samovolné vypínání pc

[chosse11]

prosím o pomoc, při běhu pc se občas sám samovolně restartuje. Díky

[Caroprd111]

Zdravím a vítám vás na našem bezpečnostním fóru viry.cz

Můj nick je Caroprd111. Budu se vám v tomto topicu věnovat a snažit se odstranit všechny vaše problémy s počítačem.
Než začneme, přečtěte si prosím následující poznámky.

• Pokud nemáte, zálohujte si všechna důležitá data. Infikovaný počítač je nevyzpytatelný.
• Důsledně a pečlivě si přečtěte celý postup, poté pokračujte po jednotlivých krocích.
• Prosím, nespouštějte žádné další programy na vlastní pěst, zejména ComboFix. Zbytečně tím můžete zkomplikovat odvirování, dokonce i znefunkčnit systém.
• Absence příznaků nemusí vždy znamenat, že je počítač čistý, proto vždy spolupracujte až do doby, než vám napíšu, že je počítač v pořádku.
• V případě, že něčemu nerozumíte nebo si nejste jist, neváhejte se mě zeptat.
• Pokud bude log dlouhý a nevejde se do jednoho příspěvku, rozdělte jej do více příspěvků.

Poprosím vás o přečtení pravidel a log z RSIT dle návodu http://www.viry.cz/forum/viewtopic.php?f=13&t=105895

[chosse11]

Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2011-08-15 21:50:21
Microsoft Windows 7 Ultimate
System drive C: has 62 GB (62%) free of 100 GB
Total RAM: 1983 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:50:33, on 15.8.2011
Platform: Windows 7 (WinNT 6.00.3133)
MSIE: Internet Explorer v8.00 (8.00.7229.0000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\-programy-\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mv-net.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://alawar.com.pt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Administrator.MYCOMPUTER.000\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpyEmergency] C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [DAEMON Tools Lite 4.30.4.0027 Setup] "E:\WPI\Install\daemon.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [DAEMON Tools Lite 4.30.4.0027 Setup] "E:\WPI\Install\daemon.exe" (User 'Default user')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Spy Emergency Engine Service (SpyEmrgSrv) - NETGATE Technologies s.r.o. - C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe

--
End of file - 6584 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2213656119-1462395472-1304943397-500Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2213656119-1462395472-1304943397-500UA.job
C:\Windows\tasks\Norton Security Scan for Administrator.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14 191792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-08-06 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll [2010-10-23 842296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-08-06 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar BHO - C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll [2010-07-06 506720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Nero Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-08-06 259696]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Nero Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448]
{8dcb7100-df86-4384-8842-8fa844297b3f} - MSN Toolbar - C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll [2010-07-06 506720]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-08-21 98304]
"MSN Toolbar"=C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe [2010-07-06 240480]
"Microsoft Default Manager"=C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2009-07-17 288080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-06-05 1173504]
"Google Update"=C:\Users\Administrator.MYCOMPUTER.000\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-12 133104]
"SpyEmergency"=C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe [2011-03-02 2394752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
C:\Program Files\Electronic Arts\EADM\Core.exe [2008-07-22 2772992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]

C:\Users\Administrator.MYCOMPUTER.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.2.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-08-15 21:50:21 ----D---- C:\rsit
2011-08-15 21:50:21 ----D---- C:\Program Files\trend micro
2011-08-15 21:21:11 ----D---- C:\Program Files\CCleaner

======List of files/folders modified in the last 1 month======

2011-08-15 21:50:33 ----D---- C:\Windows\Prefetch
2011-08-15 21:50:21 ----RD---- C:\Program Files
2011-08-15 21:50:16 ----D---- C:\Windows\Temp
2011-08-15 21:31:26 ----SHD---- C:\Windows\Installer
2011-08-15 21:31:26 ----SHD---- C:\Config.Msi
2011-08-15 21:31:25 ----D---- C:\Program Files\Microsoft Silverlight
2011-08-15 21:30:37 ----SHD---- C:\System Volume Information
2011-08-15 21:26:00 ----D---- C:\Windows\Minidump
2011-08-15 21:26:00 ----D---- C:\Windows\debug
2011-08-15 21:26:00 ----D---- C:\Windows
2011-08-15 21:15:29 ----D---- C:\Windows\System32
2011-08-15 19:27:00 ----D---- C:\Windows\system32\config
2011-07-31 21:26:26 ----D---- C:\Windows\system32\catroot2
2011-07-24 06:33:07 ----D---- C:\Program Files\Common Files
2011-07-23 00:03:12 ----AD---- C:\ProgramData\TEMP
2011-07-23 00:03:08 ----D---- C:\Windows\system32\Tasks
2011-07-23 00:03:07 ----D---- C:\Program Files\Registry Mechanic
2011-07-23 00:01:34 ----HD---- C:\ProgramData

