pomalé pc

[viper25]

Dobrý den prosím o kontrolu nejde otevřít odinstalování programů

[viper25]

Logfile of random's system information tool 1.09 (written by random/random)
Run by ComTEL VDF at 2011-07-11 11:37:58
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 54 GB (70%) free of 76 GB
Total RAM: 2039 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:38:07, on 11.7.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS.0\Explorer.EXE
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS.0\system32\igfxtray.exe
C:\WINDOWS.0\system32\hkcmd.exe
C:\WINDOWS.0\system32\igfxpers.exe
C:\WINDOWS.0\system32\RunDll32.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS.0\System32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE
C:\WINDOWS.0\system32\rundll32.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS.0\system32\svchost.exe
C:\Program Files\Automatické vypnutí počítače\avp.exe
C:\WINDOWS.0\System32\spool\DRIVERS\W32X86\3\CNAP2RPK.EXE
C:\WINDOWS.0\System32\spool\DRIVERS\W32X86\3\CNAB7SWK.EXE
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnui.exe
C:\Program Files\Windows Media Player\wmplayer.exe
c:\mobilis\mobilis_3.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\ComTEL VDF\Plocha\RSIT.exe
C:\Program Files\trend micro\ComTEL VDF.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office14\GROOVEEX.DLL
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MI1933~1\Office14\URLREDIR.DLL
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS.0\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS.0\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS.0\system32\igfxpers.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [CNAP2 Launcher] C:\WINDOWS.0\System32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BabylonToolbar] "C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" /md I
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS.0\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe -update activex
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Automatické vypnutí počítače.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MI1933~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.cz.tmo
O15 - Trusted Zone: http://*.t-mobile.cz
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect VPN Client Web Control) - https://vpnssl.t-mobile.cz/CACHE/stc/1/ ... vpnweb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3C8A309-A274-4C62-AAA0-377020D98F01}: NameServer = 10.245.32.1,10.245.33.2
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS.0\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS.0\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

--
End of file - 9383 bytes

======Scheduled tasks folder======

C:\WINDOWS.0\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS.0\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\ComTEL VDF\Data aplikací\Mozilla\Firefox\Profiles\evv9e59v.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://go.microsoft.com/fwlink/?LinkId=69157"
prefs.js - "extensions.enabledItems" - "{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.74, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0, {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900, {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900, {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906, {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209, ffxtlbr@babylon.com:1.1.3, bkmrksync@nokia.com:1.0.0.736, wrc@avast.com:20110101, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.18"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS.0\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
"{6904342A-8307-11DF-A508-4AE2DFD72085}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"=C:\Program Files\AVG\AVG10\Firefox4\
"{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}"=C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\
"bkmrksync@nokia.com"=C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS.0\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS.0\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0]
"Description"=DivX OVS Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS.0\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{AB2CE124-6272-4b12-94A9-7303C7397BD1}

C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\
npnul32.dll
nppdf32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\ComTEL VDF\Data aplikací\Mozilla\Firefox\Profiles\evv9e59v.default\extensions\
ffxtlbr@babylon.com
{20a82645-c095-46ed-80e3-08825760534b}
{ba14329e-9550-4989-b3f2-9732e92d17cc}

C:\Documents and Settings\ComTEL VDF\Data aplikací\Mozilla\Firefox\Profiles\evv9e59v.default\searchplugins\
bing.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]
CescrtHlpr Object - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll [2010-11-07 225720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2010-12-08 3123072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{593DDEC6-7468-4cdd-90E1-42DADAA222E9}]
DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2010-12-08 3123072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MI1933~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-05-10 819840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MI1933~1\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2010-04-16 1067872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{98889811-442D-49dd-99D7-DC866BE87DBC} - Babylon Toolbar - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll [2010-11-07 184760]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2010-04-16 1067872]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-05-10 819840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"=C:\WINDOWS.0\system32\igfxtray.exe [2010-10-26 94208]
"igfxhkcmd"=C:\WINDOWS.0\system32\hkcmd.exe [2010-10-26 77824]
"igfxpers"=C:\WINDOWS.0\system32\igfxpers.exe [2010-10-26 114688]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2010-05-31 63048]
"CNAP2 Launcher"=C:\WINDOWS.0\System32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE [2007-09-06 406944]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"BabylonToolbar"=C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe [2010-11-07 286720]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-05-10 3459712]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS.0\system32\ctfmon.exe [2008-04-14 15360]
""= []
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2010-04-16 3872080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\WINDOWS.0\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe [2011-04-27 235168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2010-12-21 1483264]

