Zřetelně zpomalený PC

Eli · Příspěvekod **Eli** » 28 lis 2009 19:30

Zpomalilo se mi zřetelně PC, kdykoliv kliknu na něco na ploše (na adresář), tak mi vyběhne hláška, že průzkumník windows se chce připojit na vzdálenou stranu Local host, což dám zakázat ve Win Patrol. Něco mi našel log MWAV:

** Scanning may fail! File Locked [SUSPICIOUS]: H:\WINDOWS\System32\Drivers\dtscsi.sys (????)
** Scanning may fail! File Locked [SUSPICIOUS]: H:\WINDOWS\system32\Drivers\sptd.sys (????)
Soubor H:\Eliáš Martin\Data aplikací\Install.dat je infikovaný virem Adware.Spysheriff.X (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor H:\Eliáš Martin\Local Settings\Data aplikací\Microsoft\Outlook\outlook.pst je infikovaný virem Win32.BugBear.B@mm (DB) !! Provedené akce: Ponecháno, neodstraněno!.

dále log z Hi Jack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:24:02, on 28.11.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Windows Defender\MsMpEng.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\DAEMON Tools\daemon.exe
H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
H:\Program Files\Java\jre6\bin\jusched.exe
H:\Program Files\HP\HP Software Update\HPWuSchd2.exe
H:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
H:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
H:\WINDOWS\System32\svchost.exe
H:\Program Files\CDBurnerXP\NMSAccessU.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
H:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\wscntfy.exe
H:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
H:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
H:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
H:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
H:\Program Files\ESET\ESET Smart Security\ekrn.exe
H:\Program Files\ESET\ESET Smart Security\egui.exe
H:\Program Files\Opera\opera.exe
H:\Program Files\Winamp\winamp.exe
H:\Program Files\ICQ6.5\ICQ.exe
H:\Documents and Settings\Martin Eliáš\Plocha\Utility\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - H:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - H:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DAEMON Tools] "H:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinPatrol] H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [Task Catcher] H:\PROGRA~1\BILLPS~1\TASKCA~1\tasktrap.exe
O4 - HKLM\..\Run: [TkBellExe] "H:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] H:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [egui] "H:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [SUPERAntiSpyware] H:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "H:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - H:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - H:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: !SASWinLogon - H:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - H:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - H:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - H:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - H:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - H:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - H:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: ServiceLayer - Nokia. - H:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - H:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

--
End of file - 7168 bytes

Díky za pomoc!

Upraven nic neříkající název. Většina tazatelů má problém s PC, ale to nic neříká o problému. Název má, pokud možno, vystihovat podstatu problému. Přečti si laskavě pravidla tohoto fóra. Děkuji za pochopení! Pic

Reklama

Příspěvekod **jaro3** » 28 lis 2009 19:40

Především:

Máš:
ESET Smart Security-Rychlý antivirus, antispyware, personal firewall a antispam v jediném produktu.
Win Patrol---měl bys odinstalovat
Sunbelt Software\Personal Firewall (Kerio)--pokud používáš Kerio, vypni firewall v ESS.

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.

Vypni si rez.ochrany i firewall.
Stáhni si Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit, smazat, přesunout nebo přejmenovat

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Eli · Příspěvekod **Eli** » 29 lis 2009 18:05

Kerio jsem odistaloval. Win Patrol si chci nechat, většinou mě právě ten upozorní, že je něco špatně.

Zbytek proveden, Dr. Web našel tři věci a změněný HOST.

Log Malware:

Malwarebytes' Anti-Malware 1.41
Verze databáze: 3257
Windows 5.1.2600 Service Pack 2

29.11.2009 18:04:20
mbam-log-2009-11-29 (18-04-20).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 100730
Uplynulý čas: 3 minute(s), 56 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)

Příspěvekod **jaro3** » 29 lis 2009 18:21

Aha , pokud chceš ponechat WinPatrol (osobně to nedoporučuji) , vypni si antispywarovou ochranu u ESS.

Vypni rez. ochrany + firewall u ESET Smart Security+ deaktivuj Win Patrol

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Otevři poznámkový blok zkopíruj do něj níže napsaný text a dej uložit jako pod tímto jménem
FixHosts.bat na plochu pak jej poklepáním spusť.

Kód: Vybrat vše

@echo off
del /q /a /f %systemroot%\system32\drivers\etc\hosts 2>nul
echo 127.0.0.1 localhost>>%systemroot%\system32\drivers\etc\hosts
exit

najdi a smaž:
H:\Eliáš Martin\Data aplikací\Install.dat

Eli · Příspěvekod **Eli** » 29 lis 2009 19:00

Udělal jsem Combo Fix, pak soubor z poznámkového bloku, ten jsem spustil a prolétlo mi hrozně rychle okno, nevím co tam bylo napsáno.

log z combo je zde:

ComboFix 09-11-28.04 - Martin Eliáš 29.11.2009 18:45.8.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.693 [GMT 1:00]
Spuštěný z: h:\documents and settings\Martin Eliáš\Plocha\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Vytvořen nový Bod Obnovení
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

h:\windows\regedit.com
h:\windows\system32\taskmgr.com
h:\windows\system32\twain_32.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-10-28 do 2009-11-29 )))))))))))))))))))))))))))))))
.

2009-11-28 14:28 . 2009-11-28 14:28 -------- d---a-w- h:\windows\VDLL.DLL
2009-11-28 14:28 . 2009-11-28 14:28 -------- d---a-w- h:\windows\system32\runouce.exe
2009-11-28 14:28 . 2009-11-28 14:28 -------- d---a-w- h:\windows\rundll16.exe
2009-11-28 14:28 . 2009-11-28 14:28 -------- d---a-w- h:\windows\RUNDL132.EXE
2009-11-28 14:28 . 2009-11-28 14:28 -------- d---a-w- h:\windows\logo1_.exe
2009-11-28 14:28 . 2009-11-28 14:28 -------- d---a-w- h:\windows\logo_1.exe
2009-11-28 14:26 . 2009-11-28 14:26 632064 ----a-w- h:\windows\system32\msvcr80.dll
2009-11-28 14:26 . 2009-11-28 14:26 554240 ----a-w- h:\windows\system32\msvcp80.dll
2009-11-28 14:26 . 2009-11-28 14:26 34048 ----a-w- h:\windows\system32\eEmpty.exe
2009-11-28 14:26 . 2004-08-17 15:49 147968 ----a-w- h:\windows\R.COM
2009-11-28 14:26 . 2004-08-17 15:49 137216 ----a-w- h:\windows\system32\T.COM
2009-11-28 14:26 . 2009-11-28 14:26 -------- d-----w- h:\program files\Common Files\MicroWorld
2009-11-08 17:28 . 2009-11-08 17:28 -------- d-----w- h:\windows\Hewlett-Packard
2009-11-07 14:31 . 2009-04-16 13:08 123904 ----a-w- h:\windows\system32\hpf3l70v.dll
2009-11-07 14:31 . 2009-04-15 21:53 452408 ----a-r- h:\windows\system32\hpzids01.dll
2009-11-07 14:30 . 2009-02-10 20:03 966656 ----a-r- h:\windows\system32\hpost_p02c.dll
2009-11-07 14:30 . 2009-02-10 20:03 712704 ----a-r- h:\windows\system32\hposwia_p02c.dll
2009-11-07 14:30 . 2009-02-10 20:03 315392 ----a-r- h:\windows\system32\hposc_p02a.dll
2009-11-07 14:30 . 2008-10-28 10:27 372736 ----a-r- h:\windows\system32\hppldcoi.dll
2009-11-07 14:30 . 2008-10-28 10:27 309760 ----a-r- h:\windows\system32\difxapi.dll
2009-11-07 14:25 . 2009-11-07 14:25 -------- d-----w- h:\program files\Common Files\HP
2009-11-07 14:18 . 2009-11-08 17:28 -------- d-----w- h:\program files\HP
2009-11-07 14:16 . 2009-11-07 14:36 216046 ----a-w- h:\windows\hpoins43.dat
2009-11-07 14:16 . 2009-05-22 09:25 675 ------w- h:\windows\hpomdl43.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-29 16:56 . 2009-05-04 20:39 -------- d-----w- h:\program files\Malwarebytes' Anti-Malware
2009-11-29 16:54 . 2008-07-23 18:15 -------- d-----w- h:\program files\uTorrent
2009-11-28 11:02 . 2007-02-25 23:30 -------- d-----w- h:\program files\ESET
2009-11-27 17:57 . 2008-02-20 19:57 -------- d-----w- h:\program files\Yahoo!
2009-11-24 19:12 . 2008-02-08 20:35 -------- d-----w- h:\program files\Opera
2009-11-24 19:08 . 2008-02-08 18:59 -------- d-----w- h:\program files\SUPERAntiSpyware
2009-11-18 20:02 . 2001-10-25 13:00 68736 ----a-w- h:\windows\system32\perfc005.dat
2009-11-18 20:02 . 2001-10-25 13:00 389664 ----a-w- h:\windows\system32\perfh005.dat
2009-10-07 18:49 . 2009-10-07 18:49 -------- d-----w- h:\program files\MKVTOAVI
2009-10-07 18:39 . 2009-10-07 18:39 47360 ----a-w- h:\windows\system32\drivers\pcouffin.sys
2009-10-07 18:39 . 2009-10-07 18:39 -------- d-----w- h:\program files\DVDFab 6
2009-10-06 15:38 . 2009-05-06 20:14 411368 ----a-w- h:\windows\system32\deploytk.dll
2009-10-06 15:37 . 2009-10-06 15:37 -------- d-----w- h:\program files\Java
2009-10-02 19:01 . 2007-02-25 23:12 -------- d--h--w- h:\program files\InstallShield Installation Information
2009-10-02 18:39 . 2009-10-02 18:39 -------- d-----w- h:\program files\Black Isle
2009-10-02 18:37 . 2009-09-22 19:25 -------- d-----w- h:\program files\VS Revo Group
2009-10-02 18:35 . 2009-02-28 14:34 -------- d-----w- h:\program files\Miranda IM
2009-10-02 12:26 . 2009-10-02 12:26 -------- d-----w- h:\program files\Xplosiv
2009-10-02 12:03 . 2009-10-02 12:03 -------- d-----w- h:\program files\Ve stínu havrana
2009-09-30 21:35 . 2009-09-30 17:07 190184 --sha-w- h:\windows\system32\drivers\fidbox.idx
2009-09-30 21:35 . 2009-09-30 17:07 16048160 --sha-w- h:\windows\system32\drivers\fidbox.dat
2009-09-10 13:54 . 2009-05-04 20:39 38224 ----a-w- h:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 13:53 . 2009-05-04 20:39 19160 ----a-w- h:\windows\system32\drivers\mbam.sys
2008-04-28 21:09 . 2008-04-28 21:09 534975 ----a-w- h:\program files\Strokes.8tx
2008-04-28 21:09 . 2008-04-28 21:09 1306624 ----a-w- h:\program files\SketchMasterDemo.8bf
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="h:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-11-24 2001648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="h:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"DAEMON Tools"="h:\program files\DAEMON Tools\daemon.exe" [2005-12-10 133016]
"WinPatrol"="h:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-04-20 337216]
"Task Catcher"="h:\progra~1\BILLPS~1\TASKCA~1\tasktrap.exe" [2005-11-14 136760]
"TkBellExe"="h:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-02-27 180269]
"SunJavaUpdateSched"="h:\program files\Java\jre6\bin\jusched.exe" [2009-10-06 149280]
"HP Software Update"="h:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"egui"="h:\program files\ESET\ESET Smart Security\egui.exe" [2008-03-01 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="h:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
"DWQueuedReporting"="h:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 36040]

h:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - h:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "h:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-23 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-29 19:31 548352 ----a-w- h:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"h:\\Program Files\\uTorrent\\utorrent.exe"=
"h:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"h:\\Program Files\\Skype\\Phone\\Skype.exe"=
"h:\\Program Files\\ICQ6.5\\ICQ.exe"=
"h:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"h:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"h:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"h:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"h:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"h:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"h:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"h:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"h:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"h:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"h:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"h:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"h:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"h:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"h:\\Program Files\\Opera\\opera.exe"=

R1 SASDIFSV;SASDIFSV;h:\program files\SUPERAntiSpyware\SASDIFSV.SYS [29.2.2008 15:03 9968]
R1 SASKUTIL;SASKUTIL;h:\program files\SUPERAntiSpyware\SASKUTIL.SYS [29.2.2008 15:03 74480]
R2 ekrn;Eset Service;h:\program files\ESET\ESET Smart Security\ekrn.exe [21.12.2007 8:21 468224]
R2 WinDefend;Windows Defender;h:\program files\Windows Defender\MsMpEng.exe [3.11.2006 18:19 13592]
S0 sptd;sptd;h:\windows\system32\Drivers\sptd.sys --> h:\windows\system32\Drivers\sptd.sys [?]
S3 SASENUM;SASENUM;h:\program files\SUPERAntiSpyware\SASENUM.SYS [16.2.2006 15:51 4096]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'

2009-08-21 h:\windows\Tasks\AppleSoftwareUpdate.job
- h:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 16:13]

2009-11-29 h:\windows\Tasks\MP Scheduled Scan.job
- h:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Office Excel - h:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\*
FF - ProfilePath - h:\documents and settings\Martin Eliáš\Data aplikací\Mozilla\Firefox\Profiles\bxt7tewp.default\
FF - component: h:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: h:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: h:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: h:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: h:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: h:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: h:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: h:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: h:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: h:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: h:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: h:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: h:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: h:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll

---- NASTAVENÍ FIREFOXU ----
h:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-NVIDIA Drivers - h:\windows\system32\nvudisp.exe UninstallGUI
AddRemove-RealJukebox 1.0 - h:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
AddRemove-RealPlayer 6.0 - h:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-29 18:52
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(888)
h:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Celkový čas: 2009-11-29 18:55
ComboFix-quarantined-files.txt 2009-11-29 17:54
ComboFix2.txt 2009-09-24 17:26

Před spuštěním: Volných bajtů: 157 508 341 760
Po spuštění: Volných bajtů: 157 535 666 176

- - End Of File - - E22503BFD492AB7953CADEA061CBFF46

Díky moc

Příspěvekod **jaro3** » 29 lis 2009 19:14

Toto otestuj na Virustotal
h:\windows\hpoins43.dat
h:\windows\hpomdl43.dat
h:\windows\hpomdl43.dat
Vlož sem pak odkazy na stránky výsledků.

Stáhni si program OTM (by OldTimer)
http://www.edisk.cz/stahni/07995/OTMove ... .39KB.html
a ulož si ho na disk C a spusť ho.
- Do levého sloupce (Paste Instructions for Items to be Moved) zkopíruj tyto cesty:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE

Kód: Vybrat vše

:Processes
explorer.exe

:Services

:Reg

:Files
h:\windows\RUNDL132.EXE
h:\windows\system32\drivers\fidbox.idx
h:\windows\system32\drivers\fidbox.dat

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď.

Opakuj:
ROOTREPEAL
Zítra..

Eli · Příspěvekod **Eli** » 29 lis 2009 19:37

Ahoj,
nepochopil jsem co znamenaj povel: Opakuj rootrepeal

jinak soubory hp podle mě jsou pozůstatky tiskárny HP co jsem kdysi měl a odinstaloval asi před půl rokem. přesto jsem je otestoval (jen dva soubory, jeden je ve tvých pokynech duplicitně):

