preventivka - pomaly pocitac

[miso]

ComboFix 13-04-29.01 - pocitac 30.04.2013 20:59:01.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.895.316 [GMT 2:00]
Running from: c:\documents and settings\pocitac\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\pocitac\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\program files\Common Files\AskToolbarInstaller.exe"
"c:\windows\tasks\Adobe Flash Player Updater.job"
"c:\windows\tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\AskToolbarInstaller.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\tasks\Adobe Flash Player Updater.job
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\erdnt\cache\userinit.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ADOBEFLASHPLAYERUPDATESVC
-------\Legacy_JAVAQUICKSTARTERSERVICE
-------\Legacy_NMINDEXINGSERVICE
-------\Service_AdobeFlashPlayerUpdateSvc
-------\Service_JavaQuickStarterService
-------\Service_NBService
-------\Service_NMIndexingService
.
.
((((((((((((((((((((((((( Files Created from 2013-03-28 to 2013-04-30 )))))))))))))))))))))))))))))))
.
.
2013-04-26 18:10 . 2013-04-26 18:10 -------- d-----w- c:\documents and settings\pocitac\Application Data\Malwarebytes
2013-04-26 18:10 . 2013-04-26 18:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-04-17 14:43 . 2013-04-17 14:43 -------- d-----w- c:\program files\Common Files\Java
2013-04-17 14:43 . 2013-04-04 03:35 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-14 17:40 . 2013-04-14 17:40 -------- d-----w- c:\documents and settings\pocitac\Local Settings\Application Data\PDF24
2013-04-14 17:38 . 2013-04-14 17:39 -------- d-----w- c:\program files\PDF24
2013-04-14 10:37 . 2013-04-14 10:37 26520 ----a-w- c:\program files\Mozilla Firefox\plugin-hang-ui.exe
2013-04-02 18:32 . 2013-04-02 18:32 -------- d-----w- c:\documents and settings\pocitac\Application Data\Unity
2013-04-02 18:30 . 2013-04-02 18:30 -------- d-----w- c:\documents and settings\pocitac\Local Settings\Application Data\Unity
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-22 16:52 . 2012-05-24 16:34 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-22 16:52 . 2011-06-06 15:45 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-19 14:59 . 2012-09-10 14:48 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-19 14:59 . 2010-05-25 15:46 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-06 23:33 . 2013-03-21 18:49 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-06 23:33 . 2013-03-21 18:49 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-06 23:33 . 2012-06-30 14:15 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 23:33 . 2012-06-30 14:15 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 23:33 . 2012-06-30 14:15 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-03-06 23:33 . 2012-06-30 14:15 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 23:33 . 2013-03-21 18:49 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-06 23:33 . 2013-03-21 18:49 21576 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-03-06 23:33 . 2012-06-30 14:15 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 23:32 . 2012-06-30 14:14 41664 ----a-w- c:\windows\avastSS.scr
2013-03-06 23:32 . 2012-06-30 14:14 228600 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-31 09:09 . 2010-03-31 09:09 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
2010-04-08 11:36 . 2010-04-08 11:36 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2013-04-14 10:37 . 2012-10-29 17:42 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-30 7634944]
"nwiz"="nwiz.exe" [2006-10-30 1622016]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-19 16858112]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2013-03-20 162856]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-5-23 113664]
emSwapTool.lnk - c:\program files\USB Camera\Driver\emSwapAp2.exe [2007-10-30 53248]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2011-5-27 610120]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Documents and Settings\\All Users\\Application Data\\Skype\\Plugins\\Plugins\\E12C95FCBD1240FEAE314D89676CA6F8\\LieDetector.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\ICQ7.6\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [21.3.2013 20:49 49248]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [21.3.2013 20:49 21576]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [30.6.2012 16:15 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [30.6.2012 16:15 368176]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [30.6.2012 16:15 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [21.3.2013 20:49 66336]
R3 DCamUSBET;ET USB 2760 Camera;c:\windows\system32\drivers\etDevice.sys [29.11.2007 4:16 121856]
R3 FiltUSBET;ET USB Device Lower Filter;c:\windows\system32\drivers\etFilter.sys [12.9.2007 20:58 217088]
R3 ScanUSBET;ET USB Still Image Capture Device;c:\windows\system32\drivers\etScan.sys [7.9.2007 13:43 6656]
S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [21.3.2013 20:49 164736]
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-30 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-06-30 23:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Application Data\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Application Data\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Application Data\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Application Data\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Application Data\LangSoft\WebIE.dll
TCP: DhcpNameServer = 208.67.220.220 208.67.222.222
FF - ProfilePath - c:\documents and settings\pocitac\Application Data\Mozilla\Firefox\Profiles\rmbek8f1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - ExtSQL: !HIDDEN! 2010-03-21 18:17; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-30 21:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1390067357-1343024091-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2013-04-30 21:09:21 - machine was rebooted
ComboFix-quarantined-files.txt 2013-04-30 19:09
ComboFix2.txt 2013-04-30 17:24
.
Pre-Run: 63 399 313 408 bytes free
Post-Run: 14 adresárov, 63 292 620 800 voľných bajtov
.
- - End Of File - - B1F38851C46ADDC8061DA70E6D8CFE18

