PLS log control - PC po pádu OS - aplikován bod obnoveni Vyřešeno

[Jan Pašek]

Víc hlav víc ví ... spoustu věcí ohledně servisu PC zvládnu sám ale protože toto pc není moje rád si nechám poradit od někoho kdo log HJT kontroluje takřka denně.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:27:35, on 6.4.2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Users\Zlata.Zlata-HP\AppData\Local\Facebook\Update\FacebookUpdate.exe
D:\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=110000&tt ... 52af0c468f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll
O2 - BHO: Complitly - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Users\Zlata.Zlata-HP\AppData\Roaming\Complitly\Complitly.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [aswAhAScr.dll] "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\AhAScr.dll"
O4 - HKLM\..\RunOnce: [aswasOutExt.dll] "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\asOutExt.dll"
O4 - HKLM\..\RunOnce: [aswasOutExt64.dll] "C:\Program Files\AVAST Software\Avast\aswRegSvr64.exe" "C:\Program Files\AVAST Software\Avast\asOutExt64.dll"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Zlata.Zlata-HP\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech SetPoint.lnk = D:\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O20 - Winlogon Notify: DeviceNP - C:\windows\SYSTEM32\DeviceNP.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: DEBridge - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
O23 - Service: @c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - c:\Windows\SysWOW64\flcdlock.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Power Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP DayStarter Service (HPDayStarterService) - Hewlett-Packard Company - c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: HP Hotkey Monitor (hpHotkeyMonitor) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\windows\system32\Hpservice.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: ArcCapture (uArcCapture) - ArcSoft, Inc. - C:\windows\system\uArcCapture.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12993 bytes

[Reklama]

[Damned]

Nažďááár!!!!


Odinstaluj si Babylon Toolbar.

Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=110000&tt ... 52af0c468f
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Zlata.Zlata-HP\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O13 - Gopher Prefix:
*****************************************************************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti: Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko Konec.
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje a poté kliknutím na OK spusť program
- nech vybranou možnost Rychlá kontrola a klikni na tlačítko Prohledat

Bude-li nalezen problém:
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost Uložit protokol a ulož si log na Plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
- výsledný log mi sem zkopíruj
(zatím nic nemaž!).

Nebude-li nalezen problém:
- Klikni na tlačítko "OK" a sděl mi to

[Jan Pašek]

No tě pic ... du na to .... známý xichtík .... známý avatar ... záruka kvality

[Jan Pašek]

Tedy sem to ale trubka. já ten MBAM nespustil jako správce a mrzák mi brání uložit log. jel jsem to 4* než mi to došlo

Byl tam nález opisuji:

Adware Agent C:\Users\Zlata.Zlata-HP\AppData\Local\Temp


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:41:17, on 6.4.2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
D:\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Zlata.Zlata-HP\Desktop\Servis+odložené\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll
O2 - BHO: Complitly - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Users\Zlata.Zlata-HP\AppData\Roaming\Complitly\Complitly.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech SetPoint.lnk = D:\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O20 - Winlogon Notify: DeviceNP - C:\windows\SYSTEM32\DeviceNP.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: DEBridge - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
O23 - Service: @c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - c:\Windows\SysWOW64\flcdlock.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Power Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP DayStarter Service (HPDayStarterService) - Hewlett-Packard Company - c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: HP Hotkey Monitor (hpHotkeyMonitor) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\windows\system32\Hpservice.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: ArcCapture (uArcCapture) - ArcSoft, Inc. - C:\windows\system\uArcCapture.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11482 bytes

[Damned]

To není tvůj, že?

Spusť znovu MbAM a dej Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Konec
***************************************************************************************************************************
Vypni rezidentní štít antiviru.
Stáhni si ComboFix (by sUBs) nebo ComboFix (subs) a ulož si ho na Plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Jan Pašek]

tak mbam vyžadoval restart
Avast i když ukazoval vypnuté štíty combofix hlásil zapnuto musel sem Avast odinstalovat abych vůbec mohl spustit combofix

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Verze databáze: v2012.04.06.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Zlata :: ZLATA-HP [administrátor]

6.4.2012 23:05:25
mbam-log-2012-04-06 (23-05-25).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 209859
Uplynulý čas: 1 minut, 57 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 1
C:\Users\Zlata.Zlata-HP\AppData\Local\Temp\ICReinstall_FLVPlayerSetup.exe (Adware.Agent) -> Umístnění do karantény a smazání se zdařilo.

(konec)


ComboFix 12-04-06.03 - Zlata 06.04.2012 23:34:25.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3830.2589 [GMT 2:00]
Spuštěný z: c:\users\Zlata.Zlata-HP\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Thumbs.db
.
Nakažená kopie c:\windows\SysWow64\userinit.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-06 do 2012-04-06 )))))))))))))))))))))))))))))))
.
.
2012-04-06 21:40 . 2012-04-06 21:40 -------- d-----w- c:\users\Zlata\AppData\Local\temp
2012-04-06 21:40 . 2012-04-06 21:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-06 20:07 . 2011-12-10 13:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-05 19:01 . 2012-04-06 19:03 -------- d-----w- c:\users\Zlata.Zlata-HP\AppData\Local\ElevatedDiagnostics
2012-04-05 17:42 . 2012-04-05 17:42 -------- d-----w- c:\users\Zlata.Zlata-HP\AppData\Roaming\Malwarebytes
2012-04-05 17:41 . 2012-04-05 17:41 -------- d-----w- c:\programdata\Malwarebytes
2012-04-05 17:41 . 2012-04-06 20:07 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-23 11:44 . 2012-04-06 17:33 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-03-14 13:02 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 13:02 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 13:02 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 08:43 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 08:43 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 08:43 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 08:42 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 08:42 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 08:42 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 08:42 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 08:42 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 08:42 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 08:42 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-09 19:32 . 2012-03-09 19:31 12464 ----a-w- c:\windows\SysWow64\drivers\SECDRV.SYS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-06 23:15 . 2011-06-09 19:19 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-27 13:00 . 2012-02-27 13:00 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-01-18 17:51 . 2012-01-18 17:51 750488 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-01-18 17:51 . 2012-01-18 17:51 660368 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-18 16:28 . 2011-06-09 20:33 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 2363392]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-03-01 256056]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2010-01-19 11266048]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-05 98304]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - d:\setpoint\SetPoint.exe [2011-5-30 1196048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2009-12-07 19:36 75320 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-27 136176]
R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2010-08-23 103992]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-01-27 102968]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-18 2045232]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2009-12-07 362040]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-27 136176]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 RsvLock;RsvLock; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-01-12 36864]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [2010-05-10 90112]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-06-16 92216]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-01-26 281192]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2010-01-19 297984]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-03-01 264248]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 uArcCapture;ArcCapture;c:\windows\system\uArcCapture.exe [2009-12-04 506472]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [x]
S3 DEBridge;DEBridge;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2010-01-26 704512]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtsuvc;HP Webcam [2 MP Fixed];c:\windows\system32\DRIVERS\rtsuvc.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 19:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-922739708-3716183472-3119414927-1001Core.job
- c:\users\Zlata.Zlata-HP\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-20 20:48]
.
2012-04-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-922739708-3716183472-3119414927-1001UA.job
- c:\users\Zlata.Zlata-HP\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-20 20:48]
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-27 12:17]
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-27 12:17]
.
2012-04-06 c:\windows\Tasks\HPCeeScheduleForZlata.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}]
2011-07-20 12:10 167416 ----a-w- c:\users\Zlata.Zlata-HP\AppData\Roaming\Complitly\64\Complitly64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" [2010-08-23 1691192]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-01-27 8192]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 242192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.bing.com
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Zlata.Zlata-HP\AppData\Roaming\Mozilla\Firefox\Profiles\k24aro3m.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.babTrack - tt=090212_noffx
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 02e5e929000000000000cc52af0c468f
FF - user.js: extensions.BabylonToolbar_i.hardId - 02e5e929000000000000cc52af0c468f
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15386
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:04
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{FC17E0A7-EAA9-4902-92F8-C83B9FD02246} - c:\program files (x86)\InstallShield Installation Information\{FC17E0A7-EAA9-4902-92F8-C83B9FD02246}\setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
d:\setpoint\x86\SetPoint32.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
.
**************************************************************************
.
Celkový čas: 2012-04-06 23:45:49 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-04-06 21:45
.
Před spuštěním: Volných bajtů: 378 761 101 312
Po spuštění: Volných bajtů: 378 246 807 552
.
- - End Of File - - 42F1521DB884EECCFF04FD71D20B0EFA

