Preventivka

Zpráva

Neoras · #1 Příspěvek od **Neoras** » 21 zář 2013 17:46

Prosím o kontrolu, díky.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Lucie at 2013-09-21 18:46:10
Microsoft Windows XP Professional Service Pack 3
System drive C: has 55 GB (71%) free of 76 GB
Total RAM: 2047 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:46:33, on 21.9.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Lucie\Desktop\RSIT.exe
C:\Program Files\trend micro\Lucie.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [DeleteGSShellX32.dll] cmd.exe /C del "C:\Program Files\Graphisoft\ArchiCAD 15\GSShellX32.dll.backup"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IBM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5388 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\avast! Emergency Update.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09 198688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2013-06-03 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2013-06-03 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09 198688]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-05-09 4858968]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2003-06-24 561152]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"DeleteGSShellX32.dll"=cmd.exe /C del C:\Program Files\Graphisoft\ArchiCAD 15\GSShellX32.dll.backup []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-02-07 46080]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\ICQ7M\ICQ.exe"="C:\Program Files\ICQ7M\ICQ.exe:*:Enabled:ICQ7M"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Graphisoft\ArchiCAD 13\ArchiCAD.exe"="C:\Program Files\Graphisoft\ArchiCAD 13\ArchiCAD.exe:*:Enabled:ArchiCAD 13.0.0 Component"
"C:\Program Files\PANDORA.TV\PanService\PanProcess.exe"="C:\Program Files\PANDORA.TV\PanService\PanProcess.exe:*:Enabled:PanProcess"
"C:\Program Files\PANDORA.TV\PanService\PandoraService.exe"="C:\Program Files\PANDORA.TV\PanService\PandoraService.exe:*:Enabled:PandoraService"
"C:\Program Files\Graphisoft\ArchiCAD 15\ArchiCAD.exe"="C:\Program Files\Graphisoft\ArchiCAD 15\ArchiCAD.exe:*:Disabled:ArchiCAD 15.0"
"C:\Program Files\Graphisoft\ArchiCAD 15\GSQuickTimeServer\GSQTServer.exe"="C:\Program Files\Graphisoft\ArchiCAD 15\GSQuickTimeServer\GSQTServer.exe:*:Disabled:ArchiCAD 15.0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7M\ICQ.exe"="C:\Program Files\ICQ7M\ICQ.exe:*:Enabled:ICQ7M"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"VIDC.FMVC"=fmcodec.dll

======List of files/folders created in the last 1 month======

2013-09-21 18:46:10 ----D---- C:\rsit
2013-09-21 18:46:10 ----D---- C:\Program Files\trend micro
2013-09-21 18:35:48 ----SHD---- C:\Config.Msi
2013-09-21 18:31:24 ----A---- C:\WINDOWS\system32\WibuXpm4J32.dll
2013-09-21 18:31:12 ----D---- C:\WINDOWS\pss
2013-09-21 18:30:07 ----D---- C:\WINDOWS\system32\appmgmt
2013-09-21 18:25:01 ----D---- C:\Documents and Settings\Lucie\Application Data\Install.GS

======List of files/folders modified in the last 1 month======

2013-09-21 18:46:10 ----RD---- C:\Program Files
2013-09-21 18:41:42 ----D---- C:\WINDOWS\Temp
2013-09-21 18:40:52 ----D---- C:\WINDOWS
2013-09-21 18:36:53 ----SHD---- C:\WINDOWS\Installer
2013-09-21 18:36:52 ----D---- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2013-09-21 18:36:06 ----D---- C:\WINDOWS\system32
2013-09-21 18:31:22 ----D---- C:\WINDOWS\system32\drivers
2013-09-21 18:29:14 ----RSD---- C:\WINDOWS\assembly
2013-09-21 18:25:37 ----D---- C:\WINDOWS\Prefetch
2013-09-21 18:25:36 ----D---- C:\Program Files\Graphisoft
2013-09-21 18:10:07 ----D---- C:\WINDOWS\system32\CatRoot2
2013-09-16 14:02:55 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-09-15 22:41:44 ----D---- C:\Documents and Settings\Lucie\Application Data\Skype
2013-09-14 13:51:57 ----D---- C:\Documents and Settings\Lucie\Application Data\WinRAR
2013-09-14 13:47:26 ----D---- C:\Documents and Settings\Lucie\Application Data\ICQ
2013-09-06 20:25:06 ----D---- C:\Program Files\The KMPlayer
2013-09-02 20:25:11 ----D---- C:\WINDOWS\Minidump
2013-08-29 12:43:56 ----SD---- C:\WINDOWS\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
R0 aswRvrt;aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [2013-05-09 49376]
R0 aswVmm;aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [2013-06-28 175176]
R0 BTKRNL;Bluetooth Protocol Stack; C:\WINDOWS\system32\drivers\btkrnl.sys [2004-01-20 1260106]
R0 mv61xxmm;mv61xxmm; C:\WINDOWS\system32\drivers\mv61xxmm.sys [2012-04-14 13616]
R0 mv64xxmm;mv64xxmm; C:\WINDOWS\system32\drivers\mv64xxmm.sys [2012-04-14 5632]
R0 mvxxmm;mvxxmm; C:\WINDOWS\system32\drivers\mvxxmm.sys [2012-04-14 13616]
R1 AswRdr;aswRdr; C:\WINDOWS\system32\drivers\AswRdr.sys [2013-05-09 49760]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2013-06-28 770344]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2013-06-28 369584]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2013-05-09 56080]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2013-06-03 21275]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2013-05-09 29816]
R2 aswMonFlt;aswMonFlt; \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys []
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2012-04-14 62848]
R2 WIBUKEY;WIBU-KEY Kernel Driver; C:\WINDOWS\SYSTEM32\DRIVERS\WibuKey.sys [2009-12-03 78648]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2005-03-04 127872]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2003-06-27 1196352]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-05-02 472224]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-02-07 1133568]
R3 E1000;Intel(R) PRO/1000 Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1000325.sys [2006-10-24 170392]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2007-06-01 21424]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2012-04-14 12160]
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-13 28672]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-28 220992]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2003-06-24 265744]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S4 exFat;exFat; C:\WINDOWS\system32\drivers\exFat.sys [2012-04-14 133632]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-02-07 364544]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-05-09 46808]
R2 btwdins;Bluetooth Service; C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe [2004-01-20 135168]
R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2007-06-01 36400]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2013-06-03 153376]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-04-19 161384]
S3 ACS;ACU Configuration Service; C:\WINDOWS\system32\acs.exe [2005-11-22 36864]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 21 zář 2013 19:59

