Rootkit TCP/IP - prosím o kontrolu logu Combofix

Příspěvekod **Žbeky** » 31 bře 2012 18:30

Zkus to v nouzovém režimu

Reklama

radim648 · Příspěvekod **radim648** » 02 dub 2012 22:37

ahoj, dost to blblo i v nouzovém režimu, ale nakonec se povedlo:
takže log
ComboFix 12-04-01.03 - SpravceNT 02.04.2012 21:42:13.5.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1014.740 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
FILE ::
"c:\program files\Google\Update\GoogleUpdate.exe"
"c:\program files\McAfee\Common Framework\UdaterUI.exe"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
file zipped: c:\windows\system32\tcgina.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Google\Update
c:\program files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
c:\program files\Google\Update\1.3.21.111\GoogleCrashHandler64.exe
c:\program files\Google\Update\1.3.21.111\GoogleUpdate.exe
c:\program files\Google\Update\1.3.21.111\GoogleUpdateBroker.exe
c:\program files\Google\Update\1.3.21.111\GoogleUpdateHelper.msi
c:\program files\Google\Update\1.3.21.111\GoogleUpdateOnDemand.exe
c:\program files\Google\Update\1.3.21.111\GoogleUpdateSetup.exe
c:\program files\Google\Update\1.3.21.111\goopdate.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_am.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_ar.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_bg.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_bn.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_ca.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_cs.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_da.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_de.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_el.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_en-GB.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_en.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_es-419.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_es.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_et.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_fa.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_fi.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_fil.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_fr.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_gu.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_hi.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_hr.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_hu.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_id.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_is.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_it.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_iw.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_ja.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_kn.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_ko.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_lt.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_lv.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_ml.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_mr.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_ms.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_nl.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_no.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_pl.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_pt-BR.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_pt-PT.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_ro.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_ru.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_sk.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_sl.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_sr.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_sv.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_sw.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_ta.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_te.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_th.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_tr.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_uk.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_ur.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_vi.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_zh-CN.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_zh-TW.dll
c:\program files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
c:\program files\Google\Update\1.3.21.111\psmachine.dll
c:\program files\Google\Update\1.3.21.111\psuser.dll
c:\program files\Google\Update\Download\{2BF2CA35-CCAF-4E58-BAB7-4163BFA03B88}\0.0.0.0\GoogleEarth-Win-Plugin-6.1.0.5001.exe
c:\program files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.111\GoogleUpdateSetup.exe
c:\program files\Google\Update\Download\{69D2D378-83B0-4046-829F-4659E38F7BA9}\GoogleUpdateSetup.exe
c:\program files\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\15.0.874.121\chrome_updater.exe
c:\program files\Google\Update\Download\{EB0F64A3-6D31-4329-BD61-A5541DBBBB5B}\GoogleToolbarInstaller_updater_signed.exe
c:\program files\Google\Update\Download\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\7.3.2710.138\GoogleToolbarInstaller_updater_signed.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\McAfee
c:\program files\McAfee\Common Framework\0409\AgentRes.dll
c:\program files\McAfee\Common Framework\0409\AgentRes64.dll
c:\program files\McAfee\Common Framework\0409\CmaUIRes.dll
c:\program files\McAfee\Common Framework\0409\ScrptRes.dll
c:\program files\McAfee\Common Framework\0409\UpdRes.dll
c:\program files\McAfee\Common Framework\Agent.dll
c:\program files\McAfee\Common Framework\Agent64.dll
c:\program files\McAfee\Common Framework\AgentPlugin.dll
c:\program files\McAfee\Common Framework\applib.dll
c:\program files\McAfee\Common Framework\applib64.dll
c:\program files\McAfee\Common Framework\Cleanup.exe
c:\program files\McAfee\Common Framework\ClientUI.dll
c:\program files\McAfee\Common Framework\cmalib.dll
c:\program files\McAfee\Common Framework\cmalib64.dll
c:\program files\McAfee\Common Framework\CmdAgent.exe
c:\program files\McAfee\Common Framework\ComponentFrameworkCallback64.dll
c:\program files\McAfee\Common Framework\ComponentPolicyEnforcement64.dll
c:\program files\McAfee\Common Framework\ComponentSubSystem.dll
c:\program files\McAfee\Common Framework\ComponentSubSystem64.dll
c:\program files\McAfee\Common Framework\ComponentUserInterface.dll
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\Common Framework\FrmInst.exe
c:\program files\McAfee\Common Framework\FrmPlugin.dll
c:\program files\McAfee\Common Framework\GenEvtInf.dll
c:\program files\McAfee\Common Framework\GenEvtInf64.dll
c:\program files\McAfee\Common Framework\InternetManager.dll
c:\program files\McAfee\Common Framework\InternetManager64.dll
c:\program files\McAfee\Common Framework\JrMac.dll
c:\program files\McAfee\Common Framework\ListenServer.dll
c:\program files\McAfee\Common Framework\Logging.dll
c:\program files\McAfee\Common Framework\Logging64.dll
c:\program files\McAfee\Common Framework\Management.dll
c:\program files\McAfee\Common Framework\Management64.dll
c:\program files\McAfee\Common Framework\McScanCheck.exe
c:\program files\McAfee\Common Framework\McScript.exe
c:\program files\McAfee\Common Framework\McScript_InUse.exe
c:\program files\McAfee\Common Framework\Mctray.exe
c:\program files\McAfee\Common Framework\mcurial.dll
c:\program files\McAfee\Common Framework\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
c:\program files\McAfee\Common Framework\Microsoft.VC80.CRT\msvcm80.dll
c:\program files\McAfee\Common Framework\Microsoft.VC80.CRT\msvcp80.dll
c:\program files\McAfee\Common Framework\Microsoft.VC80.CRT\msvcr80.dll
c:\program files\McAfee\Common Framework\msvcp71.dll
c:\program files\McAfee\Common Framework\msvcr71.dll
c:\program files\McAfee\Common Framework\naCmnLib2_64.dll
c:\program files\McAfee\Common Framework\naCmnLib2_71.dll
c:\program files\McAfee\Common Framework\nagshr32.dll
c:\program files\McAfee\Common Framework\naicrt32.dll
c:\program files\McAfee\Common Framework\nailog2.dll
c:\program files\McAfee\Common Framework\nailog2_64.dll
c:\program files\McAfee\Common Framework\naInet.dll
c:\program files\McAfee\Common Framework\naInet64.dll
c:\program files\McAfee\Common Framework\naisign2.dll
c:\program files\McAfee\Common Framework\naitcpp.dll
c:\program files\McAfee\Common Framework\naPolicyManager.dll
c:\program files\McAfee\Common Framework\naPolicyManager64.dll
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\McAfee\Common Framework\naPrdMgr64.exe
c:\program files\McAfee\Common Framework\naSPIPE.dll
c:\program files\McAfee\Common Framework\naSPIPE64.dll
c:\program files\McAfee\Common Framework\naXML2_64.dll
c:\program files\McAfee\Common Framework\naXML2_71.dll
c:\program files\McAfee\Common Framework\nmcomn32.dll
c:\program files\McAfee\Common Framework\patchw32.dll
c:\program files\McAfee\Common Framework\PcrPlug.dll
c:\program files\McAfee\Common Framework\PoEvtInf.dll
c:\program files\McAfee\Common Framework\ScriptSubSys.dll
c:\program files\McAfee\Common Framework\SecureFrameworkFactory.dll
c:\program files\McAfee\Common Framework\SecureFrameworkFactory64.dll
c:\program files\McAfee\Common Framework\Scheduler.dll
c:\program files\McAfee\Common Framework\Scheduler64.dll
c:\program files\McAfee\Common Framework\TCSubSys.dll
c:\program files\McAfee\Common Framework\TCHelper.dll
c:\program files\McAfee\Common Framework\UdaterUI.exe
c:\program files\McAfee\Common Framework\unicows.dll
c:\program files\McAfee\Common Framework\UpdateSubSys.dll
c:\program files\McAfee\Common Framework\UpdPlug.dll
c:\program files\McAfee\Common Framework\UserSpace.dll
c:\program files\McAfee\Common Framework\XMLWrap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE
-------\Legacy_GUPDATEM
-------\Legacy_ZEBRMDFL
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_zebrmdfl
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-02 do 2012-04-02 )))))))))))))))))))))))))))))))
.
.
2012-03-29 20:00 . 2010-10-07 12:11 6609920 ----a-w- c:\windows\system32\drivers\NETwLx32.sys
2012-03-29 20:00 . 2010-02-25 00:39 675840 ----a-w- c:\windows\system32\NETwLc32.dll
2012-03-29 20:00 . 2010-02-25 00:37 2756608 ----a-w- c:\windows\system32\NETwLr32.dll
2012-03-28 20:42 . 2012-03-28 20:42 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Malwarebytes
2012-03-28 20:42 . 2012-03-28 20:42 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-03-28 20:42 . 2012-03-28 20:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-28 20:42 . 2011-12-10 13:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-24 19:34 . 2012-03-07 00:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-24 19:34 . 2012-03-07 00:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-24 19:34 . 2012-03-07 00:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-24 19:34 . 2012-03-07 00:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-24 19:34 . 2012-03-07 00:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-24 15:33 . 2012-03-06 23:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-03-24 15:32 . 2012-03-07 00:15 41184 ----a-w- c:\windows\avastSS.scr
2012-03-24 15:32 . 2012-03-07 00:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-24 15:31 . 2012-03-24 15:31 -------- d-----w- c:\program files\AVAST Software
2012-03-24 15:31 . 2012-03-24 15:31 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2012-03-23 08:42 . 2012-03-23 08:42 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\PCHealth
2012-03-18 09:44 . 2012-03-18 09:44 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 12:44 . 2010-09-30 13:52 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-03-18 17:55 . 2011-03-26 13:08 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-12 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2008-02-22 1245184]
"Microsoft Pinyin IME Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE" [2008-11-04 33128]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-04-02 128232]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-11-03 1372160]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-11-03 1202448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-2-22 2938184]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
Rychlé spuštění aplikace HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-29 53248]
VPN Client.lnk - c:\windows\Installer\{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}\Icon3E5562ED7.ico [2009-12-14 6144]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2916326957-211545732-3362804733-12176\Scripts\Logon\0\0]
"Script"=\\srvpp01\NETLOGON\doadmins.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2916326957-211545732-3362804733-12176\Scripts\Logon\1\0]
"Script"=\\srvpp01\NETLOGON\doadmins.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2916326957-211545732-3362804733-12176\Scripts\Logon\2\0]
"Script"=\\srvpp01\NETLOGON\doadmins.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2916326957-211545732-3362804733-12176\Scripts\Logon\3\0]
"Script"=\\srvpp01\NETLOGON\doadmins.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2916326957-211545732-3362804733-12176\Scripts\Logon\4\0]
"Script"=\\t-systems.cz\NETLOGON\tsca1.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2916326957-211545732-3362804733-9314\Scripts\Logon\0\0]
"Script"=\\srvpp01\NETLOGON\doadmins.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2916326957-211545732-3362804733-9314\Scripts\Logon\1\0]
"Script"=\\srvpp01\NETLOGON\doadmins.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2916326957-211545732-3362804733-9314\Scripts\Logon\2\0]
"Script"=\\srvpp01\NETLOGON\doadmins.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2916326957-211545732-3362804733-9314\Scripts\Logon\3\0]
"Script"=\\srvpp01\NETLOGON\doadmins.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2916326957-211545732-3362804733-9314\Scripts\Logon\4\0]
"Script"=\\t-systems.cz\NETLOGON\tsca1.cmd
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [14.10.2011 16:11 72832]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [24.3.2012 21:34 612184]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [24.3.2012 21:34 337880]
S2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files\T-Mobile\Web'n'walk Manager\ameisvc.exe [8.1.2009 21:25 58608]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24.3.2012 21:34 20696]
S2 Ethpdrv;Ethernet Packet Driver;c:\windows\system32\drivers\ethpdrv.sys [1.8.2007 22:30 16376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [28.3.2012 22:42 652360]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29.2.2012 9:50 158856]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [15.10.2011 10:14 102784]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [14.10.2011 16:18 85632]
S3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\drivers\ew_jucdcecm.sys [14.10.2011 16:18 51456]
S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\drivers\ew_juextctrl.sys [14.10.2011 16:18 26496]
S3 IpwP;IPWireless 3G Network Adapter;c:\windows\system32\drivers\ipw3gnet.sys [18.12.2009 12:28 51040]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [28.3.2012 22:42 20464]
S3 NETwLx32; Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [29.3.2012 22:00 6609920]
S3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [12.10.2010 22:50 67968]
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = <local>
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\zhdu10ow.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: network.proxy.ftp - 10.246.110.1
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - 10.246.110.1
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - 10.246.110.1
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 10.246.110.1
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 10.246.110.1
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-02 22:09
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2012-04-02 22:14:45 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-04-02 20:14
.
Před spuštěním: 3 131 600 896
Po spuštění: 2 989 133 824
.
- - End Of File - - DBE4E6CC7D75A33CF28D05A158AB5A97