C:\Documents and Settings\ComTEL VDF\Nabídka Start\Programy\Po spuštění
Automatické vypnutí počítače.lnk - C:\Program Files\Automatické vypnutí počítače\avp.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS.0\system32\igfxdev.dll [2010-10-26 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS.0\system32\LMIinit.dll [2011-06-16 87424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MI1933~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe"="C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite 2"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze"
"C:\Program Files\Raptr\raptr.exe"="C:\Program Files\Raptr\raptr.exe:*:Enabled:Raptr Client"
"C:\Program Files\Raptr\raptr_im.exe"="C:\Program Files\Raptr\raptr_im.exe:*:Enabled:Raptr IM"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace"
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote"
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Documents and Settings\ComTEL VDF\Plocha\dslman.exe"="C:\Documents and Settings\ComTEL VDF\Plocha\dslman.exe:*:Enabled:T-Mobile DSL Manager"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS.0\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS.0\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"msacm.siren"=sirenacm.dll
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-06-29 17:15:19 ----HDC---- C:\WINDOWS.0\$NtUninstallKB2541763$
2011-06-16 17:25:57 ----HDC---- C:\WINDOWS.0\$NtUninstallKB2476490$
2011-06-16 17:25:45 ----HDC---- C:\WINDOWS.0\$NtUninstallKB2503665$
2011-06-16 17:25:33 ----HDC---- C:\WINDOWS.0\$NtUninstallKB2535512$
2011-06-16 17:23:56 ----HDC---- C:\WINDOWS.0\$NtUninstallKB2536276$
2011-06-16 17:23:07 ----HDC---- C:\WINDOWS.0\$NtUninstallKB2544893$
2011-06-16 17:20:57 ----A---- C:\WINDOWS.0\imsins.BAK
2011-06-13 09:58:49 ----A---- C:\WINDOWS.0\ModemLog_SAMSUNG_E300 GSM Modem.txt
2011-06-13 09:57:48 ----D---- C:\Program Files\T-Mobile
2011-06-13 09:57:27 ----D---- C:\Program Files\ZTE

