Mohu poprosit o kontrolu logu HiJackThis Vyřešeno

[tomqw]

2. část:

========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (SYMTDIv) -- C:\Windows\SysNative\Drivers\NISx64\1307010.005\SYMTDIV.SYS (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\SYMEFA64.SYS (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\Ironx64.SYS (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\NISx64\1307010.005\SRTSP64.SYS (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\SRTSPX64.SYS (Symantec Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\DRIVERS\timntr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\DRIVERS\snapman.sys (Acronis)
DRV:64bit: - (fltsrv) -- C:\Windows\SysNative\DRIVERS\fltsrv.sys (Acronis)
DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\ccSetx64.sys (Symantec Corporation)
DRV:64bit: - (SymIM) -- C:\Windows\SysNative\DRIVERS\SymIMv.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\SYMDS64.SYS (Symantec Corporation)
DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\DRIVERS\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (RsFx0150) -- C:\Windows\SysNative\DRIVERS\RsFx0150.sys (Microsoft Corporation)
DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.)
DRV:64bit: - (l2nd) -- C:\Windows\SysNative\DRIVERS\bxnd60a.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\DRIVERS\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (HpCISSs2) -- C:\Windows\SysNative\DRIVERS\HpCISSs2.sys (Hewlett-Packard Company)
DRV:64bit: - (hpqilo2) -- C:\Windows\SysNative\DRIVERS\hpqilo2.sys (Hewlett-Packard Company)
DRV:64bit: - (ati2mtag) -- C:\Windows\SysNative\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV:64bit: - (CpqCiDrv) -- C:\Windows\SysNative\DRIVERS\cpqcidrv.sys (Hewlett-Packard Company)
DRV:64bit: - (Datascrn) -- C:\Windows\SysNative\drivers\datascrn.sys (Microsoft Corporation)
DRV:64bit: - (Quota) -- C:\Windows\SysNative\drivers\quota.sys (Microsoft Corporation)
DRV:64bit: - (silsvc) -- C:\Windows\SysNative\silsvc.exe (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (udfs) -- C:\Windows\SysNative\DRIVERS\udfs.sys (Microsoft Corporation)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (DfsDriver) -- C:\Windows\SysNative\drivers\dfs.sys (Microsoft Corporation)
DRV:64bit: - (sacdrv) -- C:\Windows\SysNative\DRIVERS\sacdrv.sys (Microsoft Corporation)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (Vid) -- C:\Windows\SysNative\drivers\vid.sys (Microsoft Corporation)
DRV:64bit: - (storvsp) -- C:\Windows\SysNative\drivers\storvsp.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (ioatdma) Intel(R) -- C:\Windows\SysNative\drivers\qd260x64.sys (Intel Corporation)
DRV:64bit: - (ql2300) -- C:\Windows\SysNative\drivers\ql2300.sys (QLogic Corporation)
DRV:64bit: - (adp94xx) -- C:\Windows\SysNative\drivers\adp94xx.sys (Adaptec, Inc.)
DRV:64bit: - (MegaSR) -- C:\Windows\SysNative\drivers\megasr.sys (LSI Corporation, Inc.)
DRV:64bit: - (elxstor) -- C:\Windows\SysNative\drivers\elxstor.sys (Emulex)
DRV:64bit: - (adpahci) -- C:\Windows\SysNative\drivers\adpahci.sys (Adaptec, Inc.)
DRV:64bit: - (iaStorV) -- C:\Windows\SysNative\drivers\iastorv.sys (Intel Corporation)
DRV:64bit: - (uliahci) -- C:\Windows\SysNative\drivers\uliahci.sys (ULi Electronics Inc.)
DRV:64bit: - (pcmcia) -- C:\Windows\SysNative\drivers\pcmcia.sys (Microsoft Corporation)
DRV:64bit: - (adpu320) -- C:\Windows\SysNative\drivers\adpu320.sys (Adaptec, Inc.)
DRV:64bit: - (vsmraid) -- C:\Windows\SysNative\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV:64bit: - (nvraid) -- C:\Windows\SysNative\drivers\nvraid.sys (NVIDIA Corporation)
DRV:64bit: - (mpio) -- C:\Windows\SysNative\drivers\mpio.sys (Microsoft Corporation)
DRV:64bit: - (adpu160m) -- C:\Windows\SysNative\drivers\adpu160m.sys (Adaptec, Inc.)
DRV:64bit: - (LSI_FC) -- C:\Windows\SysNative\drivers\lsi_fc.sys (LSI Logic)
DRV:64bit: - (LSI_SCSI) -- C:\Windows\SysNative\drivers\lsi_scsi.sys (LSI Logic)
DRV:64bit: - (msdsm) -- C:\Windows\SysNative\drivers\msdsm.sys (Microsoft Corporation)
DRV:64bit: - (LSI_SAS) -- C:\Windows\SysNative\drivers\lsi_sas.sys (LSI Logic)
DRV:64bit: - (sbp2port) -- C:\Windows\SysNative\drivers\sbp2port.sys (Microsoft Corporation)
DRV:64bit: - (arcsas) -- C:\Windows\SysNative\drivers\arcsas.sys (Adaptec, Inc.)
DRV:64bit: - (arc) -- C:\Windows\SysNative\drivers\arc.sys (Adaptec, Inc.)
DRV:64bit: - (SiSRaid4) -- C:\Windows\SysNative\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV:64bit: - (nvstor) -- C:\Windows\SysNative\drivers\nvstor.sys (NVIDIA Corporation)
DRV:64bit: - (SiSRaid2) -- C:\Windows\SysNative\drivers\sisraid2.sys (Microsoft Corporation)
DRV:64bit: - (megasas) -- C:\Windows\SysNative\drivers\megasas.sys (LSI Corporation)
DRV:64bit: - (i2omp) -- C:\Windows\SysNative\drivers\i2omp.sys (Microsoft Corporation)