[Márty84]

Dejte novy log z RSIT

[miso]

Logfile of random's system information tool 1.09 (written by random/random)
Run by pocitac at 2013-04-30 22:26:32
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 60 GB (75%) free of 80 GB
Total RAM: 895 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:26:59, on 30.4.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\PDF24\pdf24.exe
C:\Program Files\USB Camera\Driver\emSwapAp2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\WINDOWS\SoftwareDistribution\Download\f35839bf00bc83543dbda7acaf1e2a3b\update\update.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Documents and Settings\pocitac\Desktop\RSIT.exe
C:\Program Files\trend micro\pocitac.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: emSwapTool.lnk = C:\Program Files\USB Camera\Driver\emSwapAp2.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7897 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\avast! Emergency Update.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\pocitac\Application Data\Mozilla\Firefox\Profiles\rmbek8f1.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.google.sk/"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, jqs@sun.com:1.0, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.7.700.169 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
NPOFF12.DLL
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
NPSibelius.dll
PDFNetC.dll
QuickTimePlugin.class
ScorchPDFWrapper.dll

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Documents and Settings\pocitac\Application Data\Mozilla\Firefox\Profiles\rmbek8f1.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}

C:\Documents and Settings\pocitac\Application Data\Mozilla\Firefox\Profiles\rmbek8f1.default\searchplugins\
facebook.xml
icqplugin-4.xml
search-the-web.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18 66280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll [2009-04-28 503808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-04-04 462752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-04-04 171424]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-31 7634944]
"nwiz"=nwiz.exe /install []
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-02-19 16858112]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-03-07 4767304]
"PDFPrint"=C:\Program Files\PDF24\pdf24.exe [2013-03-20 162856]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"=C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [2007-09-04 81920]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
emSwapTool.lnk - C:\Program Files\USB Camera\Driver\emSwapAp2.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"HonorAutoRunSetting"=1
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\LieDetector.exe"="C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\LieDetector.exe:*:Enabled:KishKish Lie Detector"
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\ICQ7.6\ICQ.exe"="C:\Program Files\ICQ7.6\ICQ.exe:*:Enabled:ICQ7.6"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.6\ICQ.exe"="C:\Program Files\ICQ7.6\ICQ.exe:*:Enabled:ICQ7.6"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.DIVX"=divx.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"MSVideo8"=VfWWDM32.dll
"vidc.tscc"=tsccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv

