Prosim o analyzu logu

[wipi]

Prosim o analyzu logu. Pocitac je velice pomaly a mam tu v prohlizeci Chrome MyStart:Incredibar.

Predem moc diky za pomoc!

info.txt logfile of random's system information tool 1.09 2013-10-07 11:27:47

======Uninstall list======

-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0C0A-0000-0000000FF1CE} /uninstall {91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0C0A-0000-0000000FF1CE} /uninstall {91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0C0A-0000-0000000FF1CE} /uninstall {91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0C0A-0000-0000000FF1CE} /uninstall {91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0C0A-0000-0000000FF1CE} /uninstall {91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0C0A-0000-0000000FF1CE} /uninstall {91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0403-0000-0000000FF1CE} /uninstall {4B47C31E-46B0-462B-BEE4-DC383B6A1F2A}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0416-0000-0000000FF1CE} /uninstall {75EBE365-7FC5-4720-A7D3-804BF550D1BC}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-042D-0000-0000000FF1CE} /uninstall {E62E1AA9-F2F1-4230-8EC7-5D90ECCDFE1A}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0456-0000-0000000FF1CE} /uninstall {D93B4372-B042-4AB2-A657-C5C5C25F8BAC}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0C0A-0000-0000000FF1CE} /uninstall {91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0C0A-0000-0000000FF1CE} /uninstall {6113C11D-BACA-4D8E-8002-03C8D06FD5E6}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0C0A-0000-0000000FF1CE} /uninstall {91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0C0A-0000-0000000FF1CE} /uninstall {91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}
Adobe Reader 9 - Español-->MsiExec.exe /I{AC76BA86-7AD7-1034-7B44-A90000000001}
Apple Mobile Device Support-->MsiExec.exe /I{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}
Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
Ares 2.2.4-->"C:\Program Files\Ares\uninstall.exe"
avast! Free Antivirus-->C:\Program Files\AVAST Software\Avast\aswRunDll.exe "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
Bonjour-->MsiExec.exe /X{79155F2B-9895-49D7-8612-D92580E0DE5B}
calibre-->MsiExec.exe /I{BC093E6F-61D2-4F6D-9463-ECDC2CA25462}
CameraHelperMsi-->MsiExec.exe /I{15634701-BACE-4449-8B25-1567DA8C9FD3}
Combined Community Codec Pack 2008-01-24-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
Compatibilidad con Aplicaciones de Apple-->MsiExec.exe /I{63EC2120-1742-4625-AA47-C6A8AEC9C64C}
Compresor WinRAR-->C:\Program Files\WinRAR\uninstall.exe
erLT-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_1025007F\HXFSETUP.EXE -U -IWstAzlK.inf
Herramienta de carga de Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
IB Updater Service-->"C:\WINDOWS\system32\WNLT\Installation\uninstaller.exe"
Incredibar Toolbar on IE and Chrome-->"C:\Program Files\Incredibar.com\incredibar\1.5.11.14\uninstall.exe"
iTunes-->MsiExec.exe /I{0F6F6876-6334-4977-B5DD-CFC12E193420}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
Localization Pack for Microsoft Windows XP Media Center Edition-->MsiExec.exe /I{6110AC9D-6D79-4D32-BF4E-E600689F5B15}
LWS Facebook-->MsiExec.exe /I{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}
LWS Gallery-->MsiExec.exe /I{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}
LWS Help_main-->MsiExec.exe /I{1651216E-E7AD-4250-92A1-FB8ED61391C9}
LWS Launcher-->MsiExec.exe /I{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}
LWS Motion Detection-->MsiExec.exe /I{71E66D3F-A009-44AB-8784-75E2819BA4BA}
LWS Pictures And Video-->MsiExec.exe /I{08610298-29AE-445B-B37D-EFBE05802967}
LWS Twitter-->MsiExec.exe /I{174A3B31-4C43-43DD-866F-73C9DB887B48}
LWS Webcam Software-->MsiExec.exe /I{8937D274-C281-42E4-8CDB-A0B2DF979189}
LWS WLM Plugin-->MsiExec.exe /I{9DAEA76B-E50F-4272-A595-0124E826553D}
LWS YouTube Plugin-->MsiExec.exe /I{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}
Microsoft .NET Framework 1.1 Spanish Language Pack-->MsiExec.exe /X{83169D43-4660-4347-BC95-E9D6E6BE65CE}
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9-->"C:\WINDOWS\$NtUninstallWdf01009$\spuninst\spuninst.exe"
Microsoft Office Access MUI (Spanish) 2007-->MsiExec.exe /X{90120000-0015-0C0A-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Spanish) 2007-->MsiExec.exe /X{90120000-0016-0C0A-0000-0000000FF1CE}
Microsoft Office Groove MUI (Spanish) 2007-->MsiExec.exe /X{90120000-00BA-0C0A-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Spanish) 2007-->MsiExec.exe /X{90120000-0044-0C0A-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Spanish) 2007-->MsiExec.exe /X{90120000-00A1-0C0A-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Spanish) 2007-->MsiExec.exe /X{90120000-001A-0C0A-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Spanish) 2007-->MsiExec.exe /X{90120000-0018-0C0A-0000-0000000FF1CE}
Microsoft Office Proof (Basque) 2007-->MsiExec.exe /X{90120000-001F-042D-0000-0000000FF1CE}
Microsoft Office Proof (Catalan) 2007-->MsiExec.exe /X{90120000-001F-0403-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Galician) 2007-->MsiExec.exe /X{90120000-001F-0456-0000-0000000FF1CE}
Microsoft Office Proof (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001F-0416-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (Spanish) 2007-->MsiExec.exe /X{90120000-002C-0C0A-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Spanish) 2007-->MsiExec.exe /X{90120000-0019-0C0A-0000-0000000FF1CE}
Microsoft Office Shared MUI (Spanish) 2007-->MsiExec.exe /X{90120000-006E-0C0A-0000-0000000FF1CE}
Microsoft Office Word MUI (Spanish) 2007-->MsiExec.exe /X{90120000-001B-0C0A-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
Nero 8-->MsiExec.exe /X{5FCCD531-1B38-4A94-924C-127F722F1034}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenOffice.org 3.4.1-->MsiExec.exe /I{7A5B4D34-7FB3-44E6-9DCC-4AF507700A1E}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0xa -removeonly
Reproductor de Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Rosetta Stone Version 3-->MsiExec.exe /X{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Skype Click to Call-->MsiExec.exe /I{B6CF2967-C81E-40C0-9815-C05774FEF120}
Skype™ 6.7-->MsiExec.exe /X{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}
Software de cámara Web Logitech-->"C:\Program Files\Common Files\LogiShrd\Installer\{D40EB009-0499-459c-A8AF-C9C110766215}\setup.exe" /lang=ESP /guid="{D40EB009-0499-459c-A8AF-C9C110766215}"
Update for Windows Internet Explorer 8 (KB975364)-->"C:\WINDOWS\ie8updates\KB975364-IE8\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Web Assistant 2.0.0.573-->"C:\Program Files\Web Assistant\unins000.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Asistente para el inicio de sesión-->MsiExec.exe /I{7593234B-2AEB-4FC9-B02D-C9B30D86084C}
Windows Live Call-->MsiExec.exe /I{38A0481D-544D-4C01-BB32-39332391D012}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{8F94D5AC-C1C6-432D-8924-2F5EEBC28446}
Windows Live Mail-->MsiExec.exe /I{BEC001F9-0451-4396-92D7-E1A4E7854BF3}
Windows Live Messenger-->MsiExec.exe /X{F2FFEEAA-0B48-4342-9B67-12ABB0B58F24}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Security center information======

