Prosím okontrolu logu-Rootkit

rsap · Příspěvekod **rsap** » 18 led 2010 22:37

Dobrý den, mohl bych vás prosím poprosit o kontrolu logu? Myslím že mi do PC pronikl nějaký rootkit, alespoň ho avast hlásí, navíc mi teď občas vyskakuje zátěž dvoujádra na 50% jen při spuštěných XP (v taskmanagerovi to ukazuje u svchost.exe) :-/

díky moc

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 22:32:32, on 18.1.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\Notebook Hardware Control\nhc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
D:\Program Files\ANSYS 11\v110\RSM\bin\JobManagerService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
D:\Program Files\ANSYS 11\v110\RSM\bin\ScriptHostService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\hijackthis\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: 81.95.104.68 l2testauthd.lineage2.com
O1 - Hosts: 81.95.104.68 l2authd.lineage2.com
O1 - Hosts: 81.95.104.7 nprotect.lineage2.com
O1 - Hosts: 81.95.104.7 update.nprotect.com
O1 - Hosts: 81.95.104.7 update.nprotect.net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [sysgif32] C:\WINDOWS\TEMP\~TMD.tmp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: siszyd32.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} - file://C:\Program Files\proeWildfire 3.0\i486_nt\obj\pvx_install.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/ ... .7.109.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2979561890
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ansys JobManager Service V11 (JobManagerService110) - Ansys, Inc - D:\Program Files\ANSYS 11\v110\RSM\bin\JobManagerService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Ansys ScriptHost Service V11 (ScriptHostService110) - Ansys, Inc. - D:\Program Files\ANSYS 11\v110\RSM\bin\ScriptHostService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 7333 bytes

Reklama

Damned · Příspěvekod **Damned** » 19 led 2010 10:35

Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [sysgif32] C:\WINDOWS\TEMP\~TMD.tmp
O4 - Startup: siszyd32.exe
****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Budu tu až po dvanáctý, tak potom budem pokračovat

rsap · Příspěvekod **rsap** » 19 led 2010 11:03

ahoj tak v prvním kroku mám problém s O4 - Startup: siszyd32.exe
když to dám fixnout a udělám scan znovu tato položka tam opět je, jsem odpojen od netu, vše ostatní zavřené, avast vypnut. i po restartu PC je tam tato položka stále. Vadí to hodně? ikdyž koukám že ho ukazuje i Malwarebytes' Anti-Malware kde je pod položkou po spuštění tak snad to vyřeší on :)

krok druhý:
Malwarebytes' Anti-Malware 1.44
Database version: 3597
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

19.1.2010 10:59:26
mbam-log-2010-01-19 (10-59-19).txt

Scan type: Quick Scan
Objects scanned: 118680
Time elapsed: 3 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000162-9980-0010-8000-00aa00389b71} (Rogue.WinAntiVirus) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\fralaqxq.sys (Rootkit.Agent) -> No action taken.
C:\Documents and Settings\BOSS\Nabídka Start\Programy\Po spuštění\siszyd32.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\BOSS\Data aplikací\avdrn.dat (Malware.Trace) -> No action taken.
C:\Documents and Settings\LocalService\Data aplikací\fvgqad.dat (Malware.Trace) -> No action taken.
C:\Documents and Settings\NetworkService\Data aplikací\fvgqad.dat (Malware.Trace) -> No action taken.

Damned · Příspěvekod **Damned** » 19 led 2010 13:44

Fixni ho zas, on zlobí někdy. HJT vlastně vypíná ten vstup O4.

Spusť znovu MbAM a dej Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Konec

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

rsap · Příspěvekod **rsap** » 19 led 2010 18:34

zdravim zde log z MbAM po odstranění problémů: (log z combofixu dám pro přehlednost do dalšího příspěvku)

Malwarebytes' Anti-Malware 1.44
Database version: 3597
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

19.1.2010 16:51:49
mbam-log-2010-01-19 (16-51-49).txt

Scan type: Quick Scan
Objects scanned: 118773
Time elapsed: 3 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000162-9980-0010-8000-00aa00389b71} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\fralaqxq.sys (Rootkit.Agent) -> Delete on reboot.
C:\Documents and Settings\BOSS\Nabídka Start\Programy\Po spuštění\siszyd32.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\BOSS\Data aplikací\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Data aplikací\fvgqad.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Data aplikací\fvgqad.dat (Malware.Trace) -> Quarantined and deleted successfully.

rsap · Příspěvekod **rsap** » 19 led 2010 18:35

log z combofixu (zatím vše vypadá v pořádku, zatížení procesoru ok, avast nehlásí rootkit)

ComboFix 10-01-18.03 - BOSS 19.01.2010 17:54:14.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1531 [GMT 1:00]
Spuštěný z: c:\documents and settings\BOSS\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100119-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\IDropPTB.dll
c:\windows\system32\ieuinit.inf

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-19 do 2010-01-19 )))))))))))))))))))))))))))))))
.

2010-01-19 09:53 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-19 09:53 . 2010-01-19 09:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-19 09:53 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-18 11:26 . 2010-01-18 11:26 -------- d-----w- c:\program files\MediaInfo