DRV:64bit: - (msahci) -- C:\Windows\SysNative\drivers\msahci.sys (Microsoft Corporation)
DRV:64bit: - (Wd) -- C:\Windows\SysNative\drivers\wd.sys (Microsoft Corporation)
DRV:64bit: - (isapnp) -- C:\Windows\SysNative\drivers\isapnp.sys (Microsoft Corporation)
DRV:64bit: - (Compbatt) -- C:\Windows\SysNative\drivers\compbatt.sys (Microsoft Corporation)
DRV:64bit: - (intelide) -- C:\Windows\SysNative\drivers\intelide.sys (Microsoft Corporation)
DRV:64bit: - (usbprint) -- C:\Windows\SysNative\drivers\usbprint.sys (Microsoft Corporation)
DRV:64bit: - (ws2ifsl) -- C:\Windows\SysNative\drivers\ws2ifsl.sys (Microsoft Corporation)
DRV:64bit: - (UMPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation)
DRV:64bit: - (HidBth) -- C:\Windows\SysNative\drivers\hidbth.sys (Microsoft Corporation)
DRV:64bit: - (ohci1394) -- C:\Windows\SysNative\drivers\ohci1394.sys (Microsoft Corporation)
DRV:64bit: - (usbcir) eHome Infrared Receiver (USBCIR) -- C:\Windows\SysNative\drivers\usbcir.sys (Microsoft Corporation)
DRV:64bit: - (circlass) -- C:\Windows\SysNative\drivers\circlass.sys (Microsoft Corporation)
DRV:64bit: - (usbohci) -- C:\Windows\SysNative\drivers\usbohci.sys (Microsoft Corporation)
DRV:64bit: - (HidIr) -- C:\Windows\SysNative\drivers\hidir.sys (Microsoft Corporation)
DRV:64bit: - (WacomPen) -- C:\Windows\SysNative\drivers\wacompen.sys (Microsoft Corporation)
DRV:64bit: - (sfloppy) -- C:\Windows\SysNative\drivers\sfloppy.sys (Microsoft Corporation)
DRV:64bit: - (sffdisk) -- C:\Windows\SysNative\drivers\sffdisk.sys (Microsoft Corporation)
DRV:64bit: - (fdc) -- C:\Windows\SysNative\DRIVERS\fdc.sys (Microsoft Corporation)
DRV:64bit: - (flpydisk) -- C:\Windows\SysNative\DRIVERS\flpydisk.sys (Microsoft Corporation)
DRV:64bit: - (Parport) -- C:\Windows\SysNative\drivers\parport.sys (Microsoft Corporation)
DRV:64bit: - (sermouse) -- C:\Windows\SysNative\drivers\sermouse.sys (Microsoft Corporation)
DRV:64bit: - (ErrDev) -- C:\Windows\SysNative\drivers\errdev.sys (Microsoft Corporation)
DRV:64bit: - (WmiAcpi) -- C:\Windows\SysNative\drivers\wmiacpi.sys (Microsoft Corporation)
DRV:64bit: - (AmdK8) -- C:\Windows\SysNative\drivers\amdk8.sys (Microsoft Corporation)
DRV:64bit: - (Processor) -- C:\Windows\SysNative\drivers\processr.sys (Microsoft Corporation)
DRV:64bit: - (HDAudBus) -- C:\Windows\SysNative\drivers\hdaudbus.sys (Microsoft Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (nfrd960) -- C:\Windows\SysNative\drivers\nfrd960.sys (IBM Corporation)
DRV:64bit: - (Symc8xx) -- C:\Windows\SysNative\drivers\symc8xx.sys (LSI Logic)
DRV:64bit: - (Sym_u3) -- C:\Windows\SysNative\drivers\sym_u3.sys (LSI Logic)
DRV:64bit: - (iirsp) -- C:\Windows\SysNative\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV:64bit: - (Sym_hi) -- C:\Windows\SysNative\drivers\sym_hi.sys (LSI Logic)
DRV:64bit: - (Mraid35x) -- C:\Windows\SysNative\drivers\mraid35x.sys (LSI Logic Corporation)
DRV:64bit: - (iteraid) -- C:\Windows\SysNative\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV:64bit: - (iteatapi) -- C:\Windows\SysNative\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV:64bit: - (cmdide) -- C:\Windows\SysNative\drivers\cmdide.sys (CMD Technology, Inc.)
DRV:64bit: - (viaide) -- C:\Windows\SysNative\drivers\viaide.sys (VIA Technologies, Inc.)
DRV:64bit: - (amdide) -- C:\Windows\SysNative\drivers\amdide.sys (Microsoft Corporation)
DRV:64bit: - (aliide) -- C:\Windows\SysNative\drivers\aliide.sys (Acer Laboratories Inc.)
DRV:64bit: - (ulsata2) -- C:\Windows\SysNative\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV:64bit: - (UlSata) -- C:\Windows\SysNative\drivers\ulsata.sys (Promise Technology, Inc.)
DRV:64bit: - (ql40xx) -- C:\Windows\SysNative\drivers\ql40xx.sys (QLogic Corporation)
DRV:64bit: - (aic78xx) -- C:\Windows\SysNative\drivers\djsvs.sys (Adaptec, Inc.)
DRV:64bit: - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\SysNative\drivers\brserid.sys (Brother Industries Ltd.)
DRV:64bit: - (BrSerWdm) -- C:\Windows\SysNative\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV:64bit: - (BrUsbMdm) -- C:\Windows\SysNative\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120618.017\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120618.017\eng64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120613.007\IDSviA64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120531.001\BHDrvx64.sys (Symantec Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SYSTEM32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems:
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012.01.02 11:35:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010.01.08 22:31:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012.06.19 20:12:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009.07.11 20:08:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.03.02 11:18:10 | 000,000,000 | ---D | M]

