Preventivka - zpomaleny pocitac

[Márty84]

OK

[Jindrolim]

Okna se sice zaviraji porad "po kouskach", ale spousteni a chod programu je mnohem rychlejsi.
Takze diky za pomoc a hezke Vanoce

[Márty84]

Tak jeste neutikejte, udelame hlubsi kontrolu.


Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne
Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe , ulozte na plochu a spustte.
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).

[Jindrolim]

OTL.txt:

OTL logfile created on: 24.12.2012 9:50:41 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Helena Polášková\Plocha\viry.cz
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

895,23 Mb Total Physical Memory | 542,50 Mb Available Physical Memory | 60,60% Memory free
2,12 Gb Paging File | 1,46 Gb Available in Paging File | 68,79% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 102,88 Gb Free Space | 69,03% Space Free | Partition Type: NTFS

Computer Name: POLASKOVA | User Name: Helena Polášková | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.12.24 09:48:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Helena Polášková\Plocha\viry.cz\OTL.exe
PRC - [2012.11.28 04:43:18 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Helena Polášková\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.08.19 21:58:01 | 000,140,736 | ---- | M] () -- C:\Program Files\Aladdin\Aladdin SQL Server\AladdinSQL.exe
PRC - [2011.10.10 12:55:04 | 000,085,344 | ---- | M] (Software602 a.s.) -- C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
PRC - [2011.10.04 10:28:14 | 000,220,992 | ---- | M] (Software602) -- C:\Program Files\Software602\Print2PDF\Print2PDF.exe
PRC - [2009.07.24 21:55:03 | 000,606,720 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2008.04.17 10:11:10 | 029,178,224 | ---- | M] (Microsoft Corporation) -- c:\MSSQL2005Express\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2008.04.14 13:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.05.21 10:51:10 | 000,135,233 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
PRC - [2007.05.21 10:50:56 | 000,065,605 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
PRC - [2007.05.15 09:53:12 | 000,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
PRC - [2005.10.04 01:41:02 | 000,997,042 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
PRC - [2005.10.04 01:41:02 | 000,172,032 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2005.10.04 01:41:02 | 000,118,784 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe


========== Modules (No Company Name) ==========

MOD - [2012.12.24 05:21:10 | 002,041,344 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12122400\algo.dll
MOD - [2012.11.28 04:43:17 | 000,460,904 | ---- | M] () -- C:\Documents and Settings\Helena Polášková\Local Settings\Data aplikací\Google\Chrome\Application\23.0.1271.95\ppgooglenaclpluginchrome.dll
MOD - [2012.11.28 04:43:16 | 012,456,040 | ---- | M] () -- C:\Documents and Settings\Helena Polášková\Local Settings\Data aplikací\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll
MOD - [2012.11.28 04:43:15 | 004,008,040 | ---- | M] () -- C:\Documents and Settings\Helena Polášková\Local Settings\Data aplikací\Google\Chrome\Application\23.0.1271.95\pdf.dll
MOD - [2012.11.28 04:42:30 | 000,587,880 | ---- | M] () -- C:\Documents and Settings\Helena Polášková\Local Settings\Data aplikací\Google\Chrome\Application\23.0.1271.95\libglesv2.dll
MOD - [2012.11.28 04:42:29 | 000,124,520 | ---- | M] () -- C:\Documents and Settings\Helena Polášková\Local Settings\Data aplikací\Google\Chrome\Application\23.0.1271.95\libegl.dll
MOD - [2012.11.28 04:42:22 | 000,157,304 | ---- | M] () -- C:\Documents and Settings\Helena Polášková\Local Settings\Data aplikací\Google\Chrome\Application\23.0.1271.95\avutil-51.dll
MOD - [2012.11.28 04:42:21 | 002,168,952 | ---- | M] () -- C:\Documents and Settings\Helena Polášková\Local Settings\Data aplikací\Google\Chrome\Application\23.0.1271.95\avcodec-54.dll
MOD - [2012.11.28 04:42:21 | 000,275,576 | ---- | M] () -- C:\Documents and Settings\Helena Polášková\Local Settings\Data aplikací\Google\Chrome\Application\23.0.1271.95\avformat-54.dll
MOD - [2012.08.19 21:58:01 | 000,140,736 | ---- | M] () -- C:\Program Files\Aladdin\Aladdin SQL Server\AladdinSQL.exe
MOD - [2010.12.02 01:13:18 | 000,214,528 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\Software602.dll
MOD - [2008.04.14 13:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007.05.15 09:53:12 | 000,876,544 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\libeay32.dll
MOD - [2007.05.15 09:53:12 | 000,159,744 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\ssleay32.dll
MOD - [2007.05.15 09:53:12 | 000,024,691 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_auth.so


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.11.12 14:20:37 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.11 20:37:34 | 000,374,704 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.08.19 21:58:01 | 000,140,736 | ---- | M] () [Auto | Running] -- C:\Program Files\Aladdin\Aladdin SQL Server\AladdinSQL.exe -- (Aladdin SQL Server)
SRV - [2011.10.10 12:55:04 | 000,085,344 | ---- | M] (Software602 a.s.) [Auto | Running] -- C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe -- (602XML Updater)
SRV - [2009.07.24 21:55:03 | 000,606,720 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2008.04.17 10:11:10 | 029,178,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\MSSQL2005Express\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSOFT)
SRV - [2007.05.21 10:51:10 | 000,135,233 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2007.05.21 10:50:56 | 000,065,605 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2007.05.15 09:53:12 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -- (ForcewareWebInterface)
SRV - [2005.10.04 01:41:02 | 000,172,032 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\RaInfo.sys -- (LMIInfo)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012.12.23 21:27:40 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012.11.11 20:37:38 | 000,083,912 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.10.30 23:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012.10.30 23:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012.10.30 23:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009.07.24 21:55:03 | 000,141,312 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2008.10.30 14:08:24 | 000,247,008 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2008.10.30 14:08:24 | 000,030,080 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008.10.30 14:08:23 | 000,096,032 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2008.07.24 18:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008.02.26 09:01:44 | 004,737,024 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007.05.21 03:43:12 | 000,019,968 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007.05.21 03:43:08 | 000,046,080 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006.10.18 01:31:38 | 000,105,472 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2006.07.01 22:42:58 | 000,043,008 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004.08.11 17:00:00 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003.07.18 10:55:06 | 000,018,848 | ---- | M] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\MLPTDR_N.SYS -- (MLPTDR_N)
DRV - [2001.08.17 20:49:10 | 000,026,624 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irstusb.sys -- (STIrUsb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={ ... rer:source?}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://www.webhledani.cz/results.aspx?i ... earchTerms}


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1935655697-113007714-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\S-1-5-21-1935655697-113007714-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1935655697-113007714-725345543-1004\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1935655697-113007714-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1935655697-113007714-725345543-1004\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://www.webhledani.cz/results.aspx?i ... earchTerms}
IE - HKU\S-1-5-21-1935655697-113007714-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledAddons: {800b5000-a755-47e1-992b-48a1c1357f07}:1.5.3
FF - prefs.js..extensions.enabledAddons: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}:3.15.1.0
FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.5.0.11422
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.911
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.3.6
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.10.0.9560
FF - prefs.js..extensions.enabledItems: avg@toolbar:11.0.0.9
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_result ... r=1.5.3&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@software602.cz/602XML Filler: C:\Program Files\Software602\602XML\Filler\npfiller.dll (Software602 a.s.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Helena Polášková\Local Settings\Data aplikací\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Helena Polášková\Local Settings\Data aplikací\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.12.23 20:43:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.12 14:20:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.12 14:20:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2008.10.30 10:22:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Helena Polášková\Data aplikací\Mozilla\Extensions
[2012.10.23 18:23:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Helena Polášková\Data aplikací\Mozilla\Firefox\Profiles\ljs0f6qj.default\extensions
[2011.11.23 19:04:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Helena Polášková\Data aplikací\Mozilla\Firefox\Profiles\ljs0f6qj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.07.26 12:58:16 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Documents and Settings\Helena Polášková\Data aplikací\Mozilla\Firefox\Profiles\ljs0f6qj.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.09.04 07:31:36 | 000,000,000 | ---D | M] (BS Player Community Toolbar) -- C:\Documents and Settings\Helena Polášková\Data aplikací\Mozilla\Firefox\Profiles\ljs0f6qj.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
[2010.12.31 15:13:47 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\Helena Polášková\Data aplikací\Mozilla\Firefox\Profiles\ljs0f6qj.default\searchplugins\icqplugin.xml
[2012.11.12 14:20:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.11.12 14:20:27 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.12.13 20:13:49 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\HELENA POLášKOVá\DATA APLIKACí\MOZILLA\FIREFOX\PROFILES\LJS0F6QJ.DEFAULT\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\HELENA POLášKOVá\DATA APLIKACí\MOZILLA\FIREFOX\PROFILES\LJS0F6QJ.DEFAULT\EXTENSIONS\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
[2012.11.12 14:20:39 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.27 21:43:40 | 000,002,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2012.06.27 21:43:40 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2011.09.25 09:40:45 | 000,001,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mall-cz.xml
[2012.06.27 21:43:40 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2012.06.27 21:43:40 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2012.06.27 21:43:40 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