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-19 17:02 . 2008-10-25 10:45 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys
2010-01-19 09:09 . 2008-10-25 11:11 -------- d-----w- c:\program files\Avast4
2010-01-18 20:51 . 2008-10-25 14:16 138384 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-18 20:49 . 2008-10-25 14:16 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-04 18:38 . 2009-03-17 10:47 -------- d-----w- c:\program files\ICQ6.5
2010-01-04 10:13 . 2008-10-25 09:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-03 17:29 . 2008-11-26 16:55 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-19 13:29 . 2009-12-19 13:29 -------- d-----w- c:\program files\ATI Technologies
2009-11-24 23:54 . 2008-10-25 11:11 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2008-10-25 11:11 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2008-10-25 11:11 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2008-10-25 11:11 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-10-25 11:11 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2008-10-25 11:11 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2008-10-25 11:11 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2008-10-25 11:11 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2008-10-25 11:11 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-10-25 07:59 . 2001-10-25 12:00 96072 ----a-w- c:\windows\system32\perfc005.dat
2009-10-25 07:59 . 2001-10-25 12:00 475970 ----a-w- c:\windows\system32\perfh005.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NotebookHardwareControl"="c:\program files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 16132608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\HARD-GAMES\\Battlefield2\\BF2.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\ptc\\proeWildfire 3.0\\bin\\proe.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\ANSYS 11\\v110\\RSM\\bin\\JobManagerService.exe"=
"d:\\Program Files\\ANSYS 11\\v110\\RSM\\bin\\JMAdmin.exe"=
"d:\\Program Files\\ANSYS 11\\v110\\RSM\\bin\\JMPassword.exe"=
"d:\\Program Files\\ANSYS 11\\v110\\RSM\\bin\\ScriptHostService.exe"=
"d:\\Program Files\\ANSYS 11\\v110\\AISOL\\CommonFiles\\intel\\AnsysWBU.exe"=
"d:\\Program Files\\ANSYS 11\\v110\\ANSYS\\bin\\intel\\ANSYS.exe"=
"d:\\Program Files\\ANSYS 11\\v110\\AISOL\\CAD Integration\\intel\\ActivePIMgrU.exe"=
"d:\\Program Files\\ANSYS 11\\v110\\AISOL\\CAD Integration\\intel\\ReaderHostU.exe"=
"d:\\Program Files\\ANSYS 11\\v110\\CommonFiles\\TCL\\bin\\intel\\tclsh.exe"=
"d:\\Program Files\\ANSYS 11\\v110\\CommonFiles\\TCL\\bin\\intel\\wish.exe"=

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [25.10.2008 11:55 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [25.10.2008 11:55 5248]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [25.10.2008 12:11 114768]
R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [11.7.2003 14:22 14912]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25.10.2008 12:11 20560]
R2 JobManagerService110;Ansys JobManager Service V11;d:\program files\ANSYS 11\v110\RSM\bin\JobManagerService.exe [16.1.2007 14:20 20480]
R2 ScriptHostService110;Ansys ScriptHost Service V11;d:\program files\ANSYS 11\v110\RSM\bin\ScriptHostService.exe [16.1.2007 14:20 20480]
S0 fralaqxq;fralaqxq; [x]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\*
DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} - file://c:\program files\proeWildfire 3.0\i486_nt\obj\pvx_install.exe
FF - ProfilePath - c:\documents and settings\BOSS\Data aplikací\Mozilla\Firefox\Profiles\7vaa4h7z.default\
FF - prefs.js: browser.startup.homepage - www.google.cz
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-19 18:03
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89931A88]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba90cfc3
\Driver\ACPI -> ACPI.sys @ 0xba759cb8
\Driver\atapi -> 0x89931a88
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80582544
ParseProcedure -> ntkrnlpa.exe @ 0x80581684
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80582544
ParseProcedure -> ntkrnlpa.exe @ 0x80581684
NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xba5e0ba0
PacketIndicateHandler -> NDIS.sys @ 0xba5edb21
SendHandler -> NDIS.sys @ 0xba5cb87b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(860)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(5960)
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avast4\aswUpdSv.exe
c:\program files\Avast4\ashServ.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Avast4\ashMaiSv.exe
c:\program files\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-01-19 18:07:34 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-19 17:07

Před spuštěním: 4 906 737 664
Po spuštění: 4 891 938 816

- - End Of File - - 8A24BD1C5F6EF6E02F54DC80E5915E71

Damned · Příspěvekod **Damned** » 19 led 2010 19:00

Start -> Spustit... a napiš do okna tento příkaz označený modře:
C:\WINDOWS\MBR.exe -f a dej Ok. mezi mbr.exe a -f je mezera
- pokud by tě bezpečnostní software upozornil na přepsání MBR tak to povol
- počkej až program proběhne a pak restartuj Pc
Po restartu Windows zadej červený příkaz (Start-->>Spustit):
C:\WINDOWS\MBR.exe a dej OK.
Spustí se znovu a log co vytvoří sem vlož.

rsap · Příspěvekod **rsap** » 19 led 2010 19:43

Ahoj tak mám problém při spuštění příkazu mi jen problikne okno ale nic to nedělá.

přikládám screen který sem pracně vyfotil protože sem nějak nenašel nastaveni "po ukončení zavřít" :)
zkoušel jsem spustit i přímo přez ikonu ve win složce a stejné. mezera -f tam je.

http://img19.imageshack.us/img19/3104/mbr.png

Damned · Příspěvekod **Damned** » 19 led 2010 20:07

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

Driver::
fralaqxq;fralaqxq
fralaqxq

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu
****************************************************************************************************************************************
Stáhni si OTL na Plochu.
Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Output klikni na minimal Output.Pod Standard Registry změň na All. Zatrhni LOP Check a Purity Check. File age změň na 14 days. Klikni na Run Scan. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj

rsap · Příspěvekod **rsap** » 19 led 2010 20:43

OK, další várka logů :)
první z combofix:

ComboFix 10-01-18.03 - BOSS 19.01.2010 20:22:02.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1533 [GMT 1:00]
Spuštěný z: c:\documents and settings\BOSS\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\BOSS\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100119-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FRALAQXQ
-------\Service_fralaqxq

((((((((((((((((((((((((( Soubory vytvořené od 2009-12-19 do 2010-01-19 )))))))))))))))))))))))))))))))
.

