-09-04 12:28:51 ----A---- C:\Log.txt
2009-09-04 12:06:15 ----D---- C:\WINDOWS\system32\config
2009-09-04 12:03:56 ----D---- C:\WINDOWS\AppPatch
2009-09-04 12:03:54 ----D---- C:\Program Files\Common Files
2009-09-04 12:00:27 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-09-04 09:58:38 ----RD---- C:\Program Files
2009-09-04 07:58:03 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-09-04 07:51:51 ----RASH---- C:\boot.ini
2009-09-03 19:29:10 ----A---- C:\WINDOWS\NeroDigital.ini
2009-09-03 11:13:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-09-03 10:10:08 ----D---- C:\Downloads
2009-09-01 20:04:50 ----A---- C:\WINDOWS\wincmd.ini
2009-09-01 18:51:10 ----D---- C:\WINDOWS\system32\wbem
2009-09-01 18:51:10 ----D---- C:\WINDOWS\Registration
2009-09-01 18:50:59 ----RSD---- C:\WINDOWS\Fonts
2009-09-01 16:46:48 ----A---- C:\WINDOWS\win.ini
2009-09-01 08:36:24 ----D---- C:\Program Files\FlashGet
2009-08-24 11:07:54 ----SD---- C:\Documents and Settings\Bílek\Data aplikací\Microsoft
2009-08-17 18:10:20 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-08-16 18:22:53 ----SHD---- C:\WINDOWS\Installer
2009-08-16 11:49:29 ----D---- C:\Documents and Settings\Bílek\Data aplikací\Skype
2009-08-16 11:39:15 ----D---- C:\Documents and Settings\Bílek\Data aplikací\skypePM
2009-08-16 09:34:06 ----D---- C:\Program Files\QIP
2009-08-12 07:16:14 ----D---- C:\Program Files\WinRAR
2009-08-10 08:58:25 ----D---- C:\Documents and Settings\Bílek\Data aplikací\Adobe
2009-08-06 09:46:08 ----D---- C:\Program Files\IrfanView
2009-08-05 12:57:15 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-05 12:54:18 ----HD---- C:\Program Files\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-08-17 26944]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [1999-09-10 25244]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-08-17 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-08-17 51376]
R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 302000]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 khips;Kerio HIPS Driver; C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 72624]
R1 nltdi;nltdi; \??\C:\WINDOWS\system32\drivers\nltdi.sys []
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-08-17 94160]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-08-17 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-10-29 3341824]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-08-06 93696]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-06-13 4754944]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1e51x86.sys [2008-06-25 36864]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-24 171520]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 a7o128m9;a7o128m9; C:\WINDOWS\system32\drivers\a7o128m9.sys []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-01-31 47360]
S3 s816bus;Sony Ericsson Device 816 driver (WDM); C:\WINDOWS\system32\DRIVERS\s816bus.sys [2007-06-19 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s816mdfl.sys [2007-06-19 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s816mdm.sys [2007-06-19 107304]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-08-17 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-10-29 585728]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-08-17 138680]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-18 152984]
R2 nlsvc;NetLimiter; C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe [2007-04-23 491520]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2007-02-07 173616]
R2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2007-04-26 1234480]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-08-17 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-08-17 352920]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-10-28 593920]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-04-12 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

info.txt
info.txt logfile of random's system information tool 1.06 2009-09-04 13:07:24