Soubor hpoins43.dat přijatý 2009.11.29 18:22:45 (UTC)
Současný stav: Dokončeno
Výsledek: 0/41 (0%)
Formátované
Vytisknout výsledky Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.43 2009.11.29 -
AhnLab-V3 5.0.0.2 2009.11.28 -
AntiVir 7.9.1.79 2009.11.27 -
Antiy-AVL 2.0.3.7 2009.11.27 -
Authentium 5.2.0.5 2009.11.29 -
Avast 4.8.1351.0 2009.11.29 -
AVG 8.5.0.426 2009.11.29 -
BitDefender 7.2 2009.11.29 -
CAT-QuickHeal 10.00 2009.11.28 -
ClamAV 0.94.1 2009.11.29 -
Comodo 3081 2009.11.29 -
DrWeb 5.0.0.12182 2009.11.29 -
eSafe 7.0.17.0 2009.11.29 -
eTrust-Vet 35.1.7146 2009.11.27 -
F-Prot 4.5.1.85 2009.11.29 -
F-Secure 9.0.15370.0 2009.11.24 -
Fortinet 4.0.14.0 2009.11.29 -
GData 19 2009.11.29 -
Ikarus T3.1.1.74.0 2009.11.29 -
Jiangmin 11.0.800 2009.11.29 -
K7AntiVirus 7.10.906 2009.11.27 -
Kaspersky 7.0.0.125 2009.11.29 -
McAfee 5817 2009.11.29 -
McAfee+Artemis 5817 2009.11.29 -
McAfee-GW-Edition 6.8.5 2009.11.29 -
Microsoft 1.5302 2009.11.29 -
NOD32 4647 2009.11.29 -
Norman 6.03.02 2009.11.27 -
nProtect 2009.1.8.0 2009.11.28 -
Panda 10.0.2.2 2009.11.29 -
PCTools 7.0.3.5 2009.11.29 -
Prevx 3.0 2009.11.29 -
Rising 22.23.06.04 2009.11.29 -
Sophos 4.48.0 2009.11.29 -
Sunbelt 3.2.1858.2 2009.11.29 -
Symantec 1.4.4.12 2009.11.29 -
TheHacker 6.5.0.2.081 2009.11.28 -
TrendMicro 9.100.0.1001 2009.11.29 -
VBA32 3.12.12.0 2009.11.29 -
ViRobot 2009.11.28.2060 2009.11.28 -
VirusBuster 5.0.21.0 2009.11.29 -
Rozšiřující informace
File size: 216046 bytes
MD5...: 18bb5effd6a8ef3f293485782b62f930
SHA1..: 5a6fc304b13eebb466f8a6f5a62b4d5bf5edc3db
SHA256: 4d2a46d17728f8b03699300cea6c1ac53c074a443dea1ebf15f700d0501db6f2
ssdeep: 3072:9zDxO7H7jpyVDn7Ec7Er6VaGVJ03OM3JYbmqN5bo0nCM:byvr6VaG6YbrNh
EM
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Generic INI configuration (100.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -

Soubor hpomdl43.dat přijatý 2009.11.29 18:24:48 (UTC)
Současný stav: Dokončeno
Výsledek: 0/41 (0%)
Formátované
Vytisknout výsledky Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.43 2009.11.29 -
AhnLab-V3 5.0.0.2 2009.11.28 -
AntiVir 7.9.1.79 2009.11.27 -
Antiy-AVL 2.0.3.7 2009.11.27 -
Authentium 5.2.0.5 2009.11.29 -
Avast 4.8.1351.0 2009.11.29 -
AVG 8.5.0.426 2009.11.29 -
BitDefender 7.2 2009.11.29 -
CAT-QuickHeal 10.00 2009.11.28 -
ClamAV 0.94.1 2009.11.29 -
Comodo 3081 2009.11.29 -
DrWeb 5.0.0.12182 2009.11.29 -
eSafe 7.0.17.0 2009.11.29 -
eTrust-Vet 35.1.7146 2009.11.27 -
F-Prot 4.5.1.85 2009.11.29 -
F-Secure 9.0.15370.0 2009.11.24 -
Fortinet 4.0.14.0 2009.11.29 -
GData 19 2009.11.29 -
Ikarus T3.1.1.74.0 2009.11.29 -
Jiangmin 11.0.800 2009.11.29 -
K7AntiVirus 7.10.906 2009.11.27 -
Kaspersky 7.0.0.125 2009.11.29 -
McAfee 5817 2009.11.29 -
McAfee+Artemis 5817 2009.11.29 -
McAfee-GW-Edition 6.8.5 2009.11.29 -
Microsoft 1.5302 2009.11.29 -
NOD32 4647 2009.11.29 -
Norman 6.03.02 2009.11.27 -
nProtect 2009.1.8.0 2009.11.28 -
Panda 10.0.2.2 2009.11.29 -
PCTools 7.0.3.5 2009.11.29 -
Prevx 3.0 2009.11.29 -
Rising 22.23.06.04 2009.11.29 -
Sophos 4.48.0 2009.11.29 -
Sunbelt 3.2.1858.2 2009.11.29 -
Symantec 1.4.4.12 2009.11.29 -
TheHacker 6.5.0.2.081 2009.11.28 -
TrendMicro 9.100.0.1001 2009.11.29 -
VBA32 3.12.12.0 2009.11.29 -
ViRobot 2009.11.28.2060 2009.11.28 -
VirusBuster 5.0.21.0 2009.11.29 -
Rozšiřující informace
File size: 675 bytes
MD5...: c856b249b33d5c4464eb7f60d5a3060e
SHA1..: 8e06fea0e92e87e5ce8d45ff7daa9edb70de3e42
SHA256: f0fd9b9dec51247b61a673fb6194269c25ceb07d91cd12fa706b405c7ee72c64
ssdeep: 12:SQB5hXP6hqfMsBvg6aBCVHgNsJ1AFLFBe/h0U3BOfK5cAN9aA6/BN:SQBf6h6
MsBvgpBkANsnAXBpmBOfaaAob
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Generic INI configuration (100.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

+ log z OTM:

All processes killed
========== PROCESSES ==========
Process explorer.exe killed successfully!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
h:\windows\RUNDL132.EXE folder moved successfully.
h:\windows\system32\drivers\fidbox.idx moved successfully.
h:\windows\system32\drivers\fidbox.dat moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: Martin Eliá

User: Martin Eliáš
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 45910367 bytes
->Opera cache emptied: 610536 bytes

User: Martin Eli��

User: NetworkService
->Temp folder emptied: 888 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 3646 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 142 bytes

Total Files Cleaned = 44,46 mb

OTM by OldTimer - Version 3.1.2.0 log created on 11292009_192703

Files moved on Reboot...
H:\WINDOWS\temp\HPSLPSVC0000.log moved successfully.

Registry entries deleted on Reboot...

díky

Příspěvekod **jaro3** » 29 lis 2009 19:54

Takže je smažem:

Znovu OTM
- Do levého sloupce (Paste Instructions for Items to be Moved) zkopíruj tyto cesty:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE

Kód: Vybrat vše

:Processes
explorer.exe

:Services

:Reg

:Files
h:\windows\hpoins43.dat
h:\windows\hpomdl43.dat
h:\windows\hpomdl43.dat

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď.

Stáhni si OTL
na plochu. Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Output klikni na minimal Output.Pod Standard Registry změň na All.. Zatrhni LOP Check a Purity Check. Klikni na Run Scan. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTListIt.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.
Zítra se podívám.

Eli · Příspěvekod **Eli** » 29 lis 2009 20:13

OTL šlo nečekaně rychle:

OTL logfile created on: 29.11.2009 20:08:45 - Run 1
OTL by OldTimer - Version 3.1.11.2 Folder = H:\Documents and Settings\Martin Eliáš\Plocha\Utility
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1023,17 Mb Total Physical Memory | 473,93 Mb Available Physical Memory | 46,32% Memory free
2,40 Gb Paging File | 1,99 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): H:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program Files
Drive C: | 465,74 Gb Total Space | 41,52 Gb Free Space | 8,91% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 232,88 Gb Total Space | 146,78 Gb Free Space | 63,03% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive K: | 7,81 Mb Total Space | 2,77 Mb Free Space | 35,51% Space Free | Partition Type: NTFS