2010-01-19 09:53 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-19 09:53 . 2010-01-19 09:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-19 09:53 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-18 11:26 . 2010-01-18 11:26 -------- d-----w- c:\program files\MediaInfo

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-19 19:31 . 2008-10-25 10:45 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys
2010-01-19 18:59 . 2008-10-25 14:16 138384 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-19 18:57 . 2008-10-25 14:16 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-19 09:09 . 2008-10-25 11:11 -------- d-----w- c:\program files\Avast4
2010-01-04 18:38 . 2009-03-17 10:47 -------- d-----w- c:\program files\ICQ6.5
2010-01-04 10:13 . 2008-10-25 09:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-03 17:29 . 2008-11-26 16:55 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-19 13:29 . 2009-12-19 13:29 -------- d-----w- c:\program files\ATI Technologies
2009-11-24 23:54 . 2008-10-25 11:11 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2008-10-25 11:11 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2008-10-25 11:11 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2008-10-25 11:11 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-10-25 11:11 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2008-10-25 11:11 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2008-10-25 11:11 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2008-10-25 11:11 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2008-10-25 11:11 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-10-25 07:59 . 2001-10-25 12:00 96072 ----a-w- c:\windows\system32\perfc005.dat
2009-10-25 07:59 . 2001-10-25 12:00 475970 ----a-w- c:\windows\system32\perfh005.dat
.

((((((((((((((((((((((((((((( SnapShot@2010-01-19_17.02.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-19 19:30 . 2010-01-19 19:30 16384 c:\windows\Temp\Perflib_Perfdata_720.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NotebookHardwareControl"="c:\program files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 16132608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\HARD-GAMES\\Battlefield2\\BF2.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\ptc\\proeWildfire 3.0\\bin\\proe.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\ANSYS 11\\v110\\RSM\\bin\\JobManagerService.exe"=
"d:\\Program Files\\ANSYS 11\\v110\\RSM\\bin\\JMAdmin.exe"=
"d:\\Program Files\\ANSYS 11\\v110\\RSM\\bin\\JMPassword.exe"=
"d:\\Program Files\\ANSYS 11\\v110\\RSM\\bin\\ScriptHostService.exe"=
"d:\\Program Files\\ANSYS 11\\v110\\AISOL\\CommonFiles\\intel\\AnsysWBU.exe"=
"d:\\Program Files\\ANSYS 11\\v110\\ANSYS\\bin\\intel\\ANSYS.exe"=
"d:\\Program Files\\ANSYS 11\\v110\\AISOL\\CAD Integration\\intel\\ActivePIMgrU.exe"=
"d:\\Program Files\\ANSYS 11\\v110\\AISOL\\CAD Integration\\intel\\ReaderHostU.exe"=
"d:\\Program Files\\ANSYS 11\\v110\\CommonFiles\\TCL\\bin\\intel\\tclsh.exe"=
"d:\\Program Files\\ANSYS 11\\v110\\CommonFiles\\TCL\\bin\\intel\\wish.exe"=

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [25.10.2008 11:55 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [25.10.2008 11:55 5248]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [25.10.2008 12:11 114768]
R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [11.7.2003 14:22 14912]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25.10.2008 12:11 20560]
R2 JobManagerService110;Ansys JobManager Service V11;d:\program files\ANSYS 11\v110\RSM\bin\JobManagerService.exe [16.1.2007 14:20 20480]
R2 ScriptHostService110;Ansys ScriptHost Service V11;d:\program files\ANSYS 11\v110\RSM\bin\ScriptHostService.exe [16.1.2007 14:20 20480]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\*
DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} - file://c:\program files\proeWildfire 3.0\i486_nt\obj\pvx_install.exe
FF - ProfilePath - c:\documents and settings\BOSS\Data aplikací\Mozilla\Firefox\Profiles\7vaa4h7z.default\
FF - prefs.js: browser.startup.homepage - www.google.cz
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-19 20:31
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x898AF820]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba90cfc3
\Driver\ACPI -> ACPI.sys @ 0xba759cb8
\Driver\atapi -> 0x898af820
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80582544
ParseProcedure -> ntkrnlpa.exe @ 0x80581684
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80582544
ParseProcedure -> ntkrnlpa.exe @ 0x80581684
NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xba5e0ba0
PacketIndicateHandler -> NDIS.sys @ 0xba5edb21
SendHandler -> NDIS.sys @ 0xba5cb87b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(860)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(5780)
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avast4\aswUpdSv.exe
c:\program files\Avast4\ashServ.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Avast4\ashMaiSv.exe
c:\program files\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-01-19 20:35:42 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-19 19:35
ComboFix2.txt 2010-01-19 17:07

Před spuštěním: 4 898 168 832
Po spuštění: 4 864 401 408

- - End Of File - - 370BF7F7DFA75B61045ABB1D2D87E0DA

rsap · Příspěvekod **rsap** » 19 led 2010 20:44

druhý z OTL-extras:

