Nelze se příhlásit do XP, pls o kontrolu

[jajsemhonzik]

Zdravím a prosím o radu. XP se spustí do přihlašovací tabulky uživatelů, při pokusu o přihlášení některého uživatele spadnou. Předpokládám, že PC bude dost zahnojené, neb jej používá otec...
Log vytvořen v nouzovém režimu:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-02-2014 01
Ran by Administrator (administrator) on FERDA-BDED3D98E on 15-02-2014 11:27:35
Running from C:\Documents and Settings\Administrator\Plocha
Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Czech
Internet Explorer Version 6
Boot Mode: Safe Mode (with Networking)

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(Ghisler Software GmbH) C:\totalcmd\TOTALCMD.EXE
(ESET) C:\Program Files\ESET\ESET Smart Security\ecls.exe
(forum.viry.cz) C:\Documents and Settings\Administrator\Plocha\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [PtiuPbmd] - C:\WINDOWS\system32\ptipbm.dll [24576 2003-01-15] (Promise Technology,Inc.)
HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\system32\NvCpl.dll [16744256 2011-10-08] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\WINDOWS\system32\NvMCTray.dll [203072 2011-10-08] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1632360 2011-10-08] ()
HKLM\...\Run: [SoundMan] - C:\WINDOWS\SOUNDMAN.EXE [577536 2006-11-17] (Realtek Semiconductor Corp.)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [3080264 2011-09-22] (ESET)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM\...\Run: [CanonQuickMenu] - C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM\...\Run: [IJNetworkScannerSelectorEX] - C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\TP-LINK Wireless Configuration Utility.lnk
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
Startup: C:\Documents and Settings\Ferda_uzivatel\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... R}&ar=home
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\tghc91vm.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012-02-22]

========================== Services (Whitelisted) =================

S2 ACS; C:\WINDOWS\system32\acs.exe [499796 2011-03-31] (Atheros)
S2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [974944 2011-09-22] (ESET)
S3 jswpsapi; C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WPS\jswpsapi.exe [360529 2011-03-31] (wireless)
S2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2253120 2011-10-08] (NVIDIA Corporation)

