Preventivni kontrolu logu

Zpráva

Peky · #1 Příspěvek od **Peky** » 26 říj 2011 16:42

Dobry den, prosim o kontrolu logu viz. nize.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Radek at 2011-10-26 17:40:26
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 7 GB (17%) free of 39 GB
Total RAM: 511 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:40:37, on 26.10.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
C:\Software\Antivir\RSIT.exe
C:\Program Files\trend micro\Radek.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - (no file)
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [X-Lite 4] "C:\Program Files\CounterPath\X-Lite 4\X-Lite4.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - https://h50203.www5.hp.com/HPISWeb/Cust ... anager.CAB
O16 - DPF: {D27CDB6E-AE6D-11CE-96B8-444553540000} - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7540 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-07-02 1062184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll [2011-09-27 1050464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-22 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-10-22 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
{B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll [2011-09-27 1050464]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"=c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe [2002-10-23 86016]
"Smapp"=C:\Program Files\Analog Devices\SoundMAX\Smtray.exe [2002-06-26 90112]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2006-10-19 1183656]
"AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2006-10-19 1958800]
"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2006-10-17 87584]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-09-08 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
""= []
"SearchSettings"=C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe [2011-09-27 894304]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"X-Lite 4"=C:\Program Files\CounterPath\X-Lite 4\X-Lite4.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe"="C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe:*:Enabled:FreeCall"
"C:\Program Files\RealVNC\VNC4\winvnc4.exe"="C:\Program Files\RealVNC\VNC4\winvnc4.exe:*:Enabled:VNC Server Free Edition for Win32"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Attractel\Zoiper\Zoiper.exe"="C:\Program Files\Attractel\Zoiper\Zoiper.exe:*:Enabled:Zoiper"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Program Files\CounterPath\X-Lite 4\X-Lite4.exe"="C:\Program Files\CounterPath\X-Lite 4\X-Lite4.exe:*:Enabled:X-Lite 4"
"C:\Program Files\CounterPath\X-Lite\x-lite.exe"="C:\Program Files\CounterPath\X-Lite\x-lite.exe:*:Enabled:X-Lite"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"

======List of files/folders created in the last 1 months======

2020-04-24 22:39:12 ----A---- C:\WINDOWS\system32\msxml3a.dll
2020-04-22 22:28:13 ----A---- C:\WINDOWS\system32\MSVCR71.dll
2020-04-22 22:28:13 ----A---- C:\WINDOWS\system32\MSVCP71.dll
2020-04-22 22:28:13 ----A---- C:\WINDOWS\system32\MFC71.dll
2020-04-22 22:28:04 ----D---- C:\Program Files\Alwil Software
2011-10-26 17:40:26 ----D---- C:\rsit
2011-10-24 16:43:43 ----D---- C:\Documents and Settings\Radek\Data aplikací\Sun
2011-10-22 23:20:18 ----D---- C:\WINDOWS\Sun
2011-10-22 23:18:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sun
2011-10-22 23:18:06 ----D---- C:\Program Files\Common Files\Java
2011-10-22 23:17:34 ----A---- C:\WINDOWS\system32\javaws.exe
2011-10-22 23:17:34 ----A---- C:\WINDOWS\system32\javaw.exe
2011-10-22 23:17:34 ----A---- C:\WINDOWS\system32\java.exe
2011-10-22 23:17:34 ----A---- C:\WINDOWS\system32\deployJava1.dll
2011-10-22 23:17:05 ----D---- C:\Program Files\Java
2011-10-19 16:44:25 ----D---- C:\Documents and Settings\Radek\Data aplikací\Search Settings
2011-10-19 16:44:15 ----D---- C:\Program Files\pdfforge Toolbar
2011-10-19 16:44:15 ----D---- C:\Program Files\Common Files\Spigot
2011-10-19 16:44:15 ----D---- C:\Program Files\Application Updater
2011-10-19 16:43:09 ----D---- C:\Documents and Settings\Radek\Data aplikací\pdfforge
2011-10-19 16:43:04 ----A---- C:\WINDOWS\system32\pdfcmnnt.dll
2011-10-19 16:43:01 ----D---- C:\Program Files\PDFCreator
2011-10-19 16:43:01 ----A---- C:\WINDOWS\system32\MSMPIDE.DLL
2011-10-13 19:08:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2564958$
2011-10-13 18:57:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2567053$
2011-10-13 18:57:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2592799$