[2012.06.08 00:35:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009.07.11 20:08:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012.01.02 11:35:59 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPLGN
[2009.04.24 07:26:57 | 000,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll
[2009.04.24 07:26:57 | 000,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll
[2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009.04.24 07:26:57 | 000,065,528 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll
[2012.01.03 09:22:02 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2008.04.16 06:08:20 | 000,001,706 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2008.03.31 21:06:24 | 000,000,638 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\jyxo-cz.xml
[2008.03.31 21:06:24 | 000,001,687 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mall-cz.xml
[2008.01.27 11:57:20 | 000,001,367 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\seznam-cz.xml
[2008.01.27 11:57:20 | 000,000,654 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\slunecnice-cz.xml
[2008.03.31 21:06:24 | 000,001,179 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2012.06.18 17:39:13 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [DWPersistentQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Služba Acronis Scheduler2] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [TrayMonitor.exe] C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Common Files\Acronis\Timounter\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [BackupAndRecoveryMonitor.exe] F:\Acronis_prgram\BackupAndRecovery\BackupAndRecoveryMonitor.exe (Acronis)
O4 - HKLM..\Run: [gserver] C:\Program Files\WindowsUpdate\gserver.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RAALTRANS 7.608] C:\RAAL\RTW7608\Server\RAALSrvr.exe (ComArr, s.r.o.)
O4 - HKLM..\Run: [tvncontrol] C:\Program Files (x86)\TightVNC\tvnserver.exe (GlavSoft LLC.)
O4 - Startup: C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launch TightVNC Server.lnk = C:\Program Files (x86)\TightVNC\WinVNC.exe (TightVNC Group)
O4 - Startup: C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_18526249.lnk = File not found
O4 - Startup: C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_43773025.lnk = File not found
O4 - Startup: C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_51639034.lnk = File not found
O4 - Startup: C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_56118115.lnk = File not found
O4 - Startup: C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_85865007.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\NLAapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\napinsp.dll (Společnost Microsoft)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - CC:\Program Files (x86)\VMware\VMware Server\x64\vsocklib.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - CC:\Program Files (x86)\VMware\VMware Server\x64\vsocklib.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Společnost Microsoft)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing

[Reklama]

[tomqw]

3. část:
O15 - HKCU\..Trusted Domains: microsoft.com ([i2.technet] http in Důvěryhodné servery)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.0.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = arrow.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EFC0D7C8-AD11-4EFD-B116-503E5B3A8E98}: NameServer = 192.168.1.100,127.0.0.1,192.168.1.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysNative\shell32.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysNative\sysdm.cpl (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysWow64\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\browseui.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (pwdssp.dll) - File not found
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (pwdssp.dll) - File not found
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll (Acronis)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64\relog_ap.dll (Acronis)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[tomqw]

nakonec:
========== Files/Folders - Created Within 30 Days ==========

[2012.06.19 16:26:55 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.06.19 16:26:55 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.06.19 16:26:55 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.19 16:26:43 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.19 16:26:43 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2012.06.19 16:26:43 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.19 16:26:43 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2012.06.19 16:26:43 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.19 16:26:43 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2012.06.19 16:26:39 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.06.19 16:26:39 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2012.06.19 16:26:39 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.06.19 16:26:39 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2012.06.18 17:39:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.06.17 11:43:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCSafeDoctor
[2012.06.16 23:19:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012.06.16 18:18:53 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.06.16 18:18:53 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.06.16 18:18:52 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.06.16 18:18:52 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.06.16 18:18:51 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.06.16 18:18:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.06.16 18:18:51 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.06.16 18:18:51 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.06.16 18:18:50 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.06.16 18:18:50 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.06.16 18:18:48 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.06.16 18:18:47 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.06.16 18:18:45 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.06.15 03:06:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\F
[2012.06.14 20:55:43 | 000,000,000 | ---D | C] -- C:\Windows\ECDD3713
[2012.06.13 01:21:58 | 001,267,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.06.13 01:21:58 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.06.12 10:10:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\l
[2012.06.11 14:23:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\B
[2012.06.11 12:29:38 | 000,000,000 | ---D | C] -- C:\Windows\2C9A739F
[2012.06.11 04:40:56 | 000,000,000 | ---D | C] -- C:\ProgramFiles
[2012.06.08 00:03:39 | 000,627,600 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.06.08 00:03:39 | 000,252,296 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.06.08 00:03:39 | 000,188,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.06.08 00:03:39 | 000,188,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012.06.08 00:03:28 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.06.07 22:33:41 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Tomas\Desktop\OTL.exe
[2012.06.07 20:43:39 | 000,000,000 | ---D | C] -- C:\Windows\11C5D44F
[2012.06.07 14:38:19 | 000,000,000 | ---D | C] -- C:\Windows\0EF44E5B
[2012.06.06 02:30:44 | 000,000,000 | ---D | C] -- C:\Windows\DAF7EABC
[2012.06.01 22:05:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\e
[2012.06.01 12:37:56 | 000,000,000 | ---D | C] -- C:\Windows\B80EE6EF
[2012.05.31 15:40:05 | 000,000,000 | ---D | C] -- C:\Windows\53945B9B
[2012.05.31 05:40:09 | 000,000,000 | ---D | C] -- C:\Windows\9D56242E
[2012.05.30 21:19:08 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.05.30 21:19:08 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.05.30 02:43:07 | 000,000,000 | ---D | C] -- C:\Program Files\WindowsUpdate
[2012.05.27 14:03:42 | 000,000,000 | ---D | C] -- C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2012.05.25 22:29:11 | 000,000,000 | ---D | C] -- C:\Users\Tomas\AppData\Local\Adobe