========== Chrome ==========

CHR - homepage: http://www.seznam.cz/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.seznam.cz/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Helena Pol\u00E1\u0161kov\u00E1\Local Settings\Data aplikac\u00ED\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Documents and Settings\Helena Pol\u00E1\u0161kov\u00E1\Local Settings\Data aplikac\u00ED\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Helena Pol\u00E1\u0161kov\u00E1\Local Settings\Data aplikac\u00ED\Google\Chrome\Application\23.0.1271.95\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Helena Pol\u00E1\u0161kov\u00E1\Local Settings\Data aplikac\u00ED\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Documents and Settings\Helena Pol\u00E1\u0161kov\u00E1\Local Settings\Data aplikac\u00ED\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Helena Pol\u00E1\u0161kov\u00E1\Local Settings\Data aplikac\u00ED\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll
CHR - plugin: Software602 Form Filler (Enabled) = C:\Program Files\Software602\602XML\Filler\npfiller.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Helena Polášková\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Vyhled\u00E1v\u00E1n\u00ED Google = C:\Documents and Settings\Helena Polášková\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Helena Polášková\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Helena Polášková\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\
CHR - Extension: Gmail = C:\Documents and Settings\Helena Polášková\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012.12.24 00:30:30 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-1935655697-113007714-725345543-1004\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Print2PDF Print Monitor] C:\Program Files\Software602\Print2PDF\Print2PDF.exe (Software602)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe (Acronis)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1935655697-113007714-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29382F2A-F459-495D-A78D-34EAB00D2E54}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/HELENA~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Components:1 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Helena Polášková\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Helena Polášková\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.10.29 22:29:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{380ed4fa-a744-11dd-940a-001fc6c892a2}\Shell\AutoRun\command - "" = F:\WDSetup.exe
O33 - MountPoints2\{a380bd44-1602-11de-88ae-001fc6c892a2}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
O33 - MountPoints2\{a380bd44-1602-11de-88ae-001fc6c892a2}\Shell\Open(0)\command - "" = E:\Recycled\ctfmon.exe
O33 - MountPoints2\{b96c1847-73ab-11df-8a85-001fc6c892a2}\Shell\AutoRun\command - "" = F:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2012.12.24 00:57:39 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2012.12.24 00:55:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Helena Polášková\Recent
[2012.12.23 21:25:56 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012.12.23 21:25:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Helena Polášková\Data aplikací\Malwarebytes
[2012.12.23 21:25:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2012.12.23 20:44:05 | 000,361,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012.12.23 20:44:05 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012.12.23 20:44:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\avast! Free Antivirus
[2012.12.23 20:44:03 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012.12.23 20:44:03 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012.12.23 20:44:02 | 000,738,504 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012.12.23 20:44:02 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012.12.23 20:44:02 | 000,089,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012.12.23 20:44:02 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012.12.23 20:43:18 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012.12.23 20:43:16 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012.12.23 20:42:40 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012.12.23 20:42:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
[2012.12.23 19:47:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Helena Polášková\Plocha\viry.cz
[2012.12.23 19:40:38 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2012.12.23 19:40:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Helena Polášková\Dokumenty\Downloads
[2012.12.23 15:45:45 | 000,000,000 | ---D | C] -- C:\Program Files\WinDirStat
[2012.12.23 15:37:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Helena Polášková\Dokumenty\CCleaner registry backup
[2012.12.23 15:32:03 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.12.06 10:42:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.12.06 10:42:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Skype
[2012.12.01 19:50:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Helena Polášková\Data aplikací\TuneUp Software
[2012.12.01 19:44:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Helena Polášková\Local Settings\Data aplikací\MFAData
[2012.12.01 19:09:22 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Helena Polášková\Plocha\setup-spybotsd162.exe

========== Files - Modified Within 30 Days ==========

[2012.12.24 09:53:15 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012.12.24 09:13:12 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[2012.12.24 08:58:21 | 000,000,336 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012.12.24 08:58:01 | 000,196,060 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012.12.24 08:56:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.12.24 00:45:42 | 000,171,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.12.24 00:30:30 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012.12.24 00:28:51 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.12.23 21:27:40 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012.12.23 20:44:05 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\avast! Free Antivirus.lnk
[2012.12.23 20:44:02 | 000,002,552 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012.12.20 11:53:04 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.12.17 21:11:28 | 000,015,895 | ---- | M] () -- C:\MzIB1210,Zuzana_Vindišová_-_SV_klimatizace.zip
[2012.12.17 20:59:46 | 000,016,315 | ---- | M] () -- C:\MzIB1210,Zetocha_Roman.zip
[2012.12.17 20:53:05 | 000,017,239 | ---- | M] () -- C:\MzIB1210,Aure_services_s,r,o,.zip
[2012.12.16 13:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
[2012.12.16 13:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll
[2012.12.01 19:09:49 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Helena Polášková\Plocha\setup-spybotsd162.exe
[2012.11.30 18:31:53 | 000,002,338 | ---- | M] () -- C:\Documents and Settings\Helena Polášková\Plocha\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2012.12.24 09:53:15 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012.12.24 00:28:51 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.12.23 20:44:05 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\avast! Free Antivirus.lnk
[2012.12.23 20:44:03 | 000,000,336 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012.12.17 21:11:28 | 000,015,895 | ---- | C] () -- C:\MzIB1210,Zuzana_Vindišová_-_SV_klimatizace.zip
[2012.12.17 20:59:46 | 000,016,315 | ---- | C] () -- C:\MzIB1210,Zetocha_Roman.zip
[2012.12.17 20:53:05 | 000,017,239 | ---- | C] () -- C:\MzIB1210,Aure_services_s,r,o,.zip
[2012.02.16 12:34:35 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010.01.28 11:57:29 | 000,075,643 | ---- | C] () -- C:\Program Files\ExpAdr10,2010.01.28_11_39,,.zip
[2008.11.03 17:30:37 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Helena Polášková\Local Settings\Data aplikací\fusioncache.dat
[2008.11.01 21:42:51 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Helena Polášková\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2008.10.31 14:55:17 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.08.20 06:10:41 | 001,499,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:56:05 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012.12.09 16:21:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\TuneUp Software
[2008.10.31 09:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Acronis
[2012.12.23 20:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
[2012.06.08 12:56:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\avg9
[2012.09.28 19:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Badoo
[2011.03.14 17:49:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\Common Files
[2012.12.23 21:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2012.12.21 00:12:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\LogMeIn
[2012.12.23 20:25:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\MFAData
[2012.12.01 18:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
[2011.11.04 18:15:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Temp
[2012.12.09 16:21:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Data aplikací\TuneUp Software
[2012.02.29 21:26:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helena Polášková\Data aplikací\602Installer
[2012.11.22 18:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helena Polášková\Data aplikací\602XML
[2012.07.13 21:53:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helena Polášková\Data aplikací\BSplayer
[2012.07.13 10:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helena Polášková\Data aplikací\BSplayer Pro
[2009.01.27 16:09:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helena Polášková\Data aplikací\Canon
[2011.04.05 07:14:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helena Polášková\Data aplikací\ICQ
[2011.02.25 13:09:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helena Polášková\Data aplikací\Image Zone Express
[2011.12.28 21:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helena Polášková\Data aplikací\MRP
[2009.10.08 21:09:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helena Polášková\Data aplikací\OpenOffice.org
[2010.01.01 14:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helena Polášková\Data aplikací\Printer Info Cache
[2012.12.01 19:39:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helena Polášková\Data aplikací\Spyware Terminator
[2012.06.19 07:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helena Polášková\Data aplikací\TeamViewer
[2012.12.01 19:50:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helena Polášková\Data aplikací\TuneUp Software

========== Purity Check ==========



========== Custom Scans ==========

< >
[2008.10.29 22:28:29 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2008.10.29 22:33:02 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2012.12.23 20:44:03 | 000,000,336 | -H-- | C] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job

< >

< MD5 for: AGP440.SYS >
[2008.09.22 09:26:30 | 020,102,206 | ---- | M] () .cab file -- C:\Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008.09.22 09:26:30 | 020,102,206 | ---- | M] () .cab file -- C:\Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.09.22 09:39:16 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\WINDOWS\system32\drivers\atapi.sys
[2008.04.14 13:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.14 13:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.09.22 09:31:48 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\WINDOWS\system32\autochk.exe
[2008.09.22 09:36:20 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\WINDOWS\system32\dllcache\autochk.exe
[2008.04.14 13:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe
[2008.04.14 13:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\dllcache\autochk.exe