a potom ještě vytvořil cestu ke kontroloe souborů po netu, ale nejde mi připojení, takže vkládám aspoň na ukázku
File path ---> C:\Qoobox\Quarantine\[4]-Submit_2012-04-02_21.42.09.zip

o těch proxy nic nevím, ale mohlo tam asi zůstat ještě z původního používání notebooku ve firmě.

srvpp01\NETLOGON\doadmins.vbs
"Script"=\\t-systems.cz\NETLOGON\tsca1.cmd
Tohle Ti něco říká? Visual Basic??

tohle mi nic neříká, asi také původní--
díky
R

bledulka · Příspěvekod **bledulka** » 02 dub 2012 22:50

Zkus ho spustit v nouzovém režimu. Pokud ani tak nepujde, napiš.

radim648 · Příspěvekod **radim648** » 03 dub 2012 20:39

v nouzovém režimu to nakonec doběhlo (ComboFix). log jsem posílal v minulém příspěvku.
co se týče Visual Basic, asi jo.
tož
R

Příspěvekod **jaro3** » 03 dub 2012 23:15

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

Firefox::
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\zhdu10ow.default\
FF - prefs.js: network.proxy.ftp - 10.246.110.1
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - 10.246.110.1
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - 10.246.110.1
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 10.246.110.1
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 10.246.110.1
FF - prefs.js: network.proxy.ssl_port - 3128

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

radim648 · Příspěvekod **radim648** » 04 dub 2012 22:56

Ahoj,
jde mi to spustit pouze v nouzovém režimu bez připojení k síti..zde jsou logy:
CF