[Damned]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený červeně:

KillAll::
File::
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-922739708-3716183472-3119414927-1001Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-922739708-3716183472-3119414927-1001UA.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}

Firefox::
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - tt=090212_noffx
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 02e5e929000000000000cc52af0c468f
FF - user.js: extensions.BabylonToolbar_i.hardId - 02e5e929000000000000cc52af0c468f
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15386
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:04
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-

RegLockDel::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]




Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu

Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.

[Jan Pašek]

Tak během chodu 2* hláška
Nepodařilo se zcela vymazat erund
a program 3x ... přestal pracovat po kliku na ok se combofix znovu rozjel

ComboFix 12-04-06.03 - Zlata 07.04.2012 0:25.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3830.2390 [GMT 2:00]
Spuštěný z: c:\users\Zlata.Zlata-HP\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Zlata.Zlata-HP\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-922739708-3716183472-3119414927-1001Core.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-922739708-3716183472-3119414927-1001UA.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-06 do 2012-04-06 )))))))))))))))))))))))))))))))
.
.
2012-04-06 22:31 . 2012-04-06 22:31 -------- d-----w- c:\users\Zlata\AppData\Local\temp
2012-04-06 22:31 . 2012-04-06 22:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-06 22:31 . 2012-04-06 22:31 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-04-06 20:07 . 2011-12-10 13:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-05 19:01 . 2012-04-06 19:03 -------- d-----w- c:\users\Zlata.Zlata-HP\AppData\Local\ElevatedDiagnostics
2012-04-05 17:42 . 2012-04-05 17:42 -------- d-----w- c:\users\Zlata.Zlata-HP\AppData\Roaming\Malwarebytes
2012-04-05 17:41 . 2012-04-05 17:41 -------- d-----w- c:\programdata\Malwarebytes
2012-04-05 17:41 . 2012-04-06 20:07 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-14 13:02 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 13:02 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 13:02 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 08:43 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 08:43 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 08:43 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 08:42 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 08:42 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 08:42 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 08:42 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 08:42 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 08:42 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 08:42 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-09 19:32 . 2012-03-09 19:31 12464 ----a-w- c:\windows\SysWow64\drivers\SECDRV.SYS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-06 23:15 . 2011-06-09 19:19 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-27 13:00 . 2012-02-27 13:00 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-01-18 17:51 . 2012-01-18 17:51 750488 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-01-18 17:51 . 2012-01-18 17:51 660368 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-18 16:28 . 2011-06-09 20:33 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-06_21.41.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-09 16:26 . 2012-04-06 21:44 52594 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-06 21:44 49748 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-05-23 12:31 . 2012-04-06 21:44 14466 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-922739708-3716183472-3119414927-1001_UserData.bin
- 2012-04-06 21:41 . 2012-04-06 21:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-06 22:32 . 2012-04-06 22:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-06 21:41 . 2012-04-06 21:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-06 22:32 . 2012-04-06 22:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-04-06 21:38 652360 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-06 21:46 652360 c:\windows\system32\perfh009.dat
- 2010-12-09 16:37 . 2012-04-06 21:38 666656 c:\windows\system32\perfh005.dat
+ 2010-12-09 16:37 . 2012-04-06 21:46 666656 c:\windows\system32\perfh005.dat
+ 2009-07-14 02:36 . 2012-04-06 21:46 121292 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-06 21:38 121292 c:\windows\system32\perfc009.dat
- 2010-12-09 16:37 . 2012-04-06 21:38 140320 c:\windows\system32\perfc005.dat
+ 2010-12-09 16:37 . 2012-04-06 21:46 140320 c:\windows\system32\perfc005.dat
- 2009-07-14 05:01 . 2012-04-06 21:41 252972 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-06 22:31 252972 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-06-09 21:28 . 2012-04-06 22:31 24389052 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-922739708-3716183472-3119414927-1001-12288.dat
- 2011-06-09 21:28 . 2012-04-06 21:41 24389052 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-922739708-3716183472-3119414927-1001-12288.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 2363392]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-03-01 256056]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2010-01-19 11266048]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-05 98304]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - d:\setpoint\SetPoint.exe [2011-5-30 1196048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2009-12-07 19:36 75320 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-27 136176]
R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2010-08-23 103992]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-01-27 102968]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-18 2045232]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2009-12-07 362040]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-27 136176]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 RsvLock;RsvLock; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-01-12 36864]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [2010-05-10 90112]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-06-16 92216]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-01-26 281192]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2010-01-19 297984]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-03-01 264248]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 uArcCapture;ArcCapture;c:\windows\system\uArcCapture.exe [2009-12-04 506472]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [x]
S3 DEBridge;DEBridge;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2010-01-26 704512]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtsuvc;HP Webcam [2 MP Fixed];c:\windows\system32\DRIVERS\rtsuvc.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 19:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-922739708-3716183472-3119414927-1001Core.job
- c:\users\Zlata.Zlata-HP\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-20 20:48]
.
2012-04-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-922739708-3716183472-3119414927-1001UA.job
- c:\users\Zlata.Zlata-HP\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-20 20:48]
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-27 12:17]
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-27 12:17]
.
2012-04-06 c:\windows\Tasks\HPCeeScheduleForZlata.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" [2010-08-23 1691192]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-01-27 8192]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 242192]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.bing.com
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Zlata.Zlata-HP\AppData\Roaming\Mozilla\Firefox\Profiles\k24aro3m.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.babTrack - tt=090212_noffx
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 02e5e929000000000000cc52af0c468f
FF - user.js: extensions.BabylonToolbar_i.hardId - 02e5e929000000000000cc52af0c468f
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15386
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:04
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
d:\setpoint\x86\SetPoint32.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
.
**************************************************************************
.
Celkový čas: 2012-04-07 00:36:23 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-04-06 22:36
ComboFix2.txt 2012-04-06 21:45
.
Před spuštěním: Volných bajtů: 378 435 411 968
Po spuštění: Volných bajtů: 378 150 752 256
.
- - End Of File - - 1E8202BA27E527188027B370D6B58CED

[Damned]

To víš, pátek večer, to už se nefachá....

