Samovolne BSoD, vypinani PC, nejdou aktualizace, ...

[ShaiMagal]

Hi, neni tomu ani 2 tydny co jsem reinstalovat a opet problemy tentokrat ve vetsim poctu a vaznosti.

Pri pokusu o aplikovani windows aktualizaci(offline) -> BSoD
Pri pokusu o aplikovani windows aktualizaci(online) -> neuspech
Pri pokusu o cisteni registru(System Cleaner, TuneUp Utilities, SpeedUpMyPC) -> BSoD -> V nouzovem rezimu to jede v pohode.
Pri pokusu o aktualizace McAfee(porad) -> http://img225.imageshack.us/my.php?image=updatedj3.png
Pri pokusu o pripojeni do netu(obcas) ->http://img151.imageshack.us/my.php?image=connectlu7.png
Pri pokusu o spusteni GlobeTrotteru(obcas) ->http://img137.imageshack.us/my.php?image=bootcq9.png


Logfile of HijackThis v1.99.1
Scan saved at 14:54:01, on 24.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\dominik\Dokumenty\Software\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\dominik\Dokumenty\Software\Hijackthis\Hij ackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\dapbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\dominik\DOKUME~1\Software\SPYBOT~1\SDH elper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [AClntUsr] C:\Program Files\Altiris\AClient\AClntUsr.EXE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [hkss] "C:\Program Files\Compaq\Hotkey Software\hkss.exe"
O4 - HKLM\..\Run: [kis] "C:\Documents and Settings\dominik\Dokumenty\Software\Stegnos Internet Security 2007\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O15 - Trusted Zone: http://*.update.microsoft.com
O15 - Trusted Zone: http://download.windowsupdate.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = zam.pojcs.cz
O17 - HKLM\Software\..\Telephony: DomainName = zam.pojcs.cz
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D91A019-DBB9-409E-92CB-ED2548178A4E}: NameServer = 192.168.4.28,192.168.4.29
O17 - HKLM\System\CCS\Services\Tcpip\..\{D01318C7-23C0-4937-8381-4027BFE2C321}: NameServer = 10.180.88.128,10.180.88.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{E66B008C-C286-493E-8660-670AA960CA3C}: NameServer = 10.180.88.128,10.180.88.129
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = zam.pojcs.cz
O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Program Files\Altiris\AClient\AClient.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Steganos Internet Security 2007 (AVP) - Unknown owner - C:\Documents and Settings\dominik\Dokumenty\Software\Stegnos Internet Security 2007\avp.exe" -r (file missing)
O23 - Service: Insight Local Alerter (CPQALERT) - Hewlett-Packard Company - C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~2\cpqdmi.exe
O23 - Service: Remote Diagnostics Enabling Agent (DfwWebAgent) - Hewlett-Packard - C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
O23 - Service: Hibernation - Unknown owner - C:\PROGRA~1\Compaq\COMPAQ~1\hibserv.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Personal Firewall 4\kpf4ss.exe
O23 - Service: MAIF - Unknown owner - C:\DOCUME~1\dominik\LOCALS~1\Temp\MAIF.exe (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: WEWATOGTN - Unknown owner - C:\DOCUME~1\dominik\LOCALS~1\Temp\WEWATOGTN.exe (file missing)
O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe

SmitFraudFix v2.112

Scan done at 14:55:18,71, p 24.11.2006
Run from C:\DOCUME~1\dominik\LOCALS~1\Temp\RarSFX0
OS: Microsoft Windows XP [Verze 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\dominik


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\dominik\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\dominik\OBLBEN~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Aktu lnˇ domovsk str nka"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