AV: avast! Antivirus

======System event log======

Computer Name: EDURNE-CC2E5711
Event Code: 4201
Message: El sistema detectó que el adaptador de red \DEVICE\TCPIP_{ACB3684A-8AE4-43E7-A935-E6CC3D515756} estaba conectado en la red
y ha iniciado un funcionamiento normal con dicho adaptador de red.

Record Number: 13592
Source Name: Tcpip
Time Written: 20130608132951.000000+060
Event Type: Información
User:

Computer Name: EDURNE-CC2E5711
Event Code: 4201
Message: El sistema detectó que el adaptador de red \DEVICE\TCPIP_{ACB3684A-8AE4-43E7-A935-E6CC3D515756} estaba conectado en la red
y ha iniciado un funcionamiento normal con dicho adaptador de red.

Record Number: 13591
Source Name: Tcpip
Time Written: 20130608132946.000000+060
Event Type: Información
User:

Computer Name: EDURNE-CC2E5711
Event Code: 4201
Message: El sistema detectó que el adaptador de red \DEVICE\TCPIP_{ACB3684A-8AE4-43E7-A935-E6CC3D515756} estaba conectado en la red
y ha iniciado un funcionamiento normal con dicho adaptador de red.

Record Number: 13590
Source Name: Tcpip
Time Written: 20130608132941.000000+060
Event Type: Información
User:

Computer Name: EDURNE-CC2E5711
Event Code: 4201
Message: El sistema detectó que el adaptador de red \DEVICE\TCPIP_{ACB3684A-8AE4-43E7-A935-E6CC3D515756} estaba conectado en la red
y ha iniciado un funcionamiento normal con dicho adaptador de red.