==================== Drivers (Whitelisted) ====================

R0 a347bus; C:\WINDOWS\System32\DRIVERS\a347bus.sys [160640 2004-04-30] ( )
R0 a347scsi; C:\WINDOWS\System32\Drivers\a347scsi.sys [5248 2004-04-30] ( )
S3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [4027840 2007-03-08] (Realtek Semiconductor Corp.)
S1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [42496 2005-03-09] (Advanced Micro Devices)
R3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [1606976 2011-04-12] (Atheros Communications, Inc.)
R0 atapi; C:\WINDOWS\System32\DRIVERS\atapi.sys [96512 2008-04-13] ()
S2 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [154136 2011-08-09] (ESET)
S1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [118104 2011-08-04] (ESET)
S2 epfw; C:\WINDOWS\System32\DRIVERS\epfw.sys [147480 2011-08-04] (ESET)
R3 Epfwndis; C:\WINDOWS\System32\DRIVERS\Epfwndis.sys [39824 2011-08-09] (ESET)
R1 epfwtdi; C:\WINDOWS\System32\DRIVERS\epfwtdi.sys [61936 2011-08-04] (ESET)
R3 JSWSCIMD; C:\WINDOWS\System32\DRIVERS\jswscimd.sys [57440 2011-03-31] (Atheros Communications, Inc.)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
R0 viamraid; C:\WINDOWS\System32\DRIVERS\viamraid.sys [102912 2006-11-08] (VIA Technologies inc,.ltd)
R0 videX32; C:\WINDOWS\System32\DRIVERS\videX32.sys [9216 2006-10-17] (VIA Technologies, Inc.)
R3 WSIMD; C:\WINDOWS\System32\DRIVERS\wsimd.sys [58208 2011-03-31] (Atheros Communications, Inc.)
S4 IntelIde; No ImagePath
S3 MSI_MSIBIOS_010507; \??\C:\Program Files\MSI\Live Update 5\msibios32_100507.sys [X]
S3 NTIOLib_1_0_4; \??\C:\Program Files\MSI\Live Update 5\NTIOLib.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-15 11:36 - 2014-02-15 11:36 - 00000000 ____D () C:\WINDOWS.0
2014-02-15 11:27 - 2014-02-15 11:27 - 00007931 _____ () C:\Documents and Settings\Administrator\Plocha\FRST.txt
2014-02-15 11:27 - 2014-02-15 11:27 - 00000000 ____D () C:\FRST
2014-02-15 11:25 - 2014-02-15 11:15 - 01141248 _____ (Farbar) C:\Documents and Settings\Administrator\Plocha\FRST.exe
2014-02-15 11:25 - 2014-02-15 11:15 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Administrator\Plocha\FRSTLauncher.exe
2014-02-15 11:22 - 2014-02-15 11:22 - 00000000 ____D () C:\Documents and Settings\Administrator\Data aplikací\GHISLER
2014-02-15 11:06 - 2014-02-15 11:06 - 00000000 ____D () C:\WINDOWS\LastGood
2014-02-15 10:54 - 2014-02-15 10:54 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021514-02.dmp
2014-02-15 09:30 - 2014-02-15 09:30 - 00000413 _____ () C:\WINDOWS\WINNT32.LOG
2014-02-15 09:30 - 2014-02-15 09:30 - 00000225 _____ () C:\WINDOWS\DHCPUPG.LOG
2014-02-15 09:18 - 2014-02-15 09:18 - 00000000 __SHD () C:\WINDOWS\CSC
2014-02-15 09:17 - 2014-02-15 09:17 - 00000000 ____D () C:\Documents and Settings\Administrator\Data aplikací\TP-LINK
2014-02-15 09:16 - 2014-02-15 09:16 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Mozilla
2014-02-15 09:16 - 2014-02-15 09:16 - 00000000 ____D () C:\Documents and Settings\Administrator\Data aplikací\Mozilla
2014-02-15 09:15 - 2014-02-15 11:27 - 00000000 ____D () C:\Documents and Settings\Administrator\Plocha
2014-02-15 09:15 - 2014-02-15 11:26 - 00000000 ___HD () C:\Documents and Settings\Administrator\Local Settings\Data aplikací
2014-02-15 09:15 - 2014-02-15 11:22 - 00000000 __RHD () C:\Documents and Settings\Administrator\Data aplikací
2014-02-15 09:15 - 2014-02-15 09:31 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-02-15 09:15 - 2014-02-15 09:15 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-02-15 09:15 - 2012-02-20 20:27 - 00000000 ___RD () C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění
2014-02-15 09:15 - 2012-02-20 20:27 - 00000000 ___RD () C:\Documents and Settings\Administrator\Nabídka Start
2014-02-15 09:15 - 2012-02-20 20:27 - 00000000 ___HD () C:\Documents and Settings\Administrator\Okolní tiskárny
2014-02-15 09:15 - 2012-02-20 20:27 - 00000000 ___HD () C:\Documents and Settings\Administrator\Okolní síť
2014-02-15 09:15 - 2012-02-20 20:27 - 00000000 ____D () C:\Documents and Settings\Administrator\Oblíbené položky
2014-02-15 09:15 - 2012-02-20 20:27 - 00000000 ____D () C:\Documents and Settings\Administrator\Dokumenty
2014-02-15 09:15 - 2012-02-20 19:37 - 00001599 _____ () C:\Documents and Settings\Administrator\Nabídka Start\Programy\Vzdálená pomoc.lnk
2014-02-15 09:15 - 2012-02-20 19:37 - 00000792 _____ () C:\Documents and Settings\Administrator\Nabídka Start\Programy\Windows Media Player.lnk
2014-02-15 09:15 - 2012-02-20 19:37 - 00000000 ___RD () C:\Documents and Settings\Administrator\Nabídka Start\Programy\Příslušenství
2014-02-15 09:15 - 2012-02-20 19:37 - 00000000 ___RD () C:\Documents and Settings\Administrator\Nabídka Start\Programy
2014-02-15 09:15 - 2012-02-20 19:33 - 00000000 ___HD () C:\Documents and Settings\Administrator\Šablony
2014-02-15 09:12 - 2014-02-15 09:11 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021514-01.dmp