======List of files/folders created in the last 1 month======

2013-04-30 22:26:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2393802$
2013-04-30 22:26:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2620712$
2013-04-30 22:26:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2566454$
2013-04-30 22:25:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2661637$
2013-04-30 22:25:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2584146$
2013-04-30 22:22:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2423089$
2013-04-30 22:09:03 ----N---- C:\WINDOWS\system32\iacenc.dll
2013-04-30 22:04:50 ----D---- C:\WINDOWS\LastGood
2013-04-30 21:09:22 ----A---- C:\ComboFix.txt
2013-04-30 21:04:55 ----D---- C:\WINDOWS\temp
2013-04-30 20:57:50 ----A---- C:\WINDOWS\NIRCMD.exe
2013-04-30 19:06:32 ----RASHD---- C:\cmdcons
2013-04-30 19:04:59 ----A---- C:\WINDOWS\zip.exe
2013-04-30 19:04:59 ----A---- C:\WINDOWS\SWXCACLS.exe
2013-04-30 19:04:59 ----A---- C:\WINDOWS\SWSC.exe
2013-04-30 19:04:59 ----A---- C:\WINDOWS\SWREG.exe
2013-04-30 19:04:59 ----A---- C:\WINDOWS\sed.exe
2013-04-30 19:04:59 ----A---- C:\WINDOWS\PEV.exe
2013-04-30 19:04:59 ----A---- C:\WINDOWS\MBR.exe
2013-04-30 19:04:59 ----A---- C:\WINDOWS\grep.exe
2013-04-30 19:04:50 ----D---- C:\Qoobox
2013-04-30 19:04:39 ----D---- C:\WINDOWS\erdnt
2013-04-26 20:10:31 ----D---- C:\Documents and Settings\pocitac\Application Data\Malwarebytes
2013-04-26 20:10:17 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-04-26 19:57:59 ----A---- C:\AdwCleaner[S1].txt
2013-04-26 19:46:36 ----A---- C:\AdwCleaner[R1].txt
2013-04-17 16:43:18 ----D---- C:\Program Files\Common Files\Java
2013-04-17 16:43:06 ----A---- C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-04-17 16:43:06 ----A---- C:\WINDOWS\system32\javaw.exe
2013-04-17 16:43:06 ----A---- C:\WINDOWS\system32\java.exe
2013-04-14 19:38:35 ----D---- C:\Program Files\PDF24
2013-04-02 20:32:44 ----D---- C:\Documents and Settings\pocitac\Application Data\Unity