ComboFix 12-04-01.03 - SpravceNT 04.04.2012 19:15:57.6.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1014.785 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-04 do 2012-04-04 )))))))))))))))))))))))))))))))
.
.
2012-03-29 20:00 . 2010-10-07 12:11 6609920 ----a-w- c:\windows\system32\drivers\NETwLx32.sys
2012-03-29 20:00 . 2010-02-25 00:39 675840 ----a-w- c:\windows\system32\NETwLc32.dll
2012-03-29 20:00 . 2010-02-25 00:37 2756608 ----a-w- c:\windows\system32\NETwLr32.dll
2012-03-28 20:42 . 2012-03-28 20:42 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Malwarebytes
2012-03-28 20:42 . 2012-03-28 20:42 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-03-28 20:42 . 2012-03-28 20:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-28 20:42 . 2011-12-10 13:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-24 19:34 . 2012-03-07 00:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-24 19:34 . 2012-03-07 00:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-24 19:34 . 2012-03-07 00:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-24 19:34 . 2012-03-07 00:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-24 19:34 . 2012-03-07 00:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-24 15:33 . 2012-03-06 23:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-03-24 15:32 . 2012-03-07 00:15 41184 ----a-w- c:\windows\avastSS.scr
2012-03-24 15:32 . 2012-03-07 00:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-24 15:31 . 2012-03-24 15:31 -------- d-----w- c:\program files\AVAST Software
2012-03-24 15:31 . 2012-03-24 15:31 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2012-03-23 08:42 . 2012-03-23 08:42 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\PCHealth
2012-03-18 09:44 . 2012-03-18 09:44 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 12:44 . 2010-09-30 13:52 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-03-18 17:55 . 2011-03-26 13:08 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-02_20.09.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-14 04:00 . 2012-04-04 17:11 71846 c:\windows\system32\perfc009.dat
+ 2008-04-14 04:00 . 2012-04-04 17:11 91804 c:\windows\system32\perfc005.dat
+ 2008-04-14 04:00 . 2012-04-04 17:11 443588 c:\windows\system32\perfh009.dat
+ 2008-04-14 04:00 . 2012-04-04 17:11 461122 c:\windows\system32\perfh005.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-12 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2008-02-22 1245184]
"Microsoft Pinyin IME Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE" [2008-11-04 33128]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-04-02 128232]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-11-03 1372160]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-11-03 1202448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-2-22 2938184]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
Rychlé spuštění aplikace HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-29 53248]
VPN Client.lnk - c:\windows\Installer\{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}\Icon3E5562ED7.ico [2009-12-14 6144]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2916326957-211545732-3362804733-12176\Scripts\Logon\0\0]
"Script"=\\srvpp01\NETLOGON\doadmins.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2916326957-211545732-3362804733-12176\Scripts\Logon\1\0]
"Script"=\\srvpp01\NETLOGON\doadmins.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2916326957-211545732-3362804733-12176\Scripts\Logon\2\0]
"Script"=\\srvpp01\NETLOGON\doadmins.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2916326957-211545732-3362804733-12176\Scripts\Logon\3\0]
"Script"=\\srvpp01\NETLOGON\doadmins.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2916326957-211545732-3362804733-12176\Scripts\Logon\4\0]
"Script"=\\t-systems.cz\NETLOGON\tsca1.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2916326957-211545732-3362804733-9314\Scripts\Logon\0\0]
"Script"=\\srvpp01\NETLOGON\doadmins.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2916326957-211545732-3362804733-9314\Scripts\Logon\1\0]
"Script"=\\srvpp01\NETLOGON\doadmins.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2916326957-211545732-3362804733-9314\Scripts\Logon\2\0]
"Script"=\\srvpp01\NETLOGON\doadmins.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2916326957-211545732-3362804733-9314\Scripts\Logon\3\0]
"Script"=\\srvpp01\NETLOGON\doadmins.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2916326957-211545732-3362804733-9314\Scripts\Logon\4\0]
"Script"=\\t-systems.cz\NETLOGON\tsca1.cmd
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [14.10.2011 16:11 72832]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [24.3.2012 21:34 612184]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [24.3.2012 21:34 337880]
S2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files\T-Mobile\Web'n'walk Manager\ameisvc.exe [8.1.2009 21:25 58608]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24.3.2012 21:34 20696]
S2 Ethpdrv;Ethernet Packet Driver;c:\windows\system32\drivers\ethpdrv.sys [1.8.2007 22:30 16376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [28.3.2012 22:42 652360]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29.2.2012 9:50 158856]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [15.10.2011 10:14 102784]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [14.10.2011 16:18 85632]
S3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\drivers\ew_jucdcecm.sys [14.10.2011 16:18 51456]
S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\drivers\ew_juextctrl.sys [14.10.2011 16:18 26496]
S3 IpwP;IPWireless 3G Network Adapter;c:\windows\system32\drivers\ipw3gnet.sys [18.12.2009 12:28 51040]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [28.3.2012 22:42 20464]
S3 NETwLx32; Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [29.3.2012 22:00 6609920]
S3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [12.10.2010 22:50 67968]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = <local>
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\zhdu10ow.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: network.proxy.type - 4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-04 19:24
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2012-04-04 19:27:20
ComboFix-quarantined-files.txt 2012-04-04 17:27
ComboFix2.txt 2012-04-02 20:14
.
Před spuštěním: 2 997 927 936
Po spuštění: 2 974 392 320
.
- - End Of File - - FB28A15D574DF2E3EFE207D7EDE1DC20

HijackThis:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:53:35, on 4.4.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17080)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\Administrator\Plocha\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Microsoft Pinyin IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Rychlé spuštění aplikace HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0789637421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 0789741468
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Web'n'walk Manager mobile equipment installation service (ameisvc) - Gemfor s.r.o. - C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\WLKeeper.exe

--
End of file - 8683 bytes

díky
R

Příspěvekod **jaro3** » 04 dub 2012 23:15

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

KillAll::
File::
c:\windows\system32\MpSigStub.exe
c:\windows\system32\perfc009.dat
c:\windows\system32\perfc005.dat
c:\windows\system32\perfh009.dat
c:\windows\system32\perfh005.dat

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu .

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

+
Stáhni si CrystalDiskInfo
Spusť program a klikni na Úpravy-Kopírovat. Poté sem vlož pomocí Ctrl+V obsah logu.

Stáhni si Memtest:

Do políčka vlož největší velikost Tvé jednotlivé paměti RAM (256,512 nebo 1024,2048) dej Start , nech nejméně 2h běžet , pokud bude po 2h stále 0 errors , jsou v pořádku.

Stáhni si MGADiag

na plochu. Poklepej na MGADiag.exe, klikni na Run a Run znovu, poté klikni na Continue , pak na Copy. Nyní otevři Notepad ( poznámkový blok) a pravým tl. myši vlož celý text . Ulož si ho na plochu a zkopíruj sem celý jeho obsah.

radim648 · Příspěvekod **radim648** » 07 dub 2012 12:05

ahoj,
takže log CF:
ComboFix 12-04-01.03 - SpravceNT 06.04.2012 20:57:17.7.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1014.781 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
FILE ::
"c:\windows\system32\MpSigStub.exe"
"c:\windows\system32\perfc005.dat"
"c:\windows\system32\perfc009.dat"
"c:\windows\system32\perfh005.dat"
"c:\windows\system32\perfh009.dat"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-06 do 2012-04-06 )))))))))))))))))))))))))))))))
.
.
2012-03-29 20:00 . 2010-10-07 12:11 6609920 ----a-w- c:\windows\system32\drivers\NETwLx32.sys
2012-03-29 20:00 . 2010-02-25 00:39 675840 ----a-w- c:\windows\system32\NETwLc32.dll
2012-03-29 20:00 . 2010-02-25 00:37 2756608 ----a-w- c:\windows\system32\NETwLr32.dll
2012-03-28 20:42 . 2012-03-28 20:42 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Malwarebytes
2012-03-28 20:42 . 2012-03-28 20:42 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-03-28 20:42 . 2012-03-28 20:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-28 20:42 . 2011-12-10 13:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-24 19:34 . 2012-03-07 00:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-24 19:34 . 2012-03-07 00:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-24 19:34 . 2012-03-07 00:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-24 19:34 . 2012-03-07 00:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-24 19:34 . 2012-03-07 00:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-24 15:33 . 2012-03-06 23:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-03-24 15:32 . 2012-03-07 00:15 41184 ----a-w- c:\windows\avastSS.scr
2012-03-24 15:32 . 2012-03-07 00:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-24 15:31 . 2012-03-24 15:31 -------- d-----w- c:\program files\AVAST Software
2012-03-24 15:31 . 2012-03-24 15:31 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2012-03-23 08:42 . 2012-03-23 08:42 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\PCHealth
2012-03-18 09:44 . 2012-03-18 09:44 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 12:44 . 2010-09-30 13:52 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-03-18 17:55 . 2011-03-26 13:08 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-02_20.09.15 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-14 04:00 . 2012-04-02 19:59 72180 c:\windows\system32\perfc009.dat
+ 2008-04-14 04:00 . 2012-04-06 19:13 72180 c:\windows\system32\perfc009.dat
- 2008-04-14 04:00 . 2012-04-02 19:59 92182 c:\windows\system32\perfc005.dat
+ 2008-04-14 04:00 . 2012-04-06 19:13 92182 c:\windows\system32\perfc005.dat
+ 2008-04-14 04:00 . 2012-04-06 19:13 443922 c:\windows\system32\perfh009.dat
- 2008-04-14 04:00 . 2012-04-02 19:59 443922 c:\windows\system32\perfh009.dat
+ 2008-04-14 04:00 . 2012-04-06 19:13 461634 c:\windows\system32\perfh005.dat
- 2008-04-14 04:00 . 2012-04-02 19:59 461634 c:\windows\system32\perfh005.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-12 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2008-02-22 1245184]
"Microsoft Pinyin IME Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE" [2008-11-04 33128]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-04-02 128232]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-11-03 1372160]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-11-03 1202448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-2-22 2938184]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
Rychlé spuštění aplikace HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-29 53248]
VPN Client.lnk - c:\windows\Installer\{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}\Icon3E5562ED7.ico [2009-12-14 6144]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2916326957-211545732-3362804733-12176\Scripts\Logon\0\0]
"Script"=\\srvpp01\NETLOGON\doadmins.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2916326957-211545732-3362804733-12176\Scripts\Logon\1\0]
"Script"=\\srvpp01\NETLOGON\doadmins.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2916326957-211545732-3362804733-12176\Scripts\Logon\2\0]
"Script"=\\srvpp01\NETLOGON\doadmins.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2916326957-211545732-3362804733-12176\Scripts\Logon\3\0]
"Script"=\\srvpp01\NETLOGON\doadmins.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2916326957-211545732-3362804733-12176\Scripts\Logon\4\0]
"Script"=\\t-systems.cz\NETLOGON\tsca1.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2916326957-211545732-3362804733-9314\Scripts\Logon\0\0]
"Script"=\\srvpp01\NETLOGON\doadmins.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2916326957-211545732-3362804733-9314\Scripts\Logon\1\0]
"Script"=\\srvpp01\NETLOGON\doadmins.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2916326957-211545732-3362804733-9314\Scripts\Logon\2\0]
"Script"=\\srvpp01\NETLOGON\doadmins.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2916326957-211545732-3362804733-9314\Scripts\Logon\3\0]
"Script"=\\srvpp01\NETLOGON\doadmins.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2916326957-211545732-3362804733-9314\Scripts\Logon\4\0]
"Script"=\\t-systems.cz\NETLOGON\tsca1.cmd
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [14.10.2011 16:11 72832]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [24.3.2012 21:34 612184]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [24.3.2012 21:34 337880]
S2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files\T-Mobile\Web'n'walk Manager\ameisvc.exe [8.1.2009 21:25 58608]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24.3.2012 21:34 20696]
S2 Ethpdrv;Ethernet Packet Driver;c:\windows\system32\drivers\ethpdrv.sys [1.8.2007 22:30 16376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [28.3.2012 22:42 652360]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29.2.2012 9:50 158856]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [15.10.2011 10:14 102784]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [14.10.2011 16:18 85632]
S3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\drivers\ew_jucdcecm.sys [14.10.2011 16:18 51456]
S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\drivers\ew_juextctrl.sys [14.10.2011 16:18 26496]
S3 IpwP;IPWireless 3G Network Adapter;c:\windows\system32\drivers\ipw3gnet.sys [18.12.2009 12:28 51040]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [28.3.2012 22:42 20464]
S3 NETwLx32; Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [29.3.2012 22:00 6609920]
S3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [12.10.2010 22:50 67968]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MDMXSDK
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = <local>
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\zhdu10ow.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: network.proxy.type - 4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-06 21:16
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1616)
c:\windows\system32\netprovcredman.dll
.
Celkový čas: 2012-04-06 21:22:26 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-04-06 19:22
ComboFix2.txt 2012-04-04 17:27
ComboFix3.txt 2012-04-02 20:14
.
Před spuštěním: 2 988 216 320
Po spuštění: 2 972 033 024
.
- - End Of File - - EB99C4E09CA110C4EE6244698901359B