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-06-05 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-06-05 173648]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-07-23 721904]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-06-05 387584]
R1 eusk2par;Aladdin SmartKey Parallel Driver; \??\C:\Windows\system32\Drivers\eusk2par.sys [2008-12-18 25680]
R1 SpyEmrg;Spy Emergency Driver; C:\Windows\System32\Drivers\spyemrg.sys [2009-09-17 12344]
R1 VD_FileDisk;VD_FileDisk; C:\Windows\system32\drivers\VD_FileDisk.sys [2006-01-13 15872]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-05-07 1040544]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2008-05-07 13312]
R3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver; C:\Windows\System32\Drivers\spyemrg_guard.sys [2009-09-17 14392]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-06-05 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-06-05 70736]
S3 amdagp;[FBepC][AMD ΆĞÞ Вûŝ ₣ιŀŧеř Đґίνëŕ !!! !!!]; C:\Windows\system32\DRIVERS\amdagp.sys [2009-06-05 53328]
S3 b57nd60x;[Vf8Kn][Вѓóăďсôм ŊèτХţřęmє Ġïġªъïţ Ēŧĥэгńěт - ЙĐΪЅ 6.0 !!! !!! !!! !]; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-06-05 229888]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-06-05 34816]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-06-05 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-06-05 392704]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-06-05 58880]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-06-05 133120]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-06-05 129536]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-06-05 5632]
S3 sisagp;[HiggA][SIS ĄĞР Вџś ₣ĭŀţĕŗ !!! ]; C:\Windows\system32\DRIVERS\sisagp.sys [2009-06-05 52304]
S3 SpyEmrgAccess;Spy Emergency OnAccess Driver; C:\Windows\System32\Drivers\spyemrg_access.sys [2009-09-17 18232]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-06-05 28240]
S3 TPM;Čip TPM; C:\Windows\system32\drivers\tpm.sys [2009-06-05 30720]
S3 viaagp;[4GqaG][VIA ĀĜΡ Ьцš ₣íļťзг !!! ]; C:\Windows\system32\DRIVERS\viaagp.sys [2009-06-05 53328]
S3 ViaC7;[XuSv7][VIA C7 Þŕöćēŝѕøř Đгïνеř !!! !!]; C:\Windows\system32\DRIVERS\viac7.sys [2009-06-05 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-06-05 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-06-05 17792]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-06-05 20480]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-09-23 935208]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-05-01 211488]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-05-14 249136]
R2 SpyEmrgSrv;Spy Emergency Engine Service; C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe [2011-03-02 2230912]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-06-05 20480]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-06 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-06-05 20480]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-06-05 20480]

-----------------EOF-----------------

[Caroprd111]

Doporučuji odinstalovat Spy Emergency a nainstalovat příslušné softwarové zabezpečení http://www.viry.cz/forum/viewtopic.php?f=29&t=6152


Používáte toolbary?


Stáhněte OTL http://oldtimer.geekstogo.com/OTL.exe na plochu

• Spusťte, poté do spodního políčka vložte následující skript.

Kód: Vybrat vše

 netsvcs
drivers32
savembr:0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
/md5start
scecli.dll
autochk.exe
csrss.exe
explorer.exe
lsass.exe
services.exe
smss.exe
spoolsv.exe
svchost.exe
userinit.exe
winlogon.exe
atapi.sys
cdrom.sys 
ndis.sys
ntfs.sys
tcpip.sys
%SystemDrive%\PhysicalMBR.bin
/md5stop
C:\windows\system32\spool\prtprocs|dll;true;true;true /FP
%systemroot%\system32\drivers\*.sys /5
%systemroot%\system32\drivers\*.sys /X 
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.* /5
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\config\*.sav 
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\*.* /U /s
%systemroot%\*. /mp /s
%ALLUSERSPROFILE%\Data Aplikací\*.*
%ALLUSERSPROFILE%\Data Aplikací\*.exe /s
%ALLUSERSPROFILE%\Dáta aplikácií\*.*
%ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s
%APPDATA%\*.
%APPDATA%\*.*
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c
type c:\boot.ini >> test.txt /c
*crack*
*keygen*

• Označte položku Pro všechny uživatele.
• Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
• Klikněte na tlačítko Prohledat
• Po dokončení, sem vložte logy OTL.Txt a Extras.txt

[chosse11]

negeneruje to žádnej log. vždy se nějak sekne a nedojde

[chosse11]

napsalo to out to memory

[Caroprd111]

Zkuste OTL spustit bez skriptu.