Computer Name: MELIAS
Current User Name: Martin Eliáš
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - H:\Documents and Settings\Martin Eliáš\Plocha\Utility\OTL.exe (OldTimer Tools)
PRC - H:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - H:\Program Files\Opera\opera.exe (Opera Software)
PRC - H:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - H:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - H:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard Co.)
PRC - H:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.)
PRC - H:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett-Packard)
PRC - H:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - H:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
PRC - H:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
PRC - H:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
PRC - H:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
PRC - H:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - H:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe (Acronis)
PRC - H:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - H:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - H:\Program Files\Bonjour\mDNSResponder.exe (Apple Computer, Inc.)
PRC - H:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - H:\WINDOWS\explorer.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - H:\Documents and Settings\Martin Eliáš\Plocha\Utility\OTL.exe (OldTimer Tools)
MOD - H:\Program Files\BillP Studios\WinPatrol\patrolpro.dll (BillP Studios)
MOD - H:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - H:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (JavaQuickStarterService) -- H:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (HPSLPSVC) -- H:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL (Hewlett-Packard Co.)
SRV - (hpqddsvc) -- H:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (hpqcxs08) -- H:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (Pml Driver HPZ12) -- H:\WINDOWS\system32\HPZipm12.dll (Hewlett-Packard)
SRV - (Net Driver HPZ12) -- H:\WINDOWS\system32\HPZinw12.dll (Hewlett-Packard)
SRV - (ServiceLayer) -- H:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (FLEXnet Licensing Service) -- H:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (EhttpSrv) -- H:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (ESET)
SRV - (ekrn) -- H:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
SRV - (NMSAccessU) -- H:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (AcrSch2Svc) -- H:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe (Acronis)
SRV - (WinDefend) -- H:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (iPod Service) -- H:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc.)
SRV - (NVSvc) -- H:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (Bonjour Service) -- H:\Program Files\Bonjour\mDNSResponder.exe (Apple Computer, Inc.)
SRV - (ose) -- H:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (pcouffin) -- H:\WINDOWS\system32\drivers\pcouffin.sys (VSO Software)
DRV - (SASKUTIL) -- H:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (dtscsi) -- H:\WINDOWS\system32\drivers\dtscsi.sys.10117281 (DT Soft Ltd.)
DRV - (SASDIFSV) -- H:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (HPZid412) -- H:\WINDOWS\system32\drivers\HPZid412.sys (HP)
DRV - (HPZius12) -- H:\WINDOWS\system32\drivers\HPZius12.sys (HP)
DRV - (HPZipr12) -- H:\WINDOWS\system32\drivers\HPZipr12.sys (HP)
DRV - (UsbserFilt) -- H:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nmwcdc) -- H:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- H:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (upperdev) -- H:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (pccsmcfd) -- H:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (epfwtdi) -- H:\WINDOWS\system32\drivers\epfwtdi.sys (ESET)
DRV - (Epfwndis) -- H:\WINDOWS\system32\drivers\epfwndis.sys (ESET)
DRV - (epfw) -- H:\WINDOWS\system32\drivers\epfw.sys (ESET)
DRV - (easdrv) -- H:\WINDOWS\system32\drivers\easdrv.sys (ESET)
DRV - (eamon) -- H:\WINDOWS\system32\drivers\eamon.sys (ESET)
DRV - (AFS2K) -- H:\WINDOWS\system32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (PxHelp20) -- H:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (sptd) -- H:\WINDOWS\system32\drivers\sptd.sys.21121284 (Duplex Secure Ltd.)
DRV - (nv) -- H:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (GEARAspiWDM) -- H:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (JRAID) -- H:\WINDOWS\system32\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV - (RTLE8023xp) -- H:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (StarOpen) -- H:\WINDOWS\system32\drivers\StarOpen.sys ()
DRV - (ADIHdAudAddService) -- H:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (AEAudio) -- H:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (SenFiltService) -- H:\WINDOWS\system32\drivers\senfilt.sys (Sensaura)
DRV - (SASENUM) -- H:\Program Files\SUPERAntiSpyware\SASENUM.SYS (SuperAdBlocker, Inc.)
DRV - (JGOGO) -- H:\WINDOWS\system32\DRIVERS\JGOGO.sys (JMicron )
DRV - (BlueletAudio) -- H:\WINDOWS\system32\drivers\blueletaudio.sys (IVT Corporation)
DRV - (Btcsrusb) -- H:\WINDOWS\system32\drivers\btcusb.sys (IVT Corporation)
DRV - (BTHidEnum) -- H:\WINDOWS\system32\drivers\vbtenum.sys ()
DRV - (BTHidMgr) -- H:\WINDOWS\System32\Drivers\BTHidMgr.sys (IVT Corporation)
DRV - (BT) -- H:\WINDOWS\system32\drivers\BtNetDrv.sys (IVT Corporation)
DRV - (VcommMgr) -- H:\WINDOWS\system32\drivers\VcommMgr.sys (IVT Corporation)
DRV - (BTNetFilter) -- H:\WINDOWS\system32\drivers\BTNetFilter.sys ()
DRV - (HDAudBus) -- H:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (VComm) -- H:\WINDOWS\system32\drivers\VComm.sys (IVT Corporation)
DRV - (MTsensor) -- H:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (usbser) -- H:\WINDOWS\system32\drivers\usbser.sys (Microsoft Corporation)
DRV - (Secdrv) -- H:\WINDOWS\system32\drivers\secdrv.sys ()
DRV - (Ptilink) -- H:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (ROOTMODEM) -- H:\WINDOWS\system32\drivers\rootmdm.sys (Microsoft Corporation)
DRV - (SONYPVU1) Sony USB Filter Driver (SONYPVU1) -- H:\WINDOWS\system32\drivers\SONYPVU1.SYS (Sony Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = H:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = http://google.icq.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - H:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.685
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.15

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: H:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.02.09 00:32:36 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: H:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009.10.06 16:38:04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: H:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009.11.07 15:29:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: H:\Program Files\Mozilla Firefox\components [2009.10.28 22:07:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: H:\Program Files\Mozilla Firefox\plugins [2009.10.28 22:07:31 | 00,000,000 | ---D | M]