CrystalDiskInfo:
----------------------------------------------------------------------------
CrystalDiskInfo 4.2.0 (C) 2008-2012 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows XP Professional SP3 [5.1 Build 2600] (x86)
Date : 2012/04/06 21:24:31

-- Controller Map ----------------------------------------------------------
+ Intel(R) 82801GBM/GHM (ICH7-M Family) Serial ATA Storage Controller - 27C4 [ATA]
+ Primární kanál IDE (0)
- Hitachi HTS541660J9SA00
+ Sekundární kanál IDE (1)
- TSSTcorp CDRW/DVD TSL462D

-- Disk List ---------------------------------------------------------------
(1) Hitachi HTS541660J9SA00 : 60.0 GB [0-0-0, pd1]

----------------------------------------------------------------------------
(1) Hitachi HTS541660J9SA00
----------------------------------------------------------------------------
Model : Hitachi HTS541660J9SA00
Firmware : SBBOC7KP
Serial Number : SB2BDBSLGN47ZN
Disk Size : 60.0 GB (8.4/60.0/60.0)
Buffer Size : 7516 KB
Queue Depth : 32
# of Sectors : 117210240
Rotation Rate : Neznámy údaj
Interface : Serial ATA
Major Version : ATA/ATAPI-7
Minor Version : ATA/ATAPI-7 T13 1532D version 1
Transfer Mode : SATA/150
Power On Hours : 9486 hod.
Power On Count : 1960 krát
Temparature : 40 C (104 F)
Health Status : Dobrý
Features : S.M.A.R.T., APM, AAM, 48bit LBA, NCQ
APM Level : 4080h [ON]
AAM Level : 8080h [ON]

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 100 100 _62 000000000000 Počet chyb čtení
02 107 107 __0 000000001177 Průchodnost disku
03 253 253 _33 000900000000 Čas na roztočení ploten
04 _99 _99 __0 0000000007AA Počet spuštění/zastavení
05 100 100 __5 000000000000 Počet přemapovaných sektorů
07 100 100 __0 000000000000 Počet chybných hledání
08 136 136 __0 000000000020 Čas potřebný na vyhledání
09 _79 _79 __0 00000000250E Hodin v činnosti
0A 100 100 __0 000000000000 Počet opakovaných pokusů o roztočení ploten
0C _99 _99 __0 0000000007A8 Počet cyklů zapnutí zařízení
BF _97 _97 __0 000000050001 Počet udalostí zaznamenaných otřesovým senzorem
C0 100 100 __0 000000000009 Počet vypnutí disku
C1 _74 _74 __0 000000040479 Počet cyklů načítání/vymazání
C2 137 137 __0 0033000F0028 Teplota
C4 100 100 __0 000000000000 Počet udalostí s číslem realokování sektorů
C5 100 100 __0 000000000000 Počet podezřelých sektorů
C6 100 100 __0 000000000000 Počet neopravitelných sektorů
C7 200 253 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
DF 100 100 __0 000000000000 Zatížení budiče magnetických hlav způsobené opakovanými úkony
E1 _74 _74 __0 000000040479 Počet cyklů načítání/vymazání

-- IDENTIFY_DEVICE ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 04 5A 3F FF C8 37 00 10 00 00 00 00 00 3F 00 00
010: 00 00 00 00 20 20 20 20 20 20 53 42 32 42 44 42
020: 53 4C 47 4E 34 37 5A 4E 00 03 3A B8 00 04 53 42
030: 42 4F 43 37 4B 50 48 69 74 61 63 68 69 20 48 54
040: 53 35 34 31 36 36 30 4A 39 53 41 30 30 20 20 20
050: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 80 10
060: 00 00 0F 00 40 00 02 00 02 00 00 07 3F FF 00 10
070: 00 3F FC 10 00 FB 01 10 7C 80 06 FC 00 00 00 07
080: 00 03 00 78 00 78 00 78 00 78 00 00 00 00 00 00
090: 00 00 00 00 00 00 00 1F 05 02 00 00 00 5E 00 48
0A0: 00 FC 00 1A 74 6B 7F 69 41 63 74 69 3E 49 41 63
0B0: 20 3F 00 13 00 00 40 80 FF FE 00 00 80 80 00 00
0C0: 00 00 00 00 00 00 00 00 7C 80 06 FC 00 00 00 00
0D0: 00 00 00 00 00 00 88 48 50 00 CC A5 1B C9 27 67
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00
0F0: 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 09 00 0B 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00
130: 42 44 00 00 00 00 58 67 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 3F 00 00
1A0: 00 00 00 00 00 00 00 00 80 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FD A5

