dlouhý start, pomalejší pc

Zpráva

#16 Příspěvek od **Márty84** » 24 bře 2013 21:20

Dejte novy log z RSIT. Zitra napisu mazaci skript. Ted uz jdu do luzka, pac vstavam dost brzy do prace.

luba · #17 Příspěvek od **luba** » 24 bře 2013 21:25

Logfile of random's system information tool 1.09 (written by random/random)
Run by Hanka at 2013-03-24 21:22:59
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 3 GB (22%) free of 15 GB
Total RAM: 991 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:23:04, on 24.3.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Hanka\Plocha\RSIT(2).exe
C:\Program Files\trend micro\Hanka.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.faststone.org/ThankYou.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\listicka.dll
O3 - Toolbar: Nástroje Lištičky - {1EA00BE1-6E54-4E2A-8099-680300BF23E1} - C:\Program Files\Seznam.cz\toolbar\toolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra 'Tools' menuitem: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra button: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra 'Tools' menuitem: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) - https://portal.ote-cr.cz/otemarket/reso ... apicom.cab
O16 - DPF: {EC71A2BE-E211-41F9-BCAF-4EFF13426DFE} (RossmCZActiveFormX Element) - https://shop.rossmanncz.orwonet.de/shop ... upload.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{57653143-89D9-4C3C-9C99-2EDB296161B8}: NameServer = 82.150.180.253,213.180.44.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NitroPDFReaderDriverCreatorReadSpool (NitroReaderDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6867 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Hanka\Data aplikací\Mozilla\Firefox\Profiles\m57i6dvm.default

prefs.js - "browser.startup.homepage" - "http://seznam.cz"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.28"

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.6.602.180 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.17.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\WINDOWS\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\
npnul32.dll
nppdf32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18 77576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-03-05 461216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-03-05 170912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Lištička - C:\Program Files\Seznam.cz\listicka.dll [2010-10-07 1961240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{1EA00BE1-6E54-4E2A-8099-680300BF23E1} - Nástroje Lištičky - C:\Program Files\Seznam.cz\toolbar\toolbar.dll [2010-10-07 187672]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-11-15 77824]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2013-03-24 385248]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-12-19 41208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
C:\Program Files\CCleaner\ccleaner.exe [2010-11-03 1862456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-05-11 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallIQUpdater]
C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe [2011-10-11 1179648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [2012-08-31 21432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]
C:\Program Files\Samsung\Kies\Kies.exe [2012-08-31 964024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [2012-08-31 3524536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hanka^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.2.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2010-06-07 1195520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=16895

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\ICQ7.6\ICQ.exe"="C:\Program Files\ICQ7.6\ICQ.exe:*:Enabled:ICQ7.6"
"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.6\ICQ.exe"="C:\Program Files\ICQ7.6\ICQ.exe:*:Enabled:ICQ7.6"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"VIDC.FMVC"=fmcodec.dll

======List of files/folders created in the last 1 month======

2013-03-24 19:34:48 ----D---- C:\Documents and Settings\Hanka\Data aplikací\Avira
2013-03-24 19:27:15 ----A---- C:\WINDOWS\system32\drivers\ssmdrv.sys
2013-03-24 19:27:05 ----A---- C:\WINDOWS\system32\drivers\avkmgr.sys
2013-03-24 19:27:05 ----A---- C:\WINDOWS\system32\drivers\avipbb.sys
2013-03-24 19:27:05 ----A---- C:\WINDOWS\system32\drivers\avgntflt.sys
2013-03-24 19:27:04 ----D---- C:\Program Files\Avira
2013-03-24 19:27:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\Avira
2013-03-24 13:32:04 ----D---- C:\Documents and Settings\Hanka\Data aplikací\Malwarebytes
2013-03-24 13:31:47 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2013-03-23 23:39:21 ----D---- C:\Documents and Settings\Hanka\Data aplikací\Auslogics
2013-03-23 23:36:58 ----D---- C:\Program Files\Auslogics
2013-03-23 22:37:44 ----D---- C:\Program Files\trend micro
2013-03-23 22:37:43 ----D---- C:\rsit
2013-03-23 20:35:20 ----D---- C:\Program Files\VS Revo Group
2013-03-13 14:45:38 ----D---- C:\Program Files\Mozilla Thunderbird
2013-03-05 09:32:42 ----D---- C:\Program Files\Common Files\Java
2013-03-05 09:31:21 ----A---- C:\WINDOWS\system32\javaws.exe
2013-03-05 09:31:09 ----A---- C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-03-05 09:31:09 ----A---- C:\WINDOWS\system32\javaw.exe
2013-03-05 09:31:09 ----A---- C:\WINDOWS\system32\java.exe
2013-03-05 09:30:02 ----D---- C:\Program Files\Java
2013-03-04 15:15:49 ----D---- C:\UCTO2013

======List of files/folders modified in the last 1 month======

2013-03-24 21:23:02 ----D---- C:\WINDOWS\Temp
2013-03-24 21:19:27 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2013-03-24 21:05:29 ----D---- C:\WINDOWS\system32\drivers
2013-03-24 21:03:07 ----D---- C:\WINDOWS\system32\CatRoot2
2013-03-24 21:03:05 ----D---- C:\WINDOWS
2013-03-24 20:34:20 ----RD---- C:\Program Files
2013-03-24 20:23:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-03-24 19:28:44 ----D---- C:\WINDOWS\system32\CatRoot
2013-03-24 19:14:07 ----D---- C:\Program Files\Mozilla Firefox
2013-03-24 18:55:46 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-03-24 18:55:04 ----D---- C:\WINDOWS\system32
2013-03-24 18:48:41 ----SHD---- C:\WINDOWS\Installer
2013-03-24 18:48:41 ----HD---- C:\Config.Msi
2013-03-24 18:48:35 ----HD---- C:\WINDOWS\inf
2013-03-24 18:48:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\Bluetooth
2013-03-24 18:11:51 ----D---- C:\WINDOWS\Help
2013-03-24 18:02:48 ----D---- C:\WINDOWS\Minidump
2013-03-24 13:04:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\ICQ
2013-03-23 23:42:59 ----D---- C:\WINDOWS\system32\config
2013-03-23 21:19:31 ----D---- C:\WINDOWS\Prefetch
2013-03-23 20:22:47 ----D---- C:\WINDOWS\pss
2013-03-23 19:50:24 ----SH---- C:\boot.ini
2013-03-23 19:50:24 ----A---- C:\WINDOWS\win.ini
2013-03-23 19:50:24 ----A---- C:\WINDOWS\system.ini
2013-03-23 18:21:43 ----D---- C:\Documents and Settings\Hanka\Data aplikací\Skype
2013-03-23 17:37:21 ----D---- C:\Program Files\Lavalys
2013-03-23 17:17:04 ----D---- C:\Documents and Settings\Hanka\Data aplikací\skypePM
2013-03-23 16:44:00 ----D---- C:\Documents and Settings\Hanka\Data aplikací\ICQ
2013-03-17 08:39:06 ----D---- C:\Program Files\Opera
2013-03-17 08:18:42 ----D---- C:\WINDOWS\Network Diagnostic
2013-03-14 18:14:41 ----D---- C:\Documents and Settings\Hanka\Data aplikací\Winamp
2013-03-12 21:31:55 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-03-05 09:32:42 ----D---- C:\Program Files\Common Files
2013-03-05 09:30:25 ----A---- C:\WINDOWS\system32\npdeployJava1.dll
2013-03-05 09:30:24 ----A---- C:\WINDOWS\system32\deployJava1.dll
2013-03-04 15:14:12 ----D---- C:\UCTO2012