[chosse11]

tomu nerozumím???

[Caroprd111]

Postupujte tak, jak jsem psal, jen vynechte vložení skriptu do bílého okna.

[chosse11]

aha, ok

[Caroprd111]

Kdyby byly problémy, tak pište.

[chosse11]

OTL logfile created on: 16.8.2011 15:03:03 - Run 1
OTL by OldTimer - Version 3.2.26.4 Folder = C:\Users\Administrator.MYCOMPUTER.000\Desktop
Ultimate Edition (Version = 6.1.7229) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7229.0)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,94 Gb Total Physical Memory | 1,34 Gb Available Physical Memory | 69,12% Memory free
3,87 Gb Paging File | 3,13 Gb Available in Paging File | 80,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 60,45 Gb Free Space | 61,90% Space Free | Partition Type: NTFS
Drive D: | 135,22 Gb Total Space | 131,49 Gb Free Space | 97,24% Space Free | Partition Type: NTFS
Drive E: | 128,79 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: MYCOMPUTER | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.08.16 09:37:38 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator.MYCOMPUTER.000\Desktop\OTL.exe
PRC - [2011.03.02 18:31:48 | 002,230,912 | ---- | M] (NETGATE Technologies s.r.o.) -- C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe
PRC - [2011.03.02 18:31:42 | 002,394,752 | ---- | M] (NETGATE Technologies s.r.o.) -- C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe
PRC - [2010.06.07 22:12:12 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010.06.07 22:12:08 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009.09.23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009.06.05 09:46:47 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe


========== Modules (No Company Name) ==========

MOD - [2011.03.04 14:38:31 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV - [2011.03.02 18:31:48 | 002,230,912 | ---- | M] (NETGATE Technologies s.r.o.) [Auto | Running] -- C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe -- (SpyEmrgSrv)
SRV - [2009.09.23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.06.05 09:48:17 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.06.05 09:48:16 | 001,004,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.06.05 09:48:06 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2009.09.17 08:58:44 | 000,018,232 | ---- | M] (NETGATE Technologies s.r.o.) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\spyemrg_access.sys -- (SpyEmrgAccess)
DRV - [2009.09.17 08:58:34 | 000,014,392 | ---- | M] (NETGATE Technologies s.r.o.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\spyemrg_guard.sys -- (SpyEmrgGuard)
DRV - [2009.09.17 08:58:22 | 000,012,344 | ---- | M] (NETGATE Technologies s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\spyemrg.sys -- (SpyEmrg)
DRV - [2009.07.23 19:06:58 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.06.05 09:49:49 | 000,028,240 | ---- | M] (Мїċřбşôƒτ Çσґφøгāţїои) [Kernel | System | Running] -- C:\Windows\System32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2009.06.05 09:49:43 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.06.05 09:49:35 | 000,040,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.06.05 09:49:30 | 000,028,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.06.05 08:19:34 | 000,258,560 | ---- | M] (Мĩ¢яόѕθƒτ Сòřрòѓãτϊоñ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbhub.sys -- (usbhub)
DRV - [2009.06.05 08:19:34 | 000,093,696 | ---- | M] (Μĭčґòşǿƒт €σѓþθґãтїóñ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bthpan.sys -- (BthPan) Zařízení Bluetooth (síť PAN)
DRV - [2009.06.05 08:19:32 | 000,163,328 | ---- | M] (Мιсřθşбƒť Čõяρôѓäŧїøņ) [55ZAD][1394 ǾĤĆÎ Ćōмþℓīаʼnŧ Ĥøşŧ Ċõπтґθļℓэř !!! !!! !] [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009.06.05 08:19:26 | 000,314,368 | ---- | M] (Μĩςřöšôƒţ €οгφǿřαţïθй) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService)
DRV - [2009.06.05 08:19:17 | 000,039,936 | ---- | M] (Мïсřοšôƒţ €όґφõгāťїøņ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\umbus.sys -- (umbus)
DRV - [2009.06.05 08:19:08 | 000,062,464 | ---- | M] (Μí¢ґőŝōƒť Ćόґþóřâŧîоπ) [UfbQj][1394 ŐΗĊΊ €ômρŀϊâпт Нσ§τ €øʼnτяθŀłзŗ (Ľëġāćу) !!! !!! !!! ] [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ohci1394.sys -- (ohci1394)
DRV - [2009.06.05 08:13:39 | 000,021,632 | ---- | M] (Μįсřοşøƒŧ Сōѓþόřάтĩőñ) [61nau][Ẅάċōм Ѕегιăℓ Þéи ĦĪÐ Ďŕїνєѓ !!! !!!] [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\wacompen.sys -- (WacomPen)
DRV - [2009.06.05 07:47:28 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.06.05 07:47:25 | 000,017,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.06.05 07:27:30 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009.06.05 07:26:09 | 000,055,296 | ---- | M] (Μΐςŕøşоƒτ Čòřφőŗατîοʼn) [BPrUZ][AMD K8 Þгóć℮şŝõř Đѓïνэŗ !!! !!] [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdk8.sys -- (AmdK8)
DRV - [2009.06.05 07:26:09 | 000,053,760 | ---- | M] (Міċŕòѕøƒт Сõřφθѓäŧіôŋ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\intelppm.sys -- (intelppm)
DRV - [2009.06.05 07:26:09 | 000,052,736 | ---- | M] (Мϊčřǿ§őƒţ €őѓþθяāτįőʼn) [XuSv7][VIA C7 Þŕöćēŝѕøř Đгïνеř !!! !!] [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viac7.sys -- (ViaC7)
DRV - [2009.06.05 07:26:09 | 000,052,736 | ---- | M] (Μĩčґõşόƒť Čοґрöřąŧίōή) [RVdHv][ÁΜĐ Рŗöςĕŝѕóѓ Đŕіνėŗ !!! !] [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009.06.05 07:26:09 | 000,052,224 | ---- | M] (Мïсґо§ôƒť Ćôřρόřαтìσл) [BEEST][Рŕŏčêѕŝòř Đгινěř !!! ] [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\processr.sys -- (Processor)
DRV - [2009.05.28 03:24:14 | 009,853,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.12.18 10:13:18 | 000,025,680 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eusk2par.sys -- (eusk2par)
DRV - [2008.05.07 10:45:08 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008.05.07 10:45:08 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006.01.13 15:00:52 | 000,015,872 | ---- | M] (Flint Incorporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vd_filedisk.sys -- (VD_FileDisk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://alawar.com.pt