[2012.05.23 18:59:37 | 000,000,000 | ---D | C] -- C:\Users\Tomas\AppData\Roaming\Malwarebytes
[2012.05.23 18:59:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.23 18:59:27 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.05.23 18:59:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.05.23 18:59:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.23 17:41:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\S
[2012.05.22 11:05:16 | 000,000,000 | ---D | C] -- C:\Users\Tomas\AppData\Local\NPE
[2012.05.21 21:17:11 | 000,000,000 | ---D | C] -- C:\zaloha

========== Files - Modified Within 30 Days ==========

[2012.06.19 20:12:24 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012.06.19 20:11:56 | 000,003,776 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.19 20:11:56 | 000,003,776 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.19 20:11:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.19 20:04:54 | 000,000,732 | ---- | M] () -- C:\Users\Tomas\AppData\Local\d3d9caps64.dat
[2012.06.19 16:27:08 | 002,397,302 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\Cat.DB
[2012.06.19 12:55:29 | 000,000,680 | ---- | M] () -- C:\Users\Tomas\AppData\Local\d3d9caps.dat
[2012.06.18 17:39:13 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.06.17 11:44:06 | 000,000,021 | ---- | M] () -- C:\Windows\tpcsd
[2012.06.16 23:19:54 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.06.16 23:19:54 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.06.16 23:15:17 | 000,228,808 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.16 11:58:34 | 000,000,252 | -HS- | M] () -- C:\Windows\2752141drv.spi
[2012.06.16 10:44:28 | 000,000,766 | ---- | M] () -- C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_51639034.lnk
[2012.06.15 22:09:51 | 000,002,168 | ---- | M] () -- C:\{B6A8DDF3-9743-4B74-B767-4A4DDC06FD10}
[2012.06.15 05:02:26 | 000,002,168 | ---- | M] () -- C:\{CBEB9711-7C39-40E3-8A0B-07845CCB7816}
[2012.06.15 01:13:56 | 000,023,512 | ---- | M] () -- C:\{F8D3CED2-5FFA-4749-9B7D-539CB081A7CF}
[2012.06.14 23:52:35 | 000,000,766 | ---- | M] () -- C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_18526249.lnk
[2012.06.14 23:45:24 | 000,002,272 | ---- | M] () -- C:\{28C3C428-078F-4C44-B515-DE891A791195}
[2012.06.14 21:30:17 | 000,001,816 | -HS- | M] () -- C:\Windows\2155085drv.spi
[2012.06.14 20:57:33 | 000,003,744 | ---- | M] () -- C:\{7ADD1205-D495-4CCB-A04F-72656C246B4F}
[2012.06.09 15:37:41 | 000,000,766 | ---- | M] () -- C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_56118115.lnk
[2012.06.09 11:19:03 | 000,000,766 | ---- | M] () -- C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_85865007.lnk
[2012.06.08 23:29:55 | 000,001,370 | -HS- | M] () -- C:\Windows\8462927drv.spi
[2012.06.08 21:24:42 | 000,000,766 | ---- | M] () -- C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_43773025.lnk
[2012.06.08 00:03:29 | 000,627,600 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.06.08 00:03:29 | 000,252,296 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.06.08 00:03:29 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.06.08 00:03:29 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012.06.03 00:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.03 00:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.06.03 00:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.03 00:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2012.06.03 00:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.03 00:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2012.06.03 00:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.06.03 00:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.03 00:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2012.06.02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.06.02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2012.06.02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.06.02 15:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2012.05.30 19:40:24 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Tomas\Desktop\OTL.exe
[2012.05.30 09:56:29 | 000,000,054 | ---- | M] () -- C:\Windows\SysNative\tmp.db
[2012.05.23 19:17:29 | 000,002,175 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012.05.23 19:15:35 | 000,008,942 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\VT20120410.034
[2012.05.23 18:59:28 | 000,000,861 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.05.21 17:28:24 | 004,671,082 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.05.21 17:28:24 | 001,809,194 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2012.05.21 17:28:24 | 001,794,312 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.05.21 17:28:24 | 000,516,726 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2012.05.21 17:28:24 | 000,487,556 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.21 14:23:27 | 000,001,742 | -H-- | M] () -- C:\Users\Tomas\Documents\Default.rdp
[2012.05.21 13:30:46 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\axUrNkH.exe