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-08-09 691696]
R0 uagp35;Filtr Microsoft AGPv3.5; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-13 44672]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2013-03-24 134336]
R1 avkmgr;avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [2013-03-24 36552]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 qtsmon;qtsmon; C:\WINDOWS\System32\drivers\qtsmon.sys [2010-12-05 72488]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2006-11-10 16896]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2013-03-24 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2013-03-24 83944]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-13 20992]
R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2006-11-10 266752]
S0 BTHidMgr;Bluetooth HID Manager Service; C:\WINDOWS\System32\Drivers\BTHidMgr.sys []
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\WINDOWS\System32\Drivers\ssadadb.sys [2012-06-27 30312]
S3 ayy0wyfr;ayy0wyfr; C:\WINDOWS\system32\drivers\ayy0wyfr.sys []
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys []
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys []
S3 BthEnum;Služba Bluetooth Enumerator; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys []
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2009-09-24 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 dgderdrv;dgderdrv; C:\WINDOWS\System32\drivers\dgderdrv.sys [2011-12-23 20032]
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2009-09-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-18 5888]
S3 RT61;Gigabyte RT61 Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT61.sys [2009-06-12 500096]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\ssadbus.sys [2012-06-27 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys [2012-06-27 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\WINDOWS\system32\DRIVERS\ssadmdm.sys [2012-06-27 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\WINDOWS\system32\DRIVERS\ssadserd.sys [2012-06-27 114280]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys []
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira Real-Time Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2013-03-24 110816]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2013-03-24 86752]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-03-05 170912]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-07-20 935208]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool; C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [2011-01-14 196912]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-12 253656]
S3 HP Port Resolver;HP Port Resolver; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE [2005-05-20 81920]
S3 HP Status Server;HP Status Server; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE [2004-10-16 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------

#18 Příspěvek od **Márty84** » 25 bře 2013 04:39

Vypnete na chvili antivir, pripadne vse provedte v nouzovem rezimu

Najdete tento soubor C:\Program Files\trend micro\Hanka.exe a spustte ho.
Kliknete na Main menu a na Do a system scan only
U techto radku dejte vlevo zatrzitko

Kód: Vybrat vše

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.faststone.org/ThankYou.htm
R3 - URLSearchHook: (no name) - - (no file)
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

Kliknete na nápis Fix checked a potvrdte

Stahnete OTM http://oldtimer.geekstogo.com/OTM.exe , ulozte nejlepe na plochu a spustte.
Do leveho okna zkopirujte tento skript (vcetne te dvojtecky pred slovem commands)

Kód: Vybrat vše

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[Purity]

:services
JavaQuickStarterService
Nero BackItUp Scheduler 4.0
AdobeFlashPlayerUpdateSvc

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
C:\WINDOWS\tasks\Adobe Flash Player Updater.job

:reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallIQUpdater]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

Kliknete na MoveIt a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu sem dejte log, ktery na vas vyskoci, nebo bude zde C:\_OTM\MovedFiles\xxxxxxxx_xxxxxx (misto tech x budou cisla, predstavujici datum a cas spusteni)

luba · #19 Příspěvek od **luba** » 25 bře 2013 17:55

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Hanka
->Temp folder emptied: 31728650 bytes
->Temporary Internet Files folder emptied: 1895564 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 58521753 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 5227 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 279610 bytes
->Opera cache emptied: 1529357 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2450036 bytes
%systemroot%\System32 .tmp files removed: 2775496 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 39480 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 59377110 bytes

Total Files Cleaned = 151,00 mb

[EMPTYFLASH]

User: All Users

User: Default User

User: Hanka
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
========== SERVICES/DRIVERS ==========
Service JavaQuickStarterService stopped successfully!
Service JavaQuickStarterService deleted successfully!
Service Nero BackItUp Scheduler 4.0 stopped successfully!
Service Nero BackItUp Scheduler 4.0 deleted successfully!
Service AdobeFlashPlayerUpdateSvc stopped successfully!
Service AdobeFlashPlayerUpdateSvc deleted successfully!
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
C:\WINDOWS\tasks\Adobe Flash Player Updater.job moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallIQUpdater\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched\ deleted successfully.

OTM by OldTimer - Version 3.1.21.0 log created on 03252013_174855

Files moved on Reboot...

Registry entries deleted on Reboot...

#20 Příspěvek od **Márty84** » 25 bře 2013 18:51

vyosek píše: T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
Stahnete a spustte

Pro potvrzeni volby mackejte A, Enter

Po pouziti utilitu smazte

Antiviry mohou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

Stahnete OTC http://oldtimer.geekstogo.com/OTC.exe , ulozte a spustte.
Kliknete na napis CleanUp a pote OK - Po uklidu dojde k restartu pc.

Stahnete TFC http://oldtimer.geekstogo.com/TFC.exe , ulozte a spustte
Kliknete na START a pote OK - Po uklidu dojde k restartu pc.
Po pouziti muzete programek smazat

Stahnete Ccleaner http://www.stahuj.centrum.cz/utility_a_ ... /ccleaner/ a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!

Defragmentujte disk(y)
Stahnete program Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
Pri instalaci opet pozor na toolbar
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.

Pak napiste, jak je na tom pc.

luba · #21 Příspěvek od **luba** » 25 bře 2013 21:44

Takže jsem všechno provedl jak jste psal. Počítač se zdá funguje dobře, jen po zapnutí dost dlouho startuje a načítá systém, cca asi 4 minuty než to je použitelný. Nevím jestli to je u XP normální.

#22 Příspěvek od **Márty84** » 26 bře 2013 03:33

A jak dlouho trval start normalne?

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe , ulozte na plochu a spustte.
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).

luba · #23 Příspěvek od **luba** » 26 bře 2013 18:38

OTL logfile created on: 26.3.2013 17:55:49 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Hanka\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

991,23 Mb Total Physical Memory | 625,05 Mb Available Physical Memory | 63,06% Memory free
2,33 Gb Paging File | 1,98 Gb Available in Paging File | 84,79% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 25,00 Gb Total Space | 14,78 Gb Free Space | 59,11% Space Free | Partition Type: NTFS
Drive D: | 49,53 Gb Total Space | 42,75 Gb Free Space | 86,31% Space Free | Partition Type: NTFS

Computer Name: BERKOVI | User Name: Hanka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.03.26 17:54:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hanka\Plocha\OTL.exe
PRC - [2013.03.24 19:25:49 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.24 19:25:29 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.03.24 19:25:26 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.03.24 19:25:25 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.23 21:05:15 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.01.14 13:35:56 | 000,196,912 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
PRC - [2008.04.14 07:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.08.09 08:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004.11.15 17:20:20 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE

========== Modules (No Company Name) ==========

MOD - [2013.03.24 19:25:52 | 000,397,704 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2013.03.23 21:05:16 | 001,014,744 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2012.08.14 20:31:24 | 009,465,032 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
MOD - [2009.04.07 04:32:10 | 000,022,723 | ---- | M] () -- C:\WINDOWS\system32\cl31cl3.dll

========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013.03.24 19:25:49 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.24 19:25:26 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.01.14 13:35:56 | 000,196,912 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe -- (NitroReaderDriverReadSpool)
SRV - [2007.08.09 08:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\VcommMgr.sys -- (VcommMgr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\VComm.sys -- (VComm)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vbtenum.sys -- (BTHidEnum)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btcusb.sys -- (Btcsrusb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btnetdrv.sys -- (BT)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\blueletaudio.sys -- (BlueletAudio)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (amxayeyl)
DRV - [2013.03.24 19:26:01 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.03.24 19:26:01 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.03.24 19:26:01 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2013.03.24 19:26:00 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.06.27 09:37:56 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2012.06.27 09:37:56 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2012.06.27 09:37:56 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2012.06.27 09:37:56 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadadb.sys -- (androidusb)
DRV - [2012.06.27 09:37:56 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2011.12.23 20:58:18 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2010.12.05 19:42:29 | 000,072,488 | ---- | M] (AVG) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\qtsmon.sys -- (qtsmon)
DRV - [2010.08.09 13:15:05 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009.06.12 16:21:40 | 000,500,096 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2008.04.13 21:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2006.11.10 14:03:48 | 000,266,752 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2006.11.10 02:28:22 | 000,016,896 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2004.11.17 18:05:38 | 002,297,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={ ... rer:source?}