OTL Extras logfile created on: 19.1.2010 20:39:31 - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\BOSS\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 74,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 47,69 Gb Total Space | 4,56 Gb Free Space | 9,56% Space Free | Partition Type: NTFS
Drive D: | 185,20 Gb Total Space | 14,14 Gb Free Space | 7,64% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MSI
Current User Name: BOSS
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 14 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome File not found
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 File not found
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome File not found
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome File not found
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Prozkoumat v XnView] -- "C:\Program Files\XnView\xnview.exe" "%1" (XnView, http://www.xnview.com)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 File not found
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"D:\Program Files\ANSYS 11\v110\RSM\bin\JobManagerService.exe" = D:\Program Files\ANSYS 11\v110\RSM\bin\JobManagerService.exe:*:Enabled:JobManagerService.exe -- (Ansys, Inc)
"D:\Program Files\ANSYS 11\v110\RSM\bin\JMAdmin.exe" = D:\Program Files\ANSYS 11\v110\RSM\bin\JMAdmin.exe:*:Enabled:JMAdmin.exe -- (Ansys, Inc.)
"D:\Program Files\ANSYS 11\v110\RSM\bin\JMPassword.exe" = D:\Program Files\ANSYS 11\v110\RSM\bin\JMPassword.exe:*:Enabled:JMPassword.exe -- (Ansys, Inc.)
"D:\Program Files\ANSYS 11\v110\RSM\bin\ScriptHostService.exe" = D:\Program Files\ANSYS 11\v110\RSM\bin\ScriptHostService.exe:*:Enabled:ScriptHostService.exe -- (Ansys, Inc.)
"D:\Program Files\ANSYS 11\v110\AISOL\CommonFiles\intel\AnsysWBU.exe" = D:\Program Files\ANSYS 11\v110\AISOL\CommonFiles\intel\AnsysWBU.exe:*:Enabled:AnsysWBU.exe -- (Ansys, Inc.)
"D:\Program Files\ANSYS 11\v110\ANSYS\bin\intel\ANSYS.exe" = D:\Program Files\ANSYS 11\v110\ANSYS\bin\intel\ANSYS.exe:*:Enabled:ANSYS.exe -- (ANSYS, Inc.)
"D:\Program Files\ANSYS 11\v110\AISOL\CAD Integration\intel\ActivePIMgrU.exe" = D:\Program Files\ANSYS 11\v110\AISOL\CAD Integration\intel\ActivePIMgrU.exe:*:Enabled:ActivePIMgrU.exe -- (Ansys, Inc.)
"D:\Program Files\ANSYS 11\v110\AISOL\CAD Integration\intel\ReaderHostU.exe" = D:\Program Files\ANSYS 11\v110\AISOL\CAD Integration\intel\ReaderHostU.exe:*:Enabled:ReaderHostU.exe -- (Ansys, Inc.)
"D:\Program Files\ANSYS 11\v110\CommonFiles\TCL\bin\intel\tclsh.exe" = D:\Program Files\ANSYS 11\v110\CommonFiles\TCL\bin\intel\tclsh.exe:*:Enabled:AWP tclsh.exe -- (ActiveState Corporation)
"D:\Program Files\ANSYS 11\v110\CommonFiles\TCL\bin\intel\wish.exe" = D:\Program Files\ANSYS 11\v110\CommonFiles\TCL\bin\intel\wish.exe:*:Enabled:AWP wish.exe -- (ActiveState Corporation)
"D:\Program Files\ANSYS 11\v110\CommonFiles\CATIAV5\intel\code\bin\ReaderHostCAT5U.exe" = D:\Program Files\ANSYS 11\v110\CommonFiles\CATIAV5\intel\code\bin\ReaderHostCAT5U.exe:*:Enabled:ReaderHostCAT5U.exe -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"D:\HARD-GAMES\Battlefield2\BF2.exe" = D:\HARD-GAMES\Battlefield2\BF2.exe:*:Enabled:Battlefield 2 -- ()
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\ptc\proeWildfire 3.0\bin\proe.exe" = C:\ptc\proeWildfire 3.0\bin\proe.exe:*:Enabled:Pro ENGINEER -- (PTC)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"D:\Program Files\ANSYS 11\v110\RSM\bin\JobManagerService.exe" = D:\Program Files\ANSYS 11\v110\RSM\bin\JobManagerService.exe:*:Enabled:JobManagerService.exe -- (Ansys, Inc)
"D:\Program Files\ANSYS 11\v110\RSM\bin\JMAdmin.exe" = D:\Program Files\ANSYS 11\v110\RSM\bin\JMAdmin.exe:*:Enabled:JMAdmin.exe -- (Ansys, Inc.)
"D:\Program Files\ANSYS 11\v110\RSM\bin\JMPassword.exe" = D:\Program Files\ANSYS 11\v110\RSM\bin\JMPassword.exe:*:Enabled:JMPassword.exe -- (Ansys, Inc.)
"D:\Program Files\ANSYS 11\v110\RSM\bin\ScriptHostService.exe" = D:\Program Files\ANSYS 11\v110\RSM\bin\ScriptHostService.exe:*:Enabled:ScriptHostService.exe -- (Ansys, Inc.)
"D:\Program Files\ANSYS 11\v110\AISOL\CommonFiles\intel\AnsysWBU.exe" = D:\Program Files\ANSYS 11\v110\AISOL\CommonFiles\intel\AnsysWBU.exe:*:Enabled:AnsysWBU.exe -- (Ansys, Inc.)
"D:\Program Files\ANSYS 11\v110\ANSYS\bin\intel\ANSYS.exe" = D:\Program Files\ANSYS 11\v110\ANSYS\bin\intel\ANSYS.exe:*:Enabled:ANSYS.exe -- (ANSYS, Inc.)
"D:\Program Files\ANSYS 11\v110\AISOL\CAD Integration\intel\ActivePIMgrU.exe" = D:\Program Files\ANSYS 11\v110\AISOL\CAD Integration\intel\ActivePIMgrU.exe:*:Enabled:ActivePIMgrU.exe -- (Ansys, Inc.)
"D:\Program Files\ANSYS 11\v110\AISOL\CAD Integration\intel\ReaderHostU.exe" = D:\Program Files\ANSYS 11\v110\AISOL\CAD Integration\intel\ReaderHostU.exe:*:Enabled:ReaderHostU.exe -- (Ansys, Inc.)
"D:\Program Files\ANSYS 11\v110\CommonFiles\TCL\bin\intel\tclsh.exe" = D:\Program Files\ANSYS 11\v110\CommonFiles\TCL\bin\intel\tclsh.exe:*:Enabled:AWP tclsh.exe -- (ActiveState Corporation)
"D:\Program Files\ANSYS 11\v110\CommonFiles\TCL\bin\intel\wish.exe" = D:\Program Files\ANSYS 11\v110\CommonFiles\TCL\bin\intel\wish.exe:*:Enabled:AWP wish.exe -- (ActiveState Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{127F1FD4-43BB-4428-8B2A-70539F4B6F1F}" = ANSYS Products 11.0
"{1B611B02-BCB6-4D2C-AD7C-F7370B272853}" = ANSYS Remote Solve Manager (RSM) 11.0
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (AUTODESKVAULT)
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = BisonCam
"{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}" = Microsoft SQL Server Native Client
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5783F2D7-4003-0405-0002-0060B0CE6BBA}" = Autodesk Mechanical Desktop 2006
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2
"{6F411DB4-EC41-482B-AD46-384957928F69}" = AOEMView 2008
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7F4DD591-1200-0409-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2008
"{7F947BFE-C2DF-4779-9909-5BEE746BD0C4}" = Microsoft .NET Framework 2.0 Language Pack - CSY
"{90120000-0010-0405-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Czech) 12
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00B0-0405-0000-0000000FF1CE}" = Doplněk Microsoft Save as PDF pro aplikace sady Microsoft Office 2007
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{ac474156-361a-4a7b-8b6e-977781b92565}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-1033-C740-7760-100000000002}" = Adobe Acrobat 7.0 Professional - Czech, Polish, Greek
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD8A0C60-1AEB-11D6-B8E1-00025521AE60}" = VBA (3821b)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}" = Microsoft SQL Server VSS Writer
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FACF203E-0F4D-489A-B80C-D185253C8FCB}" = Autodesk Design Review 2008
"7-Zip" = 7-Zip 4.57
"Adobe Acrobat 7.0 Professional - Czech, Polish, Greek - V" = Adobe Acrobat 7.0 Professional - Czech, Polish, Greek
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AFPL Ghostscript 8.51" = AFPL Ghostscript 8.51
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"All ATI Software" = ATI - Software Uninstall Utility
"AOEMView 2008" = AOEMView 2008
"ATI Display Driver" = ATI Display Driver
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"avast!" = avast! Antivirus
"CCleaner" = CCleaner (remove only)
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"Dassault Systemes B17_0" = Dassault Systemes Software B17
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Eurobattle.net2.0" = Eurobattle.net
"HijackThis" = HijackThis 1.99.1
"Light Artist_is1" = Light Artist 1.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MatlabR2008b" = MATLAB R2008b
"MediaInfo" = MediaInfo 0.7.27
"Microsoft .NET Framework 2.0 Language Pack - CSY" = Microsoft .NET Framework 2.0 Language Pack - CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.0.6)" = Mozilla Firefox (3.0.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MV2Player" = MV2Player (remove only)
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"Notebook Hardware Control" = Notebook Hardware Control 2.0 Pre-Release-06
"Pro/ENGINEER Mechanica Release Wildfire 3.0 Datecode M110" = Pro/ENGINEER Mechanica Release Wildfire 3.0 Datecode M110
"Pro/ENGINEER Release Wildfire 3.0 Datecode M110" = Pro/ENGINEER Release Wildfire 3.0 Datecode M110
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TmNationsForever_is1" = TmNationsForever
"VentriloMIX" = VentriloMIX
"VLC media player" = VLC media player 0.9.8a
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = GIMP 2.6.4
"WM Converter 2.0" = WM Converter 2.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XnView_is1" = XnView 1.96.2
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 16.10.2009 5:13:17 | Computer Name = MSI | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of G:\DCIM\100KC340\100_5292.JPG failed, 0000001E.