< MD5 for: CDROM.SYS >
[2008.09.22 09:26:30 | 020,102,206 | ---- | M] () .cab file -- C:\Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.09.22 09:39:16 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\WINDOWS\system32\drivers\cdrom.sys
[2008.04.14 13:00:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2008.09.22 09:31:58 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\WINDOWS\system32\cryptsvc.dll
[2008.09.22 09:36:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\WINDOWS\system32\dllcache\cryptsvc.dll
[2008.04.14 13:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll
[2008.04.14 13:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\dllcache\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.09.22 09:36:48 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\WINDOWS\system32\dllcache\eventlog.dll
[2008.09.22 09:31:58 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\WINDOWS\system32\eventlog.dll
[2008.04.14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 13:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 13:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2008.09.22 09:25:40 | 001,032,704 | ---- | M] () MD5=73529FBE5EBB1FB8CCBA486D7BA57EC9 -- C:\Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: HAL.DLL >
[2008.09.22 09:26:30 | 020,102,206 | ---- | M] () .cab file -- C:\Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 13:00:00 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=6F61D3287A6A15A08A9433222C09D17F -- C:\WINDOWS\system32\hal.dll
[2008.09.22 09:33:12 | 000,081,152 | ---- | M] (Microsoft Corporation) MD5=C4BA879B581BE34536FE01F79AC28631 -- C:\Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\WINDOWS\system32\hal.dll

< MD5 for: CHANGER.SYS >
[2008.09.22 09:26:30 | 020,102,206 | ---- | M] () .cab file -- C:\Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys

< MD5 for: ISAPNP.SYS >
[2008.09.22 09:26:30 | 020,102,206 | ---- | M] () .cab file -- C:\Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.09.22 09:39:20 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\WINDOWS\system32\drivers\isapnp.sys
[2008.04.14 13:00:00 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2008.09.22 09:37:16 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\WINDOWS\system32\dllcache\lsass.exe
[2008.09.22 09:31:56 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\WINDOWS\system32\lsass.exe
[2008.04.14 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2008.04.14 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.09.22 09:37:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\WINDOWS\system32\dllcache\ndis.sys
[2008.09.22 09:39:16 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\WINDOWS\system32\drivers\ndis.sys
[2008.04.14 13:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008.04.14 13:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008.09.22 09:37:38 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\WINDOWS\system32\dllcache\netlogon.dll
[2008.09.22 09:31:56 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\WINDOWS\system32\netlogon.dll
[2008.04.14 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NVATA.SYS >
[2006.10.18 01:31:38 | 000,105,472 | R--- | M] (NVIDIA Corporation) MD5=EF9941593B2E9B436F64A87DDB570D1A -- C:\WINDOWS\system32\drivers\nvata.sys

< MD5 for: SCECLI.DLL >
[2008.09.22 09:37:58 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\WINDOWS\system32\dllcache\scecli.dll
[2008.09.22 09:31:58 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\WINDOWS\system32\scecli.dll
[2008.04.14 13:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 13:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2008.09.22 09:38:04 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\WINDOWS\system32\dllcache\smss.exe
[2008.09.22 09:31:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\WINDOWS\system32\smss.exe
[2008.04.14 13:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\dllcache\smss.exe
[2008.04.14 13:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.09.22 09:38:10 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\WINDOWS\system32\dllcache\svchost.exe
[2008.09.22 09:31:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\WINDOWS\system32\svchost.exe
[2008.04.14 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008.04.14 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.09.22 09:54:34 | 000,360,960 | ---- | M] () MD5=1452DB02942D3B5D84B45969B35DE3C5 -- C:\Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\sp2qfe(1)\tcpip.sys
[2008.09.22 09:54:34 | 000,361,600 | ---- | M] () MD5=35D348538F536DB6E6D6E3790D3F522F -- C:\Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\sp3gdr(2)\tcpip.sys
[2008.09.22 09:25:54 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.14 13:00:00 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.09.22 09:27:50 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\WINDOWS\SoftwareDistribution\Download\1d2803a1f84cfd41d61e509943d67213\sp3gdr\tcpip.sys
[2008.09.22 09:38:40 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\WINDOWS\system32\dllcache\tcpip.sys
[2008.09.22 09:39:24 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.09.22 09:26:10 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2008.09.22 09:27:50 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\WINDOWS\SoftwareDistribution\Download\1d2803a1f84cfd41d61e509943d67213\sp3qfe\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.09.22 09:38:18 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\WINDOWS\system32\dllcache\userinit.exe
[2008.09.22 09:32:02 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\WINDOWS\system32\userinit.exe
[2008.04.14 13:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 13:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: VIAMRAID.SYS >
[2008.09.22 09:08:18 | 000,107,344 | R--- | M] (VIA Technologies inc,.ltd) MD5=643DC63B827FB767968967B4DB813F1F -- C:\Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\Install\Chipset\VIA_HyperionPro_V508A\VIA_HyperionPro_V508A\drvdisk\i386\NT4\viamraid.sys
[2008.09.22 09:08:14 | 000,107,344 | R--- | M] (VIA Technologies inc,.ltd) MD5=643DC63B827FB767968967B4DB813F1F -- C:\Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\Install\Chipset\VIA_HyperionPro_V508A\VIA_HyperionPro_V508A\VIARAID\driver\winnt40\viamraid.sys
[2008.09.22 09:08:18 | 000,092,672 | R--- | M] (VIA Technologies inc,.ltd) MD5=FBF18F9F5FB852C2976723587B44F346 -- C:\Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\Install\Chipset\VIA_HyperionPro_V508A\VIA_HyperionPro_V508A\drvdisk\i386\NT5\viamraid.sys
[2008.09.22 09:08:16 | 000,092,672 | R--- | M] (VIA Technologies inc,.ltd) MD5=FBF18F9F5FB852C2976723587B44F346 -- C:\Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\Install\Chipset\VIA_HyperionPro_V508A\VIA_HyperionPro_V508A\VIARAID\driver\winxp\viamraid.sys

< MD5 for: WINLOGON.EXE >
[2008.09.22 09:36:10 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\WINDOWS\system32\dllcache\winlogon.exe
[2008.09.22 09:31:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\WINDOWS\system32\winlogon.exe
[2008.04.14 13:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 13:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2008.09.22 09:38:36 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\WINDOWS\system32\dllcache\ws2_32.dll
[2008.09.22 09:31:54 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\WINDOWS\system32\ws2_32.dll
[2008.04.14 13:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2008.04.14 13:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< >

< %systemroot%*.* /U /s >
[15 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[2 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[1 C:\WINDOWS\twain_32\*.tmp files -> C:\WINDOWS\twain_32\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >
[2010.01.01 13:05:16 | 017,191,936 | ---- | M] (Microsoft Corporation) -- C:\IE8-Setup-Full.exe

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2012.02.29 21:26:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helena Polášková\Data aplikací\602Installer
[2012.11.22 18:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helena Polášková\Data aplikací\602XML
[2012.08.16 21:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helena Polášková\Data aplikací\Adobe
[2010.01.05 08:46:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helena Polášková\Data aplikací\Ahead
[2012.07.13 21:53:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helena Polášková\Data aplikací\BSplayer
[2012.07.13 10:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helena Polášková\Data aplikací\BSplayer Pro
[2009.01.27 16:09:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helena Polášková\Data aplikací\Canon
[2008.11.04 09:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helena Polášková\Data aplikací\HP
[2011.04.05 07:14:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helena Polášková\Data aplikací\ICQ
[2008.10.29 22:34:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helena Polášková\Data aplikací\Identities
[2011.02.25 13:09:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helena Polášková\Data aplikací\Image Zone Express
[2008.10.29 22:38:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helena Polášková\Data aplikací\InstallShield
[2008.11.02 09:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helena Polášková\Data aplikací\Macromedia
[2012.12.23 21:25:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helena Polášková\Data aplikací\Malwarebytes
[2012.09.28 19:29:31 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Helena Polášková\Data aplikací\Microsoft
[2008.10.30 10:22:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helena Polášková\Data aplikací\Mozilla
[2011.12.28 21:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helena Polášková\Data aplikací\MRP
[2009.10.08 21:09:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helena Polášková\Data aplikací\OpenOffice.org
[2010.01.01 14:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helena Polášková\Data aplikací\Printer Info Cache
[2012.12.23 15:36:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helena Polášková\Data aplikací\Skype
[2011.07.06 20:24:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helena Polášková\Data aplikací\skypePM
[2012.12.01 19:39:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helena Polášková\Data aplikací\Spyware Terminator
[2008.10.31 16:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helena Polášková\Data aplikací\Sun
[2012.06.19 07:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helena Polášková\Data aplikací\TeamViewer
[2012.12.01 19:50:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helena Polášková\Data aplikací\TuneUp Software
[2010.06.09 17:06:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helena Polášková\Data aplikací\U3
[2012.06.26 09:06:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helena Polášková\Data aplikací\vlc
[2009.08.09 09:32:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helena Polášková\Data aplikací\WinRAR