======List of files/folders modified in the last 1 month======

2013-04-30 22:26:59 ----HD---- C:\WINDOWS\inf
2013-04-30 22:26:57 ----D---- C:\WINDOWS
2013-04-30 22:26:50 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-04-30 22:26:43 ----D---- C:\WINDOWS\system32
2013-04-30 22:26:43 ----D---- C:\Program Files\trend micro
2013-04-30 22:26:20 ----HD---- C:\WINDOWS\$hf_mig$
2013-04-30 22:26:16 ----A---- C:\WINDOWS\imsins.BAK
2013-04-30 22:26:11 ----RSD---- C:\WINDOWS\assembly
2013-04-30 22:26:07 ----D---- C:\WINDOWS\system32\drivers
2013-04-30 22:25:38 ----D---- C:\WINDOWS\Microsoft.NET
2013-04-30 22:25:34 ----SHD---- C:\WINDOWS\Installer
2013-04-30 22:25:34 ----D---- C:\Config.Msi
2013-04-30 22:25:04 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-04-30 22:24:42 ----D---- C:\WINDOWS\WinSxS
2013-04-30 22:22:05 ----D---- C:\Program Files\Outlook Express
2013-04-30 22:14:47 ----D---- C:\WINDOWS\system32\CatRoot2
2013-04-30 22:08:59 ----D---- C:\WINDOWS\system32\CatRoot
2013-04-30 22:04:58 ----D---- C:\WINDOWS\Help
2013-04-30 21:08:33 ----D---- C:\WINDOWS\Prefetch
2013-04-30 21:07:15 ----A---- C:\WINDOWS\system.ini
2013-04-30 21:06:59 ----D---- C:\WINDOWS\system32\drivers\etc
2013-04-30 21:05:07 ----D---- C:\WINDOWS\system32\config
2013-04-30 21:04:39 ----SD---- C:\WINDOWS\Tasks
2013-04-30 21:04:38 ----D---- C:\Program Files\Common Files
2013-04-30 21:03:04 ----D---- C:\WINDOWS\AppPatch
2013-04-30 20:58:58 ----D---- C:\Documents and Settings\pocitac\Application Data\Skype
2013-04-30 20:57:54 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-04-30 19:06:36 ----RASH---- C:\boot.ini
2013-04-30 18:09:40 ----D---- C:\Documents and Settings\pocitac\Application Data\skypePM
2013-04-27 18:33:38 ----RD---- C:\Program Files
2013-04-27 18:21:13 ----D---- C:\WINDOWS\msapps
2013-04-26 20:01:43 ----D---- C:\Documents and Settings\pocitac\Application Data\ICQ
2013-04-26 19:58:17 ----D---- C:\Documents and Settings\All Users\Application Data\ICQ
2013-04-26 18:21:57 ----A---- C:\WINDOWS\NeroDigital.ini
2013-04-26 17:59:19 ----D---- C:\Program Files\Landwirtschafts Simulator 2011
2013-04-26 17:58:52 ----HD---- C:\Program Files\InstallShield Installation Information
2013-04-26 17:58:51 ----D---- C:\Program Files\InterVideo
2013-04-26 17:56:23 ----D---- C:\Program Files\Google
2013-04-22 18:52:17 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-04-17 16:43:06 ----D---- C:\Program Files\Java
2013-04-15 14:20:11 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-04-14 12:38:16 ----D---- C:\Program Files\Mozilla Firefox

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [2013-03-07 49248]
R0 nvata;nvata; C:\WINDOWS\system32\DRIVERS\nvata.sys [2006-10-18 105472]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-03-03 48640]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-02-23 6656]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2004-12-03 20544]
R1 aswKbd;aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [2013-03-07 21576]
R1 AswRdr;aswRdr; C:\WINDOWS\system32\drivers\AswRdr.sys [2013-03-07 49760]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2013-03-07 765736]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2013-03-07 368176]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2013-03-07 62376]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2013-03-07 29816]
R2 aswMonFlt;aswMonFlt; \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys []
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 DCamUSBET;ET USB 2760 Camera; C:\WINDOWS\system32\DRIVERS\etDevice.sys [2007-11-29 121856]
R3 FiltUSBET;ET USB Device Lower Filter; C:\WINDOWS\system32\DRIVERS\etFilter.sys [2007-09-12 217088]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-02-26 4737024]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-11 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-31 3964256]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2007-05-21 46080]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2007-05-21 19968]
R3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys []
R3 ScanUSBET;ET USB Still Image Capture Device; C:\WINDOWS\system32\DRIVERS\etScan.sys [2007-09-07 6656]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys []
S1 AmdPPM;AMD HwPState Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys []
S3 aswVmm;aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [2013-03-07 164736]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 mbr;mbr; \??\C:\DOCUME~1\pocitac\LOCALS~1\Temp\mbr.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 s116bus;Sony Ericsson Device 116 driver (WDM); C:\WINDOWS\system32\DRIVERS\s116bus.sys [2007-04-03 83336]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-03-07 45248]
R2 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
R2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2007-05-15 20543]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2007-05-21 135233]
R2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2007-05-21 65605]
R2 nTuneService;nTune Service; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2007-09-04 131072]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-31 155715]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-04-14 115608]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Márty84]

Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne
Najdete tento soubor C:\Program Files\trend micro\pocitac.exe a spustte ho.
Kliknete na Main menu a na Do a system scan only
U techto radku dejte vlevo zatrzitko