Odinstaluj ComboFix. ComboFix se odinstaluje takto:
Vypni antivir a pokud máš i Antispyware ( nutné ) .

Start -> Spustit (nebo klávesy Win+R) a zadej do řádku: Combofix[mezera]/uninstall

Stáhni si T-Cleaner (nutné - smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš - volíš a/n)

(pozn.Pokud máš Avast,AVG,Aviru, MSSE před stažením T-Cleaneru a po dobu čištění deaktivuj Avast,AVG,Aviru,MSSE (i rezidenty), následně T-Cleaner smaž a zapni si Avast,AVG, Aviru...)
*****************************************************************************************************************************************************************************************
Stáhni si OTL na Plochu.
Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Výstup klikni na Minimální výstup, zaškrtni Pro všechny uživatele.Pod Běžné registry změň na Vše, Specifické registry na Vše. Zatrhni Kontrola na havěť LOP a Kontrola na havěť Purity. Stáří souborů změň na 14 dnů. Všechny ostatní nastavení ponech jak jsou. Klikni na Prohledat. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.

[Jan Pašek]

šmarjá sem u toho usnul sory


OTL Extras logfile created on: 7.4.2012 1:03:32 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Zlata.Zlata-HP\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,74 Gb Total Physical Memory | 2,43 Gb Available Physical Memory | 64,99% Memory free
7,48 Gb Paging File | 5,83 Gb Available in Paging File | 77,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448,47 Gb Total Space | 357,27 Gb Free Space | 79,66% Space Free | Partition Type: NTFS
Drive D: | 300,00 Mb Total Space | 189,91 Mb Free Space | 63,30% Space Free | Partition Type: NTFS
Drive E: | 15,00 Gb Total Space | 11,41 Gb Free Space | 76,09% Space Free | Partition Type: NTFS
Drive F: | 1,99 Gb Total Space | 1,41 Gb Free Space | 70,87% Space Free | Partition Type: FAT32

Computer Name: ZLATA-HP | User Name: Zlata | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 14 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-922739708-3716183472-3119414927-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04255D34-6C6D-4F63-A218-EE8FD2D13AF0}" = Privacy Manager for HP ProtectTools
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1C292266-E054-4090-84D5-869649E4F9C7}" = HP Power Data
"{26A24AE4-039D-4CA4-87B4-2F86417002FF}" = Java(TM) 7 Update 2 (64-bit)
"{299625B9-6C69-462C-9CEA-8E06D878B1C5}" = HP 3D DriveGuard
"{2C69D297-A524-1FB1-5C00-1C52363E044F}" = ccc-utility64
"{3513DD3C-7680-4C7C-BF18-BA375D5F4132}" = Pre-Boot Security for HP ProtectTools
"{3B392D0A-F3F6-41EA-8DDB-D657ABA70168}" = HP QuickLook
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Broadcom 2070 Bluetooth 3.0
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BBA5224-C5B1-4B8C-AAA4-68DA6654B9C1}" = HP HotKey Support
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{560932B5-8702-7FB8-01AE-265EA44FAEEB}" = ATI Catalyst Install Manager
"{59B9AACC-6E81-4582-9BDC-9EB9F631EE1F}" = Drive Encryption for HP ProtectTools
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A1DC4DF6-7493-45B2-B8AA-0A8805866CB9}" = HP ProtectTools Security Manager
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{C823942A-A0B4-4412-B935-6A2DC7CC1B4D}" = HP Power Assistant
"{DD966CEF-5EA9-4BA2-B210-490FEBC27EA7}" = Validity Fingerprint Driver
"{E6BC696E-5E96-4C1B-9371-379AF3A46B6B}" = HP Wireless Assistant
"{E793990C-90BE-4B69-AC29-BF5E8FD4ED54}" = Face Recognition for HP ProtectTools
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"HPProtectTools" = HP ProtectTools Security Manager
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04801E42-B1A6-4C52-9F3D-CADB5A050433}" = HP Software Setup
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0C7A1F10-3965-190D-3409-B0DD7C45C0EE}" = CCC Help Italian
"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
"{14B61ABC-D4A7-BCF5-92BE-95CEB8DF4374}" = CCC Help Czech
"{16CA9DAC-6A40-4204-A826-33C4D52A266C}" = Catalyst Control Center - Branding
"{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}" = ArcSoft Webcam Sharing Manager
"{1C598CE5-344B-997B-FF33-2976D689C0AC}" = CCC Help Greek
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{2DA697D7-FED3-4DE2-A174-92A2A12F9688}" = HP SoftPaq Download Manager
"{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}" = Theft Recovery
"{39C5A498-FA1A-2473-34D1-6755E5A1BC99}" = CCC Help German
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4B4911AA-98AA-F2E0-1BF4-2E2737D1C95C}" = Catalyst Control Center InstallProxy
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{5478075D-1797-1C4C-B3F0-DC8ECCA7D5C3}" = Catalyst Control Center Localization All
"{558ED580-6168-AF04-C71F-E63B0E149E21}" = CCC Help Korean
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}" = Medal of Honor Pacific Assault(tm)
"{5BF8E079-D6E2-4323-B794-75152371122A}" = Windows 7 Default Setting
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{64F67489-76BB-4CDD-A236-F954BE774B35}" = NVIDIA PhysX
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{68F423B1-B08A-4EFC-8414-408455443322}" = Tarzan
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}" = File Sanitizer For HP ProtectTools
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7861911B-4270-498A-8F7A-FCF0570F486B}" = HP QuickWeb
"{7914BE1E-F186-4790-B8F4-9F63C52A41C1}" = Medal of Honor Allied Assault(tm) Spearhead
"{79CF6EF9-8C9A-F284-5042-B5B54645B5F8}" = CCC Help Norwegian
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7F0B94C6-828C-4EDE-A86B-ECF4D792B68D}" = Activision(R)
"{7F30B436-1196-1401-9A4F-CFF6C10D6EBA}" = CCC Help Polish
"{80A6DF3F-FB3D-48CB-BF1B-686E3D08C8F6}" = HP Software Framework
"{823A68CC-3049-4A6B-8F63-7DC85E4BB1C9}" = Medal of Honor Allied Assault(tm) Breakthrough
"{84EC6CDF-E378-0EBA-E4C2-BBD5489CD4EF}" = CCC Help Japanese
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{919D10CE-CADB-8D08-3429-7FB1DFA3B043}" = CCC Help Spanish
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9978D298-9AA1-99EE-9975-18AAEF34DE0C}" = CCC Help Dutch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4D0B44-0A55-1905-5CF4-8A6EC311673F}" = CCC Help Russian
"{A005479C-7D10-A4CB-0BAD-5D8765E141C6}" = CCC Help Turkish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Czech
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{b7f484b0-6145-401a-8568-86049772a495}" = Nero 9 Essentials
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C2036B7D-C21E-38E9-FB0B-3746E82B898B}" = CCC Help Hungarian
"{D10B94E4-8545-CA0F-EDE9-41F62272A0DE}" = CCC Help Portuguese
"{D21160A2-8B5F-409C-99C8-03582F5324B7}" = HP Documentation
"{D35A9E39-05F9-0D80-C41C-71B2FDCBE5E9}" = CCC Help Chinese Standard
"{D9989A13-B173-4048-B8A5-93C204DCB1B3}" = HP ESU for Microsoft Windows 7
"{DB393B0B-4A5D-7B50-AD80-3772372C4243}" = CCC Help Thai
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}" = HP Webcam Driver
"{E4756B93-69FF-D723-D7F8-97FFE73A0D2C}" = CCC Help French
"{E4C82543-E98E-E66D-84A7-9C9235ADF9CE}" = CCC Help English
"{E7C34ED4-BBB6-4C57-9FBD-B29CA5878051}" = HP Setup
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{E8CA17C0-5A35-3CF1-C50F-1E9783FFB08B}" = CCC Help Swedish
"{F0261797-E2ED-8BEC-7B6F-A7C0A0E478FF}" = ccc-core-static
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F6CEF69E-35EA-6086-6D7D-21E89FD70B16}" = CCC Help Finnish
"{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver
"{F8801800-9E88-3AB1-21DA-E50EFA0F771E}" = CCC Help Danish
"{FA8BFB25-BF48-4F8B-8859-B30810745190}" = LightScribe System Software
"{FC17E0A7-EAA9-4902-92F8-C83B9FD02246}" = HP Support Assistant
"{FC6256BB-BDD4-AB91-451B-86896F236769}" = CCC Help Chinese Traditional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Call of Duty: Black Ops_is1" = Call of Duty: Black Ops
"Complitly_is1" = Complitly
"DAEMON Tools Lite" = DAEMON Tools Lite
"DealPly" = DealPly
"Drive Encryption" = Drive Encryption for HP ProtectTools
"FarmingSimulator2011DE_is1" = Landwirtschafts Simulator 2011
"FormatFactory" = FormatFactory 2.80
"Fraps" = Fraps
"GameSpy Arcade" = GameSpy Arcade
"HijackThis" = HijackThis 2.0.2
"InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}" = Theft Recovery
"InstallShield_{7F0B94C6-828C-4EDE-A86B-ECF4D792B68D}" = X-Men Origins - Wolverine(TM)
"Kouzelný míč 3" = Kouzelný míč 3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware verze 1.60.1.1000
"Medvěd Míša - Nová dobrodružství" = Medvěd Míša - Nová dobrodružství
"Mozilla Firefox 10.0.2 (x86 cs)" = Mozilla Firefox 10.0.2 (x86 cs)
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.0.0
"SymSilent" = SymSilent
"The KMPlayer" = The KMPlayer (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-922739708-3716183472-3119414927-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FoxTab FLV Player" = FoxTab FLV Player
"PhotoFiltre" = PhotoFiltre