< %APPDATA%\*.exe /s >
[2009.08.11 20:21:26 | 000,087,552 | ---- | M] () -- C:\Documents and Settings\Helena Polášková\Data aplikací\BSplayer\AC3 Filter\ac3config.exe
[2009.08.11 20:21:30 | 000,090,112 | ---- | M] () -- C:\Documents and Settings\Helena Polášková\Data aplikací\BSplayer\AC3 Filter\spdif_test.exe
[2010.03.22 13:52:04 | 000,697,690 | ---- | M] () -- C:\Documents and Settings\Helena Polášková\Data aplikací\BSplayer\AC3 Filter\unins000.exe
[2010.02.23 16:01:52 | 001,185,871 | ---- | M] () -- C:\Documents and Settings\Helena Polášková\Data aplikací\BSplayer\FFDShow\unins000.exe
[2010.08.14 09:42:54 | 000,113,152 | ---- | M] () -- C:\Documents and Settings\Helena Polášková\Data aplikací\BSplayer\Haali media splitter\dsmux.exe
[2010.08.14 09:45:10 | 000,358,400 | ---- | M] () -- C:\Documents and Settings\Helena Polášková\Data aplikací\BSplayer\Haali media splitter\gdsmux.exe
[2010.08.14 09:42:06 | 000,137,728 | ---- | M] () -- C:\Documents and Settings\Helena Polášková\Data aplikací\BSplayer\Haali media splitter\mkv2vfr.exe
[2010.09.30 14:30:22 | 000,042,305 | ---- | M] () -- C:\Documents and Settings\Helena Polášková\Data aplikací\BSplayer\Haali media splitter\uninstall.exe
[2006.05.23 17:05:50 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Helena Polášková\Data aplikací\U3\temp\cleanup.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008.10.29 23:14:22 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008.10.29 23:14:22 | 001,069,056 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008.10.29 23:14:22 | 000,475,136 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >
[2012.12.23 21:27:40 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

< %systemroot%\system32\*.* /3 >
[2012.12.23 20:44:02 | 000,002,552 | ---- | M] () -- C:\WINDOWS\system32\CONFIG.NT
[2012.12.24 00:28:51 | 000,000,664 | ---- | M] () -- C:\WINDOWS\system32\d3d9caps.dat
[2012.12.24 00:45:42 | 000,171,488 | ---- | M] () -- C:\WINDOWS\system32\FNTCACHE.DAT
[2012.12.24 08:58:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\system32\nmp.log
[2012.12.24 08:58:01 | 000,196,060 | ---- | M] () -- C:\WINDOWS\system32\nvapps.xml

< %SYSTEMDRIVE%\*.exe >
[2010.01.01 13:05:16 | 017,191,936 | ---- | M] (Microsoft Corporation) -- C:\IE8-Setup-Full.exe

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 13:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation)
"MSMSGS" = "C:\Program Files\Messenger\msmsgs.exe" /background -- [2008.04.14 08:52:38 | 001,695,232 | ---- | M] (Microsoft Corporation)

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
No captured output from command...

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
No captured output from command...

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
No captured output from command...

< >

< type c:\boot.ini >> test.txt /c >
No captured output from command...

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2012.12.24 09:53:15 | 000,000,512 | ---- | M] () MD5=C3EAF3AA3D1F99B35325EBF7731672A9 -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2005.06.28 23:00:58 | 008,227,814 | ---- | M] () -- \Documents and Settings\Helena Polášková\Dokumenty\Dokumenty - záloha\Jindra\NOD 32\NOD32-cz-xp-v2.12.2+crack.zip
[2008.09.22 09:00:06 | 008,227,814 | ---- | M] () -- \Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\Dokumenty - záloha\Jindra\NOD 32\NOD32-cz-xp-v2.12.2+crack.zip
[2008.09.22 09:09:26 | 008,227,814 | ---- | M] () -- \Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\Install\Dokumenty\Jindra\NOD 32\NOD32-cz-xp-v2.12.2+crack.zip
[2008.09.22 09:17:56 | 008,227,814 | ---- | M] () -- \Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\NOD 32\NOD32-cz-xp-v2.12.2+crack.zip

< *keygen* /s >
[2008.09.22 09:08:10 | 003,117,396 | ---- | M] () -- \Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\Install\OO.FormatRecovery.v4.1.1146.64bit.Incl.Keygen-ViRiLiTY.zip
[2008.09.22 09:27:42 | 000,007,196 | ---- | M] () -- \Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\WINDOWS\Prefetch\KEYGEN.EXE-39F45D00.pf

< *loader* /s >
[2012.11.08 15:16:50 | 000,072,638 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\Skype\Apps\login\images\loader.gif
[2012.11.08 15:16:50 | 000,003,032 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\Skype\Apps\login\images\loader.png
[2012.11.08 15:16:50 | 000,009,772 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\Skype\Apps\login\images\retina\loader@2x.png
[2012.07.04 11:41:46 | 000,010,145 | ---- | M] () -- \Documents and Settings\Helena Polášková\Data aplikací\Mozilla\Firefox\Profiles\ljs0f6qj.default\conduitCommon\modules\3.13.0.6\ExternalLibraryLoader.jsm
[2012.07.16 21:15:36 | 000,010,145 | ---- | M] () -- \Documents and Settings\Helena Polášková\Data aplikací\Mozilla\Firefox\Profiles\ljs0f6qj.default\conduitCommon\modules\3.14.1.0\ExternalLibraryLoader.jsm
[2012.08.30 15:29:42 | 000,010,145 | ---- | M] () -- \Documents and Settings\Helena Polášková\Data aplikací\Mozilla\Firefox\Profiles\ljs0f6qj.default\conduitCommon\modules\3.15.1.0\ExternalLibraryLoader.jsm
[2012.08.30 15:29:42 | 000,010,145 | ---- | M] () -- \Documents and Settings\Helena Polášková\Data aplikací\Mozilla\Firefox\Profiles\ljs0f6qj.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\modules\ExternalLibraryLoader.jsm
[2008.09.22 07:57:50 | 000,004,178 | ---- | M] () -- \Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\ajax-loader[1].gif
[2008.09.22 09:21:14 | 000,057,344 | ---- | M] () -- \Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\Program Files\Common Files\Microsoft Shared\VS7DEBUG\coloader.dll
[2008.09.22 09:21:14 | 000,005,120 | ---- | M] () -- \Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\Program Files\Common Files\Microsoft Shared\VS7DEBUG\coloader.tlb
[2008.09.22 09:32:16 | 000,035,840 | ---- | M] () -- \Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\WINDOWS\system32\dmloader.dll
[1 \Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\WINDOWS\system32\*.tmp files -> \Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\WINDOWS\system32\*.tmp -> ]
[2008.09.22 09:36:40 | 000,035,840 | ---- | M] () -- \Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\WINDOWS\system32\dllcache\dmloader.dll
[2008.09.22 09:46:18 | 000,001,681 | ---- | M] () -- \Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\Záloha disku\Documents and Settings\Poláaková\Local Settings\Temporary Internet Files\Content.IE5\3IH5Y9J2\preloader[1].js
[33 \Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\Záloha disku\Documents and Settings\Poláaková\Local Settings\Temporary Internet Files\Content.IE5\3IH5Y9J2\*.tmp files -> \Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\Záloha disku\Documents and Settings\Poláaková\Local Settings\Temporary Internet Files\Content.IE5\3IH5Y9J2\*.tmp -> ]
[2008.09.22 09:46:34 | 000,000,673 | ---- | M] () -- \Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\Záloha disku\Documents and Settings\Poláaková\Local Settings\Temporary Internet Files\Content.IE5\9BDGGOMA\loader.white[1].gif
[35 \Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\Záloha disku\Documents and Settings\Poláaková\Local Settings\Temporary Internet Files\Content.IE5\9BDGGOMA\*.tmp files -> \Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\Záloha disku\Documents and Settings\Poláaková\Local Settings\Temporary Internet Files\Content.IE5\9BDGGOMA\*.tmp -> ]
[2008.04.17 10:11:06 | 000,017,624 | ---- | M] () -- \MSSQL2005Express\MSSQL.1\MSSQL\Binn\SqlResourceLoader.dll
[2007.06.27 19:03:00 | 000,177,448 | ---- | M] () -- \Program Files\Common Files\Ahead\Lib\NeGuideStoreLoader.dll
[2009.12.02 09:23:38 | 000,005,795 | ---- | M] () -- \Program Files\ICQ6.5\Packages\atlas\Skins\AtlasSkin\images\XtraPreloader\loader.jpg
[2009.12.02 09:23:38 | 000,004,089 | ---- | M] () -- \Program Files\ICQ6.5\Packages\atlas\Skins\AtlasSkin\images\XtraPreloader\loader.swf
[2009.03.01 11:31:26 | 000,005,795 | ---- | M] () -- \Program Files\ICQ6.5\services\icqApp\ver1\theme\IMAGES\XtraPreloader\loader.jpg
[2009.03.01 11:31:26 | 000,004,089 | ---- | M] () -- \Program Files\ICQ6.5\services\icqApp\ver1\theme\IMAGES\XtraPreloader\loader.swf
[2009.12.02 09:23:39 | 000,003,479 | ---- | M] () -- \Program Files\ICQ6.5\services\icqXtraz\ver1\content\contact_list\preloader04.swf
[2009.12.12 21:24:58 | 000,003,830 | ---- | M] () -- \Program Files\ICQ6.5\services\icqXtraz\ver1\content\darts\preloader02.swf
[2009.12.12 21:18:47 | 000,003,830 | ---- | M] () -- \Program Files\ICQ6.5\services\icqXtraz\ver1\content\pool\preloader02.swf
[2009.12.02 09:23:42 | 000,552,798 | ---- | M] () -- \Program Files\ICQ6.5\services\icqXtraz\ver1\theme\game_center\loaderBkg.png
[2008.04.17 10:10:54 | 000,017,624 | ---- | M] () -- \Program Files\Microsoft SQL Server\90\Tools\Binn\SqlResourceLoader.dll
[2009.01.15 16:58:56 | 000,006,308 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\pythonloader.py
[2009.01.15 01:36:48 | 000,015,872 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\pythonloader.uno.dll
[2009.01.15 17:43:24 | 000,000,171 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\pythonloader.uno.ini
[2009.01.14 19:42:58 | 000,021,504 | ---- | M] () -- \Program Files\OpenOffice.org 3\URE\bin\javaloader.uno.dll
[2009.01.15 00:59:36 | 000,003,872 | ---- | M] () -- \Program Files\OpenOffice.org 3\URE\java\unoloader.jar
[2008.06.20 18:13:32 | 000,044,032 | ---- | M] () -- \Program Files\WinRAR\RarExtLoader.exe
[2008.04.14 13:00:00 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dmloader.dll
[2008.04.14 13:00:00 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dllcache\dmloader.dll