======List of files/folders modified in the last 1 month======

2011-07-11 11:38:07 ----D---- C:\WINDOWS.0\Prefetch
2011-07-11 11:38:02 ----D---- C:\Program Files\trend micro
2011-07-11 11:30:52 ----A---- C:\restart.txt
2011-07-11 11:30:49 ----A---- C:\WINDOWS.0\mobilis.ini
2011-07-11 11:04:35 ----D---- C:\WINDOWS.0\Temp
2011-07-11 09:05:58 ----D---- C:\WINDOWS.0\system32\CatRoot2
2011-07-11 08:54:58 ----A---- C:\WINDOWS.0\avp.ini
2011-07-11 08:54:50 ----D---- C:\Documents and Settings\All Users\Data aplikací\LogMeIn
2011-07-04 17:00:43 ----A---- C:\WINDOWS.0\SchedLgU.Txt
2011-07-04 10:15:50 ----D---- C:\mobilis
2011-06-30 10:03:29 ----D---- C:\WINDOWS.0
2011-06-30 10:00:23 ----D---- C:\WINDOWS.0\system32
2011-06-29 17:15:24 ----HD---- C:\WINDOWS.0\inf
2011-06-29 17:15:21 ----RSHDC---- C:\WINDOWS.0\system32\dllcache
2011-06-29 11:59:36 ----D---- C:\Documents and Settings\ComTEL VDF\Data aplikací\Canon
2011-06-29 11:59:32 ----A---- C:\WINDOWS.0\CSTBox.INI
2011-06-29 10:35:02 ----HD---- C:\WINDOWS.0\$hf_mig$
2011-06-28 14:08:12 ----RD---- C:\Program Files
2011-06-28 12:18:25 ----D---- C:\WINDOWS.0\Microsoft.NET
2011-06-28 12:17:21 ----RSD---- C:\WINDOWS.0\assembly
2011-06-28 10:50:57 ----SHD---- C:\WINDOWS.0\Installer
2011-06-28 10:50:56 ----D---- C:\Config.Msi
2011-06-28 10:50:17 ----AC---- C:\WINDOWS.0\system32\PerfStringBackup.INI
2011-06-28 10:49:47 ----D---- C:\WINDOWS.0\WinSxS
2011-06-27 10:18:11 ----D---- C:\Program Files\Mozilla Firefox
2011-06-17 09:01:48 ----D---- C:\Program Files\Microsoft Silverlight
2011-06-16 17:31:07 ----D---- C:\WINDOWS.0\Debug
2011-06-16 17:31:01 ----A---- C:\WINDOWS.0\system32\MRT.exe
2011-06-16 17:30:18 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2011-06-16 17:25:48 ----D---- C:\WINDOWS.0\system32\drivers
2011-06-16 17:23:40 ----D---- C:\Program Files\Internet Explorer
2011-06-16 17:23:24 ----D---- C:\WINDOWS.0\ie8updates
2011-06-16 14:06:26 ----D---- C:\Program Files\LogMeIn
2011-06-16 14:03:09 ----A---- C:\WINDOWS.0\system32\LMIRfsClientNP.dll
2011-06-16 14:03:09 ----A---- C:\WINDOWS.0\system32\LMIport.dll
2011-06-16 14:03:09 ----A---- C:\WINDOWS.0\system32\LMIinit.dll
2011-06-14 09:37:29 ----A---- C:\inventur.txt
2011-06-13 09:59:16 ----D---- C:\WINDOWS.0\system32\CatRoot