"Silent Runners.vbs", revision 49, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKLM\Software\Microsoft\Windows\CurrentVersion\Run \ {++}
"AClntUsr" = "C:\Program Files\Altiris\AClient\AClntUsr.EXE" [empty string]
"McAfeeUpdaterUI" = ""C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey" ["Network Associates, Inc."]
"ShStatEXE" = ""C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE" ["Network Associates, Inc."]
"hkss" = ""C:\Program Files\Compaq\Hotkey Software\hkss.exe"" ["Compaq Computer Corporation"]
"kis" = ""C:\Documents and Settings\dominik\Dokumenty\Software\Stegnos Internet Security 2007\avp.exe"" ["Steganos GmbH"]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\
{0000CC75-ACF3-4cac-A0A9-DD3868E06852}\(Default) = (no title provided)
-> {HKLM...CLSID} = "DAPHelper Class"
\InProcServer32\(Default) = "C:\Program Files\DAP\dapbho.dll" ["Speedbit Ltd."]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\DOCUME~1\dominik\DOKUME~1\Software\SPYBOT~1\SD Helper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozšíření ikony programu HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "PhoneBrowser"
-> {HKLM...CLSID} = "Nokia Phone Browser"
\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]
"{FBFE7864-D495-41f0-B7DC-4BB601CC295E}" = "Contact View"
-> {HKLM...CLSID} = "Contact View"
\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\ContactView.dll" ["Nokia"]
"{C0C4375A-5B72-4efe-929D-3B848C3A1E91}" = "Message View"
-> {HKLM...CLSID} = "Message View"
\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\MessageView.dll" ["Nokia"]
"{EB08BEF8-DA8F-4f4a-8955-54BBF14583B1}" = "DataShredder Shell Extension"
-> {HKLM...CLSID} = "DataShredder Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\TRUSTP~1\bin\DWExt.dll" ["AEC, spol. s r.o."]
"{EB5A819A-C4E9-49B3-B3E8-5488ACD25EAA}" = "TrustPort Disk Protection Shell Extension DLL"
-> {HKLM...CLSID} = "TrustPort Disk Protection Shell Extension DLL"
\InProcServer32\(Default) = "C:\Program Files\TrustPort Disk Protection\bin\TDShell.dll" ["AEC, spol. s r.o."]
"{D9341527-6C0C-42D4-ABC6-320CB28AC6D4}" = "CAR / CPH Extension DLL"
-> {HKLM...CLSID} = "CAR / CPH Extension DLL"
\InProcServer32\(Default) = "C:\Program Files\TrustPort Archive Encryption\CARShell.dll" ["AEC, spol. s r.o."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{721A1B24-EC8B-4eda-9CCE-39720B9FA747}" = "WipeExt"
-> {HKLM...CLSID} = "WipeExt"
\InProcServer32\(Default) = "C:\Documents and Settings\dominik\Dokumenty\Software\Ace Utilities\wipext.dll" [null data]
"{363E9C24-C4C3-4116-81A4-6D86B459CBE3}" = "Pointstone Shredder Context Menu Shell Extension"
-> {HKLM...CLSID} = "Pointstone Shredder Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\POINTS~1\Shredder\SDShlExt.d ll" ["Pointstone Software, LLC"]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Rozšíření ikon souborů aplikace Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL" [MS]
"{B6122A50-EAB5-11D3-9E7F-EBF4F0595714}" = "Tauscan Menu"
-> {HKLM...CLSID} = "Tauscan Menu"
\InProcServer32\(Default) = "C:\Documents and Settings\dominik\Dokumenty\Software\Tauscan 1.7\Taumenu.dll" ["Agnitum Ltd."]
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Zařízení technologie UPnP"
-> {HKLM...CLSID} = "Zařízení technologie UPnP"
\InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]

HKLM\Software\Policies\Microsoft\Windows\System\Sc ripts\Startup\0\
DisplayName = "XP_SP2"
0\ -> launches: "cw.bat" [file not found]
DisplayName = "XP_SP2"
1\ -> launches: "SetEnv.vbs" [file not found]

HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandler s\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandler s\
CARMenuHandler\(Default) = "{D9341527-6C0C-42D4-ABC6-320CB28AC6D4}"
-> {HKLM...CLSID} = "CAR / CPH Extension DLL"
\InProcServer32\(Default) = "C:\Program Files\TrustPort Archive Encryption\CARShell.dll" ["AEC, spol. s r.o."]
DAP_Menu\(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}"
-> {HKLM...CLSID} = "DAPMenuShellExt Class"
\InProcServer32\(Default) = "C:\PROGRA~1\DAP\PRIVAC~1\DAPCTX~1.DLL" ["Speedbit Ltd."]
DAP_ShredMenu\(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}"
-> {HKLM...CLSID} = "DAPMenuShellExt Class"
\InProcServer32\(Default) = "C:\PROGRA~1\DAP\PRIVAC~1\DAPCTX~1.DLL" ["Speedbit Ltd."]
DataShredderShlExt\(Default) = "{EB08BEF8-DA8F-4f4a-8955-54BBF14583B1}"
-> {HKLM...CLSID} = "DataShredder Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\TRUSTP~1\bin\DWExt.dll" ["AEC, spol. s r.o."]
DiskProtectionMenuHandler\(Default) = "{EB5A819A-C4E9-49B3-B3E8-5488ACD25EAA}"
-> {HKLM...CLSID} = "TrustPort Disk Protection Shell Extension DLL"
\InProcServer32\(Default) = "C:\Program Files\TrustPort Disk Protection\bin\TDShell.dll" ["AEC, spol. s r.o."]
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Documents and Settings\dominik\Dokumenty\Software\Stegnos Internet Security 2007\shellex.dll" ["Steganos GmbH"]
Pointstone Shredder\(Default) = "{363E9C24-C4C3-4116-81A4-6D86B459CBE3}"
-> {HKLM...CLSID} = "Pointstone Shredder Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\POINTS~1\Shredder\SDShlExt.d ll" ["Pointstone Software, LLC"]
Tauscan Menu\(Default) = "{B6122A50-EAB5-11D3-9E7F-EBF4F0595714}"
-> {HKLM...CLSID} = "Tauscan Menu"
\InProcServer32\(Default) = "C:\Documents and Settings\dominik\Dokumenty\Software\Tauscan 1.7\Taumenu.dll" ["Agnitum Ltd."]
VirusScan\(Default) = "{cda2863e-2497-4c49-9b89-06840e070a87}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Network Associates\VirusScan\shext.dll" ["Network Associates, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
WipeExt\(Default) = "{721A1B24-EC8B-4eda-9CCE-39720B9FA747}"
-> {HKLM...CLSID} = "WipeExt"
\InProcServer32\(Default) = "C:\Documents and Settings\dominik\Dokumenty\Software\Ace Utilities\wipext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMen uHandlers\
CARMenuHandler\(Default) = "{D9341527-6C0C-42D4-ABC6-320CB28AC6D4}"
-> {HKLM...CLSID} = "CAR / CPH Extension DLL"
\InProcServer32\(Default) = "C:\Program Files\TrustPort Archive Encryption\CARShell.dll" ["AEC, spol. s r.o."]
DAP_ShredMenu\(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}"
-> {HKLM...CLSID} = "DAPMenuShellExt Class"
\InProcServer32\(Default) = "C:\PROGRA~1\DAP\PRIVAC~1\DAPCTX~1.DLL" ["Speedbit Ltd."]
DataShredderShlExt\(Default) = "{EB08BEF8-DA8F-4f4a-8955-54BBF14583B1}"
-> {HKLM...CLSID} = "DataShredder Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\TRUSTP~1\bin\DWExt.dll" ["AEC, spol. s r.o."]
Pointstone Shredder\(Default) = "{363E9C24-C4C3-4116-81A4-6D86B459CBE3}"
-> {HKLM...CLSID} = "Pointstone Shredder Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\POINTS~1\Shredder\SDShlExt.d ll" ["Pointstone Software, LLC"]
Tauscan Menu\(Default) = "{B6122A50-EAB5-11D3-9E7F-EBF4F0595714}"
-> {HKLM...CLSID} = "Tauscan Menu"
\InProcServer32\(Default) = "C:\Documents and Settings\dominik\Dokumenty\Software\Tauscan 1.7\Taumenu.dll" ["Agnitum Ltd."]
VirusScan\(Default) = "{cda2863e-2497-4c49-9b89-06840e070a87}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Network Associates\VirusScan\shext.dll" ["Network Associates, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHa ndlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Documents and Settings\dominik\Dokumenty\Software\Stegnos Internet Security 2007\shellex.dll" ["Steganos GmbH"]
Tauscan Menu\(Default) = "{B6122A50-EAB5-11D3-9E7F-EBF4F0595714}"
-> {HKLM...CLSID} = "Tauscan Menu"
\InProcServer32\(Default) = "C:\Documents and Settings\dominik\Dokumenty\Software\Tauscan 1.7\Taumenu.dll" ["Agnitum Ltd."]
VirusScan\(Default) = "{cda2863e-2497-4c49-9b89-06840e070a87}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Network Associates\VirusScan\shext.dll" ["Network Associates, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
WipeExt\(Default) = "{721A1B24-EC8B-4eda-9CCE-39720B9FA747}"
-> {HKLM...CLSID} = "WipeExt"
\InProcServer32\(Default) = "C:\Documents and Settings\dominik\Dokumenty\Software\Ace Utilities\wipext.dll" [null data]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\