[2009.05.17 17:40:55 | 00,000,000 | ---D | M] -- H:\Documents and Settings\Martin Eliáš\Data aplikací\Mozilla\Extensions
[2009.05.17 17:40:55 | 00,000,000 | ---D | M] -- H:\Documents and Settings\Martin Eliáš\Data aplikací\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008.04.30 21:23:07 | 00,000,000 | ---D | M] -- H:\Documents and Settings\Martin Eliáš\Data aplikací\Mozilla\Extensions\home2@tomtom.com
[2009.11.28 16:17:44 | 00,000,000 | ---D | M] -- H:\Documents and Settings\Martin Eliáš\Data aplikací\Mozilla\Firefox\Profiles\bxt7tewp.default\extensions
[2009.11.28 15:18:18 | 00,000,000 | ---D | M] -- H:\Program Files\Mozilla Firefox\extensions
[2009.10.28 22:07:23 | 00,000,000 | ---D | M] -- H:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009.08.27 17:56:16 | 00,000,000 | ---D | M] -- H:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2009.08.28 20:14:12 | 00,000,000 | ---D | M] -- H:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009.10.06 16:38:43 | 00,000,000 | ---D | M] -- H:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009.10.28 22:07:23 | 00,023,032 | ---- | M] (Mozilla Foundation) -- H:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009.10.28 22:07:23 | 00,134,648 | ---- | M] (Mozilla Foundation) -- H:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009.10.06 16:38:03 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- H:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009.10.28 22:07:26 | 00,065,528 | ---- | M] (mozilla.org) -- H:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2008.04.16 05:08:20 | 00,001,706 | ---- | M] () -- H:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2008.03.31 20:06:24 | 00,000,638 | ---- | M] () -- H:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2008.03.31 20:06:24 | 00,001,687 | ---- | M] () -- H:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2008.01.27 10:57:20 | 00,001,367 | ---- | M] () -- H:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2008.01.27 10:57:20 | 00,000,654 | ---- | M] () -- H:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2008.03.31 20:06:24 | 00,001,179 | ---- | M] () -- H:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: (21 bytes) - H:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - H:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - H:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - H:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKCU\..\Toolbar\WebBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - H:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKCU\..\Toolbar\WebBrowser: (&Odkazy) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - H:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [DAEMON Tools] H:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)
O4 - HKLM..\Run: [egui] H:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [HP Software Update] H:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NvCplDaemon] H:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] H:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Task Catcher] H:\Program Files\BillP Studios\Task Catcher\TaskTrap.exe (BillP Studios)
O4 - HKLM..\Run: [TkBellExe] H:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinPatrol] H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [SUPERAntiSpyware] H:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: H:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk = H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - H:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - H:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - H:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - H:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - H:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - H:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - H:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - H:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - H:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - H:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - H:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - H:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - H:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - H:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - H:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - H:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - H:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - H:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - H:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: mojebanka.cz ([*] https in Důvěryhodné servery)
O15 - HKLM\..Trusted Domains: 34 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: mojebanka.cz ([*] https in Důvěryhodné servery)
O15 - HKCU\..Trusted Domains: 40 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} H:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.46.172.38 192.168.2.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - H:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - H:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - H:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - H:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - H:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - H:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - H:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - H:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - H:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - H:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - H:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - H:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - H:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - H:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - H:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - H:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - H:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - H:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - H:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - H:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - H:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - H:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - H:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - H:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - H:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - H:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - H:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - H:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - H:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - H:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - H:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - H:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - H:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - H:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - H:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - H:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (H:\WINDOWS\system32\userinit.exe) - H:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - H:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - H:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - H:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - H:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - H:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - H:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - H:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - H:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - H:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - H:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - H:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - H:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - H:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - H:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - H:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - H:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - H:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - H:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - H:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - H:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Proces mezipaměti kategorií součástí - H:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - H:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - H:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - H:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - H:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - H:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - H:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - H:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - H:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - H:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - H:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - H:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - H:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - H:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009.11.29 19:27:03 | 00,000,000 | ---D | C] -- H:\_OTM