======List of files/folders modified in the last 1 months======

2020-04-24 22:39:24 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-10-26 17:40:30 ----D---- C:\Program Files\Trend Micro
2011-10-26 17:24:30 ----D---- C:\WINDOWS\Temp
2011-10-25 23:24:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-10-25 19:26:05 ----D---- C:\Documents and Settings\Radek\Data aplikací\ICQ
2011-10-24 21:58:35 ----D---- C:\Documents and Settings\Radek\Data aplikací\Happy Foto
2011-10-24 20:47:11 ----D---- C:\WINDOWS
2011-10-23 22:57:47 ----D---- C:\WINDOWS\Prefetch
2011-10-23 20:32:56 ----D---- C:\Program Files\AutoCAD LT 98
2011-10-22 23:18:09 ----SHD---- C:\WINDOWS\Installer
2011-10-22 23:18:06 ----D---- C:\Program Files\Common Files
2011-10-22 23:17:34 ----D---- C:\WINDOWS\system32
2011-10-22 23:17:05 ----RD---- C:\Program Files
2011-10-21 11:36:47 ----D---- C:\WINDOWS\system32\CatRoot2
2011-10-19 21:22:56 ----RD---- C:\Výkresy
2011-10-19 16:44:15 ----D---- C:\WINDOWS\WinSxS
2011-10-19 16:42:29 ----RD---- C:\Software
2011-10-15 21:30:51 ----HD---- C:\WINDOWS\inf
2011-10-13 22:57:50 ----D---- C:\WINDOWS\Microsoft.NET
2011-10-13 22:57:46 ----RSD---- C:\WINDOWS\assembly
2011-10-13 21:03:08 ----D---- C:\WINDOWS\Debug
2011-10-13 19:52:57 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-10-13 19:52:57 ----D---- C:\Program Files\Internet Explorer
2011-10-13 19:07:17 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-10-13 18:58:24 ----A---- C:\WINDOWS\system32\MRT.exe
2011-10-13 18:57:41 ----D---- C:\WINDOWS\system32\drivers
2011-10-13 18:57:28 ----HD---- C:\WINDOWS\$hf_mig$
2011-10-03 10:31:24 ----A---- C:\WINDOWS\system32\mshtml.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2008-04-30 39264]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 atinrvxx;ATI WDM Rage Theater Video; C:\WINDOWS\System32\DRIVERS\atinrvxx.sys [2004-08-04 105984]
R3 ATITUNEP;ATI WDM TV Tuner; C:\WINDOWS\System32\DRIVERS\atintuxx.sys [2004-08-04 78336]
R3 ativraxx;ATI WDM Rage Theater Audio; C:\WINDOWS\System32\DRIVERS\atinraxx.sys [2004-08-04 53760]
R3 ATIXSAudio;ATI WDM TV Audio Crossbar; C:\WINDOWS\System32\DRIVERS\atinxsxx.sys [2004-08-04 64512]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2002-09-25 140800]
R3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2001-08-17 40704]
R3 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINDOWS\System32\DRIVERS\atinmdxx.sys [2004-08-04 13824]
R3 TTDec;ATI WDM Teletext Decoder; C:\WINDOWS\System32\DRIVERS\ATINTTXX.sys [2004-08-04 13824]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-08-22 98752]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-08-23 549672]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2006-10-17 230944]
R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2011-09-27 745880]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-10-22 153376]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-07-15 45056]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-11-15 182768]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NetSvc;Intel NCS NetService; c:\Program Files\Intel\NCS\Sync\NetSvc.exe [2002-09-27 139264]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Dekuji

Peky

#2 Příspěvek od **vyosek** » 26 říj 2011 16:57

Zdravim a pekny vecer preji

Odinstalujte Search Settings a Application Updater

Doporucuji odinstalovat (pokud nepouzivate) toolbary (listy prohlizecu) v Přidat nebo odebrat programy

Stahnete OTL (viz muj podpis) a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Stari souboru zmente z 30 dnu na 7 dnu
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5 

*crack* /s
*keygen* /s
*loader* /s

Kliknete na tlacitko Prohledat
Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte

Peky · #3 Příspěvek od **Peky** » 26 říj 2011 22:10

mam problem s body

1) Odinstalujte Search Settings a Application Updater (jak to provedu ?

)
2) Doporucuji odinstalovat (pokud nepouzivate) toolbary (listy prohlizecu) v Přidat nebo odebrat programy (nevidim zadne toolbary

)

Extras.log
OTL Extras logfile created on: 26.10.2011 22:22:39 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

510,80 Mb Total Physical Memory | 263,69 Mb Available Physical Memory | 51,62% Memory free
1,22 Gb Paging File | 1,02 Gb Available in Paging File | 83,69% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38,29 Gb Total Space | 6,43 Gb Free Space | 16,80% Space Free | Partition Type: NTFS
Drive D: | 696,46 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: ZUZKA | User Name: Radek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\ICQ7.1\ICQ.exe" = C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1 -- (ICQ, LLC.)
"C:\Program Files\ICQ7.1\aolload.exe" = C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" = C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe:*:Enabled:FreeCall
"C:\Program Files\RealVNC\VNC4\winvnc4.exe" = C:\Program Files\RealVNC\VNC4\winvnc4.exe:*:Enabled:VNC Server Free Edition for Win32 -- (RealVNC Ltd.)
"C:\Program Files\ICQ6\ICQ.exe" = C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6
"C:\Program Files\Attractel\Zoiper\Zoiper.exe" = C:\Program Files\Attractel\Zoiper\Zoiper.exe:*:Enabled:Zoiper -- ()
"C:\Program Files\ICQ7.1\ICQ.exe" = C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1 -- (ICQ, LLC.)
"C:\Program Files\ICQ7.1\aolload.exe" = C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"C:\Program Files\CounterPath\X-Lite 4\X-Lite4.exe" = C:\Program Files\CounterPath\X-Lite 4\X-Lite4.exe:*:Enabled:X-Lite 4
"C:\Program Files\CounterPath\X-Lite\x-lite.exe" = C:\Program Files\CounterPath\X-Lite\x-lite.exe:*:Enabled:X-Lite -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{22CFB202-3D2D-44E2-BB7C-6F703B99919B}" = pdfforge Toolbar v4.7
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis True Image Home
"{439D9ABF-8D1B-4C09-A50D-C9794510D0E4}" = Samsung PC Studio 3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.2
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EF4EF65F-4D62-44D7-82C9-1AECCBA74C50}" = Intel(R) PROSet
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Balíček ovladače systému Windows - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Balíček ovladače systému Windows - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"All ATI Software" = ATI - Software Uninstall Utility
"Allway Sync_is1" = Allway Sync version 6.3.9
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner
"CDex" = CDex extraction audio
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.9.0 Full
"Lt98CzDeinstall" = České prostředí pro AutoCAD LT
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MWSnap 3" = MWSnap 3
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa 3" = Picasa 3
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"RealVNC_is1" = VNC Free Edition 4.1.2
"Rossmann Foto-Shop Client" = Rossmann Foto-Shop Client 4.2
"Rossmann Foto-Shop Software" = Rossmann Foto-Shop Software 4.9
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Totalcmd" = Total Commander (Remove or Repair)
"Winamp" = Winamp (remove only)
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archivátor
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"X-Lite 3.0_is1" = X-Lite 3.0
"Zoiper" = Zoiper
"Zoner Photo Studio 9_is1" = Zoner Photo Studio 9

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 21.5.2008 16:22:54 | Computer Name = ZUZKA | Source = Application Error | ID = 1000
Description = Chybující aplikace iexplore.exe, verze 7.0.6000.16640, chybující modul
explbar.dll, verze 7.6.0.2, adresa chyby 0x000020a6.