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1004336348-725345543-1177238915-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1004336348-725345543-1177238915-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-1004336348-725345543-1177238915-1004\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1004336348-725345543-1177238915-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1004336348-725345543-1177238915-1004\..\SearchScopes\{52f54a4f-f372-4aa1-9e79-51086d3eed27}: "URL" = http://www.zbozi.cz/?q={searchTerms}&r= ... rceid=IE_5
IE - HKU\S-1-5-21-1004336348-725345543-1177238915-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1004336348-725345543-1177238915-1004\..\SearchScopes\{93f786a7-1813-4731-951b-c17cccdfb57d}: "URL" = http://www.firmy.cz/phr/{searchTerms}?sourceid=IE_5
IE - HKU\S-1-5-21-1004336348-725345543-1177238915-1004\..\SearchScopes\{a0bb6a16-347f-4664-94b2-7505ad405835}: "URL" = http://search.seznam.cz/?q={searchTerms}&sourceid=IE_5
IE - HKU\S-1-5-21-1004336348-725345543-1177238915-1004\..\SearchScopes\{acec889c-f772-48f6-a6f8-63a71694838f}: "URL" = http://www.mapy.cz/?query={searchTerms}&sourceid=IE_5
IE - HKU\S-1-5-21-1004336348-725345543-1177238915-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://seznam.cz"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.23 21:05:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.23 21:05:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.03.13 14:45:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010.08.12 08:19:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Hanka\Data aplikací\Mozilla\Extensions
[2010.08.12 07:35:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Hanka\Data aplikací\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.03.23 21:01:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Hanka\Data aplikací\Mozilla\Firefox\Profiles\m57i6dvm.default\extensions
[2013.03.25 22:30:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.09.23 09:15:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2013.03.23 21:05:23 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2013.03.23 21:05:23 | 000,001,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mall-cz.xml
[2013.03.23 21:05:23 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2013.03.23 21:05:23 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2013.03.23 21:05:23 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2013.03.25 17:49:02 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Lištička) - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\listicka.dll ()
O3 - HKLM\..\Toolbar: (Nástroje Lištičky) - {1EA00BE1-6E54-4E2A-8099-680300BF23E1} - C:\Program Files\Seznam.cz\toolbar\toolbar.dll ()
O3 - HKU\S-1-5-21-1004336348-725345543-1177238915-1004\..\Toolbar\WebBrowser: (Nástroje Lištičky) - {34AB3C4C-DA1A-4067-96F4-31452C7CFE65} - C:\Program Files\Seznam.cz\listicka.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1004336348-725345543-1177238915-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 16895
O9 - Extra Button: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files\Seznam.cz\listicka.dll ()
O9 - Extra 'Tools' menuitem : Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files\Seznam.cz\listicka.dll ()
O9 - Extra Button: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files\Seznam.cz\listicka.dll ()
O9 - Extra 'Tools' menuitem : Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files\Seznam.cz\listicka.dll ()
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe (ICQ, LLC.)
O15 - HKU\S-1-5-21-1004336348-725345543-1177238915-1004\..Trusted Domains: ote-cr.cz ([portal] https in Důvěryhodné servery)
O15 - HKU\S-1-5-21-1004336348-725345543-1177238915-1004\..Trusted Domains: ote-cr.cz ([www] https in Důvěryhodné servery)
O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} https://portal.ote-cr.cz/otemarket/reso ... apicom.cab (Settings Class)
O16 - DPF: {EC71A2BE-E211-41F9-BCAF-4EFF13426DFE} https://shop.rossmanncz.orwonet.de/shop ... upload.cab (RossmCZActiveFormX Element)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57653143-89D9-4C3C-9C99-2EDB296161B8}: NameServer = 82.150.180.253,213.180.44.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6AC07F96-79D9-4FD9-BF50-96F669DB9462}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Hanka\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Hanka\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - VfWWDM32.dll File not found
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FMVC - C:\WINDOWS\System32\fmcodec.DLL (Fox Magic Software)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2013.03.26 17:54:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Hanka\Plocha\OTL.exe
[2013.03.25 21:47:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Hanka\Recent
[2013.03.25 00:45:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Acronis
[2013.03.25 00:18:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Acronis
[2013.03.25 00:16:11 | 000,000,000 | ---D | C] -- C:\Program Files\Acronis
[2013.03.24 22:21:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\rajce
[2013.03.24 22:21:23 | 000,000,000 | ---D | C] -- C:\Program Files\rajce
[2013.03.24 21:55:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\aTube Catcher
[2013.03.24 21:55:07 | 000,000,000 | ---D | C] -- C:\Program Files\DsNET Corp
[2013.03.24 19:34:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hanka\Data aplikací\Avira
[2013.03.24 19:28:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Avira
[2013.03.24 19:27:15 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2013.03.24 19:27:05 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2013.03.24 19:27:05 | 000,083,944 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2013.03.24 19:27:05 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2013.03.24 19:27:04 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013.03.24 19:27:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Avira
[2013.03.24 13:32:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hanka\Data aplikací\Malwarebytes
[2013.03.24 13:31:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2013.03.23 23:39:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hanka\Data aplikací\Auslogics
[2013.03.23 23:36:58 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2013.03.23 22:37:44 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2013.03.23 21:28:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Opera
[2013.03.23 21:28:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Data aplikací\Opera
[2013.03.23 21:02:16 | 000,000,000 | ---D | C] -- D:\Dokumentíky\Stažené soubory
[2013.03.21 21:59:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hanka\Plocha\UČTO
[2013.03.17 08:30:27 | 000,000,000 | ---D | C] -- D:\Dokumentíky\Nová složka
[2013.03.17 08:30:09 | 000,000,000 | ---D | C] -- D:\Dokumentíky\Prominutí žádosti
[2013.03.13 14:45:38 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013.03.06 11:56:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hanka\Local Settings\Data aplikací\Sun
[2013.03.05 09:32:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.03.05 09:31:22 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013.03.05 09:31:21 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013.03.05 09:31:09 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013.03.05 09:31:09 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013.03.05 09:31:09 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013.03.05 09:30:02 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.03.04 15:15:49 | 000,000,000 | ---D | C] -- C:\UCTO2013

========== Files - Modified Within 30 Days ==========

[2013.03.26 17:59:58 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013.03.26 17:54:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hanka\Plocha\OTL.exe
[2013.03.26 17:50:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.03.25 22:47:11 | 000,002,563 | ---- | M] () -- C:\Documents and Settings\Hanka\Plocha\Microsoft Office Word 2007.lnk
[2013.03.25 18:59:38 | 000,291,680 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.03.25 17:49:02 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2013.03.25 00:45:49 | 000,000,155 | ---- | M] () -- C:\WINDOWS\System32\autopart.opt
[2013.03.24 22:21:30 | 000,000,638 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\rajče.lnk
[2013.03.24 21:55:51 | 000,000,839 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\aTube Catcher.lnk
[2013.03.24 19:26:01 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2013.03.24 19:26:01 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2013.03.24 19:26:01 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2013.03.24 19:26:00 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2013.03.24 19:03:52 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.03.24 18:37:14 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\Hanka\.recently-used.xbel
[2013.03.23 19:50:24 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2013.03.23 16:59:59 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Hanka\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.03.14 20:58:09 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013.03.12 21:31:55 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.03.12 21:31:54 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013.03.05 09:30:35 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013.03.05 09:30:27 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013.03.05 09:30:27 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013.03.05 09:30:26 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013.03.05 09:30:26 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013.03.05 09:30:25 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2013.03.05 09:30:24 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013.03.04 15:16:28 | 000,001,581 | ---- | M] () -- C:\Documents and Settings\Hanka\Plocha\ÚČTO 2013.LNK
[2013.03.04 15:11:35 | 030,382,080 | ---- | M] () -- D:\Dokumentíky\u13_cd.exe
[2013.03.03 14:53:43 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Opera.lnk
[2013.02.28 14:30:42 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Adobe Reader 9.lnk
[2013.02.25 17:36:50 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk

========== Files Created - No Company Name ==========

[2013.03.26 17:59:58 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2013.03.25 00:45:49 | 000,000,155 | ---- | C] () -- C:\WINDOWS\System32\autopart.opt
[2013.03.24 22:21:30 | 000,000,638 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\rajče.lnk
[2013.03.24 21:55:51 | 000,000,839 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\aTube Catcher.lnk
[2013.03.24 18:37:14 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\Hanka\.recently-used.xbel
[2013.03.04 15:16:28 | 000,001,581 | ---- | C] () -- C:\Documents and Settings\Hanka\Plocha\ÚČTO 2013.LNK
[2013.03.04 15:10:29 | 030,382,080 | ---- | C] () -- D:\Dokumentíky\u13_cd.exe
[2013.03.03 14:53:43 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Opera.lnk
[2013.03.03 14:53:42 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Opera.lnk
[2012.08.08 12:25:09 | 001,188,443 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2012.08.08 12:25:09 | 000,005,427 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2012.06.14 21:37:30 | 000,037,256 | ---- | C] () -- C:\Documents and Settings\Hanka\Fotečky.jpg
[2012.02.07 23:23:13 | 001,776,036 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-S-1-5-21-1004336348-725345543-1177238915-1004-0.dat
[2012.02.07 23:23:04 | 000,317,834 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-System.dat
[2011.12.23 20:58:28 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2011.12.23 20:58:24 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011.12.23 20:58:24 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011.12.23 20:58:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011.12.23 20:58:24 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011.11.21 22:49:01 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2011.09.07 16:01:55 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.11.17 15:12:56 | 000,000,084 | ---- | C] () -- C:\Documents and Settings\Hanka\.gtk-bookmarks
[2010.08.18 20:20:03 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Hanka\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 07:51:56 | 001,499,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.09.24 14:43:03 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 07:52:06 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013.03.25 00:18:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Acronis
[2013.01.05 10:33:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AlawarWrapper
[2010.08.09 13:13:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ashampoo
[2010.12.05 19:42:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AVGQTS
[2013.01.05 10:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AWEM
[2013.03.24 18:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Bluetooth
[2010.08.09 13:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
[2012.01.05 22:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\GameHouse
[2013.03.24 13:04:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2011.02.03 22:06:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Nitro PDF
[2011.09.19 16:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\page
[2012.02.07 21:49:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Samsung
[2013.03.24 21:19:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2011.11.14 15:22:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\W3i
[2012.12.13 15:01:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\WildTangent
[2011.11.14 15:31:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
[2013.01.05 10:34:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanka\Data aplikací\Alawar Entertainment
[2011.09.19 18:38:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanka\Data aplikací\Ashampoo
[2013.03.24 21:52:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanka\Data aplikací\Auslogics
[2010.08.09 13:36:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanka\Data aplikací\DAEMON Tools Lite
[2012.11.23 16:45:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanka\Data aplikací\gtk-2.0
[2012.01.20 10:02:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanka\Data aplikací\Happy Chef
[2013.03.23 16:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanka\Data aplikací\ICQ
[2013.03.24 21:31:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanka\Data aplikací\Image Zone Express
[2013.01.02 21:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanka\Data aplikací\Nitro PDF
[2010.08.12 08:03:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanka\Data aplikací\OpenOffice.org
[2011.11.18 09:49:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanka\Data aplikací\Opera
[2012.12.25 23:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanka\Data aplikací\Samsung
[2012.04.08 09:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanka\Data aplikací\Temp
[2010.08.12 07:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanka\Data aplikací\Thunderbird
[2011.11.14 15:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanka\Data aplikací\Uniblue
[2012.12.13 15:01:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanka\Data aplikací\WildTangent
[2013.03.23 21:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\Opera

========== Purity Check ==========

========== Custom Scans ==========

< >
[2010.08.09 12:21:19 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2010.08.09 12:26:34 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT

< >

< MD5 for: AGP440.SYS >
[2009.09.24 14:51:30 | 017,813,130 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.09.24 14:51:30 | 017,813,130 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.04.14 07:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe
[2008.04.14 07:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\dllcache\autochk.exe

< MD5 for: CDROM.SYS >
[2009.09.24 14:51:30 | 017,813,130 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.13 23:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2008.04.14 07:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll
[2008.04.14 07:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\dllcache\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 07:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 07:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 07:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 07:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: HAL.DLL >
[2009.09.24 14:51:30 | 017,813,130 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.13 23:01:30 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\hal.dll

< MD5 for: CHANGER.SYS >
[2009.09.24 14:51:30 | 017,813,130 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys

< MD5 for: ISAPNP.SYS >
[2009.09.24 14:51:30 | 017,813,130 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 06:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2008.04.14 07:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2008.04.14 07:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 23:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008.04.13 23:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008.04.14 07:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 07:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008.04.14 07:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 07:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2008.04.14 07:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\dllcache\smss.exe
[2008.04.14 07:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 07:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008.04.14 07:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2009.09.24 14:41:41 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2009.09.24 14:41:41 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\system32\drivers\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 07:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 07:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008.04.14 07:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 07:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2008.04.14 07:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2008.04.14 07:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< >