MemTest - errors 0

MGAdiag log:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-PBV96-8CCTD-73R6W
Windows Product Key Hash: qgfk5JKZ5MItZ5CfKJtnz1v8lJc=
Windows Product ID: 76389-641-2439917-23432
Windows Product ID Type: 1
Windows License Type: Volume
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {F9AFD1CD-2FCC-4861-B56B-5F42A5FCE9F3}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.40.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.9.40.0
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Enterprise 2007 - 100 Genuine
Microsoft Office Project Professional 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-8009_E2AD56EA-766-2_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{F9AFD1CD-2FCC-4861-B56B-5F42A5FCE9F3}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-73R6W</PKey><PID>76389-641-2439917-23432</PID><PIDType>1</PIDType><SID>S-1-5-21-3356289654-216843948-1810167863</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Latitude D620 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A08</Version><SMBIOSVersion major="2" minor="4"/><Date>20070403000000.000000+000</Date></BIOS><HWID>6E023007018400EA</HWID><UserLCID>0405</UserLCID><SystemLCID>0405</SystemLCID><TimeZone>Střední Evropa (běžný čas)(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.9.40.0"/><File Name="WgaLogon.dll" Version="1.9.40.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>68F62C681356D86</Val><Hash>uRoCXkGlCTtElOu/KnRawyDKQ3A=</Hash><Pid>89388-707-0173505-65525</Pid><PidType>14</PidType></Product><Product GUID="{90120000-003B-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Project Professional 2007</Name><Ver>12</Ver><Val>10CB4D421D04D86</Val><Hash>8p0HG/M6NtFOXN77HvObXKYTmBw=</Hash><Pid>89403-707-0173424-63726</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="3A" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 4000:Dell Inc|4000:Microsoft Corporation
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A

tož tak
R

Příspěvekod **jaro3** » 10 dub 2012 09:32

BF _97 _97 __0 000000050001 Počet udalostí zaznamenaných otřesovým senzorem
Nespadnul Ti ten disk?

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj antivir a antispyware ,následně T-Cleaner smaž a zapni si znovu antivir a antispyware.

Stáhni si OTL by OldTimer
na plochu. Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Výstup klikni na minimální výstup.Pod Běžné registry změň na Vše. Zatrhni Kontrola na havěť “LOP“ a Kontrola na havěť “ Purity“ . Klikni na Prohledat. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.

radim648 · Příspěvekod **radim648** » 10 dub 2012 23:23

ahoj, zde jsou logy postupně:
že by spadl, to si nevybavuju, ale možný to je.

OTL logfile created on: 10.4.2012 23:14:09 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Administrator\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1014,05 Mb Total Physical Memory | 785,92 Mb Available Physical Memory | 77,50% Memory free
2,39 Gb Paging File | 2,31 Gb Available in Paging File | 96,95% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 3,02 Gb Free Space | 15,45% Space Free | Partition Type: NTFS
Drive D: | 36,35 Gb Total Space | 6,34 Gb Free Space | 17,43% Space Free | Partition Type: NTFS
Drive F: | 1,91 Gb Total Space | 1,88 Gb Free Space | 98,55% Space Free | Partition Type: FAT

Computer Name: DELL_D620 | User Name: SpravceNT | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Plocha\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\dlaapi_w.dll ()

========== Win32 Services (SafeList) ==========

SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe /ServiceStart File not found
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (WLANKEEPER) Intel(R) -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe (Intel(R) Corporation)
SRV - (S24EventMonitor) Intel(R) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (ameisvc) -- C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe (Gemfor s.r.o.)
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)

========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (UIUSys) -- system32\DRIVERS\UIUSYS.SYS File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (huawei_enumerator) -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_cdcecm) -- C:\WINDOWS\system32\drivers\ew_jucdcecm.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_ext_ctrl) -- C:\WINDOWS\system32\drivers\ew_juextctrl.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_cdcacm) -- C:\WINDOWS\system32\drivers\ew_jucdcacm.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_hwusbdev) -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (NETwLx32) Ovladač adaptéru řady Intel(R) -- C:\WINDOWS\system32\drivers\NETwLx32.sys (Intel Corporation)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (truecrypt) -- C:\WINDOWS\system32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (IpwP) -- C:\WINDOWS\system32\drivers\ipw3gnet.sys (IPWireless Inc.)
DRV - (NETw5x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (Serial) -- C:\WINDOWS\system32\drivers\serial.sys ()
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (guardian2) -- C:\WINDOWS\system32\drivers\oz776.sys (O2Micro)
DRV - (tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (CSRBC) -- C:\WINDOWS\system32\drivers\csrbcxp.sys (CSR, plc)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (Ethpdrv) -- C:\WINDOWS\system32\drivers\ethpdrv.sys (Gemfor s.r.o.)
DRV - (DLADResM) -- C:\WINDOWS\system32\drivers\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS (Roxio)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (P0630VID) -- C:\WINDOWS\system32\drivers\P0630Vid.sys (Creative Technology Ltd.)
DRV - (APPDRV) -- C:\WINDOWS\system32\drivers\APPDRV.SYS (Dell Inc)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {1BF5C118-654B-4D11-AE7C-DD73F7C03927}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{1BF5C118-654B-4D11-AE7C-DD73F7C03927}: "URL" = http://www.google.cz/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7SKPT_csCZ401
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.11
FF - prefs.js..network.proxy.backup.ftp: "10.246.110.1"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.gopher: "10.246.110.1"
FF - prefs.js..network.proxy.backup.gopher_port: 3128
FF - prefs.js..network.proxy.backup.socks: "10.246.110.1"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "10.246.110.1"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.12.14 15:55:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009.12.14 14:34:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.03.24 17:32:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.26 15:08:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.26 15:08:53 | 000,000,000 | ---D | M]