[2009.11.29 18:45:17 | 00,000,000 | ---D | C] -- H:\Documents and Settings\Martin Eliáš\Local Settings\Data aplikací\ESET
[2009.11.29 18:43:28 | 00,212,480 | ---- | C] (SteelWerX) -- H:\WINDOWS\SWXCACLS.exe
[2009.11.29 18:43:28 | 00,161,792 | ---- | C] (SteelWerX) -- H:\WINDOWS\SWREG.exe
[2009.11.29 18:43:28 | 00,136,704 | ---- | C] (SteelWerX) -- H:\WINDOWS\SWSC.exe
[2009.11.29 18:40:50 | 00,000,000 | ---D | C] -- H:\ComboFix
[2009.11.29 18:40:36 | 00,000,000 | ---D | C] -- H:\Qoobox
[2009.11.29 12:35:01 | 00,000,000 | ---D | C] -- H:\Documents and Settings\Martin Eliáš\DoctorWeb
[2009.11.28 15:28:06 | 00,000,000 | ---D | C] -- H:\WINDOWS\VDLL.DLL
[2009.11.28 15:28:06 | 00,000,000 | ---D | C] -- H:\WINDOWS\System32\runouce.exe
[2009.11.28 15:28:06 | 00,000,000 | ---D | C] -- H:\WINDOWS\rundll16.exe
[2009.11.28 15:28:06 | 00,000,000 | ---D | C] -- H:\WINDOWS\logo1_.exe
[2009.11.28 15:28:06 | 00,000,000 | ---D | C] -- H:\WINDOWS\logo_1.exe
[2009.11.28 15:26:43 | 00,632,064 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\msvcr80.dll
[2009.11.28 15:26:42 | 00,554,240 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\msvcp80.dll
[2009.11.28 15:26:41 | 00,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- H:\WINDOWS\System32\eEmpty.exe
[2009.11.28 15:26:37 | 00,147,968 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\R.COM
[2009.11.28 15:26:37 | 00,137,216 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\T.COM
[2009.11.28 15:26:33 | 00,000,000 | ---D | C] -- H:\Program Files\Common Files\MicroWorld
[2009.11.28 15:26:29 | 00,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Data aplikací\MicroWorld
[2009.11.28 12:07:20 | 00,000,000 | ---D | C] -- H:\Documents and Settings\Martin Eliáš\Data aplikací\ESET
[2009.11.28 12:02:27 | 00,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Data aplikací\ESET
[2009.11.27 18:57:58 | 00,000,000 | RH-D | C] -- H:\Documents and Settings\Martin Eliáš\Recent
[2009.11.23 22:09:04 | 00,000,000 | ---D | C] -- H:\Documents and Settings\Martin Eliáš\Local Settings\Data aplikací\HP
[2009.11.22 18:22:33 | 00,000,000 | ---D | C] -- H:\Documents and Settings\Martin Eliáš\Plocha\Eset NOD32 Smart Security 3.0.645.0 + FIX na 67 let
[2009.11.09 20:43:17 | 00,000,000 | ---D | C] -- H:\Documents and Settings\Martin Eliáš\Data aplikací\HPAppData
[2009.11.08 18:28:10 | 00,000,000 | ---D | C] -- H:\Documents and Settings\Martin Eliáš\Data aplikací\HpUpdate
[2009.11.08 18:28:07 | 00,000,000 | ---D | C] -- H:\WINDOWS\Hewlett-Packard
[2009.11.07 15:36:13 | 00,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Data aplikací\WEBREG
[2009.11.07 15:32:39 | 00,000,000 | ---D | C] -- H:\Documents and Settings\Martin Eliáš\Data aplikací\HP
[2009.11.07 15:31:11 | 00,123,904 | ---- | C] (Hewlett-Packard Company) -- H:\WINDOWS\System32\hpf3l70v.dll
[2009.11.07 15:31:10 | 00,452,408 | R--- | C] (Hewlett-Packard) -- H:\WINDOWS\System32\hpzids01.dll
[2009.11.07 15:30:40 | 00,966,656 | R--- | C] (Hewlett-Packard Co.) -- H:\WINDOWS\System32\hpost_p02c.dll
[2009.11.07 15:30:40 | 00,712,704 | R--- | C] (Hewlett-Packard) -- H:\WINDOWS\System32\hposwia_p02c.dll
[2009.11.07 15:30:40 | 00,372,736 | R--- | C] (Hewlett-Packard) -- H:\WINDOWS\System32\hppldcoi.dll
[2009.11.07 15:30:40 | 00,315,392 | R--- | C] (Hewlett-Packard Co.) -- H:\WINDOWS\System32\hposc_p02a.dll
[2009.11.07 15:30:40 | 00,309,760 | R--- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\difxapi.dll
[2009.11.07 15:26:53 | 00,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Data aplikací\HP Product Assistant
[2009.11.07 15:25:17 | 00,000,000 | ---D | C] -- H:\Program Files\Common Files\HP
[2009.11.07 15:24:28 | 00,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Data aplikací\HP
[2009.11.07 15:22:15 | 00,000,000 | ---D | C] -- H:\Config.Msi
[2009.11.07 15:18:29 | 00,000,000 | ---D | C] -- H:\Program Files\HP
[2009.10.07 19:39:30 | 00,047,360 | ---- | C] (VSO Software) -- H:\Documents and Settings\Martin Eliáš\Data aplikací\pcouffin.sys
[2008.04.28 22:09:13 | 01,306,624 | ---- | C] (Redfield Plugins) -- H:\Program Files\SketchMasterDemo.8bf

========== Files - Modified Within 30 Days ==========

[2009.11.29 20:08:29 | 00,000,330 | -H-- | M] () -- H:\WINDOWS\tasks\MP Scheduled Scan.job
[2009.11.29 20:05:54 | 00,002,206 | ---- | M] () -- H:\WINDOWS\System32\wpa.dbl
[2009.11.29 20:05:23 | 00,088,566 | ---- | M] () -- H:\WINDOWS\System32\nvapps.xml
[2009.11.29 20:05:21 | 00,000,006 | -H-- | M] () -- H:\WINDOWS\tasks\SA.DAT
[2009.11.29 20:05:19 | 00,002,048 | --S- | M] () -- H:\WINDOWS\bootstat.dat
[2009.11.29 20:04:17 | 14,155,776 | -H-- | M] () -- H:\Documents and Settings\Martin Eliáš\NTUSER.DAT
[2009.11.29 20:03:55 | 00,000,178 | -HS- | M] () -- H:\Documents and Settings\Martin Eliáš\ntuser.ini
[2009.11.29 19:37:22 | 00,043,520 | ---- | M] () -- H:\Documents and Settings\Martin Eliáš\Plocha\Nový objekt - Dokument aplikace Microsoft Word.doc
[2009.11.29 18:59:21 | 00,000,021 | ---- | M] () -- H:\WINDOWS\System32\drivers\etc\hosts
[2009.11.29 18:59:02 | 00,000,142 | ---- | M] () -- H:\Documents and Settings\Martin Eliáš\Plocha\FixHost.bat
[2009.11.29 18:52:53 | 00,000,227 | ---- | M] () -- H:\WINDOWS\system.ini
[2009.11.29 18:41:03 | 02,112,474 | -H-- | M] () -- H:\Documents and Settings\Martin Eliáš\Local Settings\Data aplikací\IconCache.db
[2009.11.29 18:28:57 | 03,579,813 | R--- | M] () -- H:\Documents and Settings\Martin Eliáš\Plocha\ComboFix.exe
[2009.11.29 17:56:56 | 00,000,696 | ---- | M] () -- H:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2009.11.29 14:29:05 | 00,690,261 | ---- | M] () -- H:\Documents and Settings\Martin Eliáš\Plocha\1766_2009.pdf
[2009.11.28 17:05:24 | 00,069,632 | ---- | M] () -- H:\Documents and Settings\Martin Eliáš\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.11.28 15:28:06 | 00,000,054 | ---- | M] () -- H:\WINDOWS\Lic.xxx
[2009.11.28 15:26:42 | 00,632,064 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\msvcr80.dll
[2009.11.28 15:26:41 | 00,554,240 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\msvcp80.dll
[2009.11.28 15:26:40 | 00,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- H:\WINDOWS\System32\eEmpty.exe
[2009.11.28 12:00:49 | 00,002,504 | ---- | M] () -- H:\WINDOWS\System32\CONFIG.NT
[2009.11.27 18:57:25 | 00,001,548 | ---- | M] () -- H:\Documents and Settings\Martin Eliáš\Plocha\CCleaner.lnk
[2009.11.27 17:19:37 | 00,054,156 | -H-- | M] () -- H:\WINDOWS\QTFont.qfn
[2009.11.24 20:13:03 | 00,000,592 | ---- | M] () -- H:\Documents and Settings\All Users\Plocha\Opera.lnk
[2009.11.18 21:02:13 | 00,392,296 | ---- | M] () -- H:\WINDOWS\System32\perfh009.dat
[2009.11.18 21:02:13 | 00,389,664 | ---- | M] () -- H:\WINDOWS\System32\perfh005.dat
[2009.11.18 21:02:13 | 00,068,736 | ---- | M] () -- H:\WINDOWS\System32\perfc005.dat
[2009.11.18 21:02:13 | 00,058,596 | ---- | M] () -- H:\WINDOWS\System32\perfc009.dat
[2009.11.18 21:02:12 | 00,920,954 | ---- | M] () -- H:\WINDOWS\System32\PerfStringBackup.INI
[2009.11.14 01:47:57 | 00,260,608 | ---- | M] () -- H:\WINDOWS\PEV.exe
[2009.11.09 20:10:48 | 00,041,984 | ---- | M] () -- H:\Documents and Settings\Martin Eliáš\Plocha\Martin Elias zivotopis.doc
[2009.11.07 15:43:58 | 01,535,384 | ---- | M] () -- H:\WINDOWS\System32\FNTCACHE.DAT
[2009.11.07 15:32:42 | 00,063,976 | ---- | M] () -- H:\Documents and Settings\Martin Eliáš\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
[2009.11.07 15:32:28 | 00,000,668 | ---- | M] () -- H:\WINDOWS\win.ini
[2009.11.07 15:27:39 | 00,001,808 | ---- | M] () -- H:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
[2009.11.07 15:26:48 | 00,000,994 | ---- | M] () -- H:\Documents and Settings\All Users\Plocha\Centrum řešení HP.lnk
[2009.11.07 15:26:29 | 00,000,894 | ---- | M] () -- H:\Documents and Settings\All Users\Plocha\Nakupujte spotřební materiál HP.lnk
[2009.11.07 15:24:58 | 00,001,985 | ---- | M] () -- H:\Documents and Settings\All Users\Plocha\Windows Live Fotogalerie.lnk
[2009.11.06 19:49:17 | 00,054,710 | ---- | M] () -- H:\Documents and Settings\Martin Eliáš\Plocha\inv104725036.pdf
[2009.11.06 00:34:11 | 00,102,305 | ---- | M] () -- H:\Documents and Settings\Martin Eliáš\Plocha\RWS.jpg
[2009.11.01 20:48:43 | 00,022,528 | ---- | M] () -- H:\Documents and Settings\Martin Eliáš\Plocha\poznamky.xls.xls