Error - 16.10.2009 5:13:18 | Computer Name = MSI | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of G:\DCIM\100KC340\100_5293.JPG failed, 0000001E.

Error - 16.10.2009 5:13:19 | Computer Name = MSI | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of G:\DCIM\100KC340\100_5282.JPG failed, 0000001E.

Error - 16.10.2009 5:13:20 | Computer Name = MSI | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of G:\DCIM\100KC340\100_5283.JPG failed, 0000001E.

Error - 16.10.2009 5:13:21 | Computer Name = MSI | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of G:\DCIM\100KC340\100_5284.JPG failed, 0000001E.

Error - 16.10.2009 5:13:22 | Computer Name = MSI | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of G:\DCIM\100KC340\100_5285.JPG failed, 0000001E.

Error - 16.10.2009 5:13:24 | Computer Name = MSI | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of G:\DCIM\100KC340\100_5274.JPG failed, 0000A420.

Error - 16.10.2009 5:13:38 | Computer Name = MSI | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of G:\DCIM\100KC340\100_5275.JPG failed, 0000A420.

Error - 8.11.2009 7:45:38 | Computer Name = MSI | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of http://clients1.google.cz/complete/sear ... %20b&cp=13
failed, 0000A413.

Error - 19.1.2010 12:03:28 | Computer Name = MSI | Source = avast! | ID = 33554522
Description = Nastala interní chyba v modulu basEncodeFileToSubmit failed! , funkce
00000002.

[ Application Events ]
Error - 13.1.2010 8:21:49 | Computer Name = MSI | Source = Application Error | ID = 1000
Description = Chybující aplikace vlc.exe, verze 0.9.8.1, chybující modul libavcodec_plugin.dll,
verze 0.0.0.0, adresa chyby 0x00116b64.

[ OSession Events ]
Error - 19.4.2009 7:12:01 | Computer Name = MSI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7612
seconds with 1140 seconds of active time. This session ended with a crash.

Error - 2.12.2009 14:15:25 | Computer Name = MSI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4016
seconds with 3180 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 15.1.2010 14:40:37 | Computer Name = MSI | Source = Service Control Manager | ID = 7011
Description = Vypršel časový limit (30000 milisekund) čekání na odezvu transakce
služby stisvc.

Error - 18.1.2010 6:27:23 | Computer Name = MSI | Source = Cdrom | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\CdRom0.

Error - 18.1.2010 6:27:26 | Computer Name = MSI | Source = Cdrom | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\CdRom0.