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswNdis;avast! Firewall NDIS Filter Service; C:\WINDOWS.0\system32\DRIVERS\aswNdis.sys [2011-05-10 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service; C:\WINDOWS.0\system32\drivers\aswNdis2.sys [2011-05-10 192984]
R0 PxHelp20;PxHelp20; C:\WINDOWS.0\System32\Drivers\PxHelp20.sys [2010-07-12 45648]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS.0\system32\drivers\Aavmker4.sys [2011-05-10 30808]
R1 aswFW;avast! TDI Firewall driver; C:\WINDOWS.0\system32\drivers\aswFW.sys [2011-05-10 102232]
R1 aswRdr;aswRdr; C:\WINDOWS.0\system32\drivers\aswRdr.sys [2011-05-10 25432]
R1 aswSnx;aswSnx; C:\WINDOWS.0\system32\drivers\aswSnx.sys [2011-05-10 441176]
R1 aswSP;aswSP; C:\WINDOWS.0\system32\drivers\aswSP.sys [2011-05-10 307928]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS.0\system32\drivers\aswTdi.sys [2011-05-10 49240]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS.0\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS.0\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/03/31 12:12:49]; \??\C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS.0\system32\drivers\aswFsBlk.sys [2011-05-10 19544]
R2 aswMon2;aswMon2; C:\WINDOWS.0\system32\drivers\aswMon2.sys [2011-05-10 102616]
R2 fssfltr;FssFltr; C:\WINDOWS.0\system32\DRIVERS\fssfltr_tdi.sys [2010-04-28 54760]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS.0\system32\drivers\LMIRfsDriver.sys []
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS.0\system32\drivers\cmuda.sys [2010-10-26 1332544]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS.0\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS.0\system32\DRIVERS\ialmnt5.sys [2010-10-26 1302332]
R3 lmimirr;lmimirr; C:\WINDOWS.0\system32\DRIVERS\lmimirr.sys [2010-05-31 10144]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS.0\System32\Drivers\RootMdm.sys [2001-10-25 5888]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS.0\system32\DRIVERS\Rtlnicxp.sys [2010-10-26 74496]
R3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS.0\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS.0\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbprint;Třída USB Printer; C:\WINDOWS.0\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS.0\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS.0\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 vpnva;Cisco AnyConnect VPN Virtual Miniport Adapter for Windows; C:\WINDOWS.0\system32\DRIVERS\vpnva.sys [2011-01-10 19680]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS.0\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS.0\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS.0\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS.0\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 massfilter;MBB Mass Storage Filter Driver; C:\WINDOWS.0\system32\drivers\massfilter.sys [2010-02-22 9216]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS.0\system32\drivers\ccdcmb.sys [2010-12-02 18304]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS.0\system32\drivers\ccdcmbo.sys [2010-12-02 23168]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS.0\system32\drivers\nmwcdnsu.sys [2010-12-02 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS.0\system32\drivers\nmwcdnsuc.sys [2010-12-02 8576]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS.0\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS.0\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS.0\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 Ser2pl;MAT Serial port driver; C:\WINDOWS.0\system32\DRIVERS\ser2pl.sys [2003-07-16 43264]
S3 UIUSys;Conexant Setup API; C:\WINDOWS.0\system32\DRIVERS\UIUSYS.SYS []
S3 upperdev;upperdev; C:\WINDOWS.0\system32\DRIVERS\usbser_lowerflt.sys [2010-12-02 8192]
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS.0\system32\DRIVERS\lgusbbus.sys [2008-11-11 13056]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS.0\system32\DRIVERS\lgusbdiag.sys [2008-11-11 19968]
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS.0\system32\DRIVERS\lgusbmodem.sys [2008-11-11 24832]
S3 usbser;USB Modem Driver; C:\WINDOWS.0\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS.0\system32\DRIVERS\usbser_lowerfltj.sys [2010-12-02 8192]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS.0\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS.0\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS.0\system32\DRIVERS\WudfPf.sys [2007-11-14 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS.0\system32\DRIVERS\wudfrd.sys [2007-11-14 82944]
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\WINDOWS.0\system32\DRIVERS\ZTEusbmdm6k.sys [2010-03-02 105856]
S3 ZTEusbnmea;ZTE NMEA Port; C:\WINDOWS.0\system32\DRIVERS\ZTEusbnmea.sys [2010-03-02 105856]
S3 ZTEusbser6k;ZTE Diagnostic Port; C:\WINDOWS.0\system32\DRIVERS\ZTEusbser6k.sys [2010-03-02 105856]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS.0\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-05-10 42184]
R2 avast! Firewall;avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [2011-05-10 121000]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS.0\system32\svchost.exe [2008-04-14 14336]
R2 LMIGuardianSvc;LMIGuardianSvc; C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe [2011-06-16 374152]
R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2010-12-08 390528]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 vpnagent;Cisco AnyConnect VPN Agent; C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-01-10 603896]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS.0\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-04-28 704872]
S3 idsvc;Windows CardSpace; c:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2011-03-21 632832]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS.0\system32\svchost.exe [2008-04-14 14336]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-03 135664]
S4 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-03 135664]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Roli]

Zdravím, není dobé si sám sobě přidávat odpovědi pak totiž nevidíme že nejsi řešen.

Tohle fixni v HJT :

O4 - HKLM\..\Run: [BabylonToolbar] "C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" /md I
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS.0\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe -update activex
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

HJT najdeš jde :

C:\Program Files\trend micro\ComTEL VDF.exe

Fix znamená že spustíš HJT

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém


Defragmentuj disk buď integrovaným windows nástrojem,

nebo jinou aplikací, například Defragglerem


Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.


V případě nejasností je ZDE obrázkový návod.

[viper25]