< %systemroot%*.* /U /s >
[1 C:\WINDOWS\SoftwareDistribution\Download\07c90dcbdedfe16c2b58e68ce910936a\download\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\07c90dcbdedfe16c2b58e68ce910936a\download\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\0bfe47e58d65a90f0263f041ec115a72\download\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\0bfe47e58d65a90f0263f041ec115a72\download\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\0efb45fe14af60fce7fe141ae9ac7cc6\download\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\0efb45fe14af60fce7fe141ae9ac7cc6\download\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\0fedacd112dd13ad60761d9dc1180f1d\download\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\0fedacd112dd13ad60761d9dc1180f1d\download\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\1c3802531a1bdc5c0b934fb898785ca0\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\1c3802531a1bdc5c0b934fb898785ca0\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\41b2219405346d6421a1b21083eb6dd7\download\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\41b2219405346d6421a1b21083eb6dd7\download\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\43c07bfbb59d299ee8343d57713c3c0b\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\43c07bfbb59d299ee8343d57713c3c0b\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\4a6ebf52efbec44d28d5c0135c216a55\download\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\4a6ebf52efbec44d28d5c0135c216a55\download\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\508483484f3a183df6329500a0689df5\download\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\508483484f3a183df6329500a0689df5\download\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\5098dd9035927e206645a10b773e39d3\download\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\5098dd9035927e206645a10b773e39d3\download\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\509ce25d45fe208ee57ad15aa1012d9c\download\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\509ce25d45fe208ee57ad15aa1012d9c\download\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\5b1bf3c709a0479f95a0d490dc626aff\download\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\5b1bf3c709a0479f95a0d490dc626aff\download\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\6eb64538d1eb8e0e92baa96fc62ba854\download\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\6eb64538d1eb8e0e92baa96fc62ba854\download\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\8573f895b9caebec15a2846b147c4acc\download\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\8573f895b9caebec15a2846b147c4acc\download\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\94cb1155beed812ad7f0048d578b46e3\download\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\94cb1155beed812ad7f0048d578b46e3\download\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\987eadf0fc9ebf772c42ab3ca2bcfc3d\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\987eadf0fc9ebf772c42ab3ca2bcfc3d\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\a9de1b2071cad5998138befbe3b835b7\download\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\a9de1b2071cad5998138befbe3b835b7\download\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\af5e05ccd2c15416e9facffaeb01ca3b\download\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\af5e05ccd2c15416e9facffaeb01ca3b\download\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\b3ba0f7542150a0ff634f02bb11873ed\download\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\b3ba0f7542150a0ff634f02bb11873ed\download\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\b41185fd9ddb4a55a576f995b3e93215\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\b41185fd9ddb4a55a576f995b3e93215\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\be21e799c4114ec3b7e78e2497c5dec7\download\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\be21e799c4114ec3b7e78e2497c5dec7\download\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\d2e1f16f5be8fded7ed4631ce3e9160d\download\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\d2e1f16f5be8fded7ed4631ce3e9160d\download\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\ee98c73f0904cb50e0d59ccbd186551f\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\ee98c73f0904cb50e0d59ccbd186551f\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\ef042df797d3a27a3a89d1ad98b64d89\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\ef042df797d3a27a3a89d1ad98b64d89\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\fd674b0793556498419dc6d88ead9cda\download\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\fd674b0793556498419dc6d88ead9cda\download\*.tmp -> ]
[1 C:\WINDOWS\twain_32\*.tmp files -> C:\WINDOWS\twain_32\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2012.06.14 21:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanka\Data aplikací\Adobe
[2013.01.05 10:34:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanka\Data aplikací\Alawar Entertainment
[2011.09.19 18:38:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanka\Data aplikací\Ashampoo
[2013.03.24 21:52:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanka\Data aplikací\Auslogics
[2013.03.24 19:34:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanka\Data aplikací\Avira
[2012.09.12 17:15:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanka\Data aplikací\CyberLink
[2010.08.09 13:36:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanka\Data aplikací\DAEMON Tools Lite
[2010.08.09 13:07:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanka\Data aplikací\FastStone
[2012.11.23 16:45:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanka\Data aplikací\gtk-2.0
[2012.01.20 10:02:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanka\Data aplikací\Happy Chef
[2010.08.24 17:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanka\Data aplikací\HP
[2013.03.23 16:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanka\Data aplikací\ICQ
[2010.08.09 12:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanka\Data aplikací\Identities
[2013.03.24 21:31:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanka\Data aplikací\Image Zone Express
[2010.08.11 22:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanka\Data aplikací\Macromedia
[2013.03.24 13:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanka\Data aplikací\Malwarebytes
[2013.02.23 15:57:03 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Hanka\Data aplikací\Microsoft
[2010.08.12 08:19:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanka\Data aplikací\Mozilla
[2010.08.19 13:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanka\Data aplikací\Nero
[2013.01.02 21:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanka\Data aplikací\Nitro PDF
[2010.08.12 08:03:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanka\Data aplikací\OpenOffice.org
[2011.11.18 09:49:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanka\Data aplikací\Opera
[2012.12.25 23:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanka\Data aplikací\Samsung
[2013.03.23 18:21:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanka\Data aplikací\Skype
[2013.03.23 17:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanka\Data aplikací\skypePM
[2011.09.23 09:13:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanka\Data aplikací\Sun
[2012.04.08 09:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanka\Data aplikací\Temp
[2010.08.12 07:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanka\Data aplikací\Thunderbird
[2011.11.14 15:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanka\Data aplikací\Uniblue
[2012.12.13 15:01:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanka\Data aplikací\WildTangent
[2013.03.14 18:14:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanka\Data aplikací\Winamp
[2010.08.30 14:10:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanka\Data aplikací\WinRAR

< %APPDATA%\*.exe /s >
[2012.03.15 17:53:33 | 000,106,408 | ---- | M] () -- C:\Documents and Settings\Hanka\Data aplikací\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentInstaller.exe
[2012.03.15 17:53:34 | 000,101,288 | ---- | M] () -- C:\Documents and Settings\Hanka\Data aplikací\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentUpdate.exe
[2012.03.15 17:53:35 | 000,021,416 | ---- | M] () -- C:\Documents and Settings\Hanka\Data aplikací\Samsung\Kies\FirmwareUpdateTemp\AGENT\KiesPDLR.exe
[2012.08.31 01:52:26 | 000,593,848 | ---- | M] (ml) -- C:\Documents and Settings\Hanka\Data aplikací\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe
[2013.01.10 10:02:20 | 000,601,968 | ---- | M] (ml) -- C:\Documents and Settings\Hanka\Data aplikací\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.08.09 13:15:05 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2010.08.09 14:11:35 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2010.08.09 14:11:35 | 001,069,056 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2010.08.09 14:11:35 | 000,483,328 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >
[2013.03.24 19:26:00 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\system32\drivers\avgntflt.sys
[2013.03.24 19:26:01 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\system32\drivers\avipbb.sys
[2013.03.24 19:26:01 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\system32\drivers\avkmgr.sys
[2013.03.24 19:26:01 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\ssmdrv.sys

< %systemroot%\system32\*.* /3 >
[2013.03.25 00:45:49 | 000,000,155 | ---- | M] () -- C:\WINDOWS\system32\autopart.opt
[2013.03.25 18:59:38 | 000,291,680 | ---- | M] () -- C:\WINDOWS\system32\FNTCACHE.DAT
[2013.03.24 19:03:52 | 000,013,646 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 07:52:18 | 000,015,360 | ---- | M] (Microsoft Corporation)

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< >

< type c:\boot.ini >> test.txt /c >
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2013.03.26 17:59:58 | 000,000,512 | ---- | M] () MD5=BA9709D2F4CC35E38CE9FE7B77D5766E -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2010.10.04 22:50:56 | 000,062,238 | ---- | M] () -- \Program Files\GIMP-2.0\share\gimp\2.0\patterns\cracked.pat