Record Number: 13589
Source Name: Tcpip
Time Written: 20130608132936.000000+060
Event Type: Información
User:

Computer Name: EDURNE-CC2E5711
Event Code: 4201
Message: El sistema detectó que el adaptador de red \DEVICE\TCPIP_{ACB3684A-8AE4-43E7-A935-E6CC3D515756} estaba conectado en la red
y ha iniciado un funcionamiento normal con dicho adaptador de red.

Record Number: 13588
Source Name: Tcpip
Time Written: 20130608132931.000000+060
Event Type: Información
User:

=====Application event log=====

Computer Name: EDURNE-CC2E5711
Event Code: 1000
Message: Se cargaron satisfactoriamente los contadores de rendimiento del servicio WmiApRpl (WmiApRpl).
Los datos de registro contienen los nuevos valores de los índices asignados a
este servicio.

Record Number: 963
Source Name: LoadPerf
Time Written: 20121030094458.000000+000
Event Type: Información
User:

Computer Name: EDURNE-CC2E5711
Event Code: 1001
Message: Se eliminaron satisfactoriamente los contadores de rendimiento del servicio WmiApRpl (WmiApRpl).
Los datos de registro contienen los nuevos valores de las entradas de Registro "Último contador"
y "Última ayuda" del sistema.

Record Number: 962
Source Name: LoadPerf
Time Written: 20121030094458.000000+000
Event Type: Información
User:

Computer Name: EDURNE-CC2E5711
Event Code: 0
Message:
Record Number: 961
Source Name: NMIndexingService
Time Written: 20121030094057.000000+000
Event Type: Información
User:

Computer Name: EDURNE-CC2E5711
Event Code: 1800
Message: Se inició el Servicio de Centro de seguridad de Windows.

Record Number: 960
Source Name: SecurityCenter
Time Written: 20121030094051.000000+000
Event Type: Información
User:

Computer Name: EDURNE-CC2E5711
Event Code: 0
Message:
Record Number: 959
Source Name: Nero BackItUp Scheduler 3
Time Written: 20121030094022.000000+000
Event Type: Información
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Calibre2\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"asl.log"=Destination=file

-----------------EOF-----------------

[vyosek]

Zdravim

Poprosim i o druhy log z RSIT s nazvem log.txt, je ulozen v c:\rsit

[wipi]

Logfile of random's system information tool 1.09 (written by random/random)
Run by XP at 2013-10-07 11:27:23
Microsoft Windows XP Professional Service Pack 3
System drive C: has 29 GB (30%) free of 96 GB
Total RAM: 1022 MB (14% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:27:41, on 07/10/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\DOCUME~1\XP\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\dmwu.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\jmdp\stij.exe
C:\Documents and Settings\XP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\XP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\XP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\XP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\XP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\XP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\XP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\XP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\XP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\XP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\XP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\Documents and Settings\XP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\XP\My Documents\Downloads\_Antivir\RSIT.exe
C:\Program Files\trend micro\XP.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://googlechrome/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Web Assistant Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\XP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Recorte de pantalla e Inicio rápido de OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0986259500
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 0986435718
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IBUpdaterService - Unknown owner - C:\WINDOWS\system32\dmwu.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Web Assistant - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
O23 - Service: Servicio de uso compartido de red del Reproductor de Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 11202 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1965331169-725345543-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1965331169-725345543-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]
Web Assistant - C:\Program Files\Web Assistant\Extension32.dll [2013-01-29 170840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}]
Incredibar.com Helper Object - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll [2012-01-21 261632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09 198688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Aplicación auxiliar de inicio de sesión - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-09-16 4502400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09 198688]
{F9639E4A-801B-4843-AEE3-03D9DA199E77} - Incredibar Toolbar - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll [2012-01-21 270336]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-08-16 16248320]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-08-16 2879488]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2006-08-16 69632]
"AzMixerSel"=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2006-08-16 53248]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-06-12 7577600]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-06-12 86016]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-12-03 2213160]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-05-09 4858968]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-08-27 59280]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2012-09-10 421776]
"LWS"=C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [2012-09-13 204136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2007-12-13 1688872]
"Google Update"=C:\Documents and Settings\XP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-09 116648]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2013-07-25 20681584]
"ares"=C:\Program Files\Ares\Ares.exe [2013-02-10 913920]

C:\Documents and Settings\XP\Start Menu\Programs\Startup
OpenOffice.org 3.4.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
Recorte de pantalla e Inicio rápido de OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-05-09 52224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services"
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application"
"C:\WINDOWS\system32\dmwu.exe"="C:\WINDOWS\system32\dmwu.exe:*:Enabled:dmwu"
"C:\WINDOWS\system32\ARFC\wrtc.exe"="C:\WINDOWS\system32\ARFC\wrtc.exe:*:Enabled:wrtc"
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Servicio Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services"
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=lvcodec2.dll
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.siren"=sirenacm.dll
"vidc.ffds"=C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======List of files/folders created in the last 1 month======