========== Files Created - No Company Name ==========

[2012.06.19 12:55:29 | 000,000,680 | ---- | C] () -- C:\Users\Tomas\AppData\Local\d3d9caps.dat
[2012.06.17 23:04:05 | 000,000,732 | ---- | C] () -- C:\Users\Tomas\AppData\Local\d3d9caps64.dat
[2012.06.17 11:44:06 | 000,000,021 | ---- | C] () -- C:\Windows\tpcsd
[2012.06.16 11:58:26 | 000,000,252 | -HS- | C] () -- C:\Windows\2752141drv.spi
[2012.06.16 10:44:28 | 000,000,766 | ---- | C] () -- C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_51639034.lnk
[2012.06.15 22:09:51 | 000,002,168 | ---- | C] () -- C:\{B6A8DDF3-9743-4B74-B767-4A4DDC06FD10}
[2012.06.15 05:02:25 | 000,002,168 | ---- | C] () -- C:\{CBEB9711-7C39-40E3-8A0B-07845CCB7816}
[2012.06.15 01:13:56 | 000,023,512 | ---- | C] () -- C:\{F8D3CED2-5FFA-4749-9B7D-539CB081A7CF}
[2012.06.14 23:52:35 | 000,000,766 | ---- | C] () -- C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_18526249.lnk
[2012.06.14 23:45:24 | 000,002,272 | ---- | C] () -- C:\{28C3C428-078F-4C44-B515-DE891A791195}
[2012.06.14 20:57:33 | 000,003,744 | ---- | C] () -- C:\{7ADD1205-D495-4CCB-A04F-72656C246B4F}
[2012.06.09 21:59:36 | 000,001,816 | -HS- | C] () -- C:\Windows\2155085drv.spi
[2012.06.09 15:37:41 | 000,000,766 | ---- | C] () -- C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_56118115.lnk
[2012.06.09 11:19:03 | 000,000,766 | ---- | C] () -- C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_85865007.lnk
[2012.06.08 21:30:23 | 000,001,370 | -HS- | C] () -- C:\Windows\8462927drv.spi
[2012.06.08 21:24:42 | 000,000,766 | ---- | C] () -- C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_43773025.lnk
[2012.05.30 09:56:29 | 000,000,054 | ---- | C] () -- C:\Windows\SysNative\tmp.db
[2012.05.23 18:59:28 | 000,000,861 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.05.21 13:30:46 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\axUrNkH.exe
[2011.07.18 10:22:08 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\Sifrovani.dll
[2010.11.29 12:20:37 | 000,244,984 | ---- | C] () -- C:\Windows\SysWow64\Tutil32.dll
[2010.11.29 12:20:28 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\FODBCLib.dll