Error - 30.5.2008 7:14:10 | Computer Name = ZUZKA | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace Skype.exe, verze 3.2.0.175, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 5.6.2008 4:23:42 | Computer Name = ZUZKA | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace EXCEL.EXE, verze 11.0.5612.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 11.6.2008 15:46:03 | Computer Name = ZUZKA | Source = Application Error | ID = 1000
Description = Chybující aplikace icq.exe, verze 6.0.0.6059, chybující modul unknown,
verze 0.0.0.0, adresa chyby 0x0a496d01.

Error - 12.6.2008 18:15:15 | Computer Name = ZUZKA | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace iexplore.exe, verze 7.0.6000.16674, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 17.6.2008 4:36:16 | Computer Name = ZUZKA | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace iexplore.exe, verze 7.0.6000.16674, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 23.7.2008 15:59:55 | Computer Name = ZUZKA | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace Zps9.exe, verze 9.0.1.2, zablokovaný modul hungapp,
verze 0.0.0.0, adresa bloku 0x00000000.

Error - 23.7.2008 16:08:20 | Computer Name = ZUZKA | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace OUTLOOK.EXE, verze 11.0.5510.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 23.7.2008 16:09:52 | Computer Name = ZUZKA | Source = Microsoft Office 11 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Outlook.

Error - 4.8.2008 15:08:29 | Computer Name = ZUZKA | Source = Application Error | ID = 1000
Description = Chybující aplikace icq.exe, verze 6.0.0.6059, chybující modul unknown,
verze 0.0.0.0, adresa chyby 0x00000000.

[ System Events ]
Error - 22.4.2020 16:32:02 | Computer Name = ZUZKA | Source = Windows Update Agent | ID = 16
Description = Připojení se nezdařilo: Připojení ke službě automatických aktualizací
nelze navázat. Stažení a instalaci aktualizací podle tohoto plánu nelze spustit.
Pokus o navázání spojení bude opakován.

Error - 6.5.2008 13:36:45 | Computer Name = ZUZKA | Source = Distributed Link Tracking Client | ID = 12507
Description = ID svazku pro C: bylo znovu nastaveno, protože bylo duplikátem jiného
na F:. Toto ID svazku používá funkce Distributed Link Tracking k automatické opravě
odkazů na soubory, jako například zástupce prostředí a propojení OLE, když jsou
tyto odkazy z nějakého důvodu porušeny.

< End of report >

OTL.log
OTL logfile created on: 26.10.2011 22:22:39 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

510,80 Mb Total Physical Memory | 263,69 Mb Available Physical Memory | 51,62% Memory free
1,22 Gb Paging File | 1,02 Gb Available in Paging File | 83,69% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38,29 Gb Total Space | 6,43 Gb Free Space | 16,80% Space Free | Partition Type: NTFS
Drive D: | 696,46 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: ZUZKA | User Name: Radek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2011.10.26 22:20:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
PRC - [2011.09.27 21:34:02 | 000,894,304 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011.09.27 20:08:40 | 000,745,880 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.10.19 17:57:24 | 001,183,656 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2006.10.19 05:19:42 | 001,958,800 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2006.10.17 11:47:22 | 000,087,584 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2006.10.17 11:47:16 | 000,230,944 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2002.10.23 10:15:08 | 000,086,016 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
PRC - [2002.07.15 16:36:54 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2002.06.26 17:36:58 | 000,090,112 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

========== Modules (No Company Name) ==========

MOD - [2006.10.17 10:48:36 | 000,050,720 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Common\gc.dll
MOD - [2001.10.28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011.09.27 20:08:40 | 000,745,880 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2006.10.17 11:47:16 | 000,230,944 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2002.09.27 11:56:20 | 000,139,264 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- c:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2002.07.15 16:36:54 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))

========== Driver Services (SafeList) ==========

DRV - [2008.04.30 00:07:13 | 000,395,744 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008.04.30 00:07:13 | 000,039,264 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008.04.30 00:06:57 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2008.04.13 21:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007.05.02 11:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2007.05.02 11:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2007.05.02 11:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2006.05.03 18:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004.08.04 03:08:36 | 000,013,824 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atinmdxx.sys -- (MVDCODEC)
DRV - [2004.08.04 03:08:30 | 000,105,984 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atinrvxx.sys -- (atinrvxx)
DRV - [2004.08.04 03:08:08 | 000,064,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atinxsxx.sys -- (ATIXSAudio)
DRV - [2004.08.04 03:07:52 | 000,053,760 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atinraxx.sys -- (ativraxx)
DRV - [2004.08.04 03:07:12 | 000,013,824 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atinttxx.sys -- (TTDec)
DRV - [2004.08.04 03:06:38 | 000,078,336 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atintuxx.sys -- (ATITUNEP)
DRV - [2002.10.16 00:11:22 | 000,019,968 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2001.08.17 21:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-57989841-1659004503-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-57989841-1659004503-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-57989841-1659004503-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
IE - HKU\S-1-5-21-57989841-1659004503-682003330-1003\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-57989841-1659004503-682003330-1003\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-57989841-1659004503-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)