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2213656119-1462395472-1304943397-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mv-net.cz/
IE - HKU\S-1-5-21-2213656119-1462395472-1304943397-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2C 09 00 F9 02 12 CA 01 [binary data]
IE - HKU\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=4.0: C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Administrator.MYCOMPUTER.000\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Administrator.MYCOMPUTER.000\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\Firefox [2010.10.20 19:55:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010.10.21 21:32:27 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009.02.24 04:55:15 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-21-2213656119-1462395472-1304943397-500\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-21-2213656119-1462395472-1304943397-500\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKU\S-1-5-21-2213656119-1462395472-1304943397-500..\Run: [SpyEmergency] C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe (NETGATE Technologies s.r.o.)
O4 - HKU\.DEFAULT..\RunOnce: [DAEMON Tools Lite 4.30.4.0027 Setup] File not found
O4 - HKU\S-1-5-18..\RunOnce: [DAEMON Tools Lite 4.30.4.0027 Setup] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Administrator.MYCOMPUTER.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Administrator.MYCOMPUTER.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2213656119-1462395472-1304943397-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll ()
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll ()
O13 - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.20
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.04.29 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.03.06 13:15:20 | 000,000,044 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{81bd5e87-77a8-11de-be50-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{81bd5e87-77a8-11de-be50-806e6f6e6963}\Shell\AutoRun\command - "" = E:\start.exe -- [2009.03.06 13:15:20 | 002,517,610 | R--- | M] (Macromedia, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.08.15 22:19:38 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator.MYCOMPUTER.000\Desktop\OTL.exe
[2011.08.15 21:50:21 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011.08.15 21:50:21 | 000,000,000 | ---D | C] -- C:\rsit
[2011.08.15 21:21:20 | 000,000,000 | ---D | C] -- C:\Users\Administrator.MYCOMPUTER.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.08.15 21:21:11 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.08.15 21:15:29 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

========== Files - Modified Within 30 Days ==========

[2011.08.16 09:59:48 | 000,010,592 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.16 09:59:48 | 000,010,592 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.16 09:39:14 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011.08.16 09:37:38 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator.MYCOMPUTER.000\Desktop\OTL.exe
[2011.08.16 09:19:00 | 000,001,024 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2213656119-1462395472-1304943397-500UA.job
[2011.08.15 21:21:20 | 000,000,965 | ---- | M] () -- C:\Users\Administrator.MYCOMPUTER.000\Desktop\CCleaner.lnk
[2011.08.15 21:15:29 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.08.15 19:22:52 | 000,002,474 | ---- | M] () -- C:\Users\Administrator.MYCOMPUTER.000\Desktop\Google Chrome.lnk
[2011.08.15 19:19:00 | 000,000,972 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2213656119-1462395472-1304943397-500Core.job
[2011.08.13 12:35:32 | 003,627,190 | ---- | M] () -- C:\Users\Administrator.MYCOMPUTER.000\Desktop\airport-madness.zip
[2011.07.31 13:51:36 | 000,181,613 | ---- | M] () -- C:\Users\Administrator.MYCOMPUTER.000\Documents\Pravidla k VOP HERMOD - SDH.pdf
[2011.07.25 07:57:18 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2011.07.20 13:12:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