==================== One Month Modified Files and Folders =======

2014-02-15 11:36 - 2014-02-15 11:36 - 00000000 ____D () C:\WINDOWS.0
2014-02-15 11:27 - 2014-02-15 11:27 - 00007931 _____ () C:\Documents and Settings\Administrator\Plocha\FRST.txt
2014-02-15 11:27 - 2014-02-15 11:27 - 00000000 ____D () C:\FRST
2014-02-15 11:27 - 2014-02-15 09:15 - 00000000 ____D () C:\Documents and Settings\Administrator\Plocha
2014-02-15 11:26 - 2014-02-15 09:15 - 00000000 ___HD () C:\Documents and Settings\Administrator\Local Settings\Data aplikací
2014-02-15 11:23 - 2012-02-22 22:15 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha\2
2014-02-15 11:22 - 2014-02-15 11:22 - 00000000 ____D () C:\Documents and Settings\Administrator\Data aplikací\GHISLER
2014-02-15 11:22 - 2014-02-15 09:15 - 00000000 __RHD () C:\Documents and Settings\Administrator\Data aplikací
2014-02-15 11:21 - 2012-02-20 20:27 - 00511716 _____ () C:\WINDOWS\setupapi.log
2014-02-15 11:20 - 2012-04-04 20:03 - 00524288 _____ () C:\WINDOWS\system32\config\ACS.evt
2014-02-15 11:20 - 2012-02-20 20:30 - 00000216 _____ () C:\WINDOWS\wiadebug.log
2014-02-15 11:20 - 2012-02-20 20:30 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-02-15 11:20 - 2012-02-20 19:40 - 00032582 _____ () C:\WINDOWS\SchedLgU.Txt
2014-02-15 11:20 - 2012-02-20 19:40 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-15 11:20 - 2012-02-20 19:36 - 01158840 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-15 11:15 - 2014-02-15 11:25 - 01141248 _____ (Farbar) C:\Documents and Settings\Administrator\Plocha\FRST.exe
2014-02-15 11:15 - 2014-02-15 11:25 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Administrator\Plocha\FRSTLauncher.exe
2014-02-15 11:06 - 2014-02-15 11:06 - 00000000 ____D () C:\WINDOWS\LastGood
2014-02-15 10:54 - 2014-02-15 10:54 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021514-02.dmp
2014-02-15 10:39 - 2012-02-20 19:53 - 00000178 ___SH () C:\Documents and Settings\UpdatusUser\ntuser.ini
2014-02-15 09:31 - 2014-02-15 09:15 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-02-15 09:31 - 2012-02-20 20:27 - 01347931 _____ () C:\WINDOWS\iis6.log
2014-02-15 09:31 - 2012-02-20 20:27 - 01223992 _____ () C:\WINDOWS\FaxSetup.log
2014-02-15 09:31 - 2012-02-20 20:27 - 00593957 _____ () C:\WINDOWS\ocgen.log
2014-02-15 09:31 - 2012-02-20 20:27 - 00563935 _____ () C:\WINDOWS\tsoc.log
2014-02-15 09:31 - 2012-02-20 20:27 - 00301590 _____ () C:\WINDOWS\comsetup.log
2014-02-15 09:31 - 2012-02-20 20:27 - 00215241 _____ () C:\WINDOWS\netfxocm.log
2014-02-15 09:31 - 2012-02-20 20:27 - 00181020 _____ () C:\WINDOWS\ntdtcsetup.log
2014-02-15 09:31 - 2012-02-20 20:27 - 00086279 _____ () C:\WINDOWS\MedCtrOC.log
2014-02-15 09:31 - 2012-02-20 20:27 - 00062364 _____ () C:\WINDOWS\tabletoc.log
2014-02-15 09:31 - 2012-02-20 20:27 - 00061449 _____ () C:\WINDOWS\msgsocm.log
2014-02-15 09:31 - 2012-02-20 20:27 - 00054441 _____ () C:\WINDOWS\ocmsn.log
2014-02-15 09:31 - 2012-02-20 20:27 - 00001917 _____ () C:\WINDOWS\imsins.log
2014-02-15 09:30 - 2014-02-15 09:30 - 00000413 _____ () C:\WINDOWS\WINNT32.LOG
2014-02-15 09:30 - 2014-02-15 09:30 - 00000225 _____ () C:\WINDOWS\DHCPUPG.LOG
2014-02-15 09:30 - 2012-02-20 20:27 - 00388416 _____ () C:\WINDOWS\msmqinst.log
2014-02-15 09:30 - 2012-02-20 20:26 - 00193366 _____ () C:\WINDOWS\setupact.log
2014-02-15 09:18 - 2014-02-15 09:18 - 00000000 __SHD () C:\WINDOWS\CSC
2014-02-15 09:17 - 2014-02-15 09:17 - 00000000 ____D () C:\Documents and Settings\Administrator\Data aplikací\TP-LINK
2014-02-15 09:16 - 2014-02-15 09:16 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Mozilla
2014-02-15 09:16 - 2014-02-15 09:16 - 00000000 ____D () C:\Documents and Settings\Administrator\Data aplikací\Mozilla
2014-02-15 09:15 - 2014-02-15 09:15 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-02-15 09:12 - 2001-10-25 13:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-02-15 09:11 - 2014-02-15 09:12 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021514-01.dmp

Some content of TEMP:
====================
C:\Documents and Settings\Ferda_uzivatel\Local Settings\Temp\FP_PL_PFS_INSTALLER_32bit.exe
C:\Documents and Settings\Ferda_uzivatel\Local Settings\Temp\MSETUP4.EXE