Kód: Vybrat vše

R3 - URLSearchHook: (no name) - - (no file)
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

Kliknete na nápis Fix checked a potvrdte





Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne
Stahnete OTM http://oldtimer.geekstogo.com/OTM.exe , ulozte nejlepe na plochu a spustte.
Do leveho okna zkopirujte tento skript (vcetne te dvojtecky pred slovem commands)

Kód: Vybrat vše

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[Purity]

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
C:\Documents and Settings\pocitac\Application Data\Mozilla\Firefox\Profiles\rmbek8f1.default\searchplugins\icqplugin-4.xml
C:\Documents and Settings\pocitac\Application Data\Mozilla\Firefox\Profiles\rmbek8f1.default\searchplugins\search-the-web.xml

Kliknete na MoveIt a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu sem dejte log, ktery na vas vyskoci, nebo bude zde C:\_OTM\MovedFiles\xxxxxxxx_xxxxxx (misto tech x budou cisla, predstavujici datum a cas spusteni)

[miso]

log je tu ale pred restartom mi ako keby seklo obrazovku, zostala iba prazdna plocha a nic sa nedialo tak som restartol natvrdo
All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: pocitac
->Temp folder emptied: 48835751 bytes
->Temporary Internet Files folder emptied: 155324610 bytes
->Java cache emptied: 1 bytes
->FireFox cache emptied: 172542126 bytes
->Flash cache emptied: 300527 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 14688000 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 40438125 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 412,00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: pocitac
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
========== FILES ==========
DllUnregisterServer procedure not found in C:\WINDOWS\system32\_000006_.tmp.dll
DllUnregisterServer procedure not found in C:\WINDOWS\system32\_000007_.tmp.dll
LoadLibrary failed for C:\WINDOWS\system32\_000008_.tmp.dll
DllUnregisterServer procedure not found in C:\WINDOWS\system32\_000009_.tmp.dll
DllUnregisterServer procedure not found in C:\WINDOWS\system32\_000014_.tmp.dll
C:\WINDOWS\system32\_000006_.tmp.dll moved successfully.
C:\WINDOWS\system32\_000007_.tmp.dll moved successfully.
C:\WINDOWS\system32\_000008_.tmp.dll moved successfully.
C:\WINDOWS\system32\_000009_.tmp.dll moved successfully.
C:\WINDOWS\system32\_000010_.tmp.dll moved successfully.
C:\WINDOWS\system32\_000014_.tmp.dll moved successfully.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
C:\Documents and Settings\pocitac\Application Data\Mozilla\Firefox\Profiles\rmbek8f1.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Documents and Settings\pocitac\Application Data\Mozilla\Firefox\Profiles\rmbek8f1.default\searchplugins\search-the-web.xml moved successfully.

OTM by OldTimer - Version 3.1.21.0 log created on 04302013_225311

Files moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

[Márty84]

Stahnete crystal disk info http://sourceforge.jp/projects/crystald ... 5_0_0.zip/
Spustte ho. Za chvili se zobrazi vysledek.
Kliknete nahore na napis Úpravy a pak na napis Kopírovat. To co se zkopiruje (ulozi se to do pameti) mi sem vlozte (ctrl + V)

[miso]

----------------------------------------------------------------------------
CrystalDiskInfo 5.0.0 (C) 2008-2012 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows XP Professional SP3 [5.1 Build 2600] (x86)
Date : 2013/05/01 9:51:43

-- Controller Map ----------------------------------------------------------
+ Standard Dual Channel PCI IDE Controller [ATA]
+ Primary IDE Channel (0)
- LITE-ON DVD SHD-16P1S
- Hitachi HDS721616PLAT80
- Secondary IDE Channel (1)
+ NVIDIA MCP61 Serial ATA Controller [ATA]
- TSSTcorp CDDVDW SH-S203P
- WDC WD1600AAJS-22L7A0