2013-10-07 11:27:25 ----D---- C:\Program Files\trend micro
2013-10-07 11:27:23 ----D---- C:\rsit
2013-10-04 14:22:01 ----D---- C:\WINDOWS\system32\jmdp

======List of files/folders modified in the last 1 month======

2013-10-07 11:27:32 ----D---- C:\WINDOWS\Prefetch
2013-10-07 11:27:25 ----RD---- C:\Program Files
2013-10-07 11:16:04 ----D---- C:\Documents and Settings\XP\Application Data\Skype
2013-10-07 11:05:12 ----D---- C:\WINDOWS\Temp
2013-10-07 11:00:09 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt
2013-10-07 10:59:55 ----D---- C:\WINDOWS\Registration
2013-10-07 10:59:31 ----D---- C:\WINDOWS
2013-10-05 14:53:19 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-10-04 14:33:40 ----SHD---- C:\WINDOWS\Installer
2013-10-04 14:33:40 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2013-10-04 14:33:01 ----RD---- C:\Program Files\Skype
2013-10-04 14:28:02 ----D---- C:\WINDOWS\system32\WNLT
2013-10-04 14:22:01 ----D---- C:\WINDOWS\system32
2013-10-04 11:30:41 ----D---- C:\WINDOWS\system32\ARFC
2013-09-20 10:54:46 ----D---- C:\WINDOWS\system32\CatRoot2
2013-09-15 13:21:34 ----A---- C:\WINDOWS\system32\dmwu.exe
2013-09-15 13:14:30 ----A---- C:\WINDOWS\system32\ImHttpComm.dll
2013-09-12 15:07:19 ----SD---- C:\Documents and Settings\XP\Application Data\Microsoft
2013-09-09 09:52:46 ----A---- C:\WINDOWS\system32\msvcr80.dll
2013-09-09 09:52:46 ----A---- C:\WINDOWS\system32\msvcp80.dll
2013-09-09 09:52:46 ----A---- C:\WINDOWS\system32\msvcm80.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [2013-05-09 49376]
R0 aswVmm;aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [2013-09-03 175176]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2005-05-12 20576]
R1 AswRdr;aswRdr; C:\WINDOWS\system32\drivers\AswRdr.sys [2013-05-09 49760]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2013-09-03 770344]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2013-09-03 369584]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2013-05-09 56080]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2013-05-09 29816]
R2 aswMonFlt;aswMonFlt; \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-10-31 45312]
R3 EMSCR;EMSCR; C:\WINDOWS\system32\DRIVERS\EMS7SK.sys [2006-06-17 61056]
R3 ESDCR;ESDCR; C:\WINDOWS\system32\DRIVERS\ESD7SK.sys [2006-06-17 40064]
R3 ESMCR;ESMCR; C:\WINDOWS\system32\DRIVERS\ESM7SK.sys [2006-06-17 74752]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 26840]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-10-18 998656]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-10-24 218496]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-08-16 4304384]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-06-12 3675776]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-04-04 1429632]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-10-18 721280]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2012-09-21 310504]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 Netaapl;Apple Mobile Device Ethernet Service; C:\WINDOWS\system32\DRIVERS\netaapl.sys [2012-03-26 18432]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2012-07-09 44032]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-04-11 82944]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-04-11 87808]
S4 WS2IFSL;Entorno de compatibilidad con proveedores de servicios no IFS de Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-15 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-08-11 55184]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-05-09 46808]
R2 Bonjour Service;Servicio Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 390504]
R2 ehRecvr;Servicio Receptor de Media Center; C:\WINDOWS\eHome\ehRecvr.exe [2005-08-05 235520]
R2 ehSched;Servicio de programador de Media Center; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 IBUpdaterService;IBUpdaterService; C:\WINDOWS\system32\dmwu.exe [2013-09-15 1434416]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-12-03 869672]
R2 Skype C2C Service;Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-09-16 3273088]
R2 Web Assistant;Web Assistant; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [2013-01-29 188760]
R3 iPod Service;Servicio del iPod; C:\Program Files\iPod\bin\iPodService.exe [2012-09-10 821648]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-12-13 447784]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-06-12 143426]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-07-25 162672]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2012-07-29 655624]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Servicio de uso compartido de red del Reproductor de Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-05-17 826368]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

[vyosek]

Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe

• Ulozte nejlepe na plochu
• Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
• Probehne vytvoreni zalohy a nasledne prohledavani
• Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Kliknete na Scan a nasledne Clean
• Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