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3DMark06-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}\setup.exe" -l0x9 -removeonly
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
ACE Mega CoDecS Pack-->"C:\Program Files\ACE Mega CoDecS Pack\unins000.exe"
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 9.1.3 - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-A91000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe® Photoshop® Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Age of Empires III-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
AIMP2-->C:\Program Files\AIMP2\Uninstall.exe
Apple Software Update-->MsiExec.exe /I{55FA89BD-21D3-42F7-9249-C94C0094A83C}
ArcSoft Software Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{41F71B19-4F04-49A9-99BE-7348AA1EA665}\setup.exe" -l0x9
ArcSoft Software Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC67641A-05C4-4FED-A462-1EB1DC6CF2F5}\setup.exe" -l0x9
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver-->"C:\Program Files\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\Setup.exe" -runfromtemp -l0x0009 -removeonly
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI AVIVO Codecs-->MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Parental Control & Encoder-->MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
ATI Problem Report Wizard-->MsiExec.exe /X{5DA6F06A-B389-407B-BF8C-1548767914D8}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Boris Graffiti-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{262BF2CD-601D-4F43-919C-4B00B1D1F338}\setup.exe" -l0x9 -removeonly
Canon Camera Access Library-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Utilities CameraWindow-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowLauncher\Uninst.ini"
Canon Utilities EOS Utility-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities MyCamera-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCamera\Uninst.ini"
Canon Utilities RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Canon ZoomBrowser EX Memory Card Utility-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX MCU\Uninst.ini"
Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Crysis WARHEAD(R)-->"C:\Documents and Settings\All Users\Data aplikací\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe" REMOVE=TRUE MODIFY=FALSE
Crysis WARHEAD(R)-->C:\Documents and Settings\All Users\Data aplikací\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe
CuteFTP 8 Professional-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{91F34319-08DE-457A-99C0-0BCDFAC145B9}\Setup.exe" -l0x9
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
DVDx-->"C:\Program Files\DVDx\unins000.exe"
EA Download Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1033
EPU-4 Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}\setup.exe" -l0x9
EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
Far Cry 2-->"C:\Program Files\InstallShield Installation Information\{F2835483-37F2-4123-B4FE-0E77D58447F2}\setup.exe" -runfromtemp -l0x0009 -removeonly
Far Cry-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC} /l2057
FIFA 08-->MsiExec.exe /X{0A2A5039-B37F-489D-B1DC-A5258DF9E697}
FlashGet 1.9.6.1073-->C:\Program Files\FlashGet\uninst.exe
Football Manager 2009-->"d:\Sports Interactive\Football Manager 2009\Uninstall_Football Manager 2009\Uninstall Football Manager 2009.exe"
FOTOLAB Home Print Service-->"C:\Program Files\FOTOLAB Home Print Service\uninstall.exe"
Free MP3 Recorder 1.0-->"C:\Program Files\MP3Recorder\unins000.exe"
GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Grand Theft Auto IV-->"C:\Program Files\InstallShield Installation Information\{579BA58C-F33D-4970-9953-B94B43768AC3}\setup.exe" -runfromtemp -l0x0009 -removeonly
Heroes of Might and Magic V-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8829DAD4-8F07-4A96-B995-15498EBB8045}\setup.exe" -l0x5
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
hp deskjet 845c series-->rundll32 hpzcon04.dll,VendorJettison hp deskjet 845c series