-- Disk List ---------------------------------------------------------------
(1) Hitachi HDS721616PLAT80 : 164,6 GB [0/0/0, pd1]
(2) WDC WD1600AAJS-22L7A0 : 160,0 GB [1/2/2, pd1]

----------------------------------------------------------------------------
(1) Hitachi HDS721616PLAT80
----------------------------------------------------------------------------
Model : Hitachi HDS721616PLAT80
Firmware : P22OA8BA
Serial Number : PV5301ZHRVE00M
Disk Size : 164,6 GB (8,4/137,4/164,6)
Buffer Size : 7376 KB
Queue Depth : 1
# of Sectors : 321672960
Rotation Rate : Unknown
Interface : Parallel ATA
Major Version : ATA/ATAPI-7
Minor Version : ATA/ATAPI-7 T13 1532D version 1
Transfer Mode : Ultra DMA/133
Power On Hours : 13063 hours
Power On Count : 3169 count
Temparature : 25 C (77 F)
Health Status : Good
Features : S.M.A.R.T., APM, AAM, 48bit LBA
APM Level : 0000h [OFF]
AAM Level : 80FEh [OFF]

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 100 100 _16 000000000000 Read Error Rate
02 100 100 _50 000000000000 Throughput Performance
03 121 121 _24 000300A500A5 Spin-Up Time
04 100 100 __0 000000000C6D Start/Stop Count
05 100 100 __5 000000000000 Reallocated Sectors Count
07 100 100 _67 000000000000 Seek Error Rate
08 100 100 _20 000000000000 Seek Time Performance
09 _99 _99 __0 000000003307 Power-On Hours
0A 100 100 _60 000000000000 Spin Retry Count
0C 100 100 __0 000000000C61 Power Cycle Count
C0 _98 _98 __0 000000000D47 Power-off Retract Count
C1 _98 _98 __0 000000000D47 Load/Unload Cycle Count
C2 240 240 __0 0035000E0019 Temperature
C4 100 100 __0 000000000000 Reallocation Event Count
C5 100 100 __0 000000000000 Current Pending Sector Count
C6 100 100 __0 000000000000 Uncorrectable Sector Count
C7 200 200 __0 000000000000 UltraDMA CRC Error Count

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 045A 3FFF C837 0010 0000 003F 003F 0000 0000 0000
010: 2020 2020 2020 5056 3533 5A48 5A48 5256 4530 304D
020: 0003 39A1 0033 5032 324F 4241 4241 4869 7461 6368
030: 6920 4844 5337 3231 3631 4C41 4C41 5438 3020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 0000 2F00
050: 4000 0200 0200 0007 3FFF 003F 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 00F0 0078 0000
070: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
080: 00FC 001A 346B 7FE9 4773 BC01 BC01 4763 407F 0020
090: 0000 0000 FFFE 603B 80FE 00CA 00CA 00F9 2710 0000
100: 5700 132C 0000 0000 00CA 0000 0000 5A87 5000 CCA3
110: 40CC 0273 0000 0000 0000 0000 0000 0000 0000 4010
120: 4010 0000 0000 0000 0000 0000 0000 0000 0009 000B
130: 0000 0000 2982 0DB1 FE20 4000 4000 0004 0000 0000
140: 0000 5DFF 27B7 11EA 0300 3F7F 3F7F 00C0 0040 2A00
150: 8000 0000 324F 4E38 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 003F 003F 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
220: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 23A5