[wipi]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:2)
OS: Microsoft Windows XP x86
Ran by XP on 23/10/2013 at 0:18:57,12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Failed to stop: [Service] ibupdaterservice



~~~ Registry Values




~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\esrv.incredibaresrvc
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\esrv.incredibaresrvc.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\extension.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babylontoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\incredibar.com
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\web assistant
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wnlt
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1214440339-1965331169-725345543-1003\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\incredibar.com
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\web assistant
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\wnlt
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\extension.extensionhelperobject
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\extension.extensionhelperobject.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\i
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\incredibar.dskbnd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\incredibar.dskbnd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\incredibar.incredibarhlpr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\incredibar.incredibarhlpr.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\incredibarapp.appcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\incredibarapp.appcore.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\wnlt
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{336d0c35-8a85-403a-b9d2-65c292c39087}_is1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}



~~~ Files

Successfully deleted: [File] "C:\Documents and Settings\XP\appdata\locallow\SkwConfig.bin"
Failed to delete: [File] "C:\WINDOWS\system32\dmwu.exe"
Failed to delete: [File] "C:\WINDOWS\system32\imhttpcomm.dll"
Successfully deleted: [File] "C:\WINDOWS\system32\roboot.exe"



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\babylon"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\ibupdaterservice"
Successfully deleted: [Folder] "C:\Documents and Settings\XP\Application Data\babylon"
Successfully deleted: [Folder] "C:\Documents and Settings\XP\Application Data\incredibar.com"
Successfully deleted: [Folder] "C:\Documents and Settings\XP\Application Data\performersoft"
Successfully deleted: [Folder] "C:\Program Files\incredibar.com"
Successfully deleted: [Folder] "C:\Program Files\web assistant"
Successfully deleted: [Folder] "C:\WINDOWS\system32\arfc"
Failed to delete: [Folder] "C:\WINDOWS\system32\jmdp"
Successfully deleted: [Folder] "C:\WINDOWS\system32\wnlt"



~~~ Chrome

Successfully deleted: [Folder] C:\Documents and Settings\XP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Successfully deleted: [Folder] C:\Documents and Settings\XP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23/10/2013 at 0:26:07,90
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[wipi]

# AdwCleaner v3.010 - Report created 23/10/2013 at 00:37:51
# Updated 20/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : XP - WIC
# Running from : C:\Documents and Settings\XP\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : IBUpdaterService
[#] Service Deleted : Web Assistant

***** [ Files / Folders ] *****

Folder Deleted : C:\WINDOWS\system32\jmdp
File Deleted : C:\WINDOWS\system32\dmwu.exe
File Deleted : C:\WINDOWS\system32\ImhxxpComm.dll
File Deleted : C:\Program Files\Mozilla Firefox\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FE1DEEEA-DB6D-44B8-83F0-34FC0F9D1052}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bmbgdmijgopggjaelphhajpjldacbnba
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKCU\Software\5f6da8bb23abe41
Key Deleted : HKLM\SOFTWARE\5f6da8bb23abe41
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\WINDOWS\system32\ARFC\wrtc.exe]
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\incredibar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\wnlt

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Google Chrome v

[ File : C:\Documents and Settings\XP\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [5687 octets] - [23/10/2013 00:32:44]
AdwCleaner[S0].txt - [5658 octets] - [23/10/2013 00:37:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5718 octets] ##########

[vyosek]

Poprosim o log z FRSTL http://forum.viry.cz/viewtopic.php?f=13&t=133100

[wipi]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-10-2013
Ran by XP (administrator) on WIC on 23-10-2013 12:30:03
Running from C:\Documents and Settings\XP\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastUI.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Ares Development Group) C:\Program Files\Ares\Ares.exe
() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Realtek Semiconductor Corp.) C:\DOCUME~1\XP\LOCALS~1\Temp\RtkBtMnt.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\eHome\ehRecvr.exe
(Microsoft Corporation) C:\WINDOWS\eHome\ehSched.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe
(Microsoft Corporation) C:\WINDOWS\eHome\ehmsas.exe