Error - 18.1.2010 6:27:28 | Computer Name = MSI | Source = Cdrom | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\CdRom0.

Error - 18.1.2010 7:23:07 | Computer Name = MSI | Source = Service Control Manager | ID = 7011
Description = Vypršel časový limit (30000 milisekund) čekání na odezvu transakce
služby stisvc.

Error - 18.1.2010 13:23:14 | Computer Name = MSI | Source = Service Control Manager | ID = 7011
Description = Vypršel časový limit (30000 milisekund) čekání na odezvu transakce
služby stisvc.

Error - 18.1.2010 13:32:41 | Computer Name = MSI | Source = Service Control Manager | ID = 7000
Description = Služba Microsoft Kernel Acoustic Echo Canceller neuspěla při spuštění
v důsledku následující chyby: %%31

Error - 18.1.2010 17:21:08 | Computer Name = MSI | Source = Service Control Manager | ID = 7031
Description = Služba Spouštěč procesů serveru DCOM byla nečekaně ukončena. Stalo
se to 1 krát. Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat
počítač.

Error - 18.1.2010 17:21:08 | Computer Name = MSI | Source = Service Control Manager | ID = 7034
Description = Služba Terminálová služba byla neočekávaně ukončena. Tento stav nastal
již 1krát.

Error - 19.1.2010 15:29:21 | Computer Name = MSI | Source = PlugPlayManager | ID = 11
Description = Zařízení Root\LEGACY_FRALAQXQ\0000 se již v systému nenachází, přestože
nebylo nejdříve připraveno k odebrání.

< End of report >

rsap · Příspěvekod **rsap** » 19 led 2010 20:45

Třetí OTL-otl

OTL logfile created on: 19.1.2010 20:39:31 - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\BOSS\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 74,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 47,69 Gb Total Space | 4,56 Gb Free Space | 9,56% Space Free | Partition Type: NTFS
Drive D: | 185,20 Gb Total Space | 14,14 Gb Free Space | 7,64% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MSI
Current User Name: BOSS
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 14 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\BOSS\Plocha\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\system32\PnkBstrB.exe ()
PRC - C:\Program Files\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\WINDOWS\system32\PnkBstrA.exe ()
PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Notebook Hardware Control\nhc.exe (http://www.pbus-167.com)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - D:\Program Files\ANSYS 11\v110\RSM\bin\JobManagerService.exe (Ansys, Inc)
PRC - D:\Program Files\ANSYS 11\v110\RSM\bin\ScriptHostService.exe (Ansys, Inc.)
PRC - C:\WINDOWS\system32\agrsmsvc.exe (Agere Systems)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\BOSS\Plocha\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (PnkBstrB) -- C:\WINDOWS\system32\PnkBstrB.exe ()
SRV - (avast! Antivirus) -- C:\Program Files\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (PnkBstrA) -- C:\WINDOWS\system32\PnkBstrA.exe ()
SRV - (Autodesk Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (Ati HotKey Poller) -- C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart) -- C:\WINDOWS\system32\ati2sgag.exe ()
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (MSSQL$AUTODESKVAULT) SQL Server (AUTODESKVAULT) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (JobManagerService110) -- D:\Program Files\ANSYS 11\v110\RSM\bin\JobManagerService.exe (Ansys, Inc)
SRV - (ScriptHostService110) -- D:\Program Files\ANSYS 11\v110\RSM\bin\ScriptHostService.exe (Ansys, Inc.)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\WINDOWS\system32\agrsmsvc.exe (Agere Systems)
SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)

========== Driver Services (SafeList) ==========

DRV - (catchme) -- File not found
DRV - (nhcDriverDevice) -- C:\WINDOWS\system32\drivers\nhcDriver.sys (pBUS-167 Software - http://www.pbus-167.com)
DRV - (PnkBstrK) -- C:\WINDOWS\system32\drivers\PnkBstrK.sys ()
DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (RTL8169) -- C:\WINDOWS\system32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (athr) -- C:\WINDOWS\system32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (Cam5603D) -- C:\WINDOWS\system32\drivers\BisonCam.sys (Bison Electronics. Inc. )
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (RTHDMIAzAudService) -- C:\WINDOWS\system32\drivers\RtHDMI.sys (Realtek Semiconductor Corp.)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (TosRfSnd) -- C:\WINDOWS\system32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (d347prt) -- C:\WINDOWS\System32\Drivers\d347prt.sys ( )
DRV - (d347bus) -- C:\WINDOWS\system32\DRIVERS\d347bus.sys ( )
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys ()
DRV - (LUMDriver) -- C:\WINDOWS\system32\drivers\LUMDriver.sys (IBM)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (ROOTMODEM) -- C:\WINDOWS\system32\drivers\rootmdm.sys (Microsoft Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "www.google.cz"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.6

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.09.22 09:17:33 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.02.15 17:52:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.02.12 12:14:31 | 00,000,000 | ---D | M]