ImageMixer 3 SE for SD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E1D7C392-EAF5-405F-A31D-BBD3B56C0C6A}\Setup.exe" -l0x9 UNINSTALL -removeonly
InfoMapa 13-->MsiExec.exe /I{B5397701-EFAF-43D9-BE1B-0534D14F583E}
InternetTV 7.13-->"C:\Program Files\MMToolz\InternetTV\unins000.exe"
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Lame ACM MP3 Codec-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 C:\WINDOWS\INF\LameACM.inf
LUMIX Simple Viewer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2CDCCE7E-55D5-40CC-AEA0-ABA54713501F}\setup.exe" -l0x9
Magic Bullet Looks Studio-->C:\WINDOWS\unvise32.exe C:\Program Files\Pinnacle\Studio 12\Plugins\RTFx\mblooksstudio.log
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - CSY-->MsiExec.exe /I{129DDEC1-A6A3-3D60-AABE-76E6E5334922}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - CSY-->MsiExec.exe /I{6FE8B722-4D7E-3CD7-BB3A-3AD1684B1295}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5 Language Pack - CSY-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - csy\setup.exe
Microsoft .NET Framework 3.5 Language Pack - csy-->MsiExec.exe /I{74DCC43B-33C9-3389-BD0D-33EB37973657}
Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1}
Microsoft Office Excel MUI (Czech) 2007-->MsiExec.exe /X{90120000-0016-0405-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Czech) 2007-->MsiExec.exe /X{90120000-00A1-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2007-->MsiExec.exe /X{90120000-0018-0405-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2007-->MsiExec.exe /X{90120000-002C-0405-0000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2007-->MsiExec.exe /X{90120000-006E-0405-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2007-->MsiExec.exe /X{90120000-001B-0405-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
Mozilla Firefox (3.5.2)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Need for Speed™ Most Wanted-->D:\hry\NFS MW\EAUninstall.exe
Nero 7 Premium-->MsiExec.exe /X{91C0B95B-B83A-4828-A775-BBE2DD421029}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NetLimiter 2 Monitor (remove only)-->"C:\Program Files\NetLimiter 2 Monitor\nl2uninst.exe"
Network Play System (Patching)-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Electronic Arts\Network Play System\NPSPatch.isu"
Ovladače videa společnosti Pinnacle-->MsiExec.exe /X{5EB90C06-964F-4195-B83E-BD7E55C88415}
PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
Pinnacle Studio 12 Ultimate Plugins-->MsiExec.exe /I{D1860E6E-520E-4380-8433-E58E8F88B473}
Pinnacle Studio 12-->MsiExec.exe /I{D041EB9E-890A-4098-8F94-51DA194AC72A}
PowerDVD-->"C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -l0x000409 /z-uninstall
proDAD Vitascene 1.0-->"C:\Program Files\proDAD\Vitascene-1.0\uninstall.exe" uninstall spcp PATHVERSION 1.0 MAINNAME Vitascene
QIP 2005 Uninstall-->"C:\Program Files\QIP\unqip.exe"
QuickTime-->MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
rajče beta52-->"C:\Program Files\rajce\unins000.exe"
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x5 -removeonly
Rockstar Games Social Club-->"C:\Program Files\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x0009 -removeonly
SILKYPIX Developer Studio 2.0 SE-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{5B25274F-088A-4A24-AE12-4AEE9278025A} /l1033
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Sunbelt Personal Firewall-->MsiExec.exe /X{BFD080F6-3BF0-40E1-9507-9CA969C35870}
The KMPlayer (remove only)-->"C:\Program Files\The KMPlayer\uninstall.exe"
The Sims™ 3-->"C:\Program Files\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\Sims3Setup.exe" -runfromtemp -l0x0005 -removeonly
Total Commander (Remove or Repair)-->d:\totalcmd\tcuninst.exe
True Crime® New York City-->MsiExec.exe /I{C920EFB6-59DB-472D-B445-21821477AD17}
UltraISO Premium V8.65-->"C:\Program Files\UltraISO\unins000.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VobSub v2.23 (Remove Only)-->"C:\Program Files\Gabest\VobSub\uninstall.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
Zoner Media Explorer 6-->MsiExec.exe /X{766D51EF-3F9E-490F-8490-0F24910F18BC}