========== LOP Check ==========

[2011.07.18 10:31:12 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\GHISLER
[2010.11.29 13:57:22 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\HK-Software
[2009.07.10 01:19:37 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\IsolatedStorage
[2009.10.27 16:01:33 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\Opera
[2011.06.07 14:14:16 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\TeamViewer
[2010.03.07 21:57:49 | 000,000,000 | ---D | M] -- C:\Users\Tomas\AppData\Roaming\TightVNC
[2012.06.19 20:07:27 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

[tomqw]

Ahoj máj jednu prosbu, pokud bude nutné promazávat registry, poproisil bych o krátký komentář. Už mi to dvakrát nenaběhlo a trochu se bojím stavu, že sice naběhne, ale nebude něco fungovat (dns, dhcp) a nebo, že to nenaběhne vůbec.
Dík moc Tomáš.

[jaro3]

Snad by to mělo být OK, ty registry..

Odinstaluj:
PCSafeDoctor

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes,DefaultScope =
[2012.06.08 00:35:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
O1 HOSTS File: ([2012.06.18 17:39:13 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - Startup: C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_18526249.lnk = File not found
O4 - Startup: C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_43773025.lnk = File not found
O4 - Startup: C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_51639034.lnk = File not found
O4 - Startup: C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_56118115.lnk = File not found
O4 - Startup: C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_85865007.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - CC:\Program Files (x86)\VMware\VMware Server\x64\vsocklib.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - CC:\Program Files (x86)\VMware\VMware Server\x64\vsocklib.dll File not found
O1364bit: - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = arrow.local
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O29:64bit: - HKLM SecurityProviders - (pwdssp.dll) - File not found
O29 - HKLM SecurityProviders - (pwdssp.dll) - File not found
[2012.05.21 17:28:24 | 001,809,194 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2012.05.21 17:28:24 | 001,794,312 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.05.21 17:28:24 | 000,516,726 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2012.05.21 17:28:24 | 000,487,556 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

:Files
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\WINDOWS\system32\*.tmp.dll
C:\WINDOWS\System32\dllcache\*.tmp
C:\WINDOWS\system32\SET*.tmp
c:\windows\Tasks\*.job
C:\*.tmp
C:\WINDOWS\System32\drivers\*.tmp
C:\Documents and Settings\All Users\Data aplikací\*.tmp
C:\Windows\SysNative\drivers\*.tmp
C:\Windows\SysWow64\drivers\*.tmp
C:\Program Files (x86)\*.tmp
C:\Windows\SysWow64\*.tmp
C:\Windows\SysNative\*.tmp
C:\Windows\SysNative\F
C:\Windows\ECDD3713
C:\Windows\SysNative\l
C:\Windows\SysNative\B
C:\Windows\2C9A739F
C:\Windows\11C5D44F
C:\Windows\0EF44E5B
C:\Windows\DAF7EABC
C:\Windows\SysNative\e
C:\Windows\B80EE6EF
C:\Windows\53945B9B
C:\Windows\9D56242E
C:\Users\Tomas\AppData\Local\d3d9caps64.dat
C:\Users\Tomas\AppData\Local\d3d9caps.dat
C:\Windows\tpcsd
C:\Windows\2752141drv.spi
C:\Windows\2155085drv.spi
C:\Windows\8462927drv.spi
C:\Windows\SysNative\axUrNkH.exe

:Reg
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]


Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.