< *keygen* /s >

< *loader* /s >
[2009.07.20 10:52:26 | 000,000,232 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\Nero\OnlineServices\NOSWebConfig\MySpace\uploadError.xml
[2013.03.24 19:25:29 | 000,052,960 | ---- | M] () -- \Program Files\Avira\AntiVir Desktop\avwebloader.dll
[2013.03.24 19:25:29 | 000,232,816 | ---- | M] () -- \Program Files\Avira\AntiVir Desktop\avwebloader.exe
[2013.03.24 19:25:30 | 001,714,400 | ---- | M] () -- \Program Files\Avira\AntiVir Desktop\avwebloadergui.dll
[3 \Program Files\Avira\AntiVir Desktop\*.tmp files -> \Program Files\Avira\AntiVir Desktop\*.tmp -> ]
[2006.10.26 12:40:34 | 000,057,344 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VS7DEBUG\coloader.dll
[2006.10.26 12:40:34 | 000,005,120 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VS7DEBUG\coloader.tlb
[2010.02.07 22:40:00 | 000,000,543 | ---- | M] () -- \Program Files\GIMP-2.0\etc\gtk-2.0\gdk-pixbuf.loaders
[2009.12.15 18:58:18 | 000,017,056 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-ani.dll
[2009.12.15 18:58:20 | 000,018,592 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-bmp.dll
[2009.12.15 18:58:24 | 000,026,272 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-gif.dll
[2009.12.15 18:58:26 | 000,012,960 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-icns.dll
[2009.12.15 18:58:28 | 000,017,568 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-ico.dll
[2009.12.15 18:58:56 | 000,019,616 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-jpeg.dll
[2009.12.15 18:59:04 | 000,015,008 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-pcx.dll
[2009.12.15 18:59:06 | 000,019,104 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-png.dll
[2009.12.15 18:59:10 | 000,017,056 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-pnm.dll
[2009.12.15 18:59:14 | 000,012,448 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-ras.dll
[2009.12.15 18:59:16 | 000,016,544 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-tga.dll
[2009.12.15 18:59:20 | 000,016,544 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-tiff.dll
[2009.12.15 18:59:22 | 000,011,936 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-wbmp.dll
[2009.12.15 18:59:24 | 000,013,984 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-xbm.dll
[2009.12.15 18:59:28 | 000,028,320 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-xpm.dll
[2009.05.01 20:42:00 | 000,009,880 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\svg_loader.dll
[2011.04.04 11:32:47 | 000,005,795 | ---- | M] () -- \Program Files\ICQ7.4\imApp\theme\IMAGES\XtraPreloader\loader.jpg
[2011.04.04 11:32:48 | 000,004,180 | ---- | M] () -- \Program Files\ICQ7.4\imApp\theme\IMAGES\XtraPreloader\zlango-preloader.png
[2011.04.04 11:32:47 | 000,005,520 | ---- | M] () -- \Program Files\ICQ7.4\imApp\theme\MUICoreLib\xtraLoader.swf
[2011.04.11 12:00:20 | 000,000,402 | ---- | M] () -- \Program Files\ICQ7.4\Xtraz\icq\content\icq_profile\preloader.html
[2011.04.04 11:33:05 | 000,000,402 | ---- | M] () -- \Program Files\ICQ7.4\Xtraz\icq\content\profile_forms\preloader.html
[2011.04.04 11:33:05 | 000,000,402 | ---- | M] () -- \Program Files\ICQ7.4\Xtraz\icq\content\profile_lightboxs\preloader.html
[2011.10.11 08:34:40 | 000,005,795 | ---- | M] () -- \Program Files\ICQ7.6\imApp\theme\IMAGES\XtraPreloader\loader.jpg
[2011.10.11 08:34:41 | 000,004,180 | ---- | M] () -- \Program Files\ICQ7.6\imApp\theme\IMAGES\XtraPreloader\zlango-preloader.png
[2011.10.11 08:34:40 | 000,005,520 | ---- | M] () -- \Program Files\ICQ7.6\imApp\theme\MUICoreLib\xtraLoader.swf
[2011.10.11 20:37:28 | 000,000,402 | ---- | M] () -- \Program Files\ICQ7.6\Xtraz\icq\content\profile_lightboxs\preloader.html
[2010.06.07 20:11:08 | 000,006,262 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\pythonloader.py
[2010.08.12 08:02:14 | 000,021,504 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\pythonloader.uno.dll
[2010.06.07 20:19:10 | 000,000,171 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\pythonloader.uno.ini
[2010.08.12 08:02:23 | 000,029,184 | ---- | M] () -- \Program Files\OpenOffice.org 3\URE\bin\javaloader.uno.dll
[2010.06.09 15:21:40 | 000,003,874 | ---- | M] () -- \Program Files\OpenOffice.org 3\URE\java\unoloader.jar
[2012.08.31 01:48:34 | 000,069,120 | ---- | M] () -- \Program Files\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.dll
[2012.08.31 01:52:20 | 000,183,736 | ---- | M] () -- \Program Files\Samsung\Kies\External\FirmwareUpdate\BinaryLoaderMgr.exe
[2012.02.07 22:56:51 | 000,153,512 | ---- | M] () -- \Program Files\Samsung\Kies\External\FirmwareUpdate\GT-S5830\BinaryLoaderMgr.exe
[2012.02.07 22:56:51 | 000,270,248 | ---- | M] () -- \Program Files\Samsung\Kies\External\FirmwareUpdate\GT-S5830\FirmwareUpdate.Downloader.dll
[2012.08.31 01:48:34 | 000,069,120 | ---- | M] () -- \Program Files\Samsung\Kies\Plugins\DeviceHost\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.dll
[2010.02.10 17:10:14 | 000,045,056 | ---- | M] () -- \Program Files\WinRAR\RarExtLoader.exe
[2012.09.22 07:21:24 | 000,189,440 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\daa83fc7417177004595ee4a94e467ec\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll
[2008.04.14 07:51:40 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dmloader.dll
[2008.04.14 07:51:40 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dllcache\dmloader.dll

< *minodlogin* /s >

< *tnod* /s >

< *AutoKMS* /s >

< *activator* /s >

< *serial* /s >
[2012.01.11 21:10:50 | 000,000,581 | ---- | M] () -- \Documents and Settings\Hanka\Local Settings\Data aplikací\Opera\Opera\icons\http%3A%2F%2Fwww.serialzone.cz%2Ffavicon.png
[2012.03.29 05:01:00 | 000,413,696 | ---- | M] () -- \Program Files\Microsoft Silverlight\4.1.10329.0\System.Runtime.Serialization.dll
[2012.08.21 19:59:39 | 001,186,816 | ---- | M] () -- \Program Files\Microsoft Silverlight\4.1.10329.0\System.Runtime.Serialization.ni.dll
[2012.02.07 21:52:41 | 000,310,272 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\d0ff3383438d688a0118d0fa19ed1dc4\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2012.02.07 21:52:28 | 002,625,024 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\e9f8a45b1063d6c6a62718c88a5623d1\System.Runtime.Serialization.ni.dll
[2010.10.07 09:03:33 | 000,013,972 | ---- | M] () -- \WINDOWS\inf\SocketSerialBT.PNF
[2012.03.01 15:58:33 | 000,122,264 | ---- | M] () -- \WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2012.03.01 15:58:10 | 001,026,936 | ---- | M] () -- \WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2010.03.18 13:16:28 | 001,026,936 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
[2010.03.18 13:16:28 | 000,122,264 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2004.08.18 13:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dpserial.dll
[2004.08.18 13:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\serialui.dll
[2004.08.18 13:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dllcache\dpserial.dll
[2004.08.18 13:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\dllcache\serialui.dll
[2008.04.14 06:51:10 | 000,064,256 | ---- | M] () -- \WINDOWS\system32\drivers\serial.sys

< *w7lxe* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:587EB586
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:D1B5B4F1

< End of report >

luba · #24 Příspěvek od **luba** » 26 bře 2013 18:39

OTL Extras logfile created on: 26.3.2013 17:55:49 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Hanka\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

991,23 Mb Total Physical Memory | 625,05 Mb Available Physical Memory | 63,06% Memory free
2,33 Gb Paging File | 1,98 Gb Available in Paging File | 84,79% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 25,00 Gb Total Space | 14,78 Gb Free Space | 59,11% Space Free | Partition Type: NTFS
Drive D: | 49,53 Gb Total Space | 42,75 Gb Free Space | 86,31% Space Free | Partition Type: NTFS

Computer Name: BERKOVI | User Name: Hanka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-1004336348-725345543-1177238915-1004\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\ICQ7.6\ICQ.exe" = C:\Program Files\ICQ7.6\ICQ.exe:*:Enabled:ICQ7.6 -- (ICQ, LLC.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\ICQ7.6\ICQ.exe" = C:\Program Files\ICQ7.6\ICQ.exe:*:Enabled:ICQ7.6 -- (ICQ, LLC.)
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2881063B-C58F-49EB-97FD-8BF58EC580F9}" = Nitro PDF Reader
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A316611-45D1-429C-AA26-B71259C44689}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{3bbd55ca-b3fa-4bd1-ab50-936b1a2ab872}" = Nero 9 Essentials
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C9D2B2E-53A2-4098-B931-2621C5D9822B}" = Living Marine Aquarium 2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}" = InstallIQ Updater
"{90120000-0010-0405-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Czech) 12
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.4
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{FAB43061-FEFB-46E8-A159-96710395DB5E}" = OpenOffice.org 3.2
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"7-Zip" = 7-Zip 4.62
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.80
"aTube Catcher" = aTube Catcher
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"Cygni Software Výkazy ERÚ pro výrobce do 0.5MW" = Cygni Software Výkazy ERÚ pro výrobce do 0.5MW
"Doplněk pro vytváření PDF dokumentů z Účta_is1" = Doplněk pro vytváření PDF dokumentů z Účta
"DVD Shrink_is1" = DVD Shrink 3.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.00
"FastStone Image Viewer" = FastStone Image Viewer 3.9
"FormatFactory" = FormatFactory 2.70
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPExtendedCapabilities" = HP Extended Capabilities 5.3
"ie8" = Windows Internet Explorer 8
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox (3.6.28)" = Mozilla Firefox (3.6.28)
"Mozilla Thunderbird 17.0.4 (x86 cs)" = Mozilla Thunderbird 17.0.4 (x86 cs)
"Mp3 Knife_is1" = Mp3 Knife 3.2
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Opera 12.14.1738" = Opera 12.14
"rajče.net_is1" = rajče průvodce verze 1.59.47.262
"SiS VGA Driver" = SiS 661FX
"szn-software-listicka" = Seznam Lištička (Všichni uživatelé tohoto počítače.)
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1004336348-725345543-1177238915-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 16.11.2012 8:42:16 | Computer Name = BERKOVI | Source = Application Error | ID = 1000
Description = Chybující aplikace BTNtService.exe, verze 0.0.0.0, chybující modul
btcusb.dll, verze 1.2.1.0, adresa chyby 0x0000250b.