======Security center information======

AV: avast! antivirus 4.8.1351 [VPS 090903-0]
FW: Sunbelt Personal Firewall

======System event log======

Computer Name: HERNI_MASINA
Event Code: 1003
Message: Nebylo možno obnovit adresu počítače ze sítě (ze serveru
DHCP) pro síťovou kartu s adresou 002215F1B798. Došlo k následující
chybě:
Časový limit semaforu vypršel.
.
Počítač se bude pokoušet získat síťovou adresu samostatně ze serveru
DHCP.

Record Number: 14197
Source Name: Dhcp
Time Written: 20090729135331.000000+120
Event Type: Upozornění
User:

Computer Name: HERNI_MASINA
Event Code: 1003
Message: Nebylo možno obnovit adresu počítače ze sítě (ze serveru
DHCP) pro síťovou kartu s adresou 002215F1B798. Došlo k následující
chybě:
Časový limit semaforu vypršel.
.
Počítač se bude pokoušet získat síťovou adresu samostatně ze serveru
DHCP.

Record Number: 14196
Source Name: Dhcp
Time Written: 20090729131942.000000+120
Event Type: Upozornění
User:

Computer Name: HERNI_MASINA
Event Code: 1003
Message: Nebylo možno obnovit adresu počítače ze sítě (ze serveru
DHCP) pro síťovou kartu s adresou 002215F1B798. Došlo k následující
chybě:
Časový limit semaforu vypršel.
.
Počítač se bude pokoušet získat síťovou adresu samostatně ze serveru
DHCP.

Record Number: 14195
Source Name: Dhcp
Time Written: 20090729121159.000000+120
Event Type: Upozornění
User:

Computer Name: HERNI_MASINA
Event Code: 1003
Message: Nebylo možno obnovit adresu počítače ze sítě (ze serveru
DHCP) pro síťovou kartu s adresou 002215F1B798. Došlo k následující
chybě:
Časový limit semaforu vypršel.
.
Počítač se bude pokoušet získat síťovou adresu samostatně ze serveru
DHCP.

Record Number: 14194
Source Name: Dhcp
Time Written: 20090729090750.000000+120
Event Type: Upozornění
User:

Computer Name: HERNI_MASINA
Event Code: 1003
Message: Nebylo možno obnovit adresu počítače ze sítě (ze serveru
DHCP) pro síťovou kartu s adresou 002215F1B798. Došlo k následující
chybě:
Časový limit semaforu vypršel.
.
Počítač se bude pokoušet získat síťovou adresu samostatně ze serveru
DHCP.

Record Number: 14193
Source Name: Dhcp
Time Written: 20090729090708.000000+120
Event Type: Upozornění
User:

=====Application event log=====

Computer Name: HERNI_MASINA
Event Code: 1800
Message: Služba Centrum zabezpečení systému Windows byla spuštěna.

Record Number: 1142
Source Name: SecurityCenter
Time Written: 20090112085643.000000+060
Event Type: Informace
User:

Computer Name: HERNI_MASINA
Event Code: 0
Message:
Record Number: 1141
Source Name: RichVideo
Time Written: 20090112085641.000000+060
Event Type: Informace
User:

Computer Name: HERNI_MASINA
Event Code: 105
Message: The service was started.

Record Number: 1140
Source Name: ATI Smart
Time Written: 20090112085633.000000+060
Event Type: Informace
User:

Computer Name: HERNI_MASINA
Event Code: 1000
Message: Chybující aplikace fifa09.exe, verze 0.0.0.0, chybující modul fifa09.exe, verze 0.0.0.0, adresa chyby 0x000b2447.

Record Number: 1139
Source Name: Application Error
Time Written: 20090111123727.000000+060
Event Type: Chyba
User:

Computer Name: HERNI_MASINA
Event Code: 1000
Message: Chybující aplikace fifa09.exe, verze 0.0.0.0, chybující modul fifa09.exe, verze 0.0.0.0, adresa chyby 0x000b2447.

Record Number: 1138
Source Name: Application Error
Time Written: 20090111123457.000000+060
Event Type: Chyba
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Pinnacle\Shared Files;C:\Program Files\Common Files\Adobe\AGL
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
"RGSCLauncher"=d:\hry\Rockstar Games\Rockstar Games Social Club
"RGSC"=d:\hry\Rockstar Games\Rockstar Games Social Club\1_0_0_0

-----------------EOF-----------------

[Damned]

I tento log je v pořádku. Jak to vypadá se zapínáním a restartem PC?

[Lojza]

Bohuzel problem pretrvava.

[Damned]

Start-->Spustit a napiš msconfig. Vyfoť mi všechny záložky a přilož mi to sem.

[Lojza]

[Damned]

Na obr 1. Zaškrtni "Normální spuštění"

Na obrázku 4 posuň dolů bootovací příkaz Konzoly pro zotavení.

Vše potvrď a restartuj. Startování by se mělo zrychlit.

//EDIT Upravil jsem druhý obrázek a nakreslil pořadí kroků.