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 17.3.2012 8:03:14 | Computer Name = Zlata-HP | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 19.3.2012 9:02:35 | Computer Name = Zlata-HP | Source = Application Hang | ID = 1002
Description = Program firefox.exe verze 10.0.2.4428 přestal spolupracovat se systémem
Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto
problému, vyhledejte historii problému v ovládacím panelu Centrum akcí. ID procesu:
15fc Čas spuštění: 01cd05ca08b14a3c Čas ukončení: 46 Cesta k aplikaci: C:\Program
Files (x86)\Mozilla Firefox\firefox.exe ID hlášení: c3dce554-71c3-11e1-b3fc-984be14e052e


Error - 19.3.2012 9:07:25 | Computer Name = Zlata-HP | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 19.3.2012 18:27:52 | Computer Name = Zlata-HP | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 20.3.2012 8:45:39 | Computer Name = Zlata-HP | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 21.3.2012 7:15:28 | Computer Name = Zlata-HP | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 22.3.2012 6:12:35 | Computer Name = Zlata-HP | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 22.3.2012 18:12:29 | Computer Name = Zlata-HP | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 23.3.2012 7:21:16 | Computer Name = Zlata-HP | Source = Application Error | ID = 1000
Description = Název chybující aplikace: hpqwmiex.exe, verze: 4.0.32.1, časové razítko:
0x4c180cdc Název chybujícího modulu: OLEAUT32.dll, verze: 6.1.7601.17676, časové
razítko: 0x4e58702a Kód výjimky: 0xc0000005 Posun chyby: 0x00004660 ID chybujícího
procesu: 0xea0 Čas spuštění chybující aplikace: 0x01cd08e705cbf7ef Cesta k chybující
aplikaci: C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe Cesta k chybujícímu
modulu: C:\windows\syswow64\OLEAUT32.dll ID zprávy: 4de0269f-74da-11e1-b57c-984be14e052e

Error - 23.3.2012 9:21:27 | Computer Name = Zlata-HP | Source = Customer Experience Improvement Program | ID = 1008
Description =

[ Hewlett-Packard Events ]
Error - 16.11.2011 12:06:22 | Computer Name = Zlata-HP | Source = Hewlett-Packard | ID = 0
Description = cs-CZ Část cesty C:\ProgramData\Hewlett-Packard\HP Support Framework\Logs\Temp\HPSA\HPSASession_201111161706.xml
nebyla nalezena. mscorlib v System.IO.__Error.WinIOError(Int32 errorCode, String
maybeFullPath) v System.IO.FileStream.Init(String path, FileMode mode, FileAccess
access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions
options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) v
System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare
share, Int32 bufferSize, FileOptions options) v System.IO.StreamWriter.CreateFile(String
path, Boolean append) v System.IO.StreamWriter..ctor(String path, Boolean append,
Encoding encoding, Int32 bufferSize) v System.IO.StreamWriter..ctor(String path,
Boolean append, Encoding encoding) v System.IO.File.WriteAllText(String path,
String contents, Encoding encoding) v HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()