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Documents and Settings\XP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\XP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\XP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\XP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\XP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Documents and Settings\XP\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ehTray] - C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [RTHDCPL] - C:\Windows\RTHDCPL.EXE [16248320 2006-08-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SkyTel] - C:\Windows\SkyTel.EXE [2879488 2006-08-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] - C:\Windows\ALCMTR.EXE [69632 2006-08-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AzMixerSel] - C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [53248 2006-08-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] - nwiz.exe /install
HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [NBKeyScan] - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2213160 2007-12-03] (Nero AG)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation)
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-10] (Apple Inc.)
HKLM\...\Run: [LWS] - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKCU\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1688872 2007-12-13] (Nero AG)
HKCU\...\Run: [Google Update] - C:\Documents and Settings\XP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2012-06-09] (Google Inc.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20681584 2013-07-25] (Skype Technologies S.A.)
HKCU\...\Run: [ares] - C:\Program Files\Ares\Ares.exe [913920 2013-02-10] (Ares Development Group)
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe [ 2007-12-13] (Nero AG)
Startup: C:\Documents and Settings\XP\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Documents and Settings\XP\Start Menu\Programs\Startup\Recorte de pantalla e Inicio rápido de OneNote 2007.lnk
ShortcutTarget: Recorte de pantalla e Inicio rápido de OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://googlechrome/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 0986259500
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 80.58.61.250 80.58.61.254

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "https://mail.google.com/mail/?shva=1#in ... 72a77117ca", "https://www.google.es/", "hxxp://mystart.incredibar.com/?a=6OyEqvJL9D&loc=skw", "hxxp://www.google.com"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\XP\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\XP\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\XP\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.101\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Documents and Settings\XP\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (YouTube) - C:\DOCUME~1\XP\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\DOCUME~1\XP\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Skype Click to Call) - C:\DOCUME~1\XP\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\XP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [49760 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-09-03] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-09-03] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-09-03] ()
R3 EMSCR; C:\Windows\System32\DRIVERS\EMS7SK.sys [61056 2006-06-17] (ENE Technology Inc.)
R3 ESDCR; C:\Windows\System32\DRIVERS\ESD7SK.sys [40064 2006-06-17] (ENE Technology Inc.)
R3 ESMCR; C:\Windows\System32\DRIVERS\ESM7SK.sys [74752 2006-06-17] (ENE Technology Inc.)
R3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [218496 2005-10-24] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [998656 2005-10-18] (Conexant Systems, Inc.)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 w39n51; C:\Windows\System32\DRIVERS\w39n51.sys [1429632 2006-04-04] (Intel® Corporation)
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

2013-10-23 12:29 - 2013-10-23 12:29 - 00000000 ____D C:\FRST
2013-10-23 12:27 - 2013-10-23 12:27 - 00112128 _____ (forum.viry.cz) C:\Documents and Settings\XP\Desktop\FRSTLauncher.exe
2013-10-23 12:25 - 2013-10-23 12:25 - 01087503 _____ (Farbar) C:\Documents and Settings\XP\Desktop\FRST.exe
2013-10-23 00:32 - 2013-10-23 00:38 - 00000000 ____D C:\AdwCleaner
2013-10-23 00:31 - 2013-10-23 00:31 - 01060070 _____ C:\Documents and Settings\XP\Desktop\adwcleaner.exe
2013-10-23 00:26 - 2013-10-23 00:26 - 00005900 _____ C:\Documents and Settings\XP\Desktop\JRT.txt
2013-10-23 00:15 - 2013-10-23 00:15 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-23 00:09 - 2013-10-23 00:09 - 01033335 _____ (Thisisu) C:\Documents and Settings\XP\Desktop\JRT.exe
2013-10-22 23:54 - 2013-10-22 23:55 - 00000000 ____D C:\Documents and Settings\XP\Desktop\GOT
2013-10-07 11:27 - 2013-10-07 11:27 - 00000000 ____D C:\rsit
2013-10-07 11:27 - 2013-10-07 11:27 - 00000000 ____D C:\Program Files\trend micro
2013-10-04 15:36 - 2013-10-05 12:15 - 00000604 _____ C:\WINDOWS\KB940157.log
2013-10-04 14:22 - 2013-10-22 14:23 - 00000000 ____D C:\Documents and Settings\XP\Desktop\L.A.S.H

==================== One Month Modified Files and Folders =======

2013-10-23 12:29 - 2013-10-23 12:29 - 00000000 ____D C:\FRST
2013-10-23 12:27 - 2013-10-23 12:27 - 00112128 _____ (forum.viry.cz) C:\Documents and Settings\XP\Desktop\FRSTLauncher.exe
2013-10-23 12:25 - 2013-10-23 12:25 - 01087503 _____ (Farbar) C:\Documents and Settings\XP\Desktop\FRST.exe
2013-10-23 12:18 - 2013-03-24 21:03 - 00000000 ____D C:\Documents and Settings\XP\Application Data\Skype
2013-10-23 03:34 - 2012-06-09 13:12 - 00001168 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1965331169-725345543-1003UA.job
2013-10-23 03:34 - 2009-12-16 18:10 - 00032522 _____ C:\WINDOWS\SchedLgU.Txt
2013-10-23 00:40 - 2013-04-16 09:47 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2013-10-23 00:40 - 2009-12-16 18:02 - 01685823 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-23 00:40 - 2009-12-16 18:00 - 00000000 ____D C:\WINDOWS\Registration
2013-10-23 00:39 - 2009-12-16 18:54 - 00051048 _____ C:\WINDOWS\system32\nvapps.xml