"NoLowDiskSpaceChecks" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"ClearRecentDocsOnExit" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"NoAddPrinter" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"NoDeletePrinter" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"NoInternetIcon" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"NoNetHood" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"NoDesktopCleanupWizard" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"LinkResolveIgnoreLinkInfo" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoRecentDocsNetHood" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"NoViewOnDrive" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoLogoff" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|System|Logon/Logoff|
Disable Logoff}

"NoActiveDesktop" = (REG_DWORD) hex:0x00000001
{User Configuration|Administrative Templates|Desktop|Desktop / Active Desktop|
Disable Active Desktop}

"NoActiveDesktopChanges" = (REG_DWORD) hex:0x00000001
{User Configuration|Administrative Templates|Desktop|Desktop / Active Desktop|
Prohibit changes}

HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\

"NoMSAppLogo5ChannelNotify" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"NoWelcomeScreen" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"LinkResolveIgnoreLinkInfo" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoResolveSearch" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System\

"NoDisplayLastUserName" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\

"NoUpdateCheck" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"NoSplash" = (REG_DWORD) hex:0x00000001
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Loca l Settings\Data aplikací\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\dominik\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "C:\WINDOWS\system32\pnrpnsp.dll" [MS]
000000000005\LibraryPath = "C:\WINDOWS\system32\pnrpnsp.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 39
%SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{F2CF5485-4E02-4F68-819C-B92DE9277049}"
-> {HKLM...CLSID} = "&Links"
\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Zdroje informací"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.5.0_09"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_09"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll" ["Sun Microsystems, Inc."]


Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Missing lines (compared with English-language version):
[Strings]: 1 line

HKLM\Software\Microsoft\Internet Explorer\AboutURLs\
<<H>> "TuneUp" = "file://C|/Documents and Settings/All Users/Data aplikací/TuneUp Software/Common/base.css" [file not found]
<<H>> "NoAdd-ons" = "res://ieframe.dll/noaddon.htm" [MS]
<<H>> "NoAdd-onsInfo" = "res://ieframe.dll/noaddoninfo.htm" [MS]
<<H>> "SecurityRisk" = "res://ieframe.dll/securityatrisk.htm" [MS]
<<H>> "Tabs" = "res://ieframe.dll/tabswelcome.htm" [MS]


All Non-Disabled Services (Display Name, Service Name, Path {Service DLL}):
---------------------------------------------------------------------------