O1 HOSTS File: ([2001.10.25 16:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKU\S-1-5-21-57989841-1659004503-682003330-1003\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-21-57989841-1659004503-682003330-1003..\Run: [X-Lite 4] "C:\Program Files\CounterPath\X-Lite 4\X-Lite4.exe" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-57989841-1659004503-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/sh ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5.hp.com/HPISWeb/Cust ... anager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CE-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/f ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.33.5 192.168.33.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E30E5D94-C2BB-44AE-9EB5-A82D2EC47539}: DhcpNameServer = 192.168.33.5 192.168.33.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Dočasné soubory\Vanesinka zlaticko 1.bmp
O24 - Desktop BackupWallPaper: C:\Dočasné soubory\Vanesinka zlaticko 1.bmp
O30 - LSA: Authentication Packages - (relog_ap) -C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.04.21 17:36:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: MIDI1 - C:\WINDOWS\System32\Syncor11.dll (SoundMAX)
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2020.04.24 22:39:12 | 000,029,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll
[2020.04.22 22:28:13 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71.dll
[2020.04.22 22:28:04 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2011.10.26 22:20:17 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2011.10.26 17:41:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Radek\Recent
[2011.10.24 16:43:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Radek\Data aplikací\Sun
[2011.10.22 23:20:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2011.10.22 23:18:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Sun
[2011.10.22 23:18:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.10.22 23:17:34 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011.10.22 23:17:34 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011.10.22 23:17:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011.10.22 23:17:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011.10.22 23:17:34 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011.10.22 23:17:05 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2020.04.24 22:38:43 | 000,029,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll
[2011.10.26 22:25:23 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011.10.26 22:20:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2011.10.26 22:15:33 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.10.26 22:15:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.10.24 21:58:32 | 000,000,806 | ---- | M] () -- C:\Documents and Settings\Radek\Plocha\Happy Foto.lnk
[2011.10.24 21:47:24 | 000,000,078 | ---- | M] () -- C:\Documents and Settings\Radek\dirstate.xml
[2011.10.22 23:17:11 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011.10.22 23:17:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011.10.22 23:17:11 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011.10.22 23:17:11 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011.10.22 23:17:11 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.10.26 22:25:23 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011.10.24 21:58:32 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\Radek\Nabídka Start\Programy\Happy Foto.lnk
[2011.10.24 21:58:32 | 000,000,806 | ---- | C] () -- C:\Documents and Settings\Radek\Plocha\Happy Foto.lnk
[2011.10.24 21:47:24 | 000,000,078 | ---- | C] () -- C:\Documents and Settings\Radek\dirstate.xml
[2011.10.19 16:43:04 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011.03.03 19:50:57 | 000,920,864 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2010.08.25 23:45:55 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\LauncherAccess.dt
[2010.08.25 23:43:50 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010.01.31 23:14:03 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2008.11.28 18:38:31 | 000,000,245 | ---- | C] () -- C:\WINDOWS\3DHOME.INI
[2008.05.19 21:56:44 | 000,000,044 | ---- | C] () -- C:\WINDOWS\SMWizard.INI
[2008.04.29 17:50:36 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008.04.29 17:50:32 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008.04.29 17:50:32 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008.04.29 17:50:31 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.04.29 17:50:29 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.04.24 18:06:42 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2008.04.22 22:06:06 | 000,302,080 | ---- | C] () -- C:\WINDOWS\unin0405.exe
[2008.04.22 21:59:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MTSTACK.INI
[2008.04.22 21:59:49 | 000,042,496 | ---- | C] () -- C:\WINDOWS\System32\MTSTACK.EXE
[2008.04.22 21:29:05 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2008.04.22 00:02:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2008.04.21 22:02:50 | 000,000,407 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2008.04.21 19:50:52 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\Radek\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.04.21 19:46:54 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.04.21 19:40:58 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2008.04.21 19:38:11 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2008.04.21 19:25:28 | 000,004,265 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.04.21 19:24:18 | 000,270,984 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008.04.21 18:31:43 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2008.04.21 18:31:43 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2008.04.21 18:31:43 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2008.04.21 18:31:43 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2008.04.21 18:31:43 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2008.04.21 18:10:31 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008.04.21 17:39:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008.04.21 17:33:29 | 000,021,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.01.14 18:47:06 | 000,099,712 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2006.04.28 22:05:14 | 000,127,614 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005.08.26 16:28:34 | 000,143,360 | ---- | C] () -- C:\WINDOWS\unzip.exe
[2005.08.26 16:28:20 | 000,024,576 | ---- | C] () -- C:\WINDOWS\shortcut.exe
[2005.08.26 16:27:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\devenum.exe
[2004.08.02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003.04.09 15:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.10.07 18:15:36 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2002.09.20 20:19:36 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001.10.25 16:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001.10.25 16:00:00 | 000,435,818 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001.10.25 16:00:00 | 000,432,694 | ---- | C] () -- C:\WINDOWS\System32\perfh005.dat
[2001.10.25 16:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001.10.25 16:00:00 | 000,269,162 | ---- | C] () -- C:\WINDOWS\System32\perfi005.dat
[2001.10.25 16:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001.10.25 16:00:00 | 000,079,642 | ---- | C] () -- C:\WINDOWS\System32\perfc005.dat
[2001.10.25 16:00:00 | 000,068,714 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001.10.25 16:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001.10.25 16:00:00 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\perfd005.dat
[2001.10.25 16:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001.10.25 16:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001.10.11 13:30:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.10.11 13:30:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== LOP Check ==========