[2010.01.12 10:56:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Extensions
[2010.01.12 10:56:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011.05.25 22:54:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\zhdu10ow.default\extensions
[2011.12.07 22:07:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.03.18 11:44:40 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.03.26 15:08:57 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010.07.28 17:10:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.01 22:06:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.28 12:00:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.26 15:08:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011.03.26 15:08:57 | 000,000,000 | ---D | M] (Seznam liĹˇtiÄŤka) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
[2012.03.24 17:32:12 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2009.12.14 14:34:41 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009.12.14 15:55:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.03.18 19:55:52 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.11.15 22:02:24 | 000,135,568 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2010.01.01 10:00:00 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2010.01.01 10:00:00 | 000,002,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2010.01.01 10:00:00 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2010.01.01 10:00:00 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2010.01.01 10:00:00 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2010.01.01 10:00:00 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2012.04.06 21:16:30 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKCU\..\Toolbar\WebBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKCU\..\Toolbar\WebBrowser: (&Odkazy) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Microsoft Pinyin IME Migration] C:\Program Files\Common Files\Microsoft Shared\IME12\IMESC\IMSCMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Rychlé spuštění aplikace HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\VPN Client.lnk = C:\WINDOWS\Installer\{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 0789637421 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 0789741468 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14C837F0-8437-4589-9459-B60798856642}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (C:\WINDOWS\system32\tcgina.dll) - C:\WINDOWS\system32\tcgina.dll ()
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Proces mezipaměti kategorií součástí - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.03.01 11:44:51 | 000,000,676 | ---- | M] () - C:\autoAlbum.log -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012.04.10 23:13:14 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
[2012.04.10 23:05:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2012.04.10 23:05:06 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012.04.10 23:03:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Nabídka Start\Programy\CCleaner
[2012.04.10 23:03:55 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.04.10 23:03:27 | 003,376,656 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Plocha\ccsetup230.exe
[2012.04.07 11:44:26 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Plocha\MGADiag.exe
[2012.04.07 11:43:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Office Genuine Advantage
[2012.04.06 21:24:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\CrystalDiskInfo
[2012.04.06 21:24:00 | 000,000,000 | ---D | C] -- C:\Program Files\CrystalDiskInfo
[2012.04.06 21:22:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012.04.04 22:53:22 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Plocha\HijackThis.exe
[2012.03.29 22:00:16 | 006,609,920 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\NETwLx32.sys
[2012.03.29 22:00:16 | 002,756,608 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\NETwLr32.dll
[2012.03.29 22:00:16 | 000,675,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\NETwLc32.dll
[2012.03.29 21:02:57 | 002,068,016 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Plocha\TDSSKiller.exe
[2012.03.29 20:46:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Plocha\backups
[2012.03.28 22:42:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Data aplikací\Malwarebytes
[2012.03.28 22:42:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes' Anti-Malware
[2012.03.28 22:42:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2012.03.28 22:42:32 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.03.28 22:42:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.28 22:31:28 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Administrator\Plocha\aswMBR.exe
[2012.03.28 22:29:31 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Plocha\mbam--setup-1.60.1.1000.exe
[2012.03.28 22:28:03 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Administrator\Plocha\ATF-Cleaner(2).exe
[2012.03.27 22:27:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Nabídka Start\Programy\Nástroje pro správu
[2012.03.27 22:16:01 | 001,413,120 | ---- | C] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Administrator\Plocha\winsockfix.exe
[2012.03.27 18:22:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Hry
[2012.03.24 21:34:18 | 000,337,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012.03.24 21:34:18 | 000,020,696 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012.03.24 21:34:15 | 000,612,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012.03.24 21:34:14 | 000,095,704 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012.03.24 21:34:14 | 000,089,048 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012.03.24 17:33:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\avast! Free Antivirus
[2012.03.24 17:33:05 | 000,024,920 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012.03.24 17:32:02 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012.03.24 17:32:00 | 000,201,352 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012.03.24 17:31:18 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012.03.24 17:31:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
[2012.03.23 10:42:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\PCHealth
[2012.03.22 19:55:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Data aplikací\Macromedia
[2012.03.22 19:55:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Data aplikací\Adobe
[2012.03.18 11:44:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Skype
[2012.03.18 11:44:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.04.10 23:03:56 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\CCleaner.lnk
[2012.04.10 23:00:40 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
[2012.04.10 20:37:02 | 000,461,122 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2012.04.10 20:37:02 | 000,443,588 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.04.10 20:37:02 | 000,091,804 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2012.04.10 20:37:02 | 000,071,846 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.04.10 20:33:36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.04.10 20:32:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.04.06 21:24:02 | 000,001,649 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\CrystalDiskInfo.lnk
[2012.04.06 21:16:30 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012.04.06 20:50:44 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Plocha\MGADiag.exe
[2012.03.31 15:57:18 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\VPN Client.lnk
[2012.03.30 21:18:06 | 000,455,680 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\ToolsCleaner2.exe
[2012.03.30 21:13:00 | 000,001,912 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012.03.28 22:42:35 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes Anti-Malware.lnk
[2012.03.28 22:31:12 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrator\Plocha\aswMBR.exe
[2012.03.28 22:29:22 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Plocha\mbam--setup-1.60.1.1000.exe
[2012.03.28 22:27:46 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Administrator\Plocha\ATF-Cleaner(2).exe
[2012.03.28 22:23:40 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Plocha\HijackThis.exe
[2012.03.27 23:30:53 | 000,012,117 | ---- | M] () -- C:\WirelessDiagLog.csv
[2012.03.27 23:00:20 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2012.03.27 22:15:46 | 001,413,120 | ---- | M] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Administrator\Plocha\winsockfix.exe
[2012.03.27 18:52:14 | 000,001,694 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2012.03.26 13:41:00 | 002,068,016 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Plocha\TDSSKiller.exe
[2012.03.24 21:34:15 | 000,002,552 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012.03.24 20:21:38 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[2012.03.24 17:33:11 | 000,001,695 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\avast! Free Antivirus.lnk
[2012.03.22 20:15:16 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.04.10 23:03:56 | 000,001,554 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\CCleaner.lnk
[2012.04.06 21:24:02 | 000,001,649 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\CrystalDiskInfo.lnk
[2012.03.30 21:27:40 | 000,455,680 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\ToolsCleaner2.exe
[2012.03.28 22:42:35 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes Anti-Malware.lnk
[2012.03.24 17:33:11 | 000,001,695 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\avast! Free Antivirus.lnk
[2011.07.26 21:42:09 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS78.DLL
[2011.02.05 19:13:16 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.08 21:41:25 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\fusioncache.dat
[2010.11.08 12:58:42 | 000,104,182 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2010.11.08 12:58:42 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2010.10.12 20:41:36 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.09.29 12:48:16 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2010.09.29 11:35:04 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2010.07.29 14:08:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010.07.29 11:40:11 | 000,259,168 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2010.07.29 11:39:40 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\Microsoft.SqlServer.Compact.351.32.bc

========== LOP Check ==========

[2009.12.14 14:25:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Citrix
[2010.09.29 11:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\GHISLER
[2010.01.12 10:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\ICAClient
[2009.12.16 10:11:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\TrueCrypt
[2011.10.14 16:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Vodafone
[2011.01.29 12:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Windows Desktop Search
[2011.07.04 21:50:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Windows Search
[2012.03.24 17:31:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
[2011.07.26 21:42:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonBJ
[2010.07.29 12:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Soluto
[2009.12.15 10:39:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TrueCrypt
[2009.12.16 12:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Uninstall
[2011.10.14 16:11:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Vodafone

========== Purity Check ==========

< End of report >

radim648 · Příspěvekod **radim648** » 10 dub 2012 23:25

a ještě Extras

OTL Extras logfile created on: 10.4.2012 23:14:09 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Administrator\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1014,05 Mb Total Physical Memory | 785,92 Mb Available Physical Memory | 77,50% Memory free
2,39 Gb Paging File | 2,31 Gb Available in Paging File | 96,95% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 3,02 Gb Free Space | 15,45% Space Free | Partition Type: NTFS
Drive D: | 36,35 Gb Total Space | 6,34 Gb Free Space | 17,43% Space Free | Partition Type: NTFS
Drive F: | 1,91 Gb Total Space | 1,88 Gb Free Space | 98,55% Space Free | Partition Type: FAT