========== Files Created - No Company Name ==========

[2011.08.15 22:21:27 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011.08.15 21:21:20 | 000,000,965 | ---- | C] () -- C:\Users\Administrator.MYCOMPUTER.000\Desktop\CCleaner.lnk
[2011.07.31 13:51:22 | 000,181,613 | ---- | C] () -- C:\Users\Administrator.MYCOMPUTER.000\Documents\Pravidla k VOP HERMOD - SDH.pdf
[2010.05.30 19:52:47 | 000,006,550 | ---- | C] () -- C:\Windows\jautoexp.dat
[2010.05.19 20:00:06 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010.02.21 18:58:37 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2009.07.24 04:46:28 | 000,676,224 | R--- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.07.23 19:18:46 | 000,003,636 | R--- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009.06.13 11:48:54 | 000,625,368 | ---- | C] () -- C:\Windows\System32\perfh005.dat
[2009.06.13 11:48:54 | 000,291,696 | ---- | C] () -- C:\Windows\System32\perfi005.dat
[2009.06.13 11:48:54 | 000,119,610 | ---- | C] () -- C:\Windows\System32\perfc005.dat
[2009.06.13 11:48:54 | 000,036,082 | ---- | C] () -- C:\Windows\System32\perfd005.dat
[2009.06.05 10:27:17 | 000,609,896 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.06.05 10:27:17 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.06.05 10:27:17 | 000,104,214 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.06.05 10:27:17 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.06.05 10:26:52 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.06.05 10:26:19 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.06.05 08:59:54 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.06.05 08:24:17 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.06.05 08:19:40 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.06.05 08:04:44 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.05 07:30:26 | 000,008,192 | ---- | C] () -- C:\Windows\System32\dinotify.exe
[2009.06.05 00:12:07 | 000,433,616 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.06.05 00:05:50 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.04.29 21:29:40 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2010.10.10 19:55:02 | 000,000,000 | ---D | M] -- C:\Users\Administrator.MYCOMPUTER.000\AppData\Roaming\Alawar
[2010.10.16 19:29:09 | 000,000,000 | ---D | M] -- C:\Users\Administrator.MYCOMPUTER.000\AppData\Roaming\Awem
[2009.07.30 16:04:20 | 000,000,000 | ---D | M] -- C:\Users\Administrator.MYCOMPUTER.000\AppData\Roaming\Bioshock
[2010.11.12 21:06:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator.MYCOMPUTER.000\AppData\Roaming\CasualForge
[2011.05.25 20:23:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator.MYCOMPUTER.000\AppData\Roaming\FriendsGamesNetwork
[2011.01.24 18:09:09 | 000,000,000 | ---D | M] -- C:\Users\Administrator.MYCOMPUTER.000\AppData\Roaming\GHISLER
[2011.03.04 15:12:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator.MYCOMPUTER.000\AppData\Roaming\OpenOffice.org
[2009.07.23 19:47:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator.MYCOMPUTER.000\AppData\Roaming\Opera
[2011.01.05 20:40:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator.MYCOMPUTER.000\AppData\Roaming\Registry Mechanic
[2011.03.19 07:57:40 | 000,000,000 | ---D | M] -- C:\Users\Administrator.MYCOMPUTER.000\AppData\Roaming\Spy Emergency
[2011.05.13 19:01:02 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:D282699C
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

[chosse11]

OTL Extras logfile created on: 16.8.2011 15:03:03 - Run 1
OTL by OldTimer - Version 3.2.26.4 Folder = C:\Users\Administrator.MYCOMPUTER.000\Desktop
Ultimate Edition (Version = 6.1.7229) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7229.0)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,94 Gb Total Physical Memory | 1,34 Gb Available Physical Memory | 69,12% Memory free
3,87 Gb Paging File | 3,13 Gb Available in Paging File | 80,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 60,45 Gb Free Space | 61,90% Space Free | Partition Type: NTFS
Drive D: | 135,22 Gb Total Space | 131,49 Gb Free Space | 97,24% Space Free | Partition Type: NTFS
Drive E: | 128,79 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: MYCOMPUTER | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" ()
Folder [explore] -- Reg Error: Value error.