========== Files Created - No Company Name ==========

[2009.11.29 18:59:02 | 00,000,142 | ---- | C] () -- H:\Documents and Settings\Martin Eliáš\Plocha\FixHost.bat
[2009.11.29 18:43:29 | 00,077,312 | ---- | C] () -- H:\WINDOWS\MBR.exe
[2009.11.29 18:43:28 | 00,260,608 | ---- | C] () -- H:\WINDOWS\PEV.exe
[2009.11.29 18:43:28 | 00,098,816 | ---- | C] () -- H:\WINDOWS\sed.exe
[2009.11.29 18:43:28 | 00,080,412 | ---- | C] () -- H:\WINDOWS\grep.exe
[2009.11.29 18:43:28 | 00,068,096 | ---- | C] () -- H:\WINDOWS\zip.exe
[2009.11.29 18:28:53 | 03,579,813 | R--- | C] () -- H:\Documents and Settings\Martin Eliáš\Plocha\ComboFix.exe
[2009.11.29 14:29:05 | 00,690,261 | ---- | C] () -- H:\Documents and Settings\Martin Eliáš\Plocha\1766_2009.pdf
[2009.11.28 15:27:05 | 00,000,054 | ---- | C] () -- H:\WINDOWS\Lic.xxx
[2009.11.28 15:26:41 | 00,000,522 | ---- | C] () -- H:\WINDOWS\System32\Microsoft.VC80.CRT.manifest
[2009.11.07 15:27:39 | 00,001,808 | ---- | C] () -- H:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
[2009.11.07 15:26:46 | 00,000,994 | ---- | C] () -- H:\Documents and Settings\All Users\Plocha\Centrum řešení HP.lnk
[2009.11.07 15:26:28 | 00,000,894 | ---- | C] () -- H:\Documents and Settings\All Users\Plocha\Nakupujte spotřební materiál HP.lnk
[2009.11.07 15:24:58 | 00,001,985 | ---- | C] () -- H:\Documents and Settings\All Users\Plocha\Windows Live Fotogalerie.lnk
[2009.11.06 19:49:17 | 00,054,710 | ---- | C] () -- H:\Documents and Settings\Martin Eliáš\Plocha\inv104725036.pdf
[2009.11.06 18:32:40 | 01,112,079 | ---- | C] () -- H:\Documents and Settings\Martin Eliáš\Plocha\a.JPG
[2009.11.06 00:34:11 | 00,102,305 | ---- | C] () -- H:\Documents and Settings\Martin Eliáš\Plocha\RWS.jpg
[2009.10.07 19:39:59 | 00,000,034 | ---- | C] () -- H:\Documents and Settings\Martin Eliáš\Data aplikací\pcouffin.log
[2009.10.07 19:39:30 | 00,087,608 | ---- | C] () -- H:\Documents and Settings\Martin Eliáš\Data aplikací\inst.exe
[2009.10.07 19:39:30 | 00,007,887 | ---- | C] () -- H:\Documents and Settings\Martin Eliáš\Data aplikací\pcouffin.cat
[2009.10.07 19:39:30 | 00,001,144 | ---- | C] () -- H:\Documents and Settings\Martin Eliáš\Data aplikací\pcouffin.inf
[2009.04.21 18:10:44 | 00,000,032 | ---- | C] () -- H:\Documents and Settings\Martin Eliáš\Data aplikací\__t.bin
[2009.04.10 19:21:11 | 00,116,224 | ---- | C] () -- H:\WINDOWS\System32\pdfcmnnt.dll
[2008.04.28 22:09:13 | 00,534,975 | ---- | C] () -- H:\Program Files\Strokes.8tx
[2008.02.13 13:01:42 | 00,000,000 | ---- | C] () -- H:\Documents and Settings\All Users\Data aplikací\LauncherAccess.dt
[2008.02.13 12:53:08 | 00,005,632 | ---- | C] () -- H:\WINDOWS\System32\drivers\StarOpen.sys
[2007.10.25 21:14:06 | 00,000,438 | ---- | C] () -- H:\WINDOWS\level.ini
[2007.09.21 11:33:55 | 00,561,152 | R--- | C] () -- H:\WINDOWS\System32\hpotscl.dll
[2007.09.06 09:02:34 | 00,001,759 | ---- | C] () -- H:\Documents and Settings\All Users\Data aplikací\QTSBandwidthCache
[2007.03.29 22:00:40 | 00,203,264 | ---- | C] () -- H:\WINDOWS\System32\CddbCdda.dll
[2007.03.17 15:22:23 | 00,000,025 | ---- | C] () -- H:\WINDOWS\cdplayer.ini
[2007.03.08 00:09:12 | 00,013,304 | ---- | C] () -- H:\WINDOWS\System32\drivers\BTNetFilter.sys
[2007.03.08 00:09:12 | 00,011,860 | ---- | C] () -- H:\WINDOWS\System32\drivers\vbtenum.sys
[2007.03.03 14:06:55 | 00,001,802 | ---- | C] () -- H:\Documents and Settings\All Users\Data aplikací\hpzinstall.log
[2007.03.01 22:43:10 | 00,000,151 | ---- | C] () -- H:\WINDOWS\PhotoSnapViewer.INI
[2007.02.27 21:25:41 | 00,000,116 | ---- | C] () -- H:\WINDOWS\NeroDigital.ini
[2007.02.27 20:55:56 | 00,069,632 | ---- | C] () -- H:\Documents and Settings\Martin Eliáš\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.02.26 00:53:59 | 00,000,907 | ---- | C] () -- H:\WINDOWS\WINCMD.INI
[2007.02.26 00:40:29 | 00,000,390 | ---- | C] () -- H:\WINDOWS\ODBC.INI
[2007.02.26 00:05:29 | 00,019,523 | ---- | C] () -- H:\WINDOWS\Ascd_log.ini
[2007.02.26 00:05:13 | 00,019,134 | ---- | C] () -- H:\WINDOWS\Ascd_tmp.ini
[2007.02.26 00:05:11 | 00,005,810 | R--- | C] () -- H:\WINDOWS\System32\drivers\ASACPI.sys
[2007.02.26 00:05:04 | 00,005,824 | ---- | C] () -- H:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006.10.22 12:22:00 | 01,662,976 | ---- | C] () -- H:\WINDOWS\System32\nvwdmcpl.dll
[2006.10.22 12:22:00 | 01,470,464 | ---- | C] () -- H:\WINDOWS\System32\nview.dll
[2006.10.22 12:22:00 | 01,019,904 | ---- | C] () -- H:\WINDOWS\System32\nvwimg.dll
[2006.10.22 12:22:00 | 00,581,632 | ---- | C] () -- H:\WINDOWS\System32\nvhwvid.dll
[2006.10.22 12:22:00 | 00,466,944 | ---- | C] () -- H:\WINDOWS\System32\nvshell.dll
[2006.10.22 12:22:00 | 00,286,720 | ---- | C] () -- H:\WINDOWS\System32\nvnt4cpl.dll
[2006.10.22 12:22:00 | 00,212,992 | ---- | C] () -- H:\WINDOWS\System32\nvapi.dll
[2005.10.14 11:56:50 | 03,596,288 | ---- | C] () -- H:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 11:56:50 | 00,921,600 | ---- | C] () -- H:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 11:56:50 | 00,761,856 | ---- | C] () -- H:\WINDOWS\System32\xvidcore.dll
[2005.10.14 11:56:50 | 00,344,064 | ---- | C] () -- H:\WINDOWS\System32\xvid.dll
[2005.10.14 11:56:50 | 00,188,416 | ---- | C] () -- H:\WINDOWS\System32\vorbis.dll
[2005.10.14 11:56:50 | 00,155,136 | ---- | C] () -- H:\WINDOWS\System32\unrar.dll
[2005.10.14 11:56:50 | 00,045,056 | ---- | C] () -- H:\WINDOWS\System32\ogg.dll
[2005.10.14 11:56:48 | 00,077,824 | ---- | C] () -- H:\WINDOWS\System32\MMSwitch.dll
[2004.08.17 16:49:10 | 00,081,920 | ---- | C] () -- H:\WINDOWS\System32\ieencode.dll
[2004.07.17 12:36:38 | 00,027,440 | ---- | C] () -- H:\WINDOWS\System32\drivers\secdrv.sys
[2003.04.09 15:38:04 | 00,005,664 | ---- | C] () -- H:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009.05.03 16:57:50 | 00,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Data aplikací\Avg7
[2009.11.28 12:02:27 | 00,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Data aplikací\ESET
[2009.05.09 22:53:39 | 00,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Data aplikací\Installations
[2009.11.28 15:26:33 | 00,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Data aplikací\MicroWorld
[2009.02.09 00:33:18 | 00,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Data aplikací\PC Suite
[2008.07.28 13:27:02 | 00,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Data aplikací\Seagate
[2009.06.28 12:16:22 | 00,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Data aplikací\TEMP
[2008.04.30 21:25:06 | 00,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Data aplikací\TomTom
[2008.11.08 19:09:28 | 00,000,000 | ---D | M] -- H:\Documents and Settings\Martin Eliáš\Data aplikací\BSplayer
[2008.11.07 15:59:37 | 00,000,000 | ---D | M] -- H:\Documents and Settings\Martin Eliáš\Data aplikací\BSplayer Pro
[2009.11.28 12:07:20 | 00,000,000 | ---D | M] -- H:\Documents and Settings\Martin Eliáš\Data aplikací\ESET
[2008.02.09 15:27:43 | 00,000,000 | ---D | M] -- H:\Documents and Settings\Martin Eliáš\Data aplikací\ICQ
[2008.03.10 13:30:57 | 00,000,000 | ---D | M] -- H:\Documents and Settings\Martin Eliáš\Data aplikací\ICQ Toolbar
[2007.02.26 01:07:50 | 00,000,000 | ---D | M] -- H:\Documents and Settings\Martin Eliáš\Data aplikací\ICQLite
[2008.02.18 22:12:05 | 00,000,000 | ---D | M] -- H:\Documents and Settings\Martin Eliáš\Data aplikací\MiniLyrics
[2009.02.28 15:35:18 | 00,000,000 | ---D | M] -- H:\Documents and Settings\Martin Eliáš\Data aplikací\Miranda
[2009.03.05 23:49:28 | 00,000,000 | ---D | M] -- H:\Documents and Settings\Martin Eliáš\Data aplikací\Nokia
[2007.02.27 20:51:38 | 00,000,000 | ---D | M] -- H:\Documents and Settings\Martin Eliáš\Data aplikací\Opera
[2009.02.09 00:37:48 | 00,000,000 | ---D | M] -- H:\Documents and Settings\Martin Eliáš\Data aplikací\PC Suite
[2008.07.13 22:52:42 | 00,000,000 | ---D | M] -- H:\Documents and Settings\Martin Eliáš\Data aplikací\QIP
[2008.02.13 13:02:52 | 00,000,000 | ---D | M] -- H:\Documents and Settings\Martin Eliáš\Data aplikací\Samsung
[2008.04.30 21:23:00 | 00,000,000 | ---D | M] -- H:\Documents and Settings\Martin Eliáš\Data aplikací\TomTom
[2009.11.28 19:45:00 | 00,000,000 | ---D | M] -- H:\Documents and Settings\Martin Eliáš\Data aplikací\uTorrent
[2009.10.07 19:39:59 | 00,000,000 | ---D | M] -- H:\Documents and Settings\Martin Eliáš\Data aplikací\Vso
[2009.05.03 19:53:23 | 00,000,000 | ---D | M] -- H:\Documents and Settings\Martin Eliáš\Data aplikací\WinPatrol
[2009.04.21 18:12:00 | 00,000,000 | ---D | M] -- H:\Documents and Settings\Martin Eliáš\Data aplikací\_2c742682677dd2971c32beb0eae23522
[2009.11.29 20:08:29 | 00,000,330 | -H-- | M] () -- H:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> H:\Documents and Settings\All Users\Data aplikací\TEMP:5C321E34
< End of report >

Eli · Příspěvekod **Eli** » 29 lis 2009 20:14

EXTRAS:

OTL Extras logfile created on: 29.11.2009 20:08:47 - Run 1
OTL by OldTimer - Version 3.1.11.2 Folder = H:\Documents and Settings\Martin Eliáš\Plocha\Utility
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1023,17 Mb Total Physical Memory | 473,93 Mb Available Physical Memory | 46,32% Memory free
2,40 Gb Paging File | 1,99 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): H:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program Files
Drive C: | 465,74 Gb Total Space | 41,52 Gb Free Space | 8,91% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 232,88 Gb Total Space | 146,78 Gb Free Space | 63,03% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive K: | 7,81 Mb Total Space | 2,77 Mb Free Space | 35,51% Space Free | Partition Type: NTFS