< *minodlogin* /s >

< *tnod* /s >

< *AutoKMS* /s >

< *activator* /s >

< *serial* /s >
[2005.06.28 22:29:22 | 000,000,065 | ---- | M] () -- \Documents and Settings\Helena Polášková\Dokumenty\Dokumenty - záloha\Jindra\NOD 32\serial pre nod.txt
[2008.09.22 09:01:34 | 000,000,395 | ---- | M] () -- \Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\Documents and Settings\Poláaková\Recent\serial.lnk
[2008.09.22 09:00:08 | 000,000,065 | ---- | M] () -- \Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\Dokumenty - záloha\Jindra\NOD 32\serial pre nod.txt
[2008.09.22 09:09:26 | 000,000,065 | ---- | M] () -- \Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\Install\Dokumenty\Jindra\NOD 32\serial pre nod.txt
[2008.09.22 09:17:56 | 000,000,065 | ---- | M] () -- \Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\NOD 32\serial pre nod.txt
[2008.09.22 09:31:26 | 000,053,520 | ---- | M] () -- \Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\WINDOWS\system32\dpserial.dll
[2008.09.22 09:31:40 | 000,014,336 | ---- | M] () -- \Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\WINDOWS\system32\serialui.dll
[1 \Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\WINDOWS\system32\*.tmp files -> \Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\WINDOWS\system32\*.tmp -> ]
[2008.09.22 09:36:42 | 000,053,520 | ---- | M] () -- \Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\WINDOWS\system32\dllcache\dpserial.dll
[2008.09.22 09:37:58 | 000,014,336 | ---- | M] () -- \Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\WINDOWS\system32\dllcache\serialui.dll
[2008.09.22 09:39:16 | 000,064,256 | ---- | M] () -- \Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\WINDOWS\system32\drivers\serial.sys
[2010.04.07 22:48:30 | 000,970,752 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2008.11.02 10:10:19 | 000,011,776 | ---- | M] () -- \WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.5000.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2008.11.03 08:26:22 | 000,131,072 | ---- | M] () -- \WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2008.11.02 10:10:31 | 000,011,776 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2012.11.14 01:15:39 | 000,131,072 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2010.06.10 23:11:52 | 000,970,752 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2012.11.14 09:59:32 | 000,311,296 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\709bb78b419d5d5e30f2acfd722abb29\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2012.11.14 09:57:59 | 002,345,472 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\7efd419147611323505605be3ecee5d5\System.Runtime.Serialization.ni.dll
[2004.07.15 14:31:54 | 000,131,072 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
[2003.04.07 19:24:52 | 000,011,776 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v1.1.4322\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2008.07.25 10:17:00 | 000,131,072 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2005.12.20 18:13:56 | 000,011,776 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2010.04.07 22:48:30 | 000,970,752 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2008.04.14 13:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dpserial.dll
[2008.04.14 13:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\serialui.dll
[2008.04.14 13:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dllcache\dpserial.dll
[2008.04.14 13:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\dllcache\serialui.dll
[2008.04.14 13:00:00 | 000,064,256 | ---- | M] () -- \WINDOWS\system32\drivers\serial.sys

< *w7lxe* /s >

< End of report >

[Jindrolim]

Extras.txt:

OTL Extras logfile created on: 24.12.2012 9:50:41 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Helena Polášková\Plocha\viry.cz
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

895,23 Mb Total Physical Memory | 542,50 Mb Available Physical Memory | 60,60% Memory free
2,12 Gb Paging File | 1,46 Gb Available in Paging File | 68,79% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 102,88 Gb Free Space | 69,03% Space Free | Partition Type: NTFS

Computer Name: POLASKOVA | User Name: Helena Polášková | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1935655697-113007714-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Program Files\ICQ6\ICQ.exe" = C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\Common Files\soft602\langserv.exe" = C:\Program Files\Common Files\soft602\langserv.exe:*:Enabled:Software602 Spell Checker -- ()
"C:\Program Files\TeamViewer\Version7\TeamViewer.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Program Files\AVG\AVG2013\avgmfapx.exe" = C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:Instalátor AVG
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSOFT)
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{315DF43B-7BFC-40E7-A1A7-BEBA128D4C03}" = hpg2436
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32C74893-0243-4235-A6F3-201F0E5D2C03}" = Software602 Print2PDF
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{564D0000-547B-4ED8-8070-85286CC8C9BF}" = OpenOffice.org 3.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5E65E94D-69F2-4850-9E93-6459C53A0F50}" = Microsoft .NET Framework 1.1 Czech Language Pack
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6767DFEE-8909-453A-B553-C7693912B2EB}" = Canon MF Toolbox 4.9.1.1.mf07
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{7F947BFE-C2DF-4779-9909-5BEE746BD0C4}" = Microsoft .NET Framework 2.0 Language Pack - CSY
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8F8FA09F-3F77-4640-8C7D-45FA1D817DE7}" = HP Scanjet 2400 and 3600 series 9.0
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91C0B95B-B83A-4828-A775-BBE2DD421033}" = Nero 7 Essentials
"{99A5569D-9F86-4f32-A227-1538B731DA42}" = Canon MF4320-4350
"{9A3C8F79-6A16-4FF4-9D35-BC2E4D70DE11}" = PREMIER X3 (751)
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A62392EE-03CB-4FA8-8E79-B5F95A346FB3}" = Kontrola české gramatiky pro sadu Microsoft Office 2003
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{CA83357B-931E-44DC-AD43-9996FEEB8116}" = Acronis True Image
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBB712A6-D11C-4CFF-A5B9-A51F004F998B}" = hpg2436QFolder
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEC0C2C2-921F-4EB8-8D7E-4F2F03ED02AA}" = ScannerCopy
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FA37AF66-D12A-4BC7-B1DE-3D50C05A4EDB}" = Software602 Form Filler
"{FAE5B434-5222-4C81-BEEE-74A380D1EA6C}" = Badoo Desktop
"{FD668A61-498F-4072-9974-1764242FB98E}_is1" = ČSSZ:ELDP 2009 verze 3.3.
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Aladdin" = Aladdin - ekonomický informační systém
"avast" = avast! Free Antivirus
"BSPlayerf" = BS.Player FREE
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPOCR" = HP OCR Software 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"KONICA MINOLTA PagePro 1300W" = KONICA MINOLTA PagePro 1300W
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - CSY" = Microsoft .NET Framework 2.0 Language Pack - CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Money S3" = Ekonomický systém Money S3
"Mozilla Firefox 16.0.2 (x86 cs)" = Mozilla Firefox 16.0.2 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MRP Zaklad" = MRP Základ vizuálního systému
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"P40109 - Elektronické výkaznictví ČSÚ_is1" = P40109 - Elektronické výkaznictví ČSÚ 2.10
"P501-08M - Elektronické výkaznictví ČSÚ_is1" = P501-08M - Elektronické výkaznictví ČSÚ 2.10
"RealVNC_is1" = VNC Enterprise Edition E4.5
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Spyware Terminator_is1" = Spyware Terminator
"TeamViewer 7" = TeamViewer 7
"Totalcmd" = Total Commander (Remove or Repair)
"VLC media player" = VLC media player 2.0.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1935655697-113007714-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"WinDirStat" = WinDirStat 1.1.2

========== Last 20 Event Log Errors ==========

[ Aladdin Events ]
Error - 22.12.2012 10:52:28 | Computer Name = POLASKOVA | Source = Aladdin | ID = 107
Description = IS Aladdin update failed. Can't load XML string (1)!

Error - 22.12.2012 14:05:33 | Computer Name = POLASKOVA | Source = Aladdin | ID = 107
Description = IS Aladdin update failed. Can't load XML string (1)!

Error - 22.12.2012 17:29:38 | Computer Name = POLASKOVA | Source = Aladdin | ID = 107
Description = IS Aladdin update failed. Can't load XML string (1)!

Error - 22.12.2012 20:29:44 | Computer Name = POLASKOVA | Source = Aladdin | ID = 107
Description = IS Aladdin update failed. Can't load XML string (1)!

Error - 23.12.2012 2:23:50 | Computer Name = POLASKOVA | Source = Aladdin | ID = 107
Description = IS Aladdin update failed. Can't load XML string (1)!

Error - 23.12.2012 6:18:05 | Computer Name = POLASKOVA | Source = Aladdin | ID = 107
Description = IS Aladdin update failed. Can't load XML string (1)!