Podívej se do těchto složek , co tam je:
C:\{B6A8DDF3-9743-4B74-B767-4A4DDC06FD10}
C:\{CBEB9711-7C39-40E3-8A0B-07845CCB7816}
C:\{F8D3CED2-5FFA-4749-9B7D-539CB081A7CF}
C:\{28C3C428-078F-4C44-B515-DE891A791195}
C:\{7ADD1205-D495-4CCB-A04F-72656C246B4F}

Poklepej znovu na ikonu OTL by OldTimer, pod Vlastní skenování/opravy (Custom Scans/Fixes) vlož následující text , zeleně zbarvený:

Kód: Vybrat vše

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT

Neměň nastavení, jen klikni na Prohledat (Run Scan), nech sken dokončit. Až se se objeví textový soubor , tak sem vlož prosím jeho celý obsah.

[tomqw]

Ahoj,
týden jsem byl mimo. Na serveru se bohužel opět začal objevovat balast.

Zkusil jsem to otl, ale opět to spadlo.

ty adresáře na disku c jsou divný vždy je smažu a zase se časem objevý, ale neotevřu je.

[jaro3]

Zkus ten OTL v nouz. režimu , pokud nepůjde:
1) Stáhni si ISOBurner

Nainstaluj program , instrukce:
http://www.ntfs.com/iso_burner_free.htm
V tomto programu vypálíš disk OTLPE.

2) Stáhni si OTLPE.iso
Rozbal a vypal v programu ISOBurner.

3) Po startu drž klávesu DEL (Delete) a dostaneš se do Biosu . Tam nastav Boot z CD/DVD na první místo. Vlož vypálené CD s OTLPE do mechaniky a povrď změny v Biosu (Save and Exit).
Návod:
http://www.hiren.info/pages/bios-boot-cdrom
4) Poklepej na ikonu OTLPE.
Když se zeptá "Do you wish to load the remote registry", vyber Yes
Když se zeptá "Do you wish to load remote user profile(s) for scanning", vyber Yes
Ujisti se , že box "Automatically Load All Remaining Users" je zakrtnut a stiskni OK.
OTL se nyní spustí.
Změň následující nastavení:
Změň Drivers na Non-Microsoft
Klikni na Run Scan a program začne skenovat.
Když skončí , uloží se soubor do C:\_OTL\MovedFiles , pokud nemáš funkční připojení k internetu , ulož si soubor na USB Flešku. Jinak sem zkopíruj celý obsah souboru OTL.txt.

Nebo na flash disk:
http://forums.majorgeeks.com/showthread.php?t=216844

[tomqw]

Ahoj,
dík za reakci. Nouzový režim mi nechodí. Ten scan z nabutovaného PC z cd zkusím jakmile se dostanu fyzicky k tomu serveru počítám úterý/středa.
Jinak dík moc za trpělivost.
Tomáš

[jaro3]

Nemáš zač. přispívá Ti tam někdo na ten server? Že by Ti ho mohl zavirovat..

[tomqw]

Ahoj,
To teda mám, mě už dochází energie (uvažuju o reinstalaci, ale to by byla pakárna a navíc ten server není moje silná stránka:-). Už jem tam jel mnohokrát a neustále po večerech hledám co by to mohlo být. I když, na jiné fora jsem to nedával. Nechci nikoho dalšího otravovat a kombinovat více způsobů.

Můžu poprosit ještě jednou o to Iso, protože soubor už není platný.

To mě také napadlo, ale všechny PC v té síti jsou o víkendu vypnutý, teď mě napadá kromě jednoho na kterém běží nějaká aplikace kterou neznám.
Zítra se zkusím domluvit s majitelem toho to PC. Jinak ho můžu na víkend odpojit je připojené přes wifi.

[jaro3]

Pokud bude jeden PC , infikovaný , mohou být za chvíli všechny napadené...

iso už na netu neí , zkus tu verzi z flash disku.

[tomqw]

toho, že se to rozšíří z toho serveru dál se právě bojím, ale nikdo neříkal, že by norton hlásil nějakou chybu. To je taky další důvod proč bych rád našel způsob jak to odstranit. Zkusím ten druhej počítač co běží nonstop.


Taky budu muset sehnat nějakou volnou usb klíčenku na kterou to dám.