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{111E336D-30BF-4CD4-8D69-4541732AFB27}" = Rayman Raving Rabbids
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{409ECFF1-9CC7-43A8-B28A-B7F0B7CB04D1}_is1" = Classic Menu 1.51 for Office
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{4DB775C7-E32D-11D5-B2A8-00C04F538F89}" = Army Men RTS
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{578596FF-7F65-4767-9F90-37920741148C}" = MSN Toolbar Platform
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{73501be5-38b9-41af-b395-14b2dd689810}" = Nero 9 Trial
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_ENTERPRISE_{294B4278-CF7B-40B9-86A1-2D3FF0C2C524}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_ENTERPRISE_{10EC59E5-9BCE-4884-BB1A-E28627220232}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{4C0629EE-7044-4E54-BA37-F09B8225164A}" =
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_ENTERPRISE_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{93E24D32-82FA-443E-9CE0-2639CE8A0AA1}" = Reflex XTR
"{9509674F-3972-11DE-806D-005056806466}" = Google Earth
"{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout(TM) Paradise The Ultimate Box
"{9AB97F52-512B-43EF-AAEC-4825C17B32ED}" = EA.com Update
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1029-7B44-A91000000001}" = Adobe Reader 9.1 - Czech
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BBA471C0-5EF2-11D4-0091-A500A0245DC0}" = NHL 2001
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{C5AF183C-11D5-403F-8B99-85F6BBBF585E}" = Gothic
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{E1BBBAC5-2857-4155-82A6-54492CE88620}" = Opera 9.64
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{FAB43061-FEFB-46E8-A159-96710395DB5E}" = OpenOffice.org 3.2
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Azangara" = Azangara
"Bejeweled 2 Deluxe_is1" = Bejeweled 2 Deluxe
"CCleaner" = CCleaner
"Cradle Of Rome" = Cradle Of Rome
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Escape the Museum" = Escape the Museum
"Farm Frenzy" = Farm Frenzy
"Farm Frenzy - Pizza Party!" = Farm Frenzy - Pizza Party!
"Farm Frenzy 2" = Farm Frenzy 2
"Farm Frenzy 2_is1" = Farm Frenzy 2
"Farm Frenzy 3" = Farm Frenzy 3
"Farm Frenzy 3: Madagascar" = Farm Frenzy 3: Madagascar
"Farm Frenzy 3: Russian Roulette" = Farm Frenzy 3: Russian Roulette
"Farm Frenzy: Gone Fishing" = Farm Frenzy: Gone Fishing
"Fishdom™ 2" = Fishdom™ 2
"Hotel Mogul" = Hotel Mogul
"Chess 2002" = Šachy 2002
"InstallShield_{4DB775C7-E32D-11D5-B2A8-00C04F538F89}" = Army Men RTS
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"ITE_Autorun_2001PCG" = Bukkazoom
"KitchenDraw 5.0" = KitchenDraw 5.0
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"Physicus - Návrat_is1" = Physicus - Návrat
"Ptačí město" = Ptačí město
"QuickTime" = QuickTime
"rayman2" = rayman2
"S7Z" = #7Z 0.7.1 - Basic Archiver
"Spy Emergency_is1" = Spy Emergency
"Strike Ball 3" = Strike Ball 3
"TC UP" = Total Commander Ultima Prime 4.1.0.0
"Totalcmd" = Total Commander (Remove or Repair)
"Virtual Farm" = Virtual Farm
"WinRAR archiver" = WinRAR

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Beach Soccer" = Beach Soccer
"Google Chrome" = Google Chrome
"Platypus" = Platypus

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 16.8.2011 9:01:58 | Computer Name = MyComputer | Source = Windows Search Service | ID = 3058
Description =

Error - 16.8.2011 9:01:58 | Computer Name = MyComputer | Source = Windows Search Service | ID = 7010
Description =

Error - 16.8.2011 9:02:02 | Computer Name = MyComputer | Source = Windows Search Service | ID = 3029
Description =

Error - 16.8.2011 9:02:02 | Computer Name = MyComputer | Source = Windows Search Service | ID = 3028
Description =

Error - 16.8.2011 9:02:02 | Computer Name = MyComputer | Source = Windows Search Service | ID = 3058
Description =

Error - 16.8.2011 9:02:02 | Computer Name = MyComputer | Source = Windows Search Service | ID = 7010
Description =

Error - 16.8.2011 9:03:31 | Computer Name = MyComputer | Source = Windows Search Service | ID = 3029
Description =

Error - 16.8.2011 9:03:31 | Computer Name = MyComputer | Source = Windows Search Service | ID = 3028
Description =

Error - 16.8.2011 9:03:31 | Computer Name = MyComputer | Source = Windows Search Service | ID = 3058
Description =

Error - 16.8.2011 9:03:31 | Computer Name = MyComputer | Source = Windows Search Service | ID = 7010
Description =

[ Media Center Events ]
Error - 23.12.2010 3:47:32 | Computer Name = MyComputer | Source = MCUpdate | ID = 0
Description = 8:47:32 - Načtení položky Directory se nezdařilo. (Chyba: Platnost
operace vypršela.)