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe
[2004-08-17 14:49] - [2008-04-14 04:22] - 1034240 ____A (Microsoft Corporation) 27afd587c462e280ee046b8cca3c2cd1

C:\WINDOWS\system32\winlogon.exe
[2004-08-17 14:49] - [2008-04-14 04:22] - 0507904 ____A (Microsoft Corporation) cddb1f8e1aea356f3ad106f2cf9b7fea

C:\WINDOWS\system32\svchost.exe
[2004-08-17 14:49] - [2008-04-14 04:22] - 0014336 ____A (Microsoft Corporation) be4a520e29b6391f49e79ccc52044d93

C:\WINDOWS\system32\services.exe
[2004-08-17 14:49] - [2009-02-09 12:25] - 0111104 ____A (Microsoft Corporation) 9ef697af07bb8dd82c3b02ca953a95b7

C:\WINDOWS\system32\User32.dll
[2004-08-17 14:49] - [2008-04-14 04:22] - 0578560 ____A (Microsoft Corporation) e16e0990967374e76f3e40cacafd3d53

C:\WINDOWS\system32\userinit.exe
[2004-08-17 14:49] - [2008-04-14 04:22] - 0026112 ____A (Microsoft Corporation) 7dc1830f22e7d275b438127b68030239

C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys
[2004-08-17 14:44] - [2008-04-14 03:12] - 0052480 ____A (Microsoft Corporation) 28a4b296b47782173c346e376cb374d1





===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:48.83 GB) (Free:36.83 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (D) (Fixed) (Total:184.06 GB) (Free:92.75 GB) NTFS
Drive f: () (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT

Available physical RAM: 733.88 MB
Total physical RAM: 1023.48 MB
Percentage of memory in use: 28%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows XP) (Size: 233 GB) (Disk ID: 0C200C1F)
Partition 1: (Active) - (Size=49 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=184 GB) - (Type=07 NTFS)
Disk: 1 (Size: 961 MB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=961 MB) - (Type=06)

==================== Scheduled Tasks (whitelisted) ==================


==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: ESET Smart Security 5.0 (Disabled - Up to date) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall (Disabled) {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\Administrator\Plocha" je 1 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"="C:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe:*:Enabled:Daemonu.exe"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace"
"C:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE:*:Enabled:Microsoft OneNote"
"C:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Documents and Settings\\Ferda\\Local Settings\\Temp\\KMSAct\\Pack\\Keygen\\Keygen.exe"="C:\\Documents and Settings\\Ferda\\Local Settings\\Temp\\KMSAct\\Pack\\Keygen\\Keygen.exe:*:Enabled:Keygen"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000001


==================== End Of Log ==============================

[Rudy]

Zdravím!
Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM - DefaultScope value is missing.
C:\Documents and Settings\Ferda_uzivatel\Local Settings\Temp)
End

Uložte na plochu jako fixlist.txt. Pak znovu spusťte FRST a klikněte na >Fix<. Zkopírujte sem pak log, který se na závěr vytvoří.

Tady asi problém nebude. Když restartujete do nouz. režimu, je efekt stejný?

[jajsemhonzik]

Zdravim a posilam

diky

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-02-2014 01
Ran by Administrator at 2014-03-09 13:08:57 Run:1
Running from C:\Documents and Settings\Administrator\Plocha
Boot Mode: Safe Mode (minimal)

==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM - DefaultScope value is missing.
C:\Documents and Settings\Ferda_uzivatel\Local Settings\Temp)
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck => Value deleted successfully.
Default URLSearchHook was restored successfully .
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"C:\Documents and Settings\Ferda_uzivatel\Local Settings\Temp)" => File/Directory not found.

==== End of Fixlog ====

[Rudy]

OK. Nastala nějaká změna?

[jajsemhonzik]

Bohužel vše při starém.

[Rudy]

Zkuste obnovu systému k datu, kdy korektně fungoval.

[jajsemhonzik]

zkusil jsem konzolu pro zotaveni z instalacniho CD a prikazy chkdsk, fixboot, fixmbr. Nic nepomohlo.
Automaticke obnoveni systemu po me zada disketu, kterou nemam...

Co ted ?

diky

[Rudy]

Dělal jste obnovu systému přes Start>všechny programy>příslušenství>systémové nástroje>obnovení systému? Dosud se mi nestalo, že by systém po mně něco chtěl, obnovu dělá ze záloh, uložených na disku.

[jajsemhonzik]

Ano. "Nástroj pro obnovu systému byl vypnut a v nouzovém režimu jej nelze spustit" ....

[Rudy]

Uděláme hlobkový sken na viry a pokud nepomůže, nezbude nic jiného, než oprava systému.

Dejte log ComoboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.