Error - 23.11.2011 18:02:59 | Computer Name = Zlata-HP | Source = Hewlett-Packard | ID = 0
Description = cs-CZ Část cesty C:\ProgramData\Hewlett-Packard\HP Support Framework\Logs\Temp\HPSA\HPSASession_201111232302.xml
nebyla nalezena. mscorlib v System.IO.__Error.WinIOError(Int32 errorCode, String
maybeFullPath) v System.IO.FileStream.Init(String path, FileMode mode, FileAccess
access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions
options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) v
System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare
share, Int32 bufferSize, FileOptions options) v System.IO.StreamWriter.CreateFile(String
path, Boolean append) v System.IO.StreamWriter..ctor(String path, Boolean append,
Encoding encoding, Int32 bufferSize) v System.IO.StreamWriter..ctor(String path,
Boolean append, Encoding encoding) v System.IO.File.WriteAllText(String path,
String contents, Encoding encoding) v HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()


Error - 30.11.2011 18:42:52 | Computer Name = Zlata-HP | Source = Hewlett-Packard | ID = 0
Description = cs-CZ Část cesty C:\ProgramData\Hewlett-Packard\HP Support Framework\Logs\Temp\HPSA\HPSASession_201111302342.xml
nebyla nalezena. mscorlib v System.IO.__Error.WinIOError(Int32 errorCode, String
maybeFullPath) v System.IO.FileStream.Init(String path, FileMode mode, FileAccess
access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions
options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) v
System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare
share, Int32 bufferSize, FileOptions options) v System.IO.StreamWriter.CreateFile(String
path, Boolean append) v System.IO.StreamWriter..ctor(String path, Boolean append,
Encoding encoding, Int32 bufferSize) v System.IO.StreamWriter..ctor(String path,
Boolean append, Encoding encoding) v System.IO.File.WriteAllText(String path,
String contents, Encoding encoding) v HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()


Error - 7.12.2011 17:44:49 | Computer Name = Zlata-HP | Source = Hewlett-Packard | ID = 0
Description = cs-CZ Část cesty C:\ProgramData\Hewlett-Packard\HP Support Framework\Logs\Temp\HPSA\HPSASession_201112072244.xml
nebyla nalezena. mscorlib v System.IO.__Error.WinIOError(Int32 errorCode, String
maybeFullPath) v System.IO.FileStream.Init(String path, FileMode mode, FileAccess
access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions
options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) v
System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare
share, Int32 bufferSize, FileOptions options) v System.IO.StreamWriter.CreateFile(String
path, Boolean append) v System.IO.StreamWriter..ctor(String path, Boolean append,
Encoding encoding, Int32 bufferSize) v System.IO.StreamWriter..ctor(String path,
Boolean append, Encoding encoding) v System.IO.File.WriteAllText(String path,
String contents, Encoding encoding) v HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()


Error - 14.12.2011 13:22:10 | Computer Name = Zlata-HP | Source = Hewlett-Packard | ID = 0
Description = cs-CZ Část cesty C:\ProgramData\Hewlett-Packard\HP Support Framework\Logs\Temp\HPSA\HPSASession_201112141822.xml
nebyla nalezena. mscorlib v System.IO.__Error.WinIOError(Int32 errorCode, String
maybeFullPath) v System.IO.FileStream.Init(String path, FileMode mode, FileAccess
access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions
options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) v
System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare
share, Int32 bufferSize, FileOptions options) v System.IO.StreamWriter.CreateFile(String
path, Boolean append) v System.IO.StreamWriter..ctor(String path, Boolean append,
Encoding encoding, Int32 bufferSize) v System.IO.StreamWriter..ctor(String path,
Boolean append, Encoding encoding) v System.IO.File.WriteAllText(String path,
String contents, Encoding encoding) v HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()


Error - 21.12.2011 12:14:54 | Computer Name = Zlata-HP | Source = Hewlett-Packard | ID = 0
Description = cs-CZ Část cesty C:\ProgramData\Hewlett-Packard\HP Support Framework\Logs\Temp\HPSA\HPSASession_201112211714.xml
nebyla nalezena. mscorlib v System.IO.__Error.WinIOError(Int32 errorCode, String
maybeFullPath) v System.IO.FileStream.Init(String path, FileMode mode, FileAccess
access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions
options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) v
System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare
share, Int32 bufferSize, FileOptions options) v System.IO.StreamWriter.CreateFile(String
path, Boolean append) v System.IO.StreamWriter..ctor(String path, Boolean append,
Encoding encoding, Int32 bufferSize) v System.IO.StreamWriter..ctor(String path,
Boolean append, Encoding encoding) v System.IO.File.WriteAllText(String path,
String contents, Encoding encoding) v HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()


Error - 29.12.2011 10:00:54 | Computer Name = Zlata-HP | Source = Hewlett-Packard | ID = 0
Description = cs-CZ Část cesty C:\ProgramData\Hewlett-Packard\HP Support Framework\Logs\Temp\HPSA\HPSASession_201112291500.xml
nebyla nalezena. mscorlib v System.IO.__Error.WinIOError(Int32 errorCode, String
maybeFullPath) v System.IO.FileStream.Init(String path, FileMode mode, FileAccess
access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions
options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) v
System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare
share, Int32 bufferSize, FileOptions options) v System.IO.StreamWriter.CreateFile(String
path, Boolean append) v System.IO.StreamWriter..ctor(String path, Boolean append,
Encoding encoding, Int32 bufferSize) v System.IO.StreamWriter..ctor(String path,
Boolean append, Encoding encoding) v System.IO.File.WriteAllText(String path,
String contents, Encoding encoding) v HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()


Error - 4.1.2012 17:09:10 | Computer Name = Zlata-HP | Source = Hewlett-Packard | ID = 0
Description = cs-CZ Část cesty C:\ProgramData\Hewlett-Packard\HP Support Framework\Logs\Temp\HPSA\HPSASession_201201042209.xml
nebyla nalezena. mscorlib v System.IO.__Error.WinIOError(Int32 errorCode, String
maybeFullPath) v System.IO.FileStream.Init(String path, FileMode mode, FileAccess
access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions
options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) v
System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare
share, Int32 bufferSize, FileOptions options) v System.IO.StreamWriter.CreateFile(String
path, Boolean append) v System.IO.StreamWriter..ctor(String path, Boolean append,
Encoding encoding, Int32 bufferSize) v System.IO.StreamWriter..ctor(String path,
Boolean append, Encoding encoding) v System.IO.File.WriteAllText(String path,
String contents, Encoding encoding) v HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()


Error - 12.1.2012 8:15:31 | Computer Name = Zlata-HP | Source = Hewlett-Packard | ID = 0
Description = cs-CZ Část cesty C:\ProgramData\Hewlett-Packard\HP Support Framework\Logs\Temp\HPSA\HPSASession_201201121315.xml
nebyla nalezena. mscorlib v System.IO.__Error.WinIOError(Int32 errorCode, String
maybeFullPath) v System.IO.FileStream.Init(String path, FileMode mode, FileAccess
access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions
options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) v
System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare
share, Int32 bufferSize, FileOptions options) v System.IO.StreamWriter.CreateFile(String
path, Boolean append) v System.IO.StreamWriter..ctor(String path, Boolean append,
Encoding encoding, Int32 bufferSize) v System.IO.StreamWriter..ctor(String path,
Boolean append, Encoding encoding) v System.IO.File.WriteAllText(String path,
String contents, Encoding encoding) v HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()


Error - 18.1.2012 15:17:39 | Computer Name = Zlata-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\011218081736.xml
File not created by asset agent

[ HP Power Assistant Events ]
Error - 5.4.2012 14:34:36 | Computer Name = Zlata-HP | Source = HP PA Application | ID = 0
Description = Current OS (processorVersion=64, version=6.1, servicePack=1.0) not
found in the dat file.