Error - 23.12.2010 3:48:15 | Computer Name = MyComputer | Source = MCUpdate | ID = 0
Description = 8:48:11 - Chyba při připojování k Internetu 8:48:11 - Nelze kontaktovat
server..

[ OSession Events ]
Error - 23.12.2010 6:46:55 | Computer Name = MyComputer | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 11
seconds with 0 seconds of active time. This session ended with a crash.

Error - 13.1.2011 12:59:32 | Computer Name = MyComputer | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 17.1.2011 14:11:51 | Computer Name = MyComputer | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 24.1.2011 15:49:12 | Computer Name = MyComputer | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

Error - 24.2.2011 13:45:42 | Computer Name = MyComputer | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11.3.2011 11:45:02 | Computer Name = MyComputer | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 60
seconds with 0 seconds of active time. This session ended with a crash.

Error - 17.4.2011 13:39:05 | Computer Name = MyComputer | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.

Error - 4.5.2011 14:22:52 | Computer Name = MyComputer | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2.7.2011 13:23:20 | Computer Name = MyComputer | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2.7.2011 13:23:37 | Computer Name = MyComputer | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 16.8.2011 9:01:58 | Computer Name = MyComputer | Source = Service Control Manager | ID = 7023
Description = Služba Windows Search byla ukončena s následující chybou: %%2

Error - 16.8.2011 9:01:58 | Computer Name = MyComputer | Source = Service Control Manager | ID = 7034
Description = Služba Windows Search byla neočekávaně ukončena. Tento stav nastal
již 5krát.

Error - 16.8.2011 9:02:02 | Computer Name = MyComputer | Source = Service Control Manager | ID = 7023
Description = Služba Windows Search byla ukončena s následující chybou: %%2

Error - 16.8.2011 9:02:02 | Computer Name = MyComputer | Source = Service Control Manager | ID = 7034
Description = Služba Windows Search byla neočekávaně ukončena. Tento stav nastal
již 6krát.

Error - 16.8.2011 9:03:31 | Computer Name = MyComputer | Source = Service Control Manager | ID = 7023
Description = Služba Windows Search byla ukončena s následující chybou: %%2

Error - 16.8.2011 9:03:31 | Computer Name = MyComputer | Source = Service Control Manager | ID = 7034
Description = Služba Windows Search byla neočekávaně ukončena. Tento stav nastal
již 7krát.

Error - 16.8.2011 9:04:32 | Computer Name = MyComputer | Source = Ntfs | ID = 262199
Description = Struktura systému souborů disku je poškozená a je nepoužitelná. Je
nutné na svazek \Device\HarddiskVolume1 spustit nástroj chkdsk.

Error - 16.8.2011 9:04:32 | Computer Name = MyComputer | Source = Ntfs | ID = 262199
Description = Struktura systému souborů disku je poškozená a je nepoužitelná. Je
nutné na svazek C: spustit nástroj chkdsk.

Error - 16.8.2011 9:04:48 | Computer Name = MyComputer | Source = Ntfs | ID = 262199
Description = Struktura systému souborů disku je poškozená a je nepoužitelná. Je
nutné na svazek \Device\HarddiskVolume1 spustit nástroj chkdsk.

Error - 16.8.2011 9:04:48 | Computer Name = MyComputer | Source = Ntfs | ID = 262199
Description = Struktura systému souborů disku je poškozená a je nepoužitelná. Je
nutné na svazek \Device\HarddiskVolume1 spustit nástroj chkdsk.