2013-10-23 00:39 - 2009-12-16 18:10 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-10-23 00:39 - 2009-12-16 17:51 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-10-23 00:39 - 2009-12-16 17:51 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-10-23 00:38 - 2013-10-23 00:32 - 00000000 ____D C:\AdwCleaner
2013-10-23 00:38 - 2009-12-16 18:12 - 00000178 ___SH C:\Documents and Settings\XP\ntuser.ini
2013-10-23 00:38 - 2009-12-16 18:12 - 00000000 ____D C:\Documents and Settings\XP
2013-10-23 00:37 - 2012-06-09 13:57 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-23 00:31 - 2013-10-23 00:31 - 01060070 _____ C:\Documents and Settings\XP\Desktop\adwcleaner.exe
2013-10-23 00:26 - 2013-10-23 00:26 - 00005900 _____ C:\Documents and Settings\XP\Desktop\JRT.txt
2013-10-23 00:15 - 2013-10-23 00:15 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-23 00:09 - 2013-10-23 00:09 - 01033335 _____ (Thisisu) C:\Documents and Settings\XP\Desktop\JRT.exe
2013-10-22 23:57 - 2009-12-16 20:38 - 00065536 _____ C:\WINDOWS\system32\config\ODiag.evt
2013-10-22 23:55 - 2013-10-22 23:54 - 00000000 ____D C:\Documents and Settings\XP\Desktop\GOT
2013-10-22 23:46 - 2009-12-16 20:34 - 00089088 _____ C:\Documents and Settings\XP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-22 21:34 - 2012-06-09 13:12 - 00001116 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1965331169-725345543-1003Core.job
2013-10-22 20:58 - 2013-05-04 17:46 - 00000000 ____D C:\Documents and Settings\XP\Desktop\My Shared Folder
2013-10-22 14:23 - 2013-10-04 14:22 - 00000000 ____D C:\Documents and Settings\XP\Desktop\L.A.S.H
2013-10-22 11:36 - 2006-03-15 13:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2013-10-21 11:18 - 2012-11-19 13:17 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2013-10-20 21:53 - 2013-04-08 12:39 - 00000000 ____D C:\Documents and Settings\XP\Local Settings\Application Data\Ares
2013-10-19 11:16 - 2009-12-16 20:34 - 00000069 _____ C:\WINDOWS\NeroDigital.ini
2013-10-15 12:15 - 2013-03-24 21:03 - 00000000 ___RD C:\Program Files\Skype
2013-10-07 11:27 - 2013-10-07 11:27 - 00000000 ____D C:\rsit
2013-10-07 11:27 - 2013-10-07 11:27 - 00000000 ____D C:\Program Files\trend micro
2013-10-05 12:15 - 2013-10-04 15:36 - 00000604 _____ C:\WINDOWS\KB940157.log
2013-10-04 14:33 - 2013-03-24 21:03 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2013-10-01 14:07 - 2013-09-19 14:02 - 00000000 ____D C:\Documents and Settings\XP\Desktop\CV 2013
2013-09-30 16:53 - 2012-08-31 09:44 - 00773968 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100.dll
2013-09-30 16:53 - 2012-08-31 09:44 - 00632656 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr80.dll
2013-09-30 16:53 - 2012-08-31 09:44 - 00554832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp80.dll
2013-09-30 16:53 - 2012-08-31 09:44 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcm80.dll
2013-09-30 16:53 - 2012-08-31 09:44 - 00421200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp100.dll
2013-09-30 16:53 - 2012-08-31 09:44 - 00001870 _____ C:\WINDOWS\system32\Microsoft.VC80.CRT.manifest

Some content of TEMP:
====================
C:\Documents and Settings\XP\Local Settings\Temp\NEW_CORRECT_incredibar_install.exe
C:\Documents and Settings\XP\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\XP\Local Settings\Temp\RtkBtMnt.exe
C:\Documents and Settings\XP\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\XP\Local Settings\Temp\uninst1.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2006-03-15 13:00] - [2008-04-14 01:12] - 0108544 ____A (Microsoft Corporation) 0e776ed5f7cc9f94299e70461b7b8185

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:93.75 GB) (Free:12.48 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive e: (New Volume) (Fixed) (Total:13.16 GB) (Free:7.38 GB) NTFS

Available physical RAM: 228.06 MB
Total physical RAM: 1022.04 MB
Percentage of memory in use: 77%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows XP) (Size: 112 GB) (Disk ID: B8F0FFA4)
Partition 1: (Not Active) - (Size=5 GB) - (Type=12)
Partition 2: (Active) - (Size=94 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1965331169-725345543-1003Core.job => C:\Documents and Settings\XP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1965331169-725345543-1003UA.job => C:\Documents and Settings\XP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 28_09_2013 (06)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\XP\Desktop" je 51901 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"="C:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services"
"C:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"="C:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"="C:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services"
"C:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"="C:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application"
"C:\\WINDOWS\\system32\\dmwu.exe"="C:\\WINDOWS\\system32\\dmwu.exe:*:Enabled:dmwu"
"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"="C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe:*:Enabled:WebKit"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Servicio Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008"


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000


==================== End Of Log ==============================

[vyosek]

Nasledujici soubory otestujte na VirusTotalu https://www.virustotal.com/cs/

• C:\Windows\System32\mhn.dll
• Kliknete na Choose file
• Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
• Kliknete na Scan It
• Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
  
• Vysledek analyzy sem vlozte (jako odkaz)

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Start
  HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
  HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