Error - 23.12.2012 13:10:22 | Computer Name = POLASKOVA | Source = Aladdin | ID = 107
Description = IS Aladdin update failed. Can't load XML string (1)!

Error - 23.12.2012 17:19:25 | Computer Name = POLASKOVA | Source = Aladdin | ID = 107
Description = IS Aladdin update failed. Can't load XML string (1)!

Error - 23.12.2012 20:45:40 | Computer Name = POLASKOVA | Source = Aladdin | ID = 107
Description = IS Aladdin update failed. Can't load XML string (1)!

Error - 24.12.2012 4:40:14 | Computer Name = POLASKOVA | Source = Aladdin | ID = 107
Description = IS Aladdin update failed. Can't load XML string (1)!

[ Application Events ]
Error - 1.12.2012 16:27:39 | Computer Name = POLASKOVA | Source = ESENT | ID = 490
Description = svchost (1652) Pokus o otevření souboru C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
pro čtení nebo zápis se nezdařil. Došlo k systémové chybě 32 (0x00000020): Proces
nemá přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření
souboru se nezdaří a dojde k chybě -1032 (0xfffffbf8).

Error - 1.12.2012 16:27:41 | Computer Name = POLASKOVA | Source = ESENT | ID = 490
Description = svchost (1652) Pokus o otevření souboru C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
pro čtení nebo zápis se nezdařil. Došlo k systémové chybě 32 (0x00000020): Proces
nemá přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření
souboru se nezdaří a dojde k chybě -1032 (0xfffffbf8).

Error - 1.12.2012 16:27:43 | Computer Name = POLASKOVA | Source = ESENT | ID = 490
Description = svchost (1652) Pokus o otevření souboru C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
pro čtení nebo zápis se nezdařil. Došlo k systémové chybě 32 (0x00000020): Proces
nemá přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření
souboru se nezdaří a dojde k chybě -1032 (0xfffffbf8).

Error - 17.12.2012 12:31:22 | Computer Name = POLASKOVA | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace firefox.exe, verze 16.0.2.4680, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 19.12.2012 19:12:37 | Computer Name = POLASKOVA | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace ModulSoft.exe, verze 1.2012.2.155, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 23.12.2012 16:25:34 | Computer Name = POLASKOVA | Source = MsiInstaller | ID = 11706
Description = Product: Destination Component -- Error 1706. An installation package
for the product Destination Component cannot be found. Try the installation again
using a valid copy of the installation package 'Destinations.msi'.

Error - 23.12.2012 16:25:42 | Computer Name = POLASKOVA | Source = MsiInstaller | ID = 11706
Description = Product: Destination Component -- Error 1706. An installation package
for the product Destination Component cannot be found. Try the installation again
using a valid copy of the installation package 'Destinations.msi'.

Error - 23.12.2012 18:42:31 | Computer Name = POLASKOVA | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace mbam.exe, verze 1.62.0.140, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 23.12.2012 19:42:31 | Computer Name = POLASKOVA | Source = MsiInstaller | ID = 11706
Description = Product: Destination Component -- Error 1706. An installation package
for the product Destination Component cannot be found. Try the installation again
using a valid copy of the installation package 'Destinations.msi'.

Error - 23.12.2012 19:42:37 | Computer Name = POLASKOVA | Source = MsiInstaller | ID = 11706
Description = Product: Destination Component -- Error 1706. An installation package
for the product Destination Component cannot be found. Try the installation again
using a valid copy of the installation package 'Destinations.msi'.

[ System Events ]
Error - 23.12.2012 19:50:31 | Computer Name = POLASKOVA | Source = Service Control Manager | ID = 7009
Description = Vypršel časový limit (30000 milisekund) čekání na připojení služby
LMIGuardianSvc.

Error - 23.12.2012 19:50:32 | Computer Name = POLASKOVA | Source = Service Control Manager | ID = 7000
Description = Služba LMIGuardianSvc neuspěla při spuštění v důsledku následující
chyby: %%1053

Error - 23.12.2012 19:50:32 | Computer Name = POLASKOVA | Source = Service Control Manager | ID = 7000
Description = Služba LogMeIn Kernel Information Provider neuspěla při spuštění v
důsledku následující chyby: %%2

Error - 23.12.2012 19:50:32 | Computer Name = POLASKOVA | Source = Service Control Manager | ID = 7023
Description = Služba Server byla ukončena s následující chybou: %%2

Error - 23.12.2012 19:50:32 | Computer Name = POLASKOVA | Source = Service Control Manager | ID = 7001
Description = Služba Prohledávání počítačů závisí na službě Server, která neuspěla
při spuštění v důsledku následující chyby: %%2

Error - 24.12.2012 3:57:55 | Computer Name = POLASKOVA | Source = Service Control Manager | ID = 7009
Description = Vypršel časový limit (30000 milisekund) čekání na připojení služby
LMIGuardianSvc.

Error - 24.12.2012 3:57:55 | Computer Name = POLASKOVA | Source = Service Control Manager | ID = 7000
Description = Služba LMIGuardianSvc neuspěla při spuštění v důsledku následující
chyby: %%1053

Error - 24.12.2012 3:57:55 | Computer Name = POLASKOVA | Source = Service Control Manager | ID = 7000
Description = Služba LogMeIn Kernel Information Provider neuspěla při spuštění v
důsledku následující chyby: %%2

Error - 24.12.2012 3:57:55 | Computer Name = POLASKOVA | Source = Service Control Manager | ID = 7023
Description = Služba Server byla ukončena s následující chybou: %%2

Error - 24.12.2012 3:57:55 | Computer Name = POLASKOVA | Source = Service Control Manager | ID = 7001
Description = Služba Prohledávání počítačů závisí na službě Server, která neuspěla
při spuštění v důsledku následující chyby: %%2


< End of report >

[Márty84]

Odinstaloval bych Terminatora. Mohl by se prat s Avastem.



Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne
Znovu spustte OTL
Do spodniho okna vlozte nasledujici text (vcetne te dvojtecky pred slovem commands)

Kód: Vybrat vše

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[Purity]

:services
MBAMSwissArmy

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
C:\WINDOWS\System32\drivers\mbamswissarmy.sys

:otl
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-1935655697-113007714-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..extensions.enabledAddons: {800b5000-a755-47e1-992b-48a1c1357f07}:1.5.3
FF - prefs.js..extensions.enabledAddons: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}:3.15.1.0
FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.5.0.11422
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.911
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.3.6
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.10.0.9560
FF - prefs.js..extensions.enabledItems: avg@toolbar:11.0.0.9
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.3&q="
FF - user.js - File not found
[2012.07.26 12:58:16 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Documents and Settings\Helena Polášková\Data aplikací\Mozilla\Firefox\Profiles\ljs0f6qj.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.09.04 07:31:36 | 000,000,000 | ---D | M] (BS Player Community Toolbar) -- C:\Documents and Settings\Helena Polášková\Data aplikací\Mozilla\Firefox\Profiles\ljs0f6qj.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
[2010.12.31 15:13:47 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\Helena Polášková\Data aplikací\Mozilla\Firefox\Profiles\ljs0f6qj.default\searchplugins\icqplugin.xml
[2012.11.12 14:20:27 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\HELENA POLášKOVá\DATA APLIKACí\MOZILLA\FIREFOX\PROFILES\LJS0F6QJ.DEFAULT\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\HELENA POLášKOVá\DATA APLIKACí\MOZILLA\FIREFOX\PROFILES\LJS0F6QJ.DEFAULT\EXTENSIONS\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
O3 - HKU\S-1-5-21-1935655697-113007714-725345543-1004\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype-ie-addon-data - No CLSID value found
[2012.12.23 21:25:56 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012.12.23 21:25:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Helena Polášková\Data aplikací\Malwarebytes
[2012.12.23 21:25:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2012.12.01 19:09:22 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Helena Polášková\Plocha\setup-spybotsd162.exe
[2012.06.08 12:56:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\avg9
[15 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[2 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[1 C:\WINDOWS\twain_32\*.tmp files -> C:\WINDOWS\twain_32\*.tmp -> ]
[2005.06.28 23:00:58 | 008,227,814 | ---- | M] () -- \Documents and Settings\Helena Polášková\Dokumenty\Dokumenty - záloha\Jindra\NOD 32\NOD32-cz-xp-v2.12.2+crack.zip
[2008.09.22 09:00:06 | 008,227,814 | ---- | M] () -- \Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\Dokumenty - záloha\Jindra\NOD 32\NOD32-cz-xp-v2.12.2+crack.zip
[2008.09.22 09:09:26 | 008,227,814 | ---- | M] () -- \Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\Install\Dokumenty\Jindra\NOD 32\NOD32-cz-xp-v2.12.2+crack.zip
[2008.09.22 09:17:56 | 008,227,814 | ---- | M] () -- \Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\NOD 32\NOD32-cz-xp-v2.12.2+crack.zip

Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.