ComboFix 11-07-11.02 - ComTEL VDF 11.07.2011 16:41:28.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2039.1540 [GMT 2:00]
Spuštěný z: c:\documents and settings\ComTEL VDF\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-11 do 2011-07-11 )))))))))))))))))))))))))))))))
.
.
2011-07-11 14:10 . 2011-07-11 14:10 77824 ----a-w- c:\windows.0\Keygen.exe
2011-07-11 14:10 . 2011-07-11 14:10 472576 ----a-w- c:\windows.0\AutoKMS.exe
2011-07-11 11:18 . 2011-07-04 11:36 309848 ----a-w- c:\windows.0\system32\drivers\aswSP.sys
2011-07-11 11:18 . 2011-07-04 11:32 19544 ----a-w- c:\windows.0\system32\drivers\aswFsBlk.sys
2011-07-11 11:18 . 2011-07-04 11:32 25432 ----a-w- c:\windows.0\system32\drivers\aswRdr.sys
2011-07-11 11:18 . 2011-07-04 11:36 441176 ----a-w- c:\windows.0\system32\drivers\aswSnx.sys
2011-07-11 11:18 . 2011-07-04 11:35 43608 ----a-w- c:\windows.0\system32\drivers\aswTdi.sys
2011-07-11 11:18 . 2011-07-04 11:35 102616 ----a-w- c:\windows.0\system32\drivers\aswmon2.sys
2011-07-11 11:18 . 2011-07-04 11:35 96344 ----a-w- c:\windows.0\system32\drivers\aswmon.sys
2011-07-11 11:18 . 2011-07-04 11:32 30808 ----a-w- c:\windows.0\system32\drivers\aavmker4.sys
2011-07-11 11:17 . 2011-07-04 11:43 40112 ----a-w- c:\windows.0\avastSS.scr
2011-07-11 11:17 . 2011-07-04 11:43 199304 ----a-w- c:\windows.0\system32\aswBoot.exe
2011-07-11 11:17 . 2011-07-11 11:17 404640 ----a-w- c:\windows.0\system32\FlashPlayerCPLApp.cpl
2011-06-28 10:39 . 2011-06-28 10:39 -------- d-----w- c:\documents and settings\Nový uživatel\Data aplikací\BabylonToolbar
2011-06-16 06:02 . 2011-04-21 13:37 105472 -c----w- c:\windows.0\system32\dllcache\mup.sys
2011-06-13 07:57 . 2011-06-13 07:57 -------- d-----w- c:\program files\T-Mobile
2011-06-13 07:57 . 2011-06-13 07:57 -------- d-----w- c:\program files\ZTE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-16 12:03 . 2010-10-27 15:05 83360 ----a-w- c:\windows.0\system32\LMIRfsClientNP.dll
2011-06-16 12:03 . 2010-10-27 15:05 53632 ----a-w- c:\windows.0\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-06-16 12:03 . 2010-10-27 15:05 29568 ----a-w- c:\windows.0\system32\LMIport.dll
2011-06-16 12:03 . 2010-10-27 15:05 87424 ----a-w- c:\windows.0\system32\LMIinit.dll
2011-05-29 07:11 . 2011-06-10 12:52 39984 ----a-w- c:\windows.0\system32\drivers\mbamswissarmy.sys
2011-05-29 07:11 . 2011-06-10 12:52 22712 ----a-w- c:\windows.0\system32\drivers\mbam.sys
2011-05-02 15:32 . 2010-10-26 11:09 692736 ----a-w- c:\windows.0\system32\inetcomm.dll
2011-04-29 17:25 . 2007-11-14 12:20 151552 ----a-w- c:\windows.0\system32\schannel.dll
2011-04-29 16:19 . 2007-11-14 12:18 456320 ----a-w- c:\windows.0\system32\drivers\mrxsmb.sys
2011-04-25 16:06 . 2007-11-14 10:16 43520 ----a-w- c:\windows.0\system32\licmgr10.dll
2011-04-25 16:06 . 2007-11-14 10:16 916480 ----a-w- c:\windows.0\system32\wininet.dll
2011-04-25 16:06 . 2007-11-14 10:16 1469440 ----a-w- c:\windows.0\system32\inetcpl.cpl
2011-04-25 12:01 . 2007-11-14 10:16 385024 ----a-w- c:\windows.0\system32\html.iec
2011-04-21 13:37 . 2004-08-03 21:15 105472 ----a-w- c:\windows.0\system32\drivers\mup.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows.0\system32\igfxtray.exe" [2010-10-26 94208]
"igfxhkcmd"="c:\windows.0\system32\hkcmd.exe" [2010-10-26 77824]
"igfxpers"="c:\windows.0\system32\igfxpers.exe" [2010-10-26 114688]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-05-31 63048]
"CNAP2 Launcher"="c:\windows.0\System32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE" [2007-09-06 406944]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
c:\documents and settings\ComTEL VDF\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Automatick‚ vypnutˇ poźˇtaźe.lnk - c:\program files\Automatick‚ vypnutˇ poźˇtaźe\avp.exe [2004-12-28 443392]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-06-16 12:03 87424 ----a-w- c:\windows.0\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-12-21 09:53 1483264 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Raptr\\raptr.exe"=
"c:\\Program Files\\Raptr\\raptr_im.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS.0\\Keygen.exe"=
.
R1 aswSP;aswSP;c:\windows.0\system32\drivers\aswSP.sys [11.7.2011 13:18 309848]
R2 aswFsBlk;aswFsBlk;c:\windows.0\system32\drivers\aswFsBlk.sys [11.7.2011 13:18 19544]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [27.9.2010 14:47 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [31.5.2010 11:31 12856]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [10.1.2011 21:05 603896]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 21:37 4640000]
S1 aswSnx;aswSnx;c:\windows.0\system32\drivers\aswSnx.sys [11.7.2011 13:18 441176]
S3 massfilter;MBB Mass Storage Filter Driver;c:\windows.0\system32\drivers\massfilter.sys [25.2.2011 16:26 9216]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [25.3.2010 10:25 30969208]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows.0\system32\drivers\nmwcdnsu.sys [9.6.2011 10:36 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows.0\system32\drivers\nmwcdnsuc.sys [9.6.2011 10:36 8576]
S4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3.11.2010 11:45 135664]
S4 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3.11.2010 11:45 135664]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - AVAST!_ANTIVIRUS
*Deregistered* - {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-11 c:\windows.0\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-03 09:45]
.
2011-07-11 c:\windows.0\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-03 09:45]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
Trusted Zone: cz.tmo\*
Trusted Zone: t-mobile.cz\*
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{D3C8A309-A274-4C62-AAA0-377020D98F01}: NameServer = 10.245.32.1,10.245.33.2
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpnssl.t-mobile.cz/CACHE/stc/1/binaries/vpnweb.cab
FF - ProfilePath - c:\documents and settings\ComTEL VDF\Data aplikací\Mozilla\Firefox\Profiles\evv9e59v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows.0\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG10\Firefox4
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-Cmaudio - cmicnfg.cpl
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-11 16:47
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1409082233-796845957-725345543-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(488)
c:\windows.0\system32\LMIinit.dll
c:\windows.0\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(2892)
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MI1933~1\Office14\1029\GrooveIntlResource.dll
c:\windows.0\system32\webcheck.dll
c:\windows.0\system32\LMIRfsClientNP.dll
.
Celkový čas: 2011-07-11 16:50:26
ComboFix-quarantined-files.txt 2011-07-11 14:50
.
Před spuštěním: Volných bajtů: 55 290 671 104
Po spuštění: Volných bajtů: 55 344 095 232
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.0
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.0="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.