Error - 5.4.2012 15:19:17 | Computer Name = Zlata-HP | Source = HP PA Application | ID = 0
Description = Current OS (processorVersion=64, version=6.1, servicePack=1.0) not
found in the dat file.

Error - 5.4.2012 16:42:40 | Computer Name = Zlata-HP | Source = HP PA Application | ID = 0
Description = Current OS (processorVersion=64, version=6.1, servicePack=1.0) not
found in the dat file.

Error - 6.4.2012 14:37:22 | Computer Name = Zlata-HP | Source = HP PA Application | ID = 0
Description = Current OS (processorVersion=64, version=6.1, servicePack=1.0) not
found in the dat file.

Error - 6.4.2012 14:52:19 | Computer Name = Zlata-HP | Source = HP PA Application | ID = 0
Description = Current OS (processorVersion=64, version=6.1, servicePack=1.0) not
found in the dat file.

Error - 6.4.2012 15:56:34 | Computer Name = Zlata-HP | Source = HP PA Application | ID = 0
Description = Current OS (processorVersion=64, version=6.1, servicePack=1.0) not
found in the dat file.

Error - 6.4.2012 17:14:26 | Computer Name = Zlata-HP | Source = HP PA Application | ID = 0
Description = Current OS (processorVersion=64, version=6.1, servicePack=1.0) not
found in the dat file.

Error - 6.4.2012 17:21:44 | Computer Name = Zlata-HP | Source = HP PA Application | ID = 0
Description = Current OS (processorVersion=64, version=6.1, servicePack=1.0) not
found in the dat file.

Error - 6.4.2012 17:27:32 | Computer Name = Zlata-HP | Source = HP PA Application | ID = 0
Description = Current OS (processorVersion=64, version=6.1, servicePack=1.0) not
found in the dat file.

Error - 6.4.2012 17:37:51 | Computer Name = Zlata-HP | Source = HP PA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Chyba v aplikaci. v HardwareAccess.Hardware..ctor(Dispatcher
dispatcher, ServicePort port, Int32 timeout) v HardwareAccess.Hardware.Create(Dispatcher
dispatcher, ServicePort port, Int32 timeout) v HPPA_Main.MainWindow..ctor()

[ HP Wireless Assistant Events ]
Error - 16.2.2012 1:35:24 | Computer Name = Zlata-HP | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Not supported v System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) v System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

v HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()

Error - 16.2.2012 13:42:29 | Computer Name = Zlata-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Filtr zpráv volání zrušil.
(Výjimka na základě hodnoty HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) v System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) v System.Management.ManagementScope.InitializeGuts(Object
o) v System.Management.ManagementScope.Initialize() v System.Management.ManagementObject.Initialize(Boolean
getObject) v System.Management.ManagementBaseObject.get_Properties() v System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) v HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 18.2.2012 2:58:50 | Computer Name = Zlata-HP | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Not supported v System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) v System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

v HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()

Error - 18.2.2012 2:58:50 | Computer Name = Zlata-HP | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Not supported v System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) v System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

v HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()

Error - 6.3.2012 16:59:44 | Computer Name = Zlata-HP | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Not supported v System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) v System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

v HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()

Error - 6.3.2012 16:59:44 | Computer Name = Zlata-HP | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Not supported v System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) v System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

v HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()

Error - 22.3.2012 16:44:12 | Computer Name = Zlata-HP | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Not supported v System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) v System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

v HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()

Error - 22.3.2012 16:44:12 | Computer Name = Zlata-HP | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Not supported v System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) v System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

v HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()

Error - 30.3.2012 16:10:32 | Computer Name = Zlata-HP | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Not supported v System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) v System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

v HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()

Error - 30.3.2012 16:10:32 | Computer Name = Zlata-HP | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Not supported v System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) v System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

v HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()

[ System Events ]
Error - 2.1.2012 10:23:00 | Computer Name = Zlata-HP | Source = DCOM | ID = 10010
Description =


< End of report >

[Jan Pašek]

OTL logfile created on: 7.4.2012 1:13:09 - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Zlata.Zlata-HP\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,74 Gb Total Physical Memory | 2,38 Gb Available Physical Memory | 63,69% Memory free
7,48 Gb Paging File | 5,81 Gb Available in Paging File | 77,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448,47 Gb Total Space | 357,27 Gb Free Space | 79,66% Space Free | Partition Type: NTFS
Drive D: | 300,00 Mb Total Space | 189,91 Mb Free Space | 63,30% Space Free | Partition Type: NTFS
Drive E: | 15,00 Gb Total Space | 11,41 Gb Free Space | 76,09% Space Free | Partition Type: NTFS
Drive F: | 1,99 Gb Total Space | 1,41 Gb Free Space | 70,87% Space Free | Partition Type: FAT32