[Jindrolim]

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Hele

User: Helena Polášková
->Temp folder emptied: 11698952 bytes
->Temporary Internet Files folder emptied: 77327 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7762772 bytes
->Google Chrome cache emptied: 10922999 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 3121469152 bytes

Total Files Cleaned = 3 006,00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: Hele

User: Helena Polášková
->Flash cache emptied: 0 bytes

User: LocalService

User: LogMeInRemoteUser

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
========== SERVICES/DRIVERS ==========
Service MBAMSwissArmy stopped successfully!
Service MBAMSwissArmy deleted successfully!
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
C:\WINDOWS\System32\drivers\mbamswissarmy.sys moved successfully.
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry key HKEY_USERS\S-1-5-21-1935655697-113007714-725345543-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: {800b5000-a755-47e1-992b-48a1c1357f07}:1.5.3 removed from extensions.enabledAddons
Prefs.js: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}:3.15.1.0 removed from extensions.enabledAddons
Prefs.js: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.5.0.11422 removed from extensions.enabledAddons
Prefs.js: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.911 removed from extensions.enabledItems
Prefs.js: {800b5000-a755-47e1-992b-48a1c1357f07}:1.3.6 removed from extensions.enabledItems
Prefs.js: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.10.0.9560 removed from extensions.enabledItems
Prefs.js: avg@toolbar:11.0.0.9 removed from extensions.enabledItems
Prefs.js: "http://search.icq.com/search/afe_result ... r=1.5.3&q=" removed from keyword.URL
C:\Documents and Settings\Helena Polášková\Data aplikací\Mozilla\Firefox\Profiles\ljs0f6qj.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Documents and Settings\Helena Polášková\Data aplikací\Mozilla\Firefox\Profiles\ljs0f6qj.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Documents and Settings\Helena Polášková\Data aplikací\Mozilla\Firefox\Profiles\ljs0f6qj.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Documents and Settings\Helena Polášková\Data aplikací\Mozilla\Firefox\Profiles\ljs0f6qj.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Documents and Settings\Helena Polášková\Data aplikací\Mozilla\Firefox\Profiles\ljs0f6qj.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Documents and Settings\Helena Polášková\Data aplikací\Mozilla\Firefox\Profiles\ljs0f6qj.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Documents and Settings\Helena Polášková\Data aplikací\Mozilla\Firefox\Profiles\ljs0f6qj.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Documents and Settings\Helena Polášková\Data aplikací\Mozilla\Firefox\Profiles\ljs0f6qj.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Documents and Settings\Helena Polášková\Data aplikací\Mozilla\Firefox\Profiles\ljs0f6qj.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Documents and Settings\Helena Polášková\Data aplikací\Mozilla\Firefox\Profiles\ljs0f6qj.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Documents and Settings\Helena Polášková\Data aplikací\Mozilla\Firefox\Profiles\ljs0f6qj.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Documents and Settings\Helena Polášková\Data aplikací\Mozilla\Firefox\Profiles\ljs0f6qj.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Documents and Settings\Helena Polášková\Data aplikací\Mozilla\Firefox\Profiles\ljs0f6qj.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Documents and Settings\Helena Polášková\Data aplikací\Mozilla\Firefox\Profiles\ljs0f6qj.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Documents and Settings\Helena Polášková\Data aplikací\Mozilla\Firefox\Profiles\ljs0f6qj.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Documents and Settings\Helena Polášková\Data aplikací\Mozilla\Firefox\Profiles\ljs0f6qj.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Documents and Settings\Helena Polášková\Data aplikací\Mozilla\Firefox\Profiles\ljs0f6qj.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Documents and Settings\Helena Polášková\Data aplikací\Mozilla\Firefox\Profiles\ljs0f6qj.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Documents and Settings\Helena Polášková\Data aplikací\Mozilla\Firefox\Profiles\ljs0f6qj.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Documents and Settings\Helena Polášková\Data aplikací\Mozilla\Firefox\Profiles\ljs0f6qj.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Documents and Settings\Helena Polášková\Data aplikací\Mozilla\Firefox\Profiles\ljs0f6qj.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Documents and Settings\Helena Polášková\Data aplikací\Mozilla\Firefox\Profiles\ljs0f6qj.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Documents and Settings\Helena Polášková\Data aplikací\Mozilla\Firefox\Profiles\ljs0f6qj.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\searchplugin folder moved successfully.
C:\Documents and Settings\Helena Polášková\Data aplikací\Mozilla\Firefox\Profiles\ljs0f6qj.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\Plugins folder moved successfully.
C:\Documents and Settings\Helena Polášková\Data aplikací\Mozilla\Firefox\Profiles\ljs0f6qj.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\modules folder moved successfully.
C:\Documents and Settings\Helena Polášková\Data aplikací\Mozilla\Firefox\Profiles\ljs0f6qj.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\META-INF folder moved successfully.
C:\Documents and Settings\Helena Polášková\Data aplikací\Mozilla\Firefox\Profiles\ljs0f6qj.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\defaults folder moved successfully.
C:\Documents and Settings\Helena Polášková\Data aplikací\Mozilla\Firefox\Profiles\ljs0f6qj.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components folder moved successfully.
C:\Documents and Settings\Helena Polášková\Data aplikací\Mozilla\Firefox\Profiles\ljs0f6qj.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\chrome folder moved successfully.
C:\Documents and Settings\Helena Polášková\Data aplikací\Mozilla\Firefox\Profiles\ljs0f6qj.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} folder moved successfully.
C:\Documents and Settings\Helena Polášková\Data aplikací\Mozilla\Firefox\Profiles\ljs0f6qj.default\searchplugins\icqplugin.xml moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
Registry value HKEY_USERS\S-1-5-21-1935655697-113007714-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
File Protocol\Handler\skype-ie-addon-data - No CLSID value found not found.
File C:\WINDOWS\System32\drivers\mbamswissarmy.sys not found.
C:\Documents and Settings\Helena Polášková\Data aplikací\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine folder moved successfully.
C:\Documents and Settings\Helena Polášková\Data aplikací\Malwarebytes\Malwarebytes' Anti-Malware\Logs folder moved successfully.
C:\Documents and Settings\Helena Polášková\Data aplikací\Malwarebytes\Malwarebytes' Anti-Malware folder moved successfully.
C:\Documents and Settings\Helena Polášková\Data aplikací\Malwarebytes folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Malwarebytes\Malwarebytes' Anti-Malware\Logs folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Malwarebytes\Malwarebytes' Anti-Malware\Configuration folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Malwarebytes\Malwarebytes' Anti-Malware folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Malwarebytes folder moved successfully.
C:\Documents and Settings\Helena Polášková\Plocha\setup-spybotsd162.exe moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\update\prepare\temp folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\update\prepare folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\update\backup folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\update folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\Temp folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\scanlogs folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\Log folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\emc\Queue\TEMP folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\emc\Queue\OUT folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\emc\Queue\IN\10110 folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\emc\Queue\IN folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\emc\Queue\ACTIVE folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\emc\Queue folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\emc\Log folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\emc folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\Dumps folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\CfgAll folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\Cfg folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\AvgApi folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\AvgAm folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\admincli folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9 folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP193.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1A3.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1D9.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1E2.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1EF.tmp\System.Data.Services.dll deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1EF.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1F9.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP204.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP24.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP26B.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP291.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2C3.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DB.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP33C.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP351.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP432.tmp folder deleted successfully.
C:\WINDOWS\Installer\MSI1E.tmp deleted successfully.
C:\WINDOWS\Installer\MSI28.tmp deleted successfully.
C:\WINDOWS\twain_32\hpqgnds2.tmp deleted successfully.
\Documents and Settings\Helena Polášková\Dokumenty\Dokumenty - záloha\Jindra\NOD 32\NOD32-cz-xp-v2.12.2+crack.zip moved successfully.
\Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\Dokumenty - záloha\Jindra\NOD 32\NOD32-cz-xp-v2.12.2+crack.zip moved successfully.
\Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\Install\Dokumenty\Jindra\NOD 32\NOD32-cz-xp-v2.12.2+crack.zip moved successfully.
\Documents and Settings\Helena Polášková\Dokumenty\Zachráněné dokumenty\NOD 32\NOD32-cz-xp-v2.12.2+crack.zip moved successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 12242012_104357

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[Márty84]

Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne
Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe , ulozte ho na plochu a spustte.
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Zprava a objevi se log. Ten mi sem vlozte

[Jindrolim]

RogueKiller V8.4.1 [Dec 23 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : Helena Polášková [Práva správce]
Mód : Kontrola -- Datum : 12/24/2012 10:52:52

¤¤¤ Škodlivé procesy: : 1 ¤¤¤
[SUSP PATH] NOTEPAD.EXE -- C:\WINDOWS\NOTEPAD.EXE -> SMAZÁNO [TermProc]

¤¤¤ ¤¤¤ Záznamy Registrů: : 1 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

ÿþ1

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: MAXTOR STM3160815AS +++++
--- User ---
[MBR] c3eaf3aa3d1f99b35325ebf7731672a9
[BSP] 5d1978cb73053066ecc325952297ec01 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Dokončeno : << RKreport[1]_S_12242012_02d1052.txt >>
RKreport[1]_S_12242012_02d1052.txt

[Márty84]

Znovu spustte RogueKiller (pokud jste ho jeste nezavrel/a, rovnou kliknete na napis Smazat)
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Smazat.
Pak kliknete na napis Zprava a objevi se log. Ten mi sem vlozte.
Pak kliknete na napis Oprava Host a Zprava.
Objevi se dalsi log. I ten mi sem vlozte.