[2008.04.30 21:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Acronis
[2010.04.05 22:47:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2008.04.21 21:03:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Sync App Settings
[2009.12.04 17:06:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Data aplikací\FreeCall
[2011.10.24 21:58:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Data aplikací\Happy Foto
[2011.10.25 19:26:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Data aplikací\ICQ
[2008.04.21 21:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Data aplikací\ICQ Toolbar
[2011.10.19 16:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Data aplikací\pdfforge
[2011.10.19 16:44:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Data aplikací\Search Settings
[2008.04.21 21:04:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Data aplikací\Sync App Settings
[2008.04.30 21:46:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Data aplikací\Zoner
[2009.12.18 21:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzka\Data aplikací\FreeCall
[2011.10.23 22:50:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzka\Data aplikací\Happy Foto
[2011.09.22 22:29:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzka\Data aplikací\ICQ
[2008.04.21 23:37:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzka\Data aplikací\ICQ Toolbar
[2011.10.20 11:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzka\Data aplikací\pdfforge
[2010.08.25 23:47:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzka\Data aplikací\Samsung
[2011.10.20 11:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzka\Data aplikací\Search Settings
[2008.04.21 23:41:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zuzka\Data aplikací\Zoner

========== Purity Check ==========

========== Custom Scans ==========

< >

< >

< MD5 for: AGP440.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.09.04 17:54:32 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008.09.04 17:54:32 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2002.09.20 20:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.09.04 17:54:32 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008.09.04 17:54:32 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.04.14 05:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008.04.14 05:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe
[2004.08.17 15:49:22 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe

< MD5 for: CDROM.SYS >
[2002.09.20 20:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:cdrom.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.09.04 17:54:32 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:cdrom.sys
[2008.09.04 17:54:32 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2009.12.22 20:39:20 | 000,062,592 | ---- | M] (Microsoft Corporation) MD5=7B53584D94E9D8716B2DE91D5F1CB42D -- C:\WINDOWS\system32\dllcache\cdrom.sys
[2004.08.03 22:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2004.08.17 15:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2004.08.17 15:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007.06.13 15:11:59 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=9B32416BD5988C97B6397CE0B02CAF97 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007.06.13 15:23:39 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=ED7B460B142A32097B8A8F6ECC941815 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: HAL.DLL >
[2002.09.20 20:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:hal.dll
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.09.04 17:54:32 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:hal.dll
[2008.09.04 17:54:32 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2008.04.13 20:31:28 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=6F61D3287A6A15A08A9433222C09D17F -- C:\WINDOWS\system32\HAL.DLL
[2004.08.03 22:59:10 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll

< MD5 for: CHANGER.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008.09.04 17:54:32 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:Changer.sys
[2008.09.04 17:54:32 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys
[2004.08.03 23:00:14 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=DAF1A8193B6CAF0FB858CADCC5C4AF4A -- C:\WINDOWS\$NtServicePackUninstall$\changer.sys

< MD5 for: ISAPNP.SYS >
[2008.09.04 17:54:32 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.09.04 17:54:32 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2001.10.25 16:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
[2001.10.25 16:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\isapnp.sys
[2001.10.25 16:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2004.08.17 15:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2004.08.17 15:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004.08.17 15:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.17 15:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2004.08.17 15:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2007.10.30 18:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2007.10.30 19:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004.08.03 23:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2004.08.17 15:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2004.08.17 15:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< >

< %systemroot%*.* /U /s >
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[14 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >
[2011.10.26 22:20:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\OTL.exe

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2008.05.19 22:55:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Data aplikací\Adobe
[2008.04.24 22:43:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Data aplikací\CyberLink
[2009.12.04 17:06:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Data aplikací\FreeCall
[2011.10.24 21:58:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Data aplikací\Happy Foto
[2008.04.21 22:49:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Data aplikací\Help
[2011.10.25 19:26:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Data aplikací\ICQ
[2008.04.21 21:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Data aplikací\ICQ Toolbar
[2008.04.21 17:42:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Data aplikací\Identities
[2008.04.21 21:15:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Data aplikací\Macromedia
[2008.04.29 23:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Data aplikací\Media Player Classic
[2009.12.21 21:12:02 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Radek\Data aplikací\Microsoft
[2008.04.21 21:15:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Data aplikací\Mozilla
[2011.10.19 16:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Data aplikací\pdfforge
[2011.10.19 16:44:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Data aplikací\Search Settings
[2009.06.25 20:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Data aplikací\Skype
[2008.04.24 18:09:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Data aplikací\Sony Corporation
[2011.10.24 16:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Data aplikací\Sun
[2008.04.21 21:04:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Data aplikací\Sync App Settings
[2008.04.30 21:46:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Data aplikací\Zoner

< %APPDATA%\*.exe /s >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008.04.21 19:23:19 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008.04.21 19:23:19 | 000,630,784 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008.04.21 19:23:19 | 000,397,312 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2020.04.24 22:38:43 | 000,029,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msxml3a.dll
[2011.10.26 22:15:33 | 000,013,646 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >
[2011.10.26 22:20:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\OTL.exe

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 05:22:17 | 000,015,360 | ---- | M] (Microsoft Corporation)
"MSMSGS" = "C:\Program Files\Messenger\msmsgs.exe" /background -- [2008.04.14 05:22:36 | 001,695,232 | ---- | M] (Microsoft Corporation)
"X-Lite 4" = "C:\Program Files\CounterPath\X-Lite 4\X-Lite4.exe"

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemRoot%\System32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs

< >

< type c:\boot.ini >> test.txt /c >
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2011.10.26 22:25:23 | 000,000,512 | ---- | M] () MD5=1ADB5D222E85EAA06D9A2FCBF4F6F7DD -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2005.07.22 23:29:38 | 000,014,226 | ---- | M] () -- \Software\Vypalování\Clone CD\CloneCD_5.2.6.1_crack_pifoman\Crack.exe