Computer Name: DELL_D620 | User Name: SpravceNT | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18472E28-FCA0-421F-BDAC-AC65012E29F2}" = ArcSoft MediaImpression
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 23
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{2F71F2BA-B513-4113-969C-18A84D238E27}" = 1310
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{546C143E-68DC-314D-97BC-1E454E3BA429}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CSY
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{5E65E94D-69F2-4850-9E93-6459C53A0F50}" = Microsoft .NET Framework 1.1 Czech Language Pack
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{7A1FB67F-A340-472A-97C3-A6AFFE078AAE}" = MetaFrame Presentation Server Client
"{7B1AF68B-4606-4152-9991-1E9D4FF5F0FA}" = Microsoft Antimalware Service CS-CZ Language Pack
"{80413011-029C-4D6B-B3AD-725DDE60B81C}" = 1310Trb
"{82CE6B7B-9665-4E29-8CE0-DD993484B38D}" = Software Intel(R) PROSet/Wireless WiFi
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90120000-0010-0405-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Czech) 12
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROOFKIT_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0402-0000-0000000FF1CE}" = Microsoft Office Proof (Bulgarian) 2007
"{90120000-001F-0402-0000-0000000FF1CE}_PROOFKIT_{FB4EE5BD-7C0B-4B5C-ACEC-D1F160BE9B47}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0403-0000-0000000FF1CE}_PROOFKIT_{4B47C31E-46B0-462B-BEE4-DC383B6A1F2A}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0404-0000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Traditional)) 2007
"{90120000-001F-0404-0000-0000000FF1CE}_PROOFKIT_{33FA7680-10ED-444E-BC72-214064317283}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_ENTERPRISE_{294B4278-CF7B-40B9-86A1-2D3FF0C2C524}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0405-0000-0000000FF1CE}_PROOFKIT_{294B4278-CF7B-40B9-86A1-2D3FF0C2C524}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0406-0000-0000000FF1CE}" = Microsoft Office Proof (Danish) 2007
"{90120000-001F-0406-0000-0000000FF1CE}_PROOFKIT_{25E093C2-374E-44A9-9BCE-3881BD442F3F}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_PROOFKIT_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0408-0000-0000000FF1CE}" = Microsoft Office Proof (Greek) 2007
"{90120000-001F-0408-0000-0000000FF1CE}_PROOFKIT_{3C7DCB2F-8EA1-4558-B8F5-1107C4055A0B}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROOFKIT_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040B-0000-0000000FF1CE}" = Microsoft Office Proof (Finnish) 2007
"{90120000-001F-040B-0000-0000000FF1CE}_PROOFKIT_{8C00DF3E-E8BD-4C6A-B86F-0135E11DAF1C}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROOFKIT_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040D-0000-0000000FF1CE}" = Microsoft Office Proof (Hebrew) 2007
"{90120000-001F-040D-0000-0000000FF1CE}_PROOFKIT_{D51DB996-6D46-4195-B495-5E96F61A3CB9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040E-0000-0000000FF1CE}" = Microsoft Office Proof (Hungarian) 2007
"{90120000-001F-040E-0000-0000000FF1CE}_PROOFKIT_{573CA1BB-C8A3-46C4-993E-DB4043D9BFCD}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROOFKIT_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0411-0000-0000000FF1CE}" = Microsoft Office Proof (Japanese) 2007
"{90120000-001F-0411-0000-0000000FF1CE}_PROOFKIT_{09FD8ECF-B585-47FD-8E53-68BB8741DA65}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0412-0000-0000000FF1CE}" = Microsoft Office Proof (Korean) 2007
"{90120000-001F-0412-0000-0000000FF1CE}_PROOFKIT_{B017C4D5-E774-4A94-A8E3-380489B86F47}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROOFKIT_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0414-0000-0000000FF1CE}" = Microsoft Office Proof (Norwegian (Bokmål)) 2007
"{90120000-001F-0414-0000-0000000FF1CE}_PROOFKIT_{D3413506-02DD-4918-AB8B-A9939A14C2E8}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-001F-0415-0000-0000000FF1CE}_PROOFKIT_{E9EA2604-8AC9-47D2-8F4B-6BF60787A357}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_PROOFKIT_{75EBE365-7FC5-4720-A7D3-804BF550D1BC}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0418-0000-0000000FF1CE}" = Microsoft Office Proof (Romanian) 2007
"{90120000-001F-0418-0000-0000000FF1CE}_PROOFKIT_{6E3398C5-9A81-4054-B474-8B23A60F5048}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0419-0000-0000000FF1CE}" = Microsoft Office Proof (Russian) 2007
"{90120000-001F-0419-0000-0000000FF1CE}_PROOFKIT_{57A92C5E-E76A-49CC-9EC2-A7B6CE1255EA}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-041A-0000-0000000FF1CE}" = Microsoft Office Proof (Croatian) 2007
"{90120000-001F-041A-0000-0000000FF1CE}_PROOFKIT_{C9CC66D9-D7D3-46C1-A485-9601E4DE8D28}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_ENTERPRISE_{10EC59E5-9BCE-4884-BB1A-E28627220232}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-041B-0000-0000000FF1CE}_PROOFKIT_{10EC59E5-9BCE-4884-BB1A-E28627220232}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-041D-0000-0000000FF1CE}" = Microsoft Office Proof (Swedish) 2007
"{90120000-001F-041D-0000-0000000FF1CE}_PROOFKIT_{43722AA8-ACEA-4F54-9B83-2467D376EF8A}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-041E-0000-0000000FF1CE}" = Microsoft Office Proof (Thai) 2007
"{90120000-001F-041E-0000-0000000FF1CE}_PROOFKIT_{0ED7C31A-FB21-4F8E-BD16-921A5E69B2C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-041F-0000-0000000FF1CE}" = Microsoft Office Proof (Turkish) 2007
"{90120000-001F-041F-0000-0000000FF1CE}_PROOFKIT_{CB71F1CB-4CC3-47DE-B003-40413E64FE10}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0420-0000-0000000FF1CE}" = Microsoft Office Proof (Urdu) 2007
"{90120000-001F-0422-0000-0000000FF1CE}" = Microsoft Office Proof (Ukrainian) 2007
"{90120000-001F-0422-0000-0000000FF1CE}_PROOFKIT_{6F177D09-F21D-4F50-9436-353972D1D232}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0424-0000-0000000FF1CE}" = Microsoft Office Proof (Slovenian) 2007
"{90120000-001F-0424-0000-0000000FF1CE}_PROOFKIT_{6E8DFF8D-F7D1-4451-952A-61CAB73A59E2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0425-0000-0000000FF1CE}" = Microsoft Office Proof (Estonian) 2007
"{90120000-001F-0425-0000-0000000FF1CE}_PROOFKIT_{198E4A56-E02D-4594-AA6A-B25D83F50A81}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0426-0000-0000000FF1CE}" = Microsoft Office Proof (Latvian) 2007
"{90120000-001F-0426-0000-0000000FF1CE}_PROOFKIT_{1B3EDDDA-158A-4AFB-A493-57446AC5964D}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0427-0000-0000000FF1CE}" = Microsoft Office Proof (Lithuanian) 2007
"{90120000-001F-0427-0000-0000000FF1CE}_PROOFKIT_{15B60D1E-FBD2-4659-A159-ADB32FA4105D}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-0439-0000-0000000FF1CE}" = Microsoft Office Proof (Hindi) 2007
"{90120000-001F-0439-0000-0000000FF1CE}_PROOFKIT_{B0126B90-3F42-404B-8435-DE45FBC3BE45}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0446-0000-0000000FF1CE}" = Microsoft Office Proof (Punjabi) 2007
"{90120000-001F-0447-0000-0000000FF1CE}" = Microsoft Office Proof (Gujarati) 2007
"{90120000-001F-0449-0000-0000000FF1CE}" = Microsoft Office Proof (Tamil) 2007
"{90120000-001F-044A-0000-0000000FF1CE}" = Microsoft Office Proof (Telugu) 2007
"{90120000-001F-044B-0000-0000000FF1CE}" = Microsoft Office Proof (Kannada) 2007
"{90120000-001F-044E-0000-0000000FF1CE}" = Microsoft Office Proof (Marathi) 2007
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0804-0000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Simplified)) 2007
"{90120000-001F-0804-0000-0000000FF1CE}_PROOFKIT_{82E853AD-6911-4EA9-9EB0-2F9BE7747878}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0814-0000-0000000FF1CE}" = Microsoft Office Proof (Norwegian (Nynorsk)) 2007
"{90120000-001F-0814-0000-0000000FF1CE}_PROOFKIT_{1B70EF07-15AB-483B-B7DE-C60584A3F518}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0816-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Portugal)) 2007
"{90120000-001F-0816-0000-0000000FF1CE}_PROOFKIT_{C312E1CD-EC19-4270-A072-F36F634DFF79}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-081A-0000-0000000FF1CE}" = Microsoft Office Proof (Serbian (Latin)) 2007
"{90120000-001F-081A-0000-0000000FF1CE}_PROOFKIT_{5D31A216-8A77-4993-AAF4-A747E3E81B35}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROOFKIT_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0028-0404-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2007
"{90120000-0028-0404-0000-0000000FF1CE}_PROOFKIT_{5E6C6E79-40BE-491B-9ABF-C665667E1B07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0028-0411-0000-0000000FF1CE}" = Microsoft Office IME (Japanese) 2007
"{90120000-0028-0411-0000-0000000FF1CE}_PROOFKIT_{85644C8B-569F-4998-9A4F-0845AA579E9E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0028-0412-0000-0000000FF1CE}" = Microsoft Office IME (Korean) 2007
"{90120000-0028-0412-0000-0000000FF1CE}_PROOFKIT_{15281683-B481-47B8-A981-7043F35441FF}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0028-0804-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Simplified)) 2007
"{90120000-0028-0804-0000-0000000FF1CE}_PROOFKIT_{4029CB10-E410-41AD-BB3F-052C95243407}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0048-0409-0000-0000000FF1CE}" = Microsoft Office ProofMUI (English) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_ENTERPRISE_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B4-0405-0000-0000000FF1CE}" = Microsoft Office Project MUI (Czech) 2007
"{90120000-00B4-0405-0000-0000000FF1CE}_PRJPRO_{B6BFC682-FBA5-4F04-A156-41498889AB70}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0103-0000-0000-0000000FF1CE}" = Microsoft Office Proofing Kit 2007
"{95120000-0052-0405-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A2C9CD1B-2551-3AED-B244-6698FB929FA6}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CSY
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-AA0000000001}" = Adobe Reader X - Czech
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BE38545B-08F7-4f80-95AE-752B99BF159C}" = Web'n'walk 4G software
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{E21658D0-8C83-4ADD-937B-6ED07F335ABA}" = 1310Tour
"{E90BEB5B-CFA0-418E-9ABB-4C4A7B0D9483}" = 1310_Help
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{EDC2B89F-3F72-48EA-B63E-985BC51622E4}" = OZ776 SCR Driver V1.1.4.202
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}" = Cisco Systems VPN Client 5.0.05.0290
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Creative PD0630" = Creative WebCam Live! Driver (2.00.06.0000)
"doPDF 6 printer_is1" = doPDF 6.0 printer
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Photo & Imaging" = HP Image Zone 4.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{EDC2B89F-3F72-48EA-B63E-985BC51622E4}" = OZ776 SCR Driver V1.1.4.202
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.5 (Corporate)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware verze 1.60.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0 (x86 cs)" = Mozilla Firefox 4.0 (x86 cs)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PRJPRO" = Microsoft Office Project Professional 2007
"ProInst" = Intel PROSet Wireless
"PROOFKIT" = Microsoft Office Proofing Tools Kit 2007
"QuicktimeAlt_is1" = QuickTime Alternative 2.7.0
"rajče.net_is1" = rajče průvodce verze 1.59.28.243
"RealAlt_is1" = Real Alternative 1.9.0
"RustCZ_is1" = RustCZ verze 2.2
"T-Mobile Communication Centre" = Web'n'walk Manager
"TrueCrypt" = TrueCrypt
"VLC media player" = VLC media player 1.1.4
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 30.3.2012 14:42:02 | Computer Name = DELL_D620 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 30.3.2012 14:49:56 | Computer Name = DELL_D620 | Source = MPSampleSubmission | ID = 5000
Description =