[Jindrolim]

RogueKiller V8.4.1 [Dec 23 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : Helena Polášková [Práva správce]
Mód : Odebrat -- Datum : 12/24/2012 10:56:41

¤¤¤ Škodlivé procesy: : 1 ¤¤¤
[SUSP PATH] NOTEPAD.EXE -- C:\WINDOWS\NOTEPAD.EXE -> SMAZÁNO [TermProc]

¤¤¤ ¤¤¤ Záznamy Registrů: : 1 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

ÿþ1

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: MAXTOR STM3160815AS +++++
--- User ---
[MBR] c3eaf3aa3d1f99b35325ebf7731672a9
[BSP] 5d1978cb73053066ecc325952297ec01 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Dokončeno : << RKreport[2]_D_12242012_02d1056.txt >>
RKreport[1]_S_12242012_02d1052.txt ; RKreport[2]_D_12242012_02d1056.txt

[Jindrolim]

RogueKiller V8.4.1 [Dec 23 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : Helena Polášková [Práva správce]
Mód : Oprava HOSTS -- Datum : 12/24/2012 10:57:22

¤¤¤ Škodlivé procesy: : 1 ¤¤¤
[SUSP PATH] NOTEPAD.EXE -- C:\WINDOWS\NOTEPAD.EXE -> SMAZÁNO [TermProc]

¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

ÿþ1

¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost

Dokončeno : << RKreport[3]_H_12242012_02d1057.txt >>
RKreport[1]_S_12242012_02d1052.txt ; RKreport[2]_D_12242012_02d1056.txt ; RKreport[3]_H_12242012_02d1057.txt

[Márty84]

Stahnete crystal disk info http://www.slunecnice.cz/sw/crystaldiskinfo/
Nainstalujte (pozor na pripadne doplnky, ty odmitnete zrusenim zatrzitka) a spustte. Za chvili se zobrazi vysledek.
Kliknete nahore na napis Úpravy a pak na napis Kopírovat. To co se zkopiruje (ulozi se to do pameti) mi sem vlozte

[Jindrolim]

----------------------------------------------------------------------------
CrystalDiskInfo 5.0.5 (C) 2008-2012 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows XP Home Edition SP3 [5.1 Build 2600] (x86)
Date : 2012/12/24 11:09:42

-- Controller Map ----------------------------------------------------------
+ PCI Standardní dvoukanálový řadič IDE [ATA]
+ Primární kanál IDE (0)
- HL-DT-ST DVD-RAM GH22NP20
- Sekundární kanál IDE (1)
+ NVIDIA MCP61 Serial ATA Controller [ATA]
- MAXTOR STM3160815AS

-- Disk List ---------------------------------------------------------------
(1) MAXTOR STM3160815AS : 160,0 GB [0/2/0, pd1]

----------------------------------------------------------------------------
(1) MAXTOR STM3160815AS
----------------------------------------------------------------------------
Model : MAXTOR STM3160815AS
Firmware : 4.AAB
Serial Number : 5RA81EP6
Disk Size : 160,0 GB (8,4/137,4/160,0)
Buffer Size : 8192 KB
Queue Depth : 32
# of Sectors : 312581808
Rotation Rate : Neznámy údaj
Interface : Serial ATA
Major Version : ATA/ATAPI-7
Minor Version : ----
Transfer Mode : SATA/300
Power On Hours : 16978 hod.
Power On Count : 1467 krát
Temparature : 37 C (98 F)
Health Status : Dobrý
Features : S.M.A.R.T., 48bit LBA, NCQ
APM Level : ----
AAM Level : ----

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 100 253 __6 000000000000 Počet chyb čtení
03 _97 _97 __0 000000000000 Čas na roztočení ploten
04 _99 _99 _20 0000000005BC Počet spuštění/zastavení
05 100 100 _36 000000000000 Počet přemapovaných sektorů
07 _84 _60 _30 00000E54FE8C Počet chybných hledání
09 _81 _81 __0 000000004252 Hodin v činnosti
0A 100 100 _97 000000000000 Počet opakovaných pokusů o roztočení ploten
0C _99 _99 _20 0000000005BB Počet cyklů zapnutí zařízení
BB 100 100 __0 000000000000 Ohlášeno neopravitelných chyb
BD _98 _98 __0 000000000002 Vysoká rychlost zápisu
BE _63 _57 _45 0000261B0025 Teplota toku vzduchu
C2 _37 _43 __0 001000000025 Teplota
C3 _82 _72 __0 00000E6C04BE Počet oprav chybného čtení
C5 100 100 __0 000000000000 Počet podezřelých sektorů
C6 100 100 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
C8 100 253 __0 000000000000 Počet chyb při zápisu sektorů
CA 100 253 __0 000000000000 Počet chyb při směrování údajů

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0C5A 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 2020 2020 2020 2020 2020 2020 3552 4138 3145 5036
020: 0000 4000 0004 342E 4141 4220 2020 4D41 5854 4F52
030: 2053 544D 3331 3630 3831 3541 5320 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 0000 2F00
050: 4000 0200 0200 0007 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F 0506 0000 0048 0040
080: 00FE 0000 346B 7D01 4023 3469 3C01 4023 407F 0000
090: 0000 FEFE FFFE 0000 D000 0000 0000 0000 0000 0000
100: 9EB0 12A1 0000 0000 0000 0000 4000 0000 0000 0000
110: 0000 0000 0000 0000 0000 0000 0000 0100 0000 0000
120: 0000 0000 0000 0000 0000 0000 0000 0000 0009 9EB0
130: 12A1 9EB0 12A1 2020 0002 02B6 0002 008A 3C06 3C0A
140: 0000 07C6 0100 0800 1314 1200 0002 0080 0000 0000
150: 0080 0202 0000 0404 0000 0000 0000 0000 1B00 000B
160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
220: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 60A5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 0A 00 01 0F 00 64 FD 00 00 00 00 00 00 00 03 03
010: 00 61 61 00 00 00 00 00 00 00 04 32 00 63 63 BC
020: 05 00 00 00 00 00 05 33 00 64 64 00 00 00 00 00
030: 00 00 07 0F 00 54 3C 8C FE 54 0E 00 00 00 09 32
040: 00 51 51 52 42 00 00 00 00 00 0A 13 00 64 64 00
050: 00 00 00 00 00 00 0C 32 00 63 63 BB 05 00 00 00
060: 00 00 BB 32 00 64 64 00 00 00 00 00 00 00 BD 3A
070: 00 62 62 02 00 00 00 00 00 00 BE 22 00 3F 39 25
080: 00 1B 26 00 00 00 C2 22 00 25 2B 25 00 00 00 10
090: 00 00 C3 1A 00 52 48 BE 04 6C 0E 00 00 00 C5 12
0A0: 00 64 64 00 00 00 00 00 00 00 C6 10 00 64 64 00
0B0: 00 00 00 00 00 00 C7 3E 00 C8 C8 00 00 00 00 00
0C0: 00 00 C8 00 00 64 FD 00 00 00 00 00 00 00 CA 32
0D0: 00 64 FD 00 00 00 00 00 00 00 00 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 82 00 AE 01 00 5B
170: 03 00 01 00 01 36 02 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 04 03 03 03 03 03 03 03 03 00
190: 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00
1A0: 00 00 2C EE 87 F9 42 07 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 02 00 01 00 00 00 00 00 00 00 C4 78 EE DC 01 00
1D0: 00 00 84 BD A1 01 00 00 00 00 4F 42 00 00 00 00
1E0: 9C 1A 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 B3

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 0A 00 01 06 00 00 00 00 00 00 00 00 00 00 03 00
010: 00 00 00 00 00 00 00 00 00 00 04 14 00 00 00 00
020: 00 00 00 00 00 00 05 24 00 00 00 00 00 00 00 00
030: 00 00 07 1E 00 00 00 00 00 00 00 00 00 00 09 00
040: 00 00 00 00 00 00 00 00 00 00 0A 61 00 00 00 00
050: 00 00 00 00 00 00 0C 14 00 00 00 00 00 00 00 00
060: 00 00 BB 00 00 00 00 00 00 00 00 00 00 00 BD 00
070: 00 00 00 00 00 00 00 00 00 00 BE 2D 00 00 00 00
080: 00 00 00 00 00 00 C2 00 00 00 00 00 00 00 00 00
090: 00 00 C3 00 00 00 00 00 00 00 00 00 00 00 C5 00
0A0: 00 00 00 00 00 00 00 00 00 00 C6 00 00 00 00 00
0B0: 00 00 00 00 00 00 C7 00 00 00 00 00 00 00 00 00
0C0: 00 00 C8 00 00 00 00 00 00 00 00 00 00 00 CA 00
0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 26

[Márty84]

Program hlasi nejake chyby. I to muze mit vliv na rychlost.

07 _84 _60 _30 00000E54FE8C Počet chybných hledání
C3 _82 _72 __0 00000E6C04BE Počet oprav chybného čtení

Pokud nemate, zazalohujte si dulezita data (fotky, dokumenty, atd.)

Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte ComboFix.
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni programu bude hlasena chyba, staci restartovat pc a bude to v poradku