[2008.10.25 12:02:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\BOSS\Data aplikací\Mozilla\Extensions
[2008.10.25 12:02:57 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\BOSS\Data aplikací\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008.10.25 12:02:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\BOSS\Data aplikací\Mozilla\Firefox\Profiles\7vaa4h7z.default\extensions
[2009.09.21 14:03:43 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.02.12 12:14:05 | 00,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009.01.20 06:41:02 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009.01.20 06:41:03 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007.04.10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2008.11.04 16:23:21 | 00,410,976 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009.01.20 06:41:03 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006.10.26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2004.12.14 10:19:18 | 00,057,344 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2008.04.16 05:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2008.03.31 20:06:24 | 00,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2008.03.31 20:06:24 | 00,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2008.01.27 10:57:20 | 00,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2008.01.27 10:57:20 | 00,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2008.03.31 20:06:24 | 00,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.01.19 20:30:49 | 00,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKCU\..\Toolbar\WebBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKCU\..\Toolbar\WebBrowser: (&Odkazy) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [NotebookHardwareControl] C:\Program Files\Notebook Hardware Control\nhc.exe (http://www.pbus-167.com)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Převést do Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Převést do existujícího PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Převést výběr do Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Převést výběr do existujícího PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: mojebanka.cz ([*] https in Důvěryhodné servery)
O15 - HKLM\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: mojebanka.cz ([*] https in Důvěryhodné servery)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000161-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/msaud.cab (Reg Error: Key error.)
O16 - DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} file://C:\Program Files\proeWildfire 3.0\i486_nt\obj\pvx_install.exe (Reg Error: Key error.)
O16 - DPF: {3234504D-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... pg4dmo.CAB (Reg Error: Key error.)
O16 - DPF: {32564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv8dmo.cab (Reg Error: Key error.)
O16 - DPF: {3334504D-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... p43dmo.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/ ... .7.109.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 2979561890 (WUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 147.32.88.5 147.32.88.3 147.32.1.20
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Proces mezipaměti kategorií součástí - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\BOSS\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\BOSS\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.10.25 10:19:29 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005.05.23 00:22:41 | 01,187,840 | R--- | M] () - F:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2005.05.23 00:22:41 | 01,187,840 | R--- | M] () - F:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2005.05.23 00:22:40 | 00,000,043 | R--- | M] () - F:\Autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010.01.19 20:36:49 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\BOSS\Plocha\OTL.exe
[2010.01.19 20:36:05 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2010.01.19 17:47:15 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2010.01.19 17:46:07 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.01.19 17:46:07 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.01.19 17:46:07 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.01.19 17:46:07 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.01.19 17:46:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.01.19 17:45:52 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010.01.19 10:54:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\BOSS\Data aplikací\Malwarebytes
[2010.01.19 10:53:58 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.01.19 10:53:56 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.01.19 10:53:56 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.01.19 10:53:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2010.01.19 10:42:16 | 05,115,832 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\BOSS\Plocha\mbam-setup.exe
[2010.01.18 22:28:53 | 00,000,000 | ---D | C] -- C:\Program Files\hijackthis
[2010.01.18 13:59:26 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\BOSS\Recent
[2010.01.18 12:26:01 | 00,000,000 | ---D | C] -- C:\Program Files\MediaInfo
[2010.01.07 21:09:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\BOSS\Plocha\Simpsonovi
[2009.02.16 11:37:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Google
[2009.02.15 17:05:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Google
[2008.11.28 15:52:15 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[2008.10.25 11:55:46 | 00,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2008.10.25 11:55:46 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[2008.10.25 11:18:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[2008.10.25 10:25:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[2008.10.25 10:19:24 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Data aplikací\Microsoft
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010.01.19 20:36:51 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BOSS\Plocha\OTL.exe
[2010.01.19 20:31:05 | 00,022,528 | ---- | M] (pBUS-167 Software - http://www.pbus-167.com) -- C:\WINDOWS\System32\drivers\nhcDriver.sys
[2010.01.19 20:31:02 | 00,001,501 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.01.19 20:30:49 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.01.19 20:30:46 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.01.19 20:30:41 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.01.19 20:30:37 | 21,468,16000 | -HS- | M] () -- C:\hiberfil.sys
[2010.01.19 20:29:35 | 07,602,176 | ---- | M] () -- C:\Documents and Settings\BOSS\NTUSER.DAT
[2010.01.19 20:29:35 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\BOSS\ntuser.ini
[2010.01.19 19:59:06 | 00,138,384 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010.01.19 19:57:38 | 00,215,128 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010.01.19 19:57:38 | 00,215,128 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010.01.19 17:47:20 | 00,000,307 | RHS- | M] () -- C:\boot.ini
[2010.01.19 16:58:28 | 00,002,545 | ---- | M] () -- C:\Documents and Settings\BOSS\Plocha\HiJackThis.lnk
[2010.01.19 16:48:37 | 03,828,930 | R--- | M] () -- C:\Documents and Settings\BOSS\Plocha\ComboFix.exe
[2010.01.19 10:54:00 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.01.19 10:42:43 | 05,115,832 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\BOSS\Plocha\mbam-setup.exe
[2010.01.19 10:35:28 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\BOSS\Plocha\RSIT.exe
[2010.01.19 10:22:48 | 00,231,390 | ---- | M] () -- C:\Documents and Settings\BOSS\Plocha\RootkitRevealer.zip
[2010.01.19 00:01:29 | 18,352,5376 | ---- | M] () -- C:\Documents and Settings\BOSS\Plocha\simpsonovi-05x07-bartovo-vnitrni-dite-dvd-xvid-cz-cb.avi
[2010.01.19 00:01:15 | 18,357,8624 | ---- | M] () -- C:\Documents and Settings\BOSS\Plocha\Simpsonovi.05x06.Marge.na.uteku.DVD.XviD.CZ-CB.avi
[2010.01.18 23:36:10 | 18,356,4288 | ---- | M] () -- C:\Documents and Settings\BOSS\Plocha\simpsonovi - 05x05 - Specialni carodejnicky dil IV.avi
[2010.01.18 23:35:57 | 18,353,1520 | ---- | M] () -- C:\Documents and Settings\BOSS\Plocha\simpsonovi[1].05x04.medvidek.dvd.xvid.cz-cb.avi
[2010.01.18 22:28:14 | 01,401,344 | ---- | M] () -- C:\Documents and Settings\BOSS\Plocha\HijackThis.msi
[2010.01.18 18:29:10 | 00,000,000 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010.01.18 12:27:52 | 00,222,720 | ---- | M] () -- C:\Documents and Settings\BOSS\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.18 12:26:01 | 00,000,561 | ---- | M] () -- C:\Documents and Settings\BOSS\Plocha\MediaInfo.lnk
[2010.01.15 16:27:32 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.01.13 22:44:51 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.01.12 09:50:30 | 00,137,855 | ---- | M] () -- C:\Documents and Settings\BOSS\Plocha\Priprava na test.pdf
[2010.01.07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.01.07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.01.06 16:59:54 | 00,301,086 | ---- | M] () -- C:\Documents and Settings\BOSS\Plocha\obr.bmp
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.01.19 17:47:20 | 00,000,237 | ---- | C] () -- C:\Boot.bak
[2010.01.19 17:47:18 | 00,261,312 | ---- | C] () -- C:\cmldr
[2010.01.19 17:46:07 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.01.19 17:46:07 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.01.19 17:46:07 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.01.19 17:46:07 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.01.19 17:46:07 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.01.19 16:48:22 | 03,828,930 | R--- | C] () -- C:\Documents and Settings\BOSS\Plocha\ComboFix.exe
[2010.01.19 10:54:00 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.01.19 10:35:25 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\BOSS\Plocha\RSIT.exe
[2010.01.19 10:22:47 | 00,231,390 | ---- | C] () -- C:\Documents and Settings\BOSS\Plocha\RootkitRevealer.zip
[2010.01.18 23:49:24 | 18,352,5376 | ---- | C] () -- C:\Documents and Settings\BOSS\Plocha\simpsonovi-05x07-bartovo-vnitrni-dite-dvd-xvid-cz-cb.avi
[2010.01.18 23:49:13 | 18,357,8624 | ---- | C] () -- C:\Documents and Settings\BOSS\Plocha\Simpsonovi.05x06.Marge.na.uteku.DVD.XviD.CZ-CB.avi
[2010.01.18 23:24:01 | 18,356,4288 | ---- | C] () -- C:\Documents and Settings\BOSS\Plocha\simpsonovi - 05x05 - Specialni carodejnicky dil IV.avi
[2010.01.18 23:23:50 | 18,353,1520 | ---- | C] () -- C:\Documents and Settings\BOSS\Plocha\simpsonovi[1].05x04.medvidek.dvd.xvid.cz-cb.avi
[2010.01.18 22:28:53 | 00,002,545 | ---- | C] () -- C:\Documents and Settings\BOSS\Plocha\HiJackThis.lnk
[2010.01.18 22:28:13 | 01,401,344 | ---- | C] () -- C:\Documents and Settings\BOSS\Plocha\HijackThis.msi
[2010.01.18 12:30:39 | 00,000,561 | ---- | C] () -- C:\Documents and Settings\BOSS\Plocha\MediaInfo.lnk
[2010.01.12 09:50:30 | 00,137,855 | ---- | C] () -- C:\Documents and Settings\BOSS\Plocha\Priprava na test.pdf
[2010.01.06 16:59:07 | 00,301,086 | ---- | C] () -- C:\Documents and Settings\BOSS\Plocha\obr.bmp
[2009.07.15 13:29:32 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009.07.15 13:29:32 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009.07.15 13:29:32 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009.05.11 20:25:45 | 00,000,098 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2009.03.27 12:08:48 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009.01.03 18:11:27 | 00,001,355 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\hpzinstall.log
[2009.01.02 12:37:01 | 00,000,121 | ---- | C] () -- C:\WINDOWS\Winchat.ini
[2008.12.30 16:30:35 | 00,000,133 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008.12.11 17:46:59 | 00,000,080 | ---- | C] () -- C:\WINDOWS\matlab.ini
[2008.11.13 20:00:01 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.11.13 19:40:28 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2008.11.13 19:40:27 | 00,152,064 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008.11.13 19:40:26 | 00,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008.10.26 12:26:38 | 00,222,720 | ---- | C] () -- C:\Documents and Settings\BOSS\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.25 15:16:14 | 00,138,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008.10.25 11:09:35 | 00,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2008.10.25 10:56:18 | 00,015,190 | ---- | C] () -- C:\WINDOWS\M2000Twn.ini
[2008.10.25 10:52:14 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006.12.05 09:35:06 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005.07.22 18:00:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004.08.22 13:34:56 | 00,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2004.07.17 10:36:38 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