Computer Name: MELIAS
Current User Name: Martin Eliáš
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.html [@ = htmlfile] -- H:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "H:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "H:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "H:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "H:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "H:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "H:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "H:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"H:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = H:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"H:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = H:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"H:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = H:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"H:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = H:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"H:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = H:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"H:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = H:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"H:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = H:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"H:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = H:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"H:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = H:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"H:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = H:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"H:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = H:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"H:\Program Files\HP\HP Software Update\HPWUCli.exe" = H:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"H:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = H:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"H:\Program Files\uTorrent\utorrent.exe" = H:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"H:\Program Files\Bonjour\mDNSResponder.exe" = H:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)
"H:\Program Files\Skype\Phone\Skype.exe" = H:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- ()
"H:\Program Files\ICQ6.5\ICQ.exe" = H:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"H:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = H:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"H:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = H:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"H:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = H:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"H:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = H:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"H:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = H:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"H:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = H:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"H:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = H:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"H:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = H:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"H:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = H:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"H:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = H:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"H:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = H:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"H:\Program Files\HP\HP Software Update\HPWUCli.exe" = H:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"H:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = H:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"H:\Program Files\Opera\opera.exe" = H:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}" = Nokia Connectivity Cable Driver
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{2012D762-5DCA-455A-B5FE-EDF79BC93E18}" = HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JRAID
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{446DBFFA-4088-48E3-8932-74316BA4CAE4}" = iTunes
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{50D8FFDD-90CD-4859-841F-AA1961C7767A}" = QuickTime
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}" = Nokia PC Suite
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{690BE098-6D0D-493D-B079-BD7E8F81A141}" = Opera 10.10
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6ECB944F-D027-4E8A-9906-70E77C005AD5}" = ESET Smart Security
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DAE4336-2B71-11D4-9A6C-006067325E47}" = Baldur's Gate 2
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}" = Apple Software Update
"{A55F4F9F-CCA8-4732-AA1F-0390A4A50947}" = C4700
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D848D140-41C3-4A53-86D8-E866A100B4CD}" = PC Connectivity Solution
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E36F3199-C282-47CA-BAC7-2B77D247E760}" = PS_AIO_06_C4700_SW_Min
"{E3A54A70-1CFA-4D79-ACD6-5AA2A98C212F}" = Samsung PC Studio 3
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"µTorrent CZ_is1" = µTorrent CZ 1.7.7 (build 8179)
"504244733D18C8F63FF584AEB290E3904E791693" = Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"5986551A16FD8E9B1B4C89E7AAD17C1BB3196D28" = Balíček ovladače systému Windows - Nokia Modem (10/27/2008 7.01.0.1)
"6D296974BAB6CA8429D5E687B292A6DA3E9FBD4A" = Balíček ovladače systému Windows - Nokia Modem (10/27/2008 3.9)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"BSPlayerf" = BS.Player FREE
"CCleaner" = CCleaner (remove only)
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"DVDFab 6_is1" = DVDFab 6.1.0.0 Beta (25/09/2009)
"Grand Theft Auto" = Grand Theft Auto
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InstallShield_{8DAE4336-2B71-11D4-9A6C-006067325E47}" = Baldur's Gate 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"MKV TO AVI CONVERTER_is1" = MKV TO AVI CONVERTER version 3.0
"Mozilla Firefox (3.0.15)" = Mozilla Firefox (3.0.15)
"Nokia PC Suite" = Nokia PC Suite
"OGG To MP3 Plus" = OGG To MP3 Plus
"Shop for HP Supplies" = Shop for HP Supplies
"Skype_is1" = Skype 2.5
"SpywareBlaster_is1" = SpywareBlaster 4.2
"TomTom HOME" = TomTom HOME
"Ve stínu havrana_is1" = Ve stínu havrana
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinPatrol" = WinPatrol 2009
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28.9.2009 15:13:01 | Computer Name = MELIAS | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace IEXPLORE.EXE, verze 6.0.2900.2180, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 28.9.2009 15:13:01 | Computer Name = MELIAS | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace IEXPLORE.EXE, verze 6.0.2900.2180, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 29.9.2009 6:42:04 | Computer Name = MELIAS | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace WinPatrolEx.exe, verze 16.0.2009.2, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 7.10.2009 14:50:35 | Computer Name = MELIAS | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace mkvtoavi.exe, verze 1.0.0.1, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 18.11.2009 16:03:25 | Computer Name = MELIAS | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace PCSuite.exe, verze 7.1.19.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 20.11.2009 22:45:45 | Computer Name = MELIAS | Source = Application Error | ID = 1000
Description = Chybující aplikace realplay.exe, verze 6.0.12.1235, chybující modul
unknown, verze 0.0.0.0, adresa chyby 0x91403d27.

Error - 22.11.2009 18:01:19 | Computer Name = MELIAS | Source = Application Error | ID = 1000
Description = Chybující aplikace hpwucli.exe, verze 5.0.8.1, chybující modul hpwucli.exe,
verze 5.0.8.1, adresa chyby 0x000045ea.

Error - 28.11.2009 7:03:09 | Computer Name = MELIAS | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.

Error - 28.11.2009 7:03:09 | Computer Name = MELIAS | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.

Error - 28.11.2009 7:03:16 | Computer Name = MELIAS | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
se nezdařilo. Chyba: V řetězu certifikátů došlo k vnitřní chybě.

[ System Events ]
Error - 29.11.2009 15:03:22 | Computer Name = MELIAS | Source = Service Control Manager | ID = 7031
Description = Služba Windows Defender byla nečekaně ukončena. Stalo se to 1 krát.
Následující opravná akce bude spuštěna za 15000 milisekund: Restartovat službu.

Error - 29.11.2009 15:03:22 | Computer Name = MELIAS | Source = Service Control Manager | ID = 7034
Description = Služba Acronis Scheduler2 Service byla neočekávaně ukončena. Tento
stav nastal již 1krát.

Error - 29.11.2009 15:03:22 | Computer Name = MELIAS | Source = Service Control Manager | ID = 7034
Description = Služba ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## byla neočekávaně
ukončena. Tento stav nastal již 1krát.

Error - 29.11.2009 15:03:22 | Computer Name = MELIAS | Source = Service Control Manager | ID = 7034
Description = Služba Machine Debug Manager byla neočekávaně ukončena. Tento stav
nastal již 1krát.

Error - 29.11.2009 15:03:22 | Computer Name = MELIAS | Source = Service Control Manager | ID = 7031
Description = Služba Eset Service byla nečekaně ukončena. Stalo se to 1 krát. Následující
opravná akce bude spuštěna za 0 milisekund: Restartovat službu.

Error - 29.11.2009 15:03:22 | Computer Name = MELIAS | Source = Service Control Manager | ID = 7034
Description = Služba NVIDIA Display Driver Service byla neočekávaně ukončena. Tento
stav nastal již 1krát.

Error - 29.11.2009 15:03:22 | Computer Name = MELIAS | Source = Service Control Manager | ID = 7034
Description = Služba NMSAccessU byla neočekávaně ukončena. Tento stav nastal již
1krát.

Error - 29.11.2009 15:03:22 | Computer Name = MELIAS | Source = Service Control Manager | ID = 7034
Description = Služba Java Quick Starter byla neočekávaně ukončena. Tento stav nastal
již 1krát.

Error - 29.11.2009 15:05:34 | Computer Name = MELIAS | Source = Service Control Manager | ID = 7023
Description = Služba Automatické aktualizace byla ukončena s následující chybou:
%%126

Error - 29.11.2009 15:05:35 | Computer Name = MELIAS | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: sptd

< End of report >

Ještě log z OTM:

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
h:\windows\hpoins43.dat moved successfully.
h:\windows\hpomdl43.dat moved successfully.
File/Folder h:\windows\hpomdl43.dat not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Martin Eliá

User: Martin Eliáš
->Temp folder emptied: 165169 bytes
->Temporary Internet Files folder emptied: 671057 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Opera cache emptied: 0 bytes

User: Martin Eli��

User: NetworkService
->Temp folder emptied: 888 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 5702 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0,84 mb

OTM by OldTimer - Version 3.1.2.0 log created on 11292009_200321

Files moved on Reboot...

Registry entries deleted on Reboot...

Příspěvekod **jaro3** » 29 lis 2009 20:39

Žádná nákaza v host není patrná..

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Custom Scans/Fixes do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = H:\WINDOWS\system32\blank.htm
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\msdaipp - No CLSID value found

:Files
H:\WINDOWS\System32\runouce.exe
H:\Documents and Settings\Martin Eliáš\Plocha\FixHost.bat
H:\WINDOWS\PEV.exe
H:\WINDOWS\System32\CddbCdda.dll

:Reg
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Poté klikni nahoře na Run Fix. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

Popř.:
Najdi a smaž:
C:\327882R2FWJFW
C:\ComboFix
C:\qoobox

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj antivir a antispyware, následně T-Cleaner smaž a zapni si zase antivir i antispyware.

Napiš pak jak je to s tím zpomalením.

ještě zkus toto:
Vypni si rez.ochrany i firewall.
Stáhni si Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit, smazat, přesunout nebo přejmenovat

Eli · Příspěvekod **Eli** » 29 lis 2009 21:06

ted mi spadne PC každejch 5 minut, teda ne PC ale připojení k netu, připojím se tak na 20 sekund a spadnu...Buď blbne UPC nebo jsem to nějak pojebal...

jinak jsem udělal všechno až na ten T-Cleaner...

Zřetelně zpomalený PC Vyřešeno

Zřetelně zpomalený PC Vyřešeno

Re: Problém s PC

Re: Zřetelně zpomalený PC

Re: Zřetelně zpomalený PC

Re: Zřetelně zpomalený PC

Re: Zřetelně zpomalený PC

Re: Zřetelně zpomalený PC

Re: Zřetelně zpomalený PC

Re: Zřetelně zpomalený PC

Re: Zřetelně zpomalený PC

Re: Zřetelně zpomalený PC

Re: Zřetelně zpomalený PC

Kdo je online