Computer Name: ZLATA-HP | User Name: Zlata | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 14 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Zlata.Zlata-HP\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)
PRC - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.)
PRC - c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard)
PRC - c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
PRC - C:\Windows\system\uArcCapture.exe (ArcSoft, Inc.)
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - D:\SetPoint\x86\SetPoint32.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - D:\SetPoint\x86\SetPoint32.exe ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (HP Power Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Hewlett-Packard Company)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (HPDayStarterService) -- c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe (Hewlett-Packard Company)
SRV:64bit: - (vcsFPService) -- C:\Windows\SysNative\vcsFPService.exe (Validity Sensors, Inc.)
SRV:64bit: - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard)
SRV:64bit: - (HpFkCryptService) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.)
SRV:64bit: - (DEBridge) -- c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe (McAfee, Inc.)
SRV:64bit: - (DpHost) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (hpHotkeyMonitor) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)
SRV - (vcsFPService) -- C:\Windows\SysWOW64\vcsFPService.exe (Validity Sensors, Inc.)
SRV - (HPFSService) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard)
SRV - (HP ProtectTools Service) -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
SRV - (FLCDLOCK) -- c:\Windows\SysWOW64\flcdlock.exe (Hewlett-Packard Ltd)
SRV - (uArcCapture) -- C:\Windows\system\uArcCapture.exe (ArcSoft, Inc.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (rtsuvc) -- C:\Windows\SysNative\drivers\rtsuvc.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Company)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (SbFsLock) -- C:\windows\SysNative\drivers\SbFsLock.sys (McAfee, Inc.)
DRV:64bit: - (RsvLock) -- C:\windows\SysNative\drivers\RsvLock.sys (McAfee, Inc.)
DRV:64bit: - (SafeBoot) -- C:\windows\SysNative\drivers\SafeBoot.sys ()
DRV:64bit: - (ARCVCAM) -- C:\Windows\SysNative\drivers\ArcSoftVCapture.sys (ArcSoft, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (DAMDrv) -- C:\Windows\SysNative\drivers\DAMDrv64.sys (Hewlett-Packard Development Company L.P.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SbAlg) -- C:\windows\SysNative\drivers\SbAlg.sys (McAfee, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (secdrv) -- C:\windows\SysWow64\drivers\SECDRV.SYS (Macrovision Europe Ltd)
DRV - (SbAlg) -- C:\windows\SysWow64\drivers\SbAlg.sys (McAfee, Inc.)
DRV - (SbFsLock) -- C:\windows\SysWow64\drivers\SbFsLock.sys (McAfee, Inc.)
DRV - (RsvLock) -- C:\windows\SysWow64\drivers\rsvlock.sys (McAfee, Inc.)
DRV - (SafeBoot) -- C:\windows\SysWow64\drivers\SafeBoot.sys (McAfee, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {D693C729-CB85-4E85-93E8-80D042E3065A}
IE:64bit: - HKLM\..\SearchScopes\{D693C729-CB85-4E85-93E8-80D042E3065A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
IE - HKLM\..\SearchScopes,DefaultScope = {D693C729-CB85-4E85-93E8-80D042E3065A}
IE - HKLM\..\SearchScopes\{D693C729-CB85-4E85-93E8-80D042E3065A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-922739708-3716183472-3119414927-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-922739708-3716183472-3119414927-1001\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-922739708-3716183472-3119414927-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=110000&tt=090212_noffx&babsrc=SP_ss&mntrId=02e5e929000000000000cc52af0c468f
IE - HKU\S-1-5-21-922739708-3716183472-3119414927-1001\..\SearchScopes\{470F27FD-89F5-4A9B-944C-823CDB3139E9}: "URL" = http://websearch.ask.com/redirect?clien ... &src=kw&q={searchTerms}&locale=&apn_ptnrs=FV&apn_dtid=YYYYYYYYCZ&apn_uid=9d5d9223-cc8f-44db-892c-c0adbef5b0de&apn_sauid=229FB708-326E-43E1-99B8-EBD7160A0064
IE - HKU\S-1-5-21-922739708-3716183472-3119414927-1001\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
IE - HKU\S-1-5-21-922739708-3716183472-3119414927-1001\..\SearchScopes\{D693C729-CB85-4E85-93E8-80D042E3065A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-922739708-3716183472-3119414927-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "RedCast Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3180798&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3180798&SearchSource=2&q="
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Zlata.Zlata-HP\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2010.12.09 18:38:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.06 19:33:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.18 18:15:31 | 000,000,000 | ---D | M]