========== LOP Check ==========

[2009.01.10 15:40:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Absolutist
[2009.04.02 15:34:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Autodesk
[2009.03.31 09:55:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DassaultSystemes
[2009.05.12 17:02:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Electronic Arts
[2009.10.10 11:19:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\IsolatedStorage
[2009.09.21 21:34:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TrackMania
[2008.11.27 18:11:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
[2009.10.10 11:52:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\BOSS\Data aplikací\Ansys
[2008.10.26 12:52:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\BOSS\Data aplikací\Auslogics
[2009.04.02 15:34:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\BOSS\Data aplikací\Autodesk
[2008.10.25 21:48:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\BOSS\Data aplikací\DassaultSystemes
[2009.12.29 14:33:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\BOSS\Data aplikací\gtk-2.0
[2010.01.12 17:24:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\BOSS\Data aplikací\ICQ
[2008.10.28 16:47:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\BOSS\Data aplikací\PTC
[2008.11.27 18:11:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\BOSS\Data aplikací\TuneUp Software
[2009.10.30 16:25:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\BOSS\Data aplikací\XnView

========== Purity Check ==========

< End of report >

Prosím okontrolu logu-Rootkit Vyřešeno

Prosím okontrolu logu-Rootkit

Re: Prosím okontrolu logu-Rootkit

Re: Prosím okontrolu logu-Rootkit

Re: Prosím okontrolu logu-Rootkit

Re: Prosím okontrolu logu-Rootkit

Re: Prosím okontrolu logu-Rootkit

Re: Prosím okontrolu logu-Rootkit

Re: Prosím okontrolu logu-Rootkit

Re: Prosím okontrolu logu-Rootkit

Re: Prosím okontrolu logu-Rootkit

Re: Prosím okontrolu logu-Rootkit

Re: Prosím okontrolu logu-Rootkit

Kdo je online