----------------------------------------------------------------------------
(2) WDC WD1600AAJS-22L7A0
----------------------------------------------------------------------------
Model : WDC WD1600AAJS-22L7A0
Firmware : 01.03E01
Serial Number : WD-WMAV30223010
Disk Size : 160,0 GB (8,4/137,4/160,0)
Buffer Size : 8192 KB
Queue Depth : 32
# of Sectors : 312579695
Rotation Rate : Unknown
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ----
Transfer Mode : SATA/300
Power On Hours : 10881 hours
Power On Count : 2845 count
Temparature : 26 C (78 F)
Health Status : Good
Features : S.M.A.R.T., AAM, 48bit LBA, NCQ
APM Level : ----
AAM Level : 80FEh [OFF]

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 200 200 _51 000000000000 Read Error Rate
03 127 124 _21 000000001200 Spin-Up Time
04 _98 _98 __0 000000000B23 Start/Stop Count
05 200 200 140 000000000000 Reallocated Sectors Count
07 100 253 __0 000000000000 Seek Error Rate
09 _86 _86 __0 000000002A81 Power-On Hours
0A 100 100 __0 000000000000 Spin Retry Count
0B 100 100 __0 000000000000 Recalibration Retries
0C _98 _98 __0 000000000B1D Power Cycle Count
C0 200 200 __0 0000000000D4 Power-off Retract Count
C1 200 200 __0 000000000B23 Load/Unload Cycle Count
C2 117 _86 __0 00000000001A Temperature
C4 200 200 __0 000000000000 Reallocation Event Count
C5 200 200 __0 000000000000 Current Pending Sector Count
C6 200 200 __0 000000000000 Uncorrectable Sector Count
C7 200 200 __0 000000000000 UltraDMA CRC Error Count
C8 200 200 __0 000000000000 Write Error Rate

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 427A 3FFF C837 0010 0000 003F 003F 0000 0000 0000
010: 2020 2020 2057 442D 574D 3330 3330 3232 3330 3130
020: 0000 4000 0032 3031 2E30 3031 3031 5744 4320 5744
030: 3136 3030 4141 4A53 2D32 3741 3741 3020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 0000 2F00
050: 4001 0000 0000 0007 3FFF 003F 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 0706 0706 0000 0044 0040
080: 01FE 0000 746B 7F61 4123 BC41 BC41 4123 407F 0010
090: 0010 0000 FFFE 0000 80FE 0000 0000 0000 0000 0000
100: 966F 12A1 0000 0000 0000 0000 0000 0000 5001 4EE0
110: 00E7 9C75 0000 0000 0000 0000 0000 0000 0000 4010
120: 4010 0000 0000 0000 0000 0000 0000 0000 0029 0000
130: 0000 0000 0000 16CB 0000 0000 0000 0000 0000 0000
140: 0000 0000 0004 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 303F 303F 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
220: 0000 0000 100E 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 0000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 F0A5

[Márty84]

Prejmenujte ComboFix na Uninstall a spustte ho. CF by se mel odinstalovat.

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry mohou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

Stahnete OTC http://oldtimer.geekstogo.com/OTC.exe , ulozte a spustte.
Kliknete na napis CleanUp a pote OK - Po uklidu dojde k restartu pc.

Stahnete TFC http://oldtimer.geekstogo.com/TFC.exe , ulozte a spustte
Kliknete na START a pote OK - Po uklidu dojde k restartu pc.
Po pouziti muzete programek smazat

Stahnete Ccleaner http://www.stahuj.centrum.cz/utility_a_ ... /ccleaner/ a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!

Defragmentujte disk(y)
Stahnete program Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
Pri instalaci opet pozor na toolbar
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.




Pak napiste, jak je na tom pc.

[miso]

uz sa defrtagmentuje, ale po skonceni OTC sa pocitac restartoval, a po nacitani sa restartoval este raz upne sam. tie subory ktore som stahoval mam nechat alebo ich mozem vymazat? napr. crystal disk, t-cleaner...

[Márty84]

T-Cleaner muzete smazat, Crystal klidne taky. A vlastne vsechno. Zustat by mel jen CCleaner a Defraggler


3.7.2013 pro neaktivitu http://forum.viry.cz/viewtopic.php?f=12&t=123975