< *keygen* /s >

< *loader* /s >
[2001.05.16 00:29:10 | 003,713,096 | ---- | M] () -- \Documents and Settings\All Users\Dokumenty\Hudba\Super Mega Hits\Super Mega Hits 44 OK\11 TOPLOADER - Dancing In The Moonlight.mp3
[2008.04.21 19:38:14 | 000,001,479 | ---- | M] () -- \Documents and Settings\All Users\Nabídka Start\Programy\SoundMAX\DLS Loader.lnk
[2011.10.26 22:47:20 | 000,002,023 | ---- | M] () -- \Documents and Settings\Radek\Local Settings\Temporary Internet Files\Content.IE5\1UF8BE1A\vbulletin_post_loader[1].js
[2011.10.26 22:24:27 | 000,002,199 | ---- | M] () -- \Documents and Settings\Radek\Local Settings\Temporary Internet Files\Content.IE5\5AYF39FC\preloader[1].swf
[2011.10.26 22:45:22 | 000,061,619 | ---- | M] () -- \Documents and Settings\Radek\Local Settings\Temporary Internet Files\Content.IE5\WJF4CO63\yuiloader-dom-event[1].js
[2011.10.26 23:01:53 | 000,061,619 | ---- | M] () -- \Documents and Settings\Radek\Local Settings\Temporary Internet Files\Content.IE5\WJF4CO63\yuiloader-dom-event[2].js
[2008.08.19 00:44:24 | 000,000,667 | ---- | M] () -- \Documents and Settings\Radek\Plocha\VDownloader.lnk
[2011.10.25 23:01:32 | 000,003,208 | ---- | M] () -- \Documents and Settings\Zuzka\Local Settings\Temporary Internet Files\Content.IE5\12G855WJ\ajax-loader[1].gif
[2011.08.26 20:19:01 | 000,002,652 | ---- | M] () -- \Documents and Settings\Zuzka\Local Settings\Temporary Internet Files\Content.IE5\12G855WJ\lib.cImagePreloader[1].js
[2011.10.06 10:31:40 | 000,027,789 | ---- | M] () -- \Documents and Settings\Zuzka\Local Settings\Temporary Internet Files\Content.IE5\3Z2WQYKA\VZP_promo_loader[1].swf
[2011.10.21 18:01:11 | 000,009,660 | ---- | M] () -- \Documents and Settings\Zuzka\Local Settings\Temporary Internet Files\Content.IE5\A2ZSNDNQ\ajax_loader[1].gif
[2011.08.01 23:52:28 | 000,001,924 | ---- | M] () -- \Documents and Settings\Zuzka\Local Settings\Temporary Internet Files\Content.IE5\A2ZSNDNQ\loader[1].gif
[2011.10.17 22:21:27 | 000,003,690 | ---- | M] () -- \Documents and Settings\Zuzka\Local Settings\Temporary Internet Files\Content.IE5\A2ZSNDNQ\overlayloader[1].swf
[2011.10.21 18:03:09 | 000,003,690 | ---- | M] () -- \Documents and Settings\Zuzka\Local Settings\Temporary Internet Files\Content.IE5\A2ZSNDNQ\overlayloader[2].swf
[2011.08.26 20:19:33 | 000,000,336 | ---- | M] () -- \Documents and Settings\Zuzka\Local Settings\Temporary Internet Files\Content.IE5\C1XSVWTY\10826-1-loader[1].js
[2011.10.17 22:18:51 | 000,003,690 | ---- | M] () -- \Documents and Settings\Zuzka\Local Settings\Temporary Internet Files\Content.IE5\DBGDSH9P\overlayloader[1].swf
[2011.10.09 19:34:23 | 000,004,178 | ---- | M] () -- \Documents and Settings\Zuzka\Local Settings\Temporary Internet Files\Content.IE5\DQV0GJE1\ajax-loader[1].gif
[2010.02.03 23:01:51 | 000,001,188 | ---- | M] () -- \Documents and Settings\Zuzka\Local Settings\Temporary Internet Files\Content.IE5\H9TBRM0D\LinePreloader[1].swf
[2010.02.16 21:00:17 | 000,000,405 | ---- | M] () -- \Documents and Settings\Zuzka\Local Settings\Temporary Internet Files\Content.IE5\H9TBRM0D\startupLoginLoader[1].htm
[2010.02.21 23:46:03 | 000,000,405 | ---- | M] () -- \Documents and Settings\Zuzka\Local Settings\Temporary Internet Files\Content.IE5\H9TBRM0D\startupLoginLoader[2].htm
[2010.03.01 21:13:00 | 000,000,405 | ---- | M] () -- \Documents and Settings\Zuzka\Local Settings\Temporary Internet Files\Content.IE5\IY0GR776\startupLoginLoader[1].htm
[2011.10.17 18:56:20 | 000,001,277 | ---- | M] () -- \Documents and Settings\Zuzka\Local Settings\Temporary Internet Files\Content.IE5\LADTDS8L\LinePreloader[1].swf
[2011.10.25 23:01:32 | 000,003,208 | ---- | M] () -- \Documents and Settings\Zuzka\Local Settings\Temporary Internet Files\Content.IE5\ME68QWOJ\ajax-loader-white[1].gif
[2011.10.23 21:54:28 | 000,003,208 | ---- | M] () -- \Documents and Settings\Zuzka\Local Settings\Temporary Internet Files\Content.IE5\MO0U4Y80\ajax-loader[1].gif
[2011.10.24 21:35:56 | 000,001,011 | ---- | M] () -- \Documents and Settings\Zuzka\Local Settings\Temporary Internet Files\Content.IE5\MO0U4Y80\tabs_slides_def_loader[1].js
[2010.02.24 13:07:07 | 000,003,479 | ---- | M] () -- \Documents and Settings\Zuzka\Local Settings\Temporary Internet Files\Content.IE5\N4O0FDC0\preloader04[1].swf
[2010.02.13 00:42:08 | 000,001,434 | ---- | M] () -- \Documents and Settings\Zuzka\Local Settings\Temporary Internet Files\Content.IE5\NYNL33OB\blockLoader2[1].js