< End of report >

[Caroprd111]

V logu nic podezřelého, poprosím Vás o log z CF http://www.bleepingcomputer.com/combofi ... t-combofix

[chosse11]

ComboFix 11-08-16.02 - Administrator 16.08.2011 15:42:50.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7229.0.1250.420.1029.18.1983.1174 [GMT 2:00]
Spuštěný z: c:\users\Administrator.MYCOMPUTER.000\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Administrator.MYCOMPUTER.000\AppData\Roaming\Microsoft\Windows\Recent\Comfy Cakes.pif
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-16 do 2011-08-16 )))))))))))))))))))))))))))))))
.
.
2011-08-16 13:57 . 2011-08-16 13:57 -------- d-----w- c:\users\Administrator.MYCOMPUTER.000\AppData\Local\temp
2011-08-16 13:57 . 2011-08-16 13:57 -------- d-----w- c:\users\děti\AppData\Local\temp
2011-08-16 13:57 . 2011-08-16 13:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-16 13:26 . 2011-08-16 13:26 -------- d-----w- c:\users\Administrator.MYCOMPUTER.000\AppData\Roaming\Sammsoft
2011-08-16 13:26 . 2011-08-16 13:26 -------- d-----w- c:\program files\Ask.com
2011-08-16 13:25 . 2011-08-16 13:25 -------- d-----w- c:\program files\ARO 2011
2011-08-15 20:21 . 2011-08-16 07:39 512 ----a-w- C:\PhysicalMBR.bin
2011-08-15 19:50 . 2011-08-15 19:50 -------- d-----w- C:\rsit
2011-08-15 19:50 . 2011-08-15 19:50 -------- d-----w- c:\program files\trend micro
2011-08-15 19:21 . 2011-08-15 19:21 -------- d-----w- c:\program files\CCleaner
2011-08-15 19:15 . 2011-08-15 19:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-07-29 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-07-29 20:05 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-07-29 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-07-29 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-06-05 1173504]
"SpyEmergency"="c:\program files\NETGATE\Spy Emergency\SpyEmergency.exe" [2011-03-02 2394752]
"AROReminder"="c:\program files\ARO 2011\aro.exe" [2011-01-25 2312048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-08-21 98304]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe" [2010-07-06 240480]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-07-29 887976]
.
c:\users\Administrator.MYCOMPUTER.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2008-07-22 10:34 2772992 ----a-w- c:\program files\Electronic Arts\EADM\Core.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
R3 SpyEmrgAccess;Spy Emergency OnAccess Driver;c:\windows\system32\Drivers\spyemrg_access.sys [2009-09-17 18232]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-07-23 721904]
S1 eusk2par;Aladdin SmartKey Parallel Driver;c:\windows\system32\Drivers\eusk2par.sys [2008-12-18 25680]
S1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\Drivers\spyemrg.sys [2009-09-17 12344]
S1 VD_FileDisk;VD_FileDisk; [x]
S2 SpyEmrgSrv;Spy Emergency Engine Service;c:\program files\NETGATE\Spy Emergency\SpyEmergencySrv.exe [2011-03-02 2230912]
S3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;c:\windows\system32\Drivers\spyemrg_guard.sys [2009-09-17 14392]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2213656119-1462395472-1304943397-500Core.job
- c:\users\Administrator.MYCOMPUTER.000\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-12 19:07]
.
2011-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2213656119-1462395472-1304943397-500UA.job
- c:\users\Administrator.MYCOMPUTER.000\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-12 19:07]
.
2011-03-04 c:\windows\Tasks\Norton Security Scan for Administrator.job
- c:\program files\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2010-01-17 05:32]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.mv-net.cz/
mStart Page = hxxp://alawar.com.pt
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.20
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKU-Default-RunOnce-DAEMON Tools Lite 4.30.4.0027 Setup - e:\wpi\Install\daemon.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6d,44,06,85,55,c0,f5,4f,89,38,e0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6d,44,06,85,55,c0,f5,4f,89,38,e0,\
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AVI"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="PBrush"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:af,10,6f,3d,ba,68,3e,41,69,c2,0a,48,0b,dd,20,65,41,4a,82,4d,45,66,df,
d5,c4,91,7c,6c,51,2f,ea,3d,f1,af,58,cd,07,8c,b3,37,e9,89,49,71,43,0c,db,4f,\
"??"=hex:41,e0,42,8c,cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b
.
[HKEY_USERS\S-1-5-21-2213656119-1462395472-1304943397-500\Software\SecuROM\License information*]
"datasecu"=hex:a0,1f,2d,ec,38,b5,78,d9,a5,11,41,40,32,b2,33,6f,68,97,5c,24,d6,
9b,1a,08,a1,df,d0,05,ac,93,be,38,ce,e3,f5,cd,1b,56,b5,68,48,4e,e6,33,98,26,\
"rkeysecu"=hex:6c,05,6d,90,42,45,a6,38,8d,e1,9f,24,87,f6,94,eb
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-08-16 15:59:11
ComboFix-quarantined-files.txt 2011-08-16 13:59
.
Před spuštěním: Volných bajtů: 65 046 839 296
Po spuštění: Volných bajtů: 65 165 586 432
.
- - End Of File - - 5DB58AFDBFE092284772312A5217285E