  HKLM\...\Run: [NBKeyScan] - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2213160 2007-12-03] (Nero AG)
  HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation)
  HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-10] (Apple Inc.)
  HKCU\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1688872 2007-12-13] (Nero AG)
  HKCU\...\Run: [Google Update] - C:\Documents and Settings\XP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2012-06-09] (Google Inc.)
  HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20681584 2013-07-25] (Skype Technologies S.A.)
  HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe [ 2007-12-13] (Nero AG)
  Startup: C:\Documents and Settings\XP\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
  Startup: C:\Documents and Settings\XP\Start Menu\Programs\Startup\Recorte de pantalla e Inicio rápido de OneNote 2007.lnk
  
  HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://googlechrome/
  HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
  SearchScopes: HKLM - DefaultScope value is missing.
  SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
  BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
  
  DisableService: Skype C2C Service
  
  C:\Documents and Settings\XP\Local Settings\Temp\NEW_CORRECT_incredibar_install.exe
  C:\Documents and Settings\XP\Local Settings\Temp\Quarantine.exe
  C:\Documents and Settings\XP\Local Settings\Temp\RtkBtMnt.exe
  C:\Documents and Settings\XP\Local Settings\Temp\SkypeSetup.exe
  C:\Documents and Settings\XP\Local Settings\Temp\uninst1.exe
  
  Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
  Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
  Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1965331169-725345543-1003Core.job => C:\Documents and Settings\XP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
  Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1965331169-725345543-1003UA.job => C:\Documents and Settings\XP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
  
  Hosts:
  
  End

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

• Kliknete na Fix
• Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

[wipi]

Vysledek scanu zde:

https://www.virustotal.com/cs/file/a77c ... 384815219/

[wipi]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 18-11-2013
Ran by XP at 2013-11-19 09:35:24 Run:1
Running from C:\Documents and Settings\XP\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [NBKeyScan] - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2213160 2007-12-03] (Nero AG)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-10] (Apple Inc.)
HKCU\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1688872 2007-12-13] (Nero AG)
HKCU\...\Run: [Google Update] - C:\Documents and Settings\XP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2012-06-09] (Google Inc.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20681584 2013-07-25] (Skype Technologies S.A.)
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe [ 2007-12-13] (Nero AG)
Startup: C:\Documents and Settings\XP\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
Startup: C:\Documents and Settings\XP\Start Menu\Programs\Startup\Recorte de pantalla e Inicio rápido de OneNote 2007.lnk

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://googlechrome/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

DisableService: Skype C2C Service

C:\Documents and Settings\XP\Local Settings\Temp\NEW_CORRECT_incredibar_install.exe
C:\Documents and Settings\XP\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\XP\Local Settings\Temp\RtkBtMnt.exe
C:\Documents and Settings\XP\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\XP\Local Settings\Temp\uninst1.exe

Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1965331169-725345543-1003Core.job => C:\Documents and Settings\XP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1965331169-725345543-1003UA.job => C:\Documents and Settings\XP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

Hosts:

End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NBKeyScan => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\GrooveMonitor => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Skype => Value deleted successfully.
HKU\Default User\Software\Microsoft\Windows\CurrentVersion\RunOnce\\NeroHomeFirstStart => Value deleted successfully.
C:\Documents and Settings\XP\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk => Moved successfully.
C:\Documents and Settings\XP\Start Menu\Programs\Startup\Recorte de pantalla e Inicio rápido de OneNote 2007.lnk => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key deleted successfully.
HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.
Skype C2C Service service was disabled
C:\Documents and Settings\XP\Local Settings\Temp\NEW_CORRECT_incredibar_install.exe => Moved successfully.
C:\Documents and Settings\XP\Local Settings\Temp\Quarantine.exe => Moved successfully.
C:\Documents and Settings\XP\Local Settings\Temp\RtkBtMnt.exe => Moved successfully.
C:\Documents and Settings\XP\Local Settings\Temp\SkypeSetup.exe => Moved successfully.
C:\Documents and Settings\XP\Local Settings\Temp\uninst1.exe => Moved successfully.
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => Moved successfully.
C:\WINDOWS\Tasks\avast! Emergency Update.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1965331169-725345543-1003Core.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1965331169-725345543-1003UA.job => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

==== End of Fixlog ====

[vyosek]

Tak jeste uklidime

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

[wipi]

Moc diky!
Vse ok

[vyosek]

Nemate zac, rad jsem pomohl Zase nekdy

A na zaklade Pravidla o zamykani temat