.NET Runtime Optimization Service v2.0.50727_X86, clr_optimization_v2.0.50727_32, "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msc orsvw.exe" [MS]
Adaptér výkonu služby WMI, WmiApSrv, "C:\WINDOWS\System32\wbem\wmiapsrv.exe" [MS]
Altiris Client Service, AClient, "C:\Program Files\Altiris\AClient\AClient.exe -service" ["Altiris, Inc."]
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]
cpqdmi, cpqdmi, "C:\PROGRA~1\Compaq\COMPAQ~2\cpqdmi.exe" ["Compaq Computer Corporation"]
Hibernation, Hibernation, "C:\PROGRA~1\Compaq\COMPAQ~1\hibserv.exe" [empty string]
Insight Local Alerter, CPQALERT, "C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe" ["Hewlett-Packard Company"]
Jednoduché služby TCP/IP, SimpTcp, "C:\WINDOWS\system32\tcpsvcs.exe" [MS]
Kerio Personal Firewall 4, KPF4, ""C:\Program Files\Personal Firewall 4\kpf4ss.exe"" ["Kerio Technologies"]
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
MAIF, MAIF, "C:\DOCUME~1\dominik\LOCALS~1\Temp\MAIF.exe" [file not found]
McAfee Framework Service, McAfeeFramework, ""C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart" ["Network Associates, Inc."]
Naslouchání RIP, Iprip, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\iprip.dll" [MS]}
Network Associates McShield, McShield, ""C:\Program Files\Network Associates\VirusScan\Mcshield.exe"" ["Network Associates, Inc."]
Network Associates Task Manager, McTaskManager, ""C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe"" ["Network Associates, Inc."]
Office Source Engine, ose, ""C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"" [MS]
Ověřování v síti skupiny rovnocenných počítačů, p2pgasvc, "C:\WINDOWS\system32\svchost.exe -k p2psvc" {"C:\WINDOWS\system32\p2pgasvc.dll" [MS]}
Podpora programu Windows Media Connect (WMC), WmcCdsLs, "C:\Program Files\Windows Media Connect\mswmcls.exe" [MS]
Pomocná služba protokolu IPv6, 6to4, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\6to4svc.dll" [MS]}
Protokol PNRP, PNRPSvc, "C:\WINDOWS\system32\svchost.exe -k p2psvc" {"C:\WINDOWS\system32\p2psvc.dll" [MS]}
Remote Diagnostics Enabling Agent, DfwWebAgent, "C:\WINDOWS\Cpqdiag\Cpqdfwag.exe" ["Hewlett-Packard"]
Remote Packet Capture Protocol v.0 (experimental), rpcapd, (null value) [file not found]
Služba HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]}
Služba pro síťová ustanovení, xmlprov, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\xmlprov.dll" [MS]}
Služba správy pro Správce logických disků, dmadmin, "C:\WINDOWS\System32\dmadmin.exe /com" ["Microsoft Corp., Veritas Software"]
Správce identit sítě rovnocenných počítačů, p2pimsvc, "C:\WINDOWS\system32\svchost.exe -k p2psvc" {"C:\WINDOWS\system32\p2psvc.dll" [MS]}
Stavová služba ASP.NET, aspnet_state, "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\asp net_state.exe" [MS]
Steganos Internet Security 2007, AVP, ""C:\Documents and Settings\dominik\Dokumenty\Software\Stegnos Internet Security 2007\avp.exe" -r" ["Steganos GmbH"]
Síť rovnocenných počítačů, p2psvc, "C:\WINDOWS\system32\svchost.exe -k p2psvc" {"C:\WINDOWS\system32\p2psvc.dll" [MS]}
Tiskový server TCP/IP, LPDSVC, "C:\WINDOWS\system32\tcpsvcs.exe" [MS]
WEWATOGTN, WEWATOGTN, "C:\DOCUME~1\dominik\LOCALS~1\Temp\WEWATOGTN.e xe" [file not found]
Win32Sl, WIN32SL, "C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe" ["Intel"]
Windows CardSpace, idsvc, ""C:\WINDOWS\Microsoft.NET\Framework\v3.0\Wind ows Communication Foundation\infocard.exe"" [MS]
Windows Media Connect (WMC), WmcCds, "c:\program files\windows media connect\mswmccds.exe" [MS]
Windows Presentation Foundation Font Cache 3.0.0.0, FontCache3.0.0.0, "c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\Prese ntationFontCache.exe" [MS]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
Zachytávání pro službu SNMP, SNMPTRAP, "C:\WINDOWS\System32\snmptrap.exe" [MS]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monito rs\
HP Master Monitor\Driver = "HPBMMON.DLL" ["Hewlett-Packard"]
LPR Port\Driver = "lprmon.dll" [MS]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]


----------
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 26 seconds.
---------- (total run time: 123 seconds)


Spybot
Nenasel nic.

Tauscan
Nenasel nic.

McAfee
Nenasel nic.

Steganos Internet Security 2007
Nenasel nic.

[mISHA]

neskutecne neprehledny prispevek. zkousel jsi kontaktovat technickou podporu microsoftu?

EDIT: prvne bych vyhodil ten antivirus. a pak bych zkontroloval ramky.

nicmene si precti pravidla naseho fora a podle toho pak postupuj dal ( dobra rada ).

[steelman]

A co ti to vypisuje pri tom BSoD?