[Roli]

Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

File::  
c:\windows.0\Keygen.exe
c:\windows.0\AutoKMS.exe

Folder::
c:\documents and settings\Nový uživatel\Data aplikací\BabylonToolbar

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS.0\\Keygen.exe"=-

FireFox::
FF - ProfilePath - c:\documents and settings\ComTEL VDF\Data aplikací\Mozilla\Firefox\Profiles\evv9e59v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=

ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:



Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

[viper25]

ComboFix 11-07-11.02 - ComTEL VDF 12.07.2011 9:27.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2039.1565 [GMT 2:00]
Spuštěný z: c:\documents and settings\ComTEL VDF\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\ComTEL VDF\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows.0\AutoKMS.exe"
"c:\windows.0\Keygen.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows.0\AutoKMS.exe
c:\windows.0\Keygen.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-12 do 2011-07-12 )))))))))))))))))))))))))))))))
.
.
2011-07-11 11:18 . 2011-07-04 11:36 309848 ----a-w- c:\windows.0\system32\drivers\aswSP.sys
2011-07-11 11:18 . 2011-07-04 11:32 19544 ----a-w- c:\windows.0\system32\drivers\aswFsBlk.sys
2011-07-11 11:18 . 2011-07-04 11:32 25432 ----a-w- c:\windows.0\system32\drivers\aswRdr.sys
2011-07-11 11:18 . 2011-07-04 11:36 441176 ----a-w- c:\windows.0\system32\drivers\aswSnx.sys
2011-07-11 11:18 . 2011-07-04 11:35 43608 ----a-w- c:\windows.0\system32\drivers\aswTdi.sys
2011-07-11 11:18 . 2011-07-04 11:35 102616 ----a-w- c:\windows.0\system32\drivers\aswmon2.sys
2011-07-11 11:18 . 2011-07-04 11:35 96344 ----a-w- c:\windows.0\system32\drivers\aswmon.sys
2011-07-11 11:18 . 2011-07-04 11:32 30808 ----a-w- c:\windows.0\system32\drivers\aavmker4.sys
2011-07-11 11:17 . 2011-07-04 11:43 40112 ----a-w- c:\windows.0\avastSS.scr
2011-07-11 11:17 . 2011-07-04 11:43 199304 ----a-w- c:\windows.0\system32\aswBoot.exe
2011-07-11 11:17 . 2011-07-11 11:17 404640 ----a-w- c:\windows.0\system32\FlashPlayerCPLApp.cpl
2011-06-28 10:39 . 2011-06-28 10:39 -------- d-----w- c:\documents and settings\Nový uživatel\Data aplikací\BabylonToolbar
2011-06-16 06:02 . 2011-04-21 13:37 105472 -c----w- c:\windows.0\system32\dllcache\mup.sys
2011-06-13 07:57 . 2011-06-13 07:57 -------- d-----w- c:\program files\T-Mobile
2011-06-13 07:57 . 2011-06-13 07:57 -------- d-----w- c:\program files\ZTE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-16 12:03 . 2010-10-27 15:05 83360 ----a-w- c:\windows.0\system32\LMIRfsClientNP.dll
2011-06-16 12:03 . 2010-10-27 15:05 53632 ----a-w- c:\windows.0\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-06-16 12:03 . 2010-10-27 15:05 29568 ----a-w- c:\windows.0\system32\LMIport.dll
2011-06-16 12:03 . 2010-10-27 15:05 87424 ----a-w- c:\windows.0\system32\LMIinit.dll
2011-05-29 07:11 . 2011-06-10 12:52 39984 ----a-w- c:\windows.0\system32\drivers\mbamswissarmy.sys
2011-05-29 07:11 . 2011-06-10 12:52 22712 ----a-w- c:\windows.0\system32\drivers\mbam.sys
2011-05-02 15:32 . 2010-10-26 11:09 692736 ----a-w- c:\windows.0\system32\inetcomm.dll
2011-04-29 17:25 . 2007-11-14 12:20 151552 ----a-w- c:\windows.0\system32\schannel.dll
2011-04-29 16:19 . 2007-11-14 12:18 456320 ----a-w- c:\windows.0\system32\drivers\mrxsmb.sys
2011-04-25 16:06 . 2007-11-14 10:16 43520 ----a-w- c:\windows.0\system32\licmgr10.dll
2011-04-25 16:06 . 2007-11-14 10:16 916480 ----a-w- c:\windows.0\system32\wininet.dll
2011-04-25 16:06 . 2007-11-14 10:16 1469440 ----a-w- c:\windows.0\system32\inetcpl.cpl
2011-04-25 12:01 . 2007-11-14 10:16 385024 ----a-w- c:\windows.0\system32\html.iec