[2011.06.09 21:32:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zlata.Zlata-HP\AppData\Roaming\mozilla\Extensions
[2012.02.16 20:32:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zlata.Zlata-HP\AppData\Roaming\mozilla\Firefox\Profiles\k24aro3m.default\extensions
[2012.02.16 20:04:40 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Users\Zlata.Zlata-HP\AppData\Roaming\mozilla\Firefox\Profiles\k24aro3m.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
[2012.02.16 20:32:17 | 000,000,000 | ---D | M] (RedCast Community Toolbar) -- C:\Users\Zlata.Zlata-HP\AppData\Roaming\mozilla\Firefox\Profiles\k24aro3m.default\extensions\{405bfc89-5750-4063-8559-c8f6ae4d64ca}
[2012.02.16 20:32:17 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\Zlata.Zlata-HP\AppData\Roaming\mozilla\Firefox\Profiles\k24aro3m.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2011.06.09 21:49:18 | 000,000,000 | ---D | M] (České slovníky pro kontrolu pravopisu) -- C:\Users\Zlata.Zlata-HP\AppData\Roaming\mozilla\Firefox\Profiles\k24aro3m.default\extensions\cs@dictionaries.addons.mozilla.org
[2012.01.03 17:27:44 | 000,002,333 | ---- | M] () -- C:\Users\Zlata.Zlata-HP\AppData\Roaming\Mozilla\Firefox\Profiles\k24aro3m.default\searchplugins\askcom.xml
[2012.02.13 04:07:12 | 000,000,917 | ---- | M] () -- C:\Users\Zlata.Zlata-HP\AppData\Roaming\Mozilla\Firefox\Profiles\k24aro3m.default\searchplugins\conduit.xml
[2011.07.11 19:30:03 | 000,002,055 | ---- | M] () -- C:\Users\Zlata.Zlata-HP\AppData\Roaming\Mozilla\Firefox\Profiles\k24aro3m.default\searchplugins\daemon-search.xml
[2012.01.18 20:11:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.08.13 19:31:53 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\extensions\quickstores@quickstores.de
() (No name found) -- C:\USERS\ZLATA.ZLATA-HP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K24ARO3M.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
[2012.03.01 11:24:34 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.16 20:04:08 | 000,002,352 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.03.23 13:21:32 | 000,002,208 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\heureka-cz.xml
[2012.03.23 13:21:32 | 000,000,638 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\jyxo-cz.xml
[2012.03.23 13:21:32 | 000,001,367 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\seznam-cz.xml
[2012.03.23 13:21:32 | 000,000,654 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\slunecnice-cz.xml
[2012.03.23 13:21:32 | 000,001,179 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2012.04.07 00:32:22 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-922739708-3716183472-3119414927-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-922739708-3716183472-3119414927-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-922739708-3716183472-3119414927-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-922739708-3716183472-3119414927-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-922739708-3716183472-3119414927-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.2.0)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F9273EC-9C24-4915-B223-E0A7FA37A68D}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC8E59C4-BCCA-494E-B040-2679F459B757}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\SysWow64\DeviceNP.dll (Hewlett-Packard Limited)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2012.04.07 01:00:12 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Zlata.Zlata-HP\Desktop\OTL.exe
[2012.04.07 00:50:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.04.07 00:36:25 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012.04.06 22:07:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.06 22:07:21 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012.04.05 21:01:05 | 000,000,000 | ---D | C] -- C:\Users\Zlata.Zlata-HP\AppData\Local\ElevatedDiagnostics
[2012.04.05 19:42:05 | 000,000,000 | ---D | C] -- C:\Users\Zlata.Zlata-HP\AppData\Roaming\Malwarebytes
[2012.04.05 19:41:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.05 19:41:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2012.04.07 01:00:23 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Zlata.Zlata-HP\Desktop\OTL.exe
[2012.04.07 00:58:12 | 000,019,760 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.07 00:58:12 | 000,019,760 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.07 00:54:45 | 000,100,864 | ---- | M] () -- C:\Users\Zlata.Zlata-HP\Desktop\T-Cleaner.exe
[2012.04.07 00:53:05 | 000,000,946 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-922739708-3716183472-3119414927-1001UA.job
[2012.04.07 00:50:49 | 000,000,948 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.07 00:50:40 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.04.07 00:50:35 | 4016,496,640 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.07 00:37:16 | 001,577,410 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012.04.07 00:37:16 | 000,666,656 | ---- | M] () -- C:\windows\SysNative\perfh005.dat
[2012.04.07 00:37:16 | 000,652,360 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012.04.07 00:37:16 | 000,140,320 | ---- | M] () -- C:\windows\SysNative\perfc005.dat
[2012.04.07 00:37:16 | 000,121,292 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012.04.07 00:34:01 | 000,000,952 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.07 00:32:22 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012.04.06 23:10:08 | 000,000,137 | ---- | M] () -- C:\Users\Zlata.Zlata-HP\Desktop\pc-help.url
[2012.04.06 21:53:40 | 000,000,332 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForZlata.job
[2012.04.06 21:53:00 | 000,000,924 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-922739708-3716183472-3119414927-1001Core.job
[2012.04.06 21:26:05 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.04.07 00:54:44 | 000,100,864 | ---- | C] () -- C:\Users\Zlata.Zlata-HP\Desktop\T-Cleaner.exe
[2012.04.06 23:09:54 | 000,000,137 | ---- | C] () -- C:\Users\Zlata.Zlata-HP\Desktop\pc-help.url
[2011.12.11 13:47:25 | 001,556,632 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011.07.25 18:05:15 | 000,000,182 | ---- | C] () -- C:\windows\disneysy.ini
[2011.07.25 17:59:31 | 000,000,936 | ---- | C] () -- C:\windows\disney.ini
[2011.07.13 11:42:28 | 000,000,693 | ---- | C] () -- C:\windows\eReg.dat
[2011.06.09 22:18:49 | 000,000,384 | ---- | C] () -- C:\windows\ODBC.INI
[2011.05.30 14:20:21 | 000,000,760 | ---- | C] () -- C:\Users\Zlata.Zlata-HP\AppData\Roaming\setup_ldm.iss
[2011.03.02 10:50:25 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2010.12.09 19:17:16 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdgfbea.sys
[2010.12.09 18:53:40 | 000,000,188 | ---- | C] () -- C:\windows\SysWow64\HPWA.ini
[2010.12.09 18:44:45 | 000,000,178 | ---- | C] () -- C:\windows\SysWow64\HPPA.ini
[2010.06.02 14:28:14 | 000,002,189 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2011.05.23 14:30:08 | 000,000,000 | ---D | M] -- C:\Users\Zlata\AppData\Roaming\DigitalPersona
[2012.02.16 20:04:06 | 000,000,000 | ---D | M] -- C:\Users\Zlata.Zlata-HP\AppData\Roaming\Babylon
[2012.02.16 20:04:38 | 000,000,000 | ---D | M] -- C:\Users\Zlata.Zlata-HP\AppData\Roaming\Complitly
[2012.04.05 20:14:20 | 000,000,000 | ---D | M] -- C:\Users\Zlata.Zlata-HP\AppData\Roaming\DAEMON Tools Lite
[2011.05.26 22:35:39 | 000,000,000 | ---D | M] -- C:\Users\Zlata.Zlata-HP\AppData\Roaming\DigitalPersona
[2011.05.30 14:20:28 | 000,000,000 | ---D | M] -- C:\Users\Zlata.Zlata-HP\AppData\Roaming\Leadertech
[2011.07.25 19:20:15 | 000,000,000 | ---D | M] -- C:\Users\Zlata.Zlata-HP\AppData\Roaming\MagicBall3
[2011.06.09 22:37:29 | 000,000,000 | ---D | M] -- C:\Users\Zlata.Zlata-HP\AppData\Roaming\PhotoFiltre
[2012.04.06 19:33:42 | 000,000,000 | ---D | M] -- C:\Users\Zlata.Zlata-HP\AppData\Roaming\QuickStoresToolbar
[2011.05.26 23:00:06 | 000,000,000 | ---D | M] -- C:\Users\Zlata.Zlata-HP\AppData\Roaming\Tific
[2012.04.06 21:53:00 | 000,000,924 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-922739708-3716183472-3119414927-1001Core.job
[2012.04.07 00:53:05 | 000,000,946 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-922739708-3716183472-3119414927-1001UA.job
[2012.01.30 14:02:23 | 000,032,594 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

[Damned]

Já myslel, že si se zakoukal do Vetřelce

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/Opravy do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
IE - HKU\S-1-5-21-922739708-3716183472-3119414927-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=110000&tt=090212_noffx&babsrc=SP_ss&mntrId=02e5e929000000000000cc52af0c468f
IE - HKU\S-1-5-21-922739708-3716183472-3119414927-1001\..\SearchScopes\{470F27FD-89F5-4A9B-944C-823CDB3139E9}: "URL" = http://websearch.ask.com/redirect?clien ... &src=kw&q={searchTerms}&locale=&apn_ptnrs=FV&apn_dtid=YYYYYYYYCZ&apn_uid=9d5d9223-cc8f-44db-892c-c0adbef5b0de&apn_sauid=229FB708-326E-43E1-99B8-EBD7160A0064
IE - HKU\S-1-5-21-922739708-3716183472-3119414927-1001\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
FF - prefs.js..browser.search.defaultthis.engineName: "RedCast Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3180798&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3180798&SearchSource=2&q="
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-922739708-3716183472-3119414927-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-922739708-3716183472-3119414927-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

:Services

:Files
C:\Users\Zlata.Zlata-HP\AppData\Roaming\Babylon
C:\Users\Zlata.Zlata-HP\AppData\Roaming\QuickStoresToolbar
C:\windows\ativpsrm.bin
C:\windows\SysWow64\*.tmp
C:\windows\SysWow64\*.tmp.dll
C:\windows\SysWow64\SET*.tmp
C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
C:\Program Files (x86)\Mozilla Firefox\extensions\quickstores@quickstores.de
C:\Users\Zlata.Zlata-HP\AppData\Roaming\Mozilla\Firefox\Profiles\k24aro3m.default\searchplugins\askcom.xml
C:\Users\Zlata.Zlata-HP\AppData\Roaming\Mozilla\Firefox\Profiles\k24aro3m.default\searchplugins\conduit.xml
C:\Users\Zlata.Zlata-HP\AppData\Roaming\Mozilla\Firefox\Profiles\k24aro3m.default\searchplugins\daemon-search.xml
C:\Windows\SysNative\*.tmp
C:\Windows\SysNative\SET*.tmp
C:\WINDOWS\*.tmp
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\system32\*.tmp.dll
C:\WINDOWS\tasks\SA.DAT
C:\WINDOWS\system32\SET*.tmp
C:\Recycler
C:\$RECYCLE.BIN
C:\RECYCLER
C:\Windows\tasks\*.job

:Reg

:Commands
[purity]
[emptytemp]
[emptyflash]
[start explorer]
[Reboot]

Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.