[2010.02.13 00:42:08 | 000,001,494 | ---- | M] () -- \Documents and Settings\Zuzka\Local Settings\Temporary Internet Files\Content.IE5\NYNL33OB\blockLoader[1].js
[2010.10.25 23:53:15 | 000,003,208 | ---- | M] () -- \Documents and Settings\Zuzka\Local Settings\Temporary Internet Files\Content.IE5\PDMK4WSG\ajax-loader[2].gif
[2011.10.24 21:10:15 | 000,000,673 | ---- | M] () -- \Documents and Settings\Zuzka\Local Settings\Temporary Internet Files\Content.IE5\PDMK4WSG\loader.white[1].gif
[2010.01.16 22:54:40 | 000,000,160 | ---- | M] () -- \Documents and Settings\Zuzka\Local Settings\Temporary Internet Files\Content.IE5\QM62ZITS\loaderxml[1].swf
[2010.02.16 20:43:08 | 000,000,405 | ---- | M] () -- \Documents and Settings\Zuzka\Local Settings\Temporary Internet Files\Content.IE5\QX861956\startupLoginLoader[1].htm
[2011.10.17 22:28:28 | 000,003,690 | ---- | M] () -- \Documents and Settings\Zuzka\Local Settings\Temporary Internet Files\Content.IE5\R95LQCXT\overlayloader[1].swf
[2010.02.13 00:11:50 | 000,004,178 | ---- | M] () -- \Documents and Settings\Zuzka\Local Settings\Temporary Internet Files\Content.IE5\TO6TJTUH\ajax-loader[1].gif
[2010.02.20 10:05:54 | 000,000,723 | ---- | M] () -- \Documents and Settings\Zuzka\Local Settings\Temporary Internet Files\Content.IE5\TO6TJTUH\ajax-loader[2].gif
[2010.02.24 13:51:20 | 000,004,178 | ---- | M] () -- \Documents and Settings\Zuzka\Local Settings\Temporary Internet Files\Content.IE5\VR3BSVU5\ajax-loader[1].gif
[2010.02.23 21:23:16 | 000,000,405 | ---- | M] () -- \Documents and Settings\Zuzka\Local Settings\Temporary Internet Files\Content.IE5\VR3BSVU5\startupLoginLoader[1].htm
[2010.01.29 00:08:15 | 000,001,284 | ---- | M] () -- \Documents and Settings\Zuzka\Local Settings\Temporary Internet Files\Content.IE5\WYLM9YUZ\loader[1].gif
[2011.10.23 21:54:43 | 000,003,208 | ---- | M] () -- \Documents and Settings\Zuzka\Local Settings\Temporary Internet Files\Content.IE5\XM1HK12G\ajax-loader-white[1].gif
[2010.02.13 00:44:09 | 000,002,545 | ---- | M] () -- \Documents and Settings\Zuzka\Local Settings\Temporary Internet Files\Content.IE5\Z9D22GDV\loader[1].gif
[2010.02.25 23:54:11 | 000,015,304 | ---- | M] () -- \Documents and Settings\Zuzka\Local Settings\Temporary Internet Files\Content.IE5\ZONI02UV\gloader.0.1.2[1].js
[2002.07.24 14:07:02 | 000,106,496 | ---- | M] () -- \Program Files\Analog Devices\SoundMAX\DLSLoader.exe
[2010.04.05 22:46:09 | 000,005,795 | ---- | M] () -- \Program Files\ICQ7.1\imApp\theme\IMAGES\XtraPreloader\loader.jpg
[2010.04.05 22:46:08 | 000,005,520 | ---- | M] () -- \Program Files\ICQ7.1\imApp\theme\IMAGES\XtraPreloader\loader.swf
[2010.04.05 22:46:09 | 000,004,180 | ---- | M] () -- \Program Files\ICQ7.1\imApp\theme\IMAGES\XtraPreloader\zlango-preloader.png
[2010.04.05 22:46:08 | 000,005,520 | ---- | M] () -- \Program Files\ICQ7.1\imApp\theme\MUICoreLib\xtraLoader.swf
[2011.03.19 12:18:00 | 000,000,402 | ---- | M] () -- \Program Files\ICQ7.1\Xtraz\icq\content\icq_profile\preloader.html
[2011.01.20 20:19:49 | 000,000,402 | ---- | M] () -- \Program Files\ICQ7.1\Xtraz\icq\content\profile_forms\preloader.html
[2011.01.20 20:19:49 | 000,000,402 | ---- | M] () -- \Program Files\ICQ7.1\Xtraz\icq\content\profile_lightboxs\preloader.html
[2010.04.05 22:47:53 | 000,552,798 | ---- | M] () -- \Program Files\ICQ7.1\Xtraz\icq\theme\game_center\loaderBkg.png
[2007.04.03 11:05:20 | 000,018,944 | ---- | M] () -- \Program Files\Samsung\Samsung PC Studio 3\CMLoader.dll
[2008.08.03 11:11:12 | 002,083,080 | ---- | M] () -- \Software\Vdownloader\VDownloader.exe
[2004.08.17 15:49:06 | 000,035,840 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\dmloader.dll
[2004.08.03 22:59:38 | 000,230,400 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\osloader.exe
[2004.08.03 22:59:38 | 000,278,016 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\osloader.ntd
[2008.04.14 05:21:39 | 000,035,840 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\dmloader.dll
[2008.04.13 20:31:47 | 000,230,912 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.exe
[2008.04.13 20:31:48 | 000,278,528 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.ntd
[2008.04.14 05:21:39 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dmloader.dll
[1996.10.15 09:53:16 | 000,078,848 | ---- | M] () -- \WINDOWS\system32\INLOADER.DLL
[2 \WINDOWS\system32\*.tmp files -> \WINDOWS\system32\*.tmp -> ]
[2008.03.19 18:29:58 | 000,009,622 | ---- | M] () -- \WINDOWS\system32\Adobe\Shockwave 11\shockwave_Projector_Loader.dcr