Error - 31.3.2012 3:32:04 | Computer Name = DELL_D620 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 31.3.2012 8:09:28 | Computer Name = DELL_D620 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 31.3.2012 9:56:26 | Computer Name = DELL_D620 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 2.4.2012 15:47:52 | Computer Name = DELL_D620 | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
se nezdařilo. Chyba: The server name or address could not be resolved

Error - 2.4.2012 15:55:15 | Computer Name = DELL_D620 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 4.4.2012 13:22:28 | Computer Name = DELL_D620 | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
se nezdařilo. Chyba: The server name or address could not be resolved

Error - 6.4.2012 15:03:58 | Computer Name = DELL_D620 | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
se nezdařilo. Chyba: The server name or address could not be resolved

Error - 6.4.2012 15:09:13 | Computer Name = DELL_D620 | Source = JavaQuickStarterService | ID = 1
Description =

[ System Events ]
Error - 10.4.2012 14:33:47 | Computer Name = DELL_D620 | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby netman
s argumenty za účelem spuštění serveru: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 10.4.2012 14:34:01 | Computer Name = DELL_D620 | Source = Service Control Manager | ID = 7001
Description = Služba Klient DHCP závisí na službě Rozhraní NetBios nad protokolem
TCP/IP, která neuspěla při spuštění v důsledku následující chyby: %%31

Error - 10.4.2012 14:34:01 | Computer Name = DELL_D620 | Source = Service Control Manager | ID = 7001
Description = Služba Klient DNS závisí na službě Ovladač protokolu TCP/IP, která
neuspěla při spuštění v důsledku následující chyby: %%31

Error - 10.4.2012 14:34:01 | Computer Name = DELL_D620 | Source = Service Control Manager | ID = 7001
Description = Služba Podpora rozhraní NetBIOS nad protokolem TCP/IP závisí na službě
AFD, která neuspěla při spuštění v důsledku následující chyby: %%31

Error - 10.4.2012 14:34:01 | Computer Name = DELL_D620 | Source = Service Control Manager | ID = 7001
Description = Služba Pomocná služba protokolu IPv6 závisí na službě Ovladač protokolu
Microsoft IPv6, která neuspěla při spuštění v důsledku následující chyby: %%31

Error - 10.4.2012 14:34:01 | Computer Name = DELL_D620 | Source = Service Control Manager | ID = 7001
Description = Služba Služby IPSEC závisí na službě IPSec, která neuspěla při spuštění
v důsledku následující chyby: %%31

Error - 10.4.2012 14:34:01 | Computer Name = DELL_D620 | Source = Service Control Manager | ID = 7001
Description = Služba Jednoduché služby TCP/IP závisí na službě AFD, která neuspěla
při spuštění v důsledku následující chyby: %%31

Error - 10.4.2012 14:34:01 | Computer Name = DELL_D620 | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: Aavmker4 AFD APPDRV aswSnx aswSP Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd
Rdbss
Tcpip
Tcpip6
Tosrfcom
truecrypt
WS2IFSL

Error - 10.4.2012 17:02:02 | Computer Name = DELL_D620 | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby StiSvc
s argumenty za účelem spuštění serveru: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 10.4.2012 17:09:22 | Computer Name = DELL_D620 | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby StiSvc
s argumenty za účelem spuštění serveru: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

< End of report >

Příspěvekod **jaro3** » 11 dub 2012 08:49

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe /ServiceStart File not found
DRV - (WDICA) -- File not found
DRV - (UIUSys) -- system32\DRIVERS\UIUSYS.SYS File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes,DefaultScope = {1BF5C118-654B-4D11-AE7C-DD73F7C03927}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{1BF5C118-654B-4D11-AE7C-DD73F7C03927}: "URL" = http://www.google.cz/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7SKPT_csCZ401
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.11
FF - prefs.js..network.proxy.backup.ftp: "10.246.110.1"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.gopher: "10.246.110.1"
FF - prefs.js..network.proxy.backup.gopher_port: 3128
FF - prefs.js..network.proxy.backup.socks: "10.246.110.1"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "10.246.110.1"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
[2010.01.12 10:56:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Extensions
[2010.01.12 10:56:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011.05.25 22:54:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\zhdu10ow.default\extensions
[2011.12.07 22:07:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.03.26 15:08:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
O1 HOSTS File: ([2012.04.06 21:16:30 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\msdaipp - No CLSID value found
O20 - HKLM Winlogon: GinaDLL - (C:\WINDOWS\system32\tcgina.dll) - C:\WINDOWS\system32\tcgina.dll ()

:Files
C:\WINDOWS\System32\*.tmp 
C:\WINDOWS\*.tmp 
C:\WINDOWS\system32\*.tmp.dll 
C:\WINDOWS\System32\dllcache\*.tmp
C:\WINDOWS\system32\SET*.tmp 
c:\windows\Tasks\*.job 
C:\*.tmp
C:\WINDOWS\System32\drivers\*.tmp
C:\Documents and Settings\All Users\Data aplikací\*.tmp
C:\WINDOWS\System32\drivers\etc\hosts.bak
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\WINDOWS\System32\ezsidmv.dat
C:\WINDOWS\System32\epoPGPsdk.dll.sig
ipconfig /flushdns /c

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" =-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" =-

:Commands
[resethosts]
[purity]
[emptytemp]
[EMPTYFLASH]
[start explorer]
[Reboot]

Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

Aktualizuj javu:
Java SE Runtime Environment 7

Klikni na Accept License Agreement
Vyber si OS (Windows nebo Windows x64, Offline Installation)
jre-7-windows-i586-p.exe nebo
jre-7-windows-x64.exe
Stáhni ( download) a nainstaluj.
Ostatní javy odeber v přidat/odebrat programy.

Drive C: | 19,53 Gb Total Space | 3,02 Gb Free Space | 15,45% Space Free | Partition Type: NTFS
Velmi málo místa na systémovém disku!!! Taky jeho kapacita nedostatečná!!

Služba Podpora rozhraní NetBIOS nad protokolem TCP/IP závisí na službě
AFD, která neuspěla při spuštění v důsledku následující chyby: %%31
Description = Služba Pomocná služba protokolu IPv6 závisí na službě Ovladač protokolu
Microsoft IPv6, která neuspěla při spuštění v důsledku následující chyby: %%31

Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: Aavmker4 AFD APPDRV aswSnx aswSP Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd
Rdbss
Tcpip
Tcpip6
Tosrfcom
truecrypt
WS2IFSL

Dost chyb..

Rootkit TCP/IP - prosím o kontrolu logu Combofix Vyřešeno

Re: Rootkit TCP/IP - prosím o kontrolu logu Combofix

Re: Rootkit TCP/IP - prosím o kontrolu logu Combofix

Re: Rootkit TCP/IP - prosím o kontrolu logu Combofix

Re: Rootkit TCP/IP - prosím o kontrolu logu Combofix

Re: Rootkit TCP/IP - prosím o kontrolu logu Combofix

Re: Rootkit TCP/IP - prosím o kontrolu logu Combofix

Re: Rootkit TCP/IP - prosím o kontrolu logu Combofix

Re: Rootkit TCP/IP - prosím o kontrolu logu Combofix

Re: Rootkit TCP/IP - prosím o kontrolu logu Combofix

Re: Rootkit TCP/IP - prosím o kontrolu logu Combofix

Re: Rootkit TCP/IP - prosím o kontrolu logu Combofix

Re: Rootkit TCP/IP - prosím o kontrolu logu Combofix

Kdo je online