Error - 17.11.2012 13:34:43 | Computer Name = BERKOVI | Source = Application Error | ID = 1000
Description = Chybující aplikace BTNtService.exe, verze 0.0.0.0, chybující modul
btcusb.dll, verze 1.2.1.0, adresa chyby 0x0000250b.

Error - 19.11.2012 12:16:09 | Computer Name = BERKOVI | Source = Application Error | ID = 1000
Description = Chybující aplikace BTNtService.exe, verze 0.0.0.0, chybující modul
btcusb.dll, verze 1.2.1.0, adresa chyby 0x0000250b.

Error - 20.11.2012 10:06:34 | Computer Name = BERKOVI | Source = Application Error | ID = 1000
Description = Chybující aplikace BTNtService.exe, verze 0.0.0.0, chybující modul
btcusb.dll, verze 1.2.1.0, adresa chyby 0x0000250b.

Error - 22.11.2012 17:42:39 | Computer Name = BERKOVI | Source = Application Error | ID = 1000
Description = Chybující aplikace explorer.exe, verze 6.0.2900.5512, chybující modul
unknown, verze 0.0.0.0, adresa chyby 0x025e57fe.

Error - 24.11.2012 9:25:11 | Computer Name = BERKOVI | Source = Application Error | ID = 1000
Description = Chybující aplikace BTNtService.exe, verze 0.0.0.0, chybující modul
btcusb.dll, verze 1.2.1.0, adresa chyby 0x0000250b.

Error - 24.11.2012 9:29:02 | Computer Name = BERKOVI | Source = Application Error | ID = 1000
Description = Chybující aplikace BTNtService.exe, verze 0.0.0.0, chybující modul
btcusb.dll, verze 1.2.1.0, adresa chyby 0x0000250b.

Error - 24.11.2012 14:16:38 | Computer Name = BERKOVI | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace iexplore.exe, verze 8.0.6001.18702, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 24.11.2012 14:17:52 | Computer Name = BERKOVI | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace iexplore.exe, verze 8.0.6001.18702, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 27.11.2012 14:24:54 | Computer Name = BERKOVI | Source = Application Error | ID = 1000
Description = Chybující aplikace PandoraService.exe, verze 1.0.1.16, chybující modul
PanStreamer.dll, verze 1.0.0.3, adresa chyby 0x0001681c.

[ System Events ]
Error - 24.3.2013 13:48:52 | Computer Name = BERKOVI | Source = Service Control Manager | ID = 7023
Description = Služba Správa aplikací byla ukončena s následující chybou: %%126

Error - 24.3.2013 13:48:52 | Computer Name = BERKOVI | Source = Service Control Manager | ID = 7023
Description = Služba Správa aplikací byla ukončena s následující chybou: %%126

Error - 24.3.2013 13:48:52 | Computer Name = BERKOVI | Source = Service Control Manager | ID = 7023
Description = Služba Správa aplikací byla ukončena s následující chybou: %%126

Error - 24.3.2013 13:48:52 | Computer Name = BERKOVI | Source = Service Control Manager | ID = 7023
Description = Služba Správa aplikací byla ukončena s následující chybou: %%126

Error - 24.3.2013 19:17:51 | Computer Name = BERKOVI | Source = Service Control Manager | ID = 7009
Description = Vypršel časový limit (30000 milisekund) čekání na připojení služby
Aktivátor Správce výběru OS Acronis.

Error - 24.3.2013 19:17:51 | Computer Name = BERKOVI | Source = Service Control Manager | ID = 7000
Description = Služba Aktivátor Správce výběru OS Acronis neuspěla při spuštění v
důsledku následující chyby: %%1053

Error - 25.3.2013 12:48:55 | Computer Name = BERKOVI | Source = Service Control Manager | ID = 7031
Description = Služba Nero BackItUp Scheduler 4.0 byla nečekaně ukončena. Stalo se
to 1 krát. Následující opravná akce bude spuštěna za 500 milisekund: Restartovat
službu.

Error - 25.3.2013 12:48:55 | Computer Name = BERKOVI | Source = Service Control Manager | ID = 7034
Description = Služba NitroPDFReaderDriverCreatorReadSpool byla neočekávaně ukončena.
Tento stav nastal již 1krát.

Error - 25.3.2013 12:48:55 | Computer Name = BERKOVI | Source = Service Control Manager | ID = 7034
Description = Služba Pml Driver HPZ12 byla neočekávaně ukončena. Tento stav nastal
již 1krát.

Error - 25.3.2013 12:48:55 | Computer Name = BERKOVI | Source = Service Control Manager | ID = 7034
Description = Služba Java Quick Starter byla neočekávaně ukončena. Tento stav nastal
již 1krát.

< End of report >

#25 Příspěvek od **Márty84** » 26 bře 2013 18:52

Vypnete Antivir, pripadne to provedte v nouzovem rezimu.

Znovu spustte OTL
Do spodniho okna vlozte nasledujici text (vcetne te dvojtecky pred slovem commands)

Kód: Vybrat vše

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[Purity]
[CreateRestorePoint]

:services
qtsmon

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
C:\WINDOWS\system32\drivers\qtsmon.sys

:otl
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-1004336348-725345543-1177238915-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1004336348-725345543-1177238915-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
[2010.12.05 19:42:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AVGQTS
[1 C:\WINDOWS\SoftwareDistribution\Download\07c90dcbdedfe16c2b58e68ce910936a\download\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\07c90dcbdedfe16c2b58e68ce910936a\download\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\0bfe47e58d65a90f0263f041ec115a72\download\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\0bfe47e58d65a90f0263f041ec115a72\download\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\0efb45fe14af60fce7fe141ae9ac7cc6\download\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\0efb45fe14af60fce7fe141ae9ac7cc6\download\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\0fedacd112dd13ad60761d9dc1180f1d\download\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\0fedacd112dd13ad60761d9dc1180f1d\download\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\1c3802531a1bdc5c0b934fb898785ca0\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\1c3802531a1bdc5c0b934fb898785ca0\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\41b2219405346d6421a1b21083eb6dd7\download\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\41b2219405346d6421a1b21083eb6dd7\download\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\43c07bfbb59d299ee8343d57713c3c0b\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\43c07bfbb59d299ee8343d57713c3c0b\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\4a6ebf52efbec44d28d5c0135c216a55\download\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\4a6ebf52efbec44d28d5c0135c216a55\download\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\508483484f3a183df6329500a0689df5\download\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\508483484f3a183df6329500a0689df5\download\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\5098dd9035927e206645a10b773e39d3\download\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\5098dd9035927e206645a10b773e39d3\download\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\509ce25d45fe208ee57ad15aa1012d9c\download\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\509ce25d45fe208ee57ad15aa1012d9c\download\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\5b1bf3c709a0479f95a0d490dc626aff\download\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\5b1bf3c709a0479f95a0d490dc626aff\download\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\6eb64538d1eb8e0e92baa96fc62ba854\download\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\6eb64538d1eb8e0e92baa96fc62ba854\download\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\8573f895b9caebec15a2846b147c4acc\download\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\8573f895b9caebec15a2846b147c4acc\download\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\94cb1155beed812ad7f0048d578b46e3\download\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\94cb1155beed812ad7f0048d578b46e3\download\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\987eadf0fc9ebf772c42ab3ca2bcfc3d\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\987eadf0fc9ebf772c42ab3ca2bcfc3d\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\a9de1b2071cad5998138befbe3b835b7\download\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\a9de1b2071cad5998138befbe3b835b7\download\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\af5e05ccd2c15416e9facffaeb01ca3b\download\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\af5e05ccd2c15416e9facffaeb01ca3b\download\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\b3ba0f7542150a0ff634f02bb11873ed\download\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\b3ba0f7542150a0ff634f02bb11873ed\download\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\b41185fd9ddb4a55a576f995b3e93215\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\b41185fd9ddb4a55a576f995b3e93215\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\be21e799c4114ec3b7e78e2497c5dec7\download\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\be21e799c4114ec3b7e78e2497c5dec7\download\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\d2e1f16f5be8fded7ed4631ce3e9160d\download\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\d2e1f16f5be8fded7ed4631ce3e9160d\download\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\ee98c73f0904cb50e0d59ccbd186551f\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\ee98c73f0904cb50e0d59ccbd186551f\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\ef042df797d3a27a3a89d1ad98b64d89\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\ef042df797d3a27a3a89d1ad98b64d89\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\fd674b0793556498419dc6d88ead9cda\download\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\fd674b0793556498419dc6d88ead9cda\download\*.tmp -> ]
[1 C:\WINDOWS\twain_32\*.tmp files -> C:\WINDOWS\twain_32\*.tmp -> ]
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:587EB586
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:D1B5B4F1

Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.

luba · #26 Příspěvek od **luba** » 26 bře 2013 19:05

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Hanka
->Temp folder emptied: 350948 bytes
->Temporary Internet Files folder emptied: 33523 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 59134351 bytes
->Opera cache emptied: 366543 bytes
->Flash cache emptied: 528 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Opera cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 57,00 mb

[EMPTYFLASH]

User: All Users

User: Default User

User: Hanka
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point
========== SERVICES/DRIVERS ==========
Service qtsmon stopped successfully!
Service qtsmon deleted successfully!
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
C:\WINDOWS\system32\drivers\qtsmon.sys moved successfully.
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1004336348-725345543-1177238915-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1004336348-725345543-1177238915-1004\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
C:\Documents and Settings\All Users\Data aplikací\AVGQTS folder moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\07c90dcbdedfe16c2b58e68ce910936a\download\BIT149.tmp deleted successfully.
C:\WINDOWS\SoftwareDistribution\Download\0bfe47e58d65a90f0263f041ec115a72\download\BIT14A.tmp deleted successfully.
C:\WINDOWS\SoftwareDistribution\Download\0efb45fe14af60fce7fe141ae9ac7cc6\download\BIT14C.tmp deleted successfully.
C:\WINDOWS\SoftwareDistribution\Download\0fedacd112dd13ad60761d9dc1180f1d\download\BIT142.tmp deleted successfully.
C:\WINDOWS\SoftwareDistribution\Download\1c3802531a1bdc5c0b934fb898785ca0\BIT53E.tmp deleted successfully.
C:\WINDOWS\SoftwareDistribution\Download\41b2219405346d6421a1b21083eb6dd7\download\BIT147.tmp deleted successfully.
C:\WINDOWS\SoftwareDistribution\Download\43c07bfbb59d299ee8343d57713c3c0b\BIT540.tmp deleted successfully.
C:\WINDOWS\SoftwareDistribution\Download\4a6ebf52efbec44d28d5c0135c216a55\download\BITEE.tmp deleted successfully.
C:\WINDOWS\SoftwareDistribution\Download\508483484f3a183df6329500a0689df5\download\BIT144.tmp deleted successfully.
C:\WINDOWS\SoftwareDistribution\Download\5098dd9035927e206645a10b773e39d3\download\BIT179.tmp deleted successfully.
C:\WINDOWS\SoftwareDistribution\Download\509ce25d45fe208ee57ad15aa1012d9c\download\BIT146.tmp deleted successfully.
C:\WINDOWS\SoftwareDistribution\Download\5b1bf3c709a0479f95a0d490dc626aff\download\BIT14B.tmp deleted successfully.
C:\WINDOWS\SoftwareDistribution\Download\6eb64538d1eb8e0e92baa96fc62ba854\download\BIT140.tmp deleted successfully.
C:\WINDOWS\SoftwareDistribution\Download\8573f895b9caebec15a2846b147c4acc\download\BITF8.tmp deleted successfully.
C:\WINDOWS\SoftwareDistribution\Download\94cb1155beed812ad7f0048d578b46e3\download\BIT148.tmp deleted successfully.
C:\WINDOWS\SoftwareDistribution\Download\987eadf0fc9ebf772c42ab3ca2bcfc3d\BIT543.tmp deleted successfully.
C:\WINDOWS\SoftwareDistribution\Download\a9de1b2071cad5998138befbe3b835b7\download\BIT141.tmp deleted successfully.
C:\WINDOWS\SoftwareDistribution\Download\af5e05ccd2c15416e9facffaeb01ca3b\download\BIT145.tmp deleted successfully.
C:\WINDOWS\SoftwareDistribution\Download\b3ba0f7542150a0ff634f02bb11873ed\download\BIT117.tmp deleted successfully.
C:\WINDOWS\SoftwareDistribution\Download\b41185fd9ddb4a55a576f995b3e93215\BIT53F.tmp deleted successfully.
C:\WINDOWS\SoftwareDistribution\Download\be21e799c4114ec3b7e78e2497c5dec7\download\BIT17A.tmp deleted successfully.
C:\WINDOWS\SoftwareDistribution\Download\d2e1f16f5be8fded7ed4631ce3e9160d\download\BIT275.tmp deleted successfully.
C:\WINDOWS\SoftwareDistribution\Download\ee98c73f0904cb50e0d59ccbd186551f\BIT541.tmp deleted successfully.
C:\WINDOWS\SoftwareDistribution\Download\ef042df797d3a27a3a89d1ad98b64d89\BIT53D.tmp deleted successfully.
C:\WINDOWS\SoftwareDistribution\Download\fd674b0793556498419dc6d88ead9cda\download\BIT287.tmp deleted successfully.
C:\WINDOWS\twain_32\hpqgnds2.tmp deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:587EB586 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:D1B5B4F1 deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 03262013_185755

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#27 Příspěvek od **Márty84** » 27 bře 2013 03:21

V logu vidim
[2013.03.04 15:15:49 | 000,000,000 | ---D | C] -- C:\UCTO2013

Pouzivate ho?

luba · #28 Příspěvek od **luba** » 27 bře 2013 06:53

Ano, to učto používá.

#29 Příspěvek od **Márty84** » 27 bře 2013 10:22

luba píše:Ano, to učto používá.

Chci to prohnat ComboFixem, ale ten to vetsinou bez milosti maze. Cili rozhodne zazalohujte, jinak je po nem.

Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.)

Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte ComboFix.
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace

Kdyz windows nabehne, ale pri spousteni programu bude hlasena chyba, staci restartovat pc a bude to v poradku

luba · #30 Příspěvek od **luba** » 27 bře 2013 18:29

Zdravím Vás,
chtěl bych Vám poděkovat za pomoc s vyčištěním počítače. Známá si ho už odvezla takze dalších zásahů nebude třeba. Myslím že díky Vaší pomoci šlape velmi dobře. S tím dlouhým startem jsem nakonec přišel nato že to způsobuje antivir Avira. Bez něho byl počítač použitelný za minutu a půl po startu, což si myslím je dobré. Ještě jednou Vám moc děkuji a určitě přispěji nějakou korunkou na chod fóra viry.cz.

VIRY.CZ

dlouhý start, pomalejší pc

Re: dlouhý start, pomalejší pc

Re: dlouhý start, pomalejší pc

Re: dlouhý start, pomalejší pc

Re: dlouhý start, pomalejší pc

Re: dlouhý start, pomalejší pc

Re: dlouhý start, pomalejší pc

Re: dlouhý start, pomalejší pc

Re: dlouhý start, pomalejší pc

Re: dlouhý start, pomalejší pc

Re: dlouhý start, pomalejší pc

Re: dlouhý start, pomalejší pc

Re: dlouhý start, pomalejší pc

Re: dlouhý start, pomalejší pc

Re: dlouhý start, pomalejší pc

Re: dlouhý start, pomalejší pc