< End of report >

#4 Příspěvek od **vyosek** » 27 říj 2011 06:41

Dela se to pres Přidat nebo odebrat programy v Ovladacich panelech

Spustte znovu OTL

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

:otl
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011.09.27 20:08:40 | 000,745,880 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
IE - HKU\S-1-5-21-57989841-1659004503-682003330-1003\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-57989841-1659004503-682003330-1003\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKU\S-1-5-21-57989841-1659004503-682003330-1003\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O16 - DPF: {D27CDB6E-AE6D-11CE-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[14 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[2008.04.21 21:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Data aplikací\ICQ Toolbar

:srvices
gusvc

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
""=-
"SunJavaUpdateSched"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=-

:files
C:\Program Files\pdfforge Toolbar
C:\Program Files\Common Files\Spigot
C:\Program Files\Application Updater
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]

Nasledne kliknete na Opravit
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Peky · #5 Příspěvek od **Peky** » 27 říj 2011 13:47

Dobry den,
ano to vim jen to nikde nevidim.

All processes killed
========== OTL ==========
Service HidServ stopped successfully!
Service HidServ deleted successfully!
Service Application Updater stopped successfully!
Service Application Updater deleted successfully!
C:\Program Files\Application Updater\ApplicationUpdater.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-57989841-1659004503-682003330-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-57989841-1659004503-682003330-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
C:\Program Files\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll not found.
Registry value HKEY_USERS\S-1-5-21-57989841-1659004503-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe moved successfully.
Starting removal of ActiveX control {D27CDB6E-AE6D-11CE-96B8-444553540000}
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\swflash.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CE-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CE-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CE-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CE-96B8-444553540000}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
C:\WINDOWS\002191_.tmp deleted successfully.
C:\WINDOWS\005513_.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SETA.tmp deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP110.tmp\System.DirectoryServices.dll deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP110.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP115.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP12F.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP14C.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP150.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1A8.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1BF.tmp\System.dll deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1BF.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1DC.tmp\System.dll deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1DC.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2A1.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPBC.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF5.tmp folder deleted successfully.
C:\WINDOWS\system32\CONFIG.TMP deleted successfully.
C:\WINDOWS\system32\SETA0.tmp deleted successfully.
C:\Documents and Settings\Radek\Data aplikací\ICQ Toolbar folder moved successfully.
Error: Unable to interpret <:srvices> in the current context!
Error: Unable to interpret <gusvc> in the current context!
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MSMSGS deleted successfully.
========== FILES ==========
C:\Program Files\pdfforge Toolbar\Res\Lang folder moved successfully.
C:\Program Files\pdfforge Toolbar\Res folder moved successfully.
C:\Program Files\pdfforge Toolbar\IE\4.7 folder moved successfully.
C:\Program Files\pdfforge Toolbar\IE folder moved successfully.
C:\Program Files\pdfforge Toolbar folder moved successfully.
C:\Program Files\Common Files\Spigot\Search Settings\Res folder moved successfully.
C:\Program Files\Common Files\Spigot\Search Settings\Lang folder moved successfully.
C:\Program Files\Common Files\Spigot\Search Settings folder moved successfully.
C:\Program Files\Common Files\Spigot folder moved successfully.
C:\Program Files\Application Updater folder moved successfully.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes

User: Radek
->Temp folder emptied: 13027407 bytes
->Temporary Internet Files folder emptied: 10024609 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 852 bytes

User: Zuzka
->Temp folder emptied: 1196227040 bytes
->Temporary Internet Files folder emptied: 1271729236 bytes
->Java cache emptied: 5888934 bytes
->Flash cache emptied: 35292 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 142958866 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2 518,00 mb

[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Radek
->Flash cache emptied: 0 bytes

User: Zuzka
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 10272011_143346

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Radek\Local Settings\Temp\~DF1787.tmp not found!
File\Folder C:\Documents and Settings\Radek\Local Settings\Temporary Internet Files\Content.IE5\UFB62IT1\posting[1].htm not found!
File\Folder C:\Documents and Settings\Radek\Local Settings\Temporary Internet Files\Content.IE5\7R4HWA7T\afr[1].htm not found!
C:\Documents and Settings\Radek\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

Peky

#6 Příspěvek od **vyosek** » 27 říj 2011 14:56

Ja je odpalil rucne ve skriptu

jak se chova PC nyni

Peky · #7 Příspěvek od **Peky** » 27 říj 2011 15:35

ok, diky. Rekl bch, ze je to v poradku. Pravdou je, ze pred tim sem nic zvlastniho tez nepozoroval jen nesly odeslat fotky do Happy fota. Co to bylo za xindl ?

Diky Peky

#8 Příspěvek od **vyosek** » 27 říj 2011 18:19

Byl tam nejaky adware - jeden z typu haveti

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis)
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

VIRY.CZ

Preventivni kontrolu logu

Preventivni kontrolu logu

Re: Preventivni kontrolu logu

Re: Preventivni kontrolu logu

Re: Preventivni kontrolu logu

Re: Preventivni kontrolu logu

Re: Preventivni kontrolu logu

Re: Preventivni kontrolu logu

Re: Preventivni kontrolu logu