2011-04-21 13:37 . 2004-08-03 21:15 105472 ----a-w- c:\windows.0\system32\drivers\mup.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-11_14.47.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-26 12:07 . 2011-07-12 06:54 300440 c:\windows.0\system32\FNTCACHE.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows.0\system32\igfxtray.exe" [2010-10-26 94208]
"igfxhkcmd"="c:\windows.0\system32\hkcmd.exe" [2010-10-26 77824]
"igfxpers"="c:\windows.0\system32\igfxpers.exe" [2010-10-26 114688]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-05-31 63048]
"CNAP2 Launcher"="c:\windows.0\System32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE" [2007-09-06 406944]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
c:\documents and settings\ComTEL VDF\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Automatick‚ vypnutˇ poźˇtaźe.lnk - c:\program files\Automatick‚ vypnutˇ poźˇtaźe\avp.exe [2004-12-28 443392]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-06-16 12:03 87424 ----a-w- c:\windows.0\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-12-21 09:53 1483264 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Raptr\\raptr.exe"=
"c:\\Program Files\\Raptr\\raptr_im.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
R1 aswSnx;aswSnx;c:\windows.0\system32\drivers\aswSnx.sys [11.7.2011 13:18 441176]
R1 aswSP;aswSP;c:\windows.0\system32\drivers\aswSP.sys [11.7.2011 13:18 309848]
R2 aswFsBlk;aswFsBlk;c:\windows.0\system32\drivers\aswFsBlk.sys [11.7.2011 13:18 19544]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [27.9.2010 14:47 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [31.5.2010 11:31 12856]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [10.1.2011 21:05 603896]
S3 massfilter;MBB Mass Storage Filter Driver;c:\windows.0\system32\drivers\massfilter.sys [25.2.2011 16:26 9216]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [25.3.2010 10:25 30969208]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows.0\system32\drivers\nmwcdnsu.sys [9.6.2011 10:36 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows.0\system32\drivers\nmwcdnsuc.sys [9.6.2011 10:36 8576]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 21:37 4640000]
S4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3.11.2010 11:45 135664]
S4 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3.11.2010 11:45 135664]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-12 c:\windows.0\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-03 09:45]
.
2011-07-12 c:\windows.0\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-03 09:45]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
Trusted Zone: cz.tmo\*
Trusted Zone: t-mobile.cz\*
TCP: DhcpNameServer = 10.0.0.138
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpnssl.t-mobile.cz/CACHE/stc/1/binaries/vpnweb.cab
FF - ProfilePath - c:\documents and settings\ComTEL VDF\Data aplikací\Mozilla\Firefox\Profiles\evv9e59v.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows.0\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG10\Firefox4
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-12 09:39
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1409082233-796845957-725345543-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(528)
c:\windows.0\system32\LMIinit.dll
c:\windows.0\system32\LMIRfsClientNP.dll
c:\windows.0\system32\igfxdev.dll
.
Celkový čas: 2011-07-12 09:44:07
ComboFix-quarantined-files.txt 2011-07-12 07:44
ComboFix2.txt 2011-07-11 14:50
.
Před spuštěním: Volných bajtů: 55 345 156 096
Po spuštění: Volných bajtů: 55 334 379 520
.
- - End Of File - - D2797CC593922827EB3A0B8BDD6AECAD

[Roli]

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.


Pak dej vědět jaký je stav PC.

[viper25]

Dobrý den pc se zrychlilo ale nepatrně ale pokud jdu do ovládacích panelů a dát odinstalovat soubory píše hlášku:Value creation failed"at line 451

[Roli]

Aha, zřejmě si použil nějaké zkrášlovadlo systému.

Zkus nejdříve TUHLE knihovnu nakopírovat do :

C: >> WINDOWS >> system32 >>

Nebo změň vzhled na klasický.


Pokud nezabere ani jedno tak pohledej instalační CD Windows bude se opravovat.

V Bios Setup do kterého se dostaneš při restartu mačkáním klávesy :

* DEL
* F2
* F1
* F10

záleží na PC, ale vždy je to na monitoru napsáno,

otevři nabídku ADVANCED BIOS FEATURES a vyhledej Boot Devices 0 až 4 nebo Boot Sequence.

Na první místo nastav CD-ROM,

na druhé pevný disk HDD, u obou položek bývá napsán i výrobce.

Stisknutím Save většinou je to F10 a potvrzením Entrem uložíš nastavení,

pak ještě stisknutím Save and Exit se dostaneš z Biosu a můžeš začít s opravou.

Vlož instalační CD do mechaniky, nech nabootovat,

chvíli počkej zobrazí se první obrazovka kde klávesou Enter potvrdíš spuštění instalace Windows,

v další obrazovce klávesou F8 potvrdíš licenční ujednání,

v další obrazovce pak klávesou R zvol Opravit stávající instalaci Windows

podrobný postup ZDE


Pak dej vědět jak to dopadlo.