Zdravim

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) http://forum.viry.cz/viewtopic.php?f=29&t=115222

Provedte aktualizaci
Provedte uplny sken - nic nemazte
MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

Neoras · #3 Příspěvek od **Neoras** » 21 zář 2013 21:45

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Verze: v2013.09.21.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Lucie :: LUCINKA [administrátor]

21.9.2013 21:31:44
MBAM-log-2013-09-21 (22-44-33).txt

Typ: Kompletní kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 221837
Uplynulý čas: 1 hodin, 11 minut, 12 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 4
C:\Documents and Settings\Lucie\Desktop\ArchiCAD 15 CZ x86 x64 build3267\ArchiCAD.15.x86.hotfix3602+x86.patch3602.for.AC&BIM\ArchiCAD15_x86_hotfix3602+patch3602_for_AC&BIM\ENGiNE\Archicad 15 X86 build 3602.exe (Malware.Packer.Krunchy) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Lucie\Local Settings\Application Data\Opera\Opera\cache\g_006C\opr0A4PW.tmp (PUP.Optional.RegCleanerPro) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Lucie\Local Settings\Temp\KMP_3.6.0.87.exe (PUP.Optional.Softonic) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Lucie\Local Settings\Temp\nsq1CF.tmp-2\APN_ATU3_.exe (PUP.Optional.BundledToolBar.A) -> Nebyla provedena žádná instrukce.

(konec)

#4 Příspěvek od **vyosek** » 22 zář 2013 07:49

Nalezy MBAMu smazte, objevi se log, ten rad uvidim

Maly dotaz, proc nemate na ArchiCAD studenstkou verzi, ktera je zdarma a vyhne se tak porusovani trestne cinnosti

Neoras · #5 Příspěvek od **Neoras** » 22 zář 2013 10:36

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Verze: v2013.09.21.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Lucie :: LUCINKA [administrátor]

22.9.2013 10:10:00
mbam-log-2013-09-22 (10-10-00).txt

Typ: Kompletní kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 221921
Uplynulý čas: 1 hodin, 22 minut, 5 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 3
C:\Documents and Settings\Lucie\Desktop\ArchiCAD 15 CZ x86 x64 build3267\ArchiCAD.15.x86.hotfix3602+x86.patch3602.for.AC&BIM\ArchiCAD15_x86_hotfix3602+patch3602_for_AC&BIM\ENGiNE\Archicad 15 X86 build 3602.exe (Malware.Packer.Krunchy) -> Přesun do karantény a smazání se zdařilo.
C:\Documents and Settings\Lucie\Local Settings\Temp\KMP_3.6.0.87.exe (PUP.Optional.Softonic) -> Přesun do karantény a smazání se zdařilo.
C:\Documents and Settings\Lucie\Local Settings\Temp\nsq1CF.tmp-2\APN_ATU3_.exe (PUP.Optional.BundledToolBar.A) -> Přesun do karantény a smazání se zdařilo.

(konec)

---
Studentskou verzi jsem se snažil stáhnout, ale měl jsem problém s s údaji, přes které mě to nepustilo, tak jsem stáhl tohle z ulož.to

#6 Příspěvek od **vyosek** » 22 zář 2013 10:47

Pak je dobre kontaktovat technickou podporu Autodesku, vyhnete se tak pripadnemu zaklepani na dvere za porusovani autorskeho zakona a pachani trestneho cinu

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Stari souboru zmente z 30 dnu na 7 dnu
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5 

*crack* /s
*keygen* /s
*loader* /s

Kliknete na tlacitko Prohledat
Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
Pokud budou logy dlouhe (forum bude kricet o prekroceni maximalniho poctu znaku), tak je rozdelte do vice prispevku

Neoras · #7 Příspěvek od **Neoras** » 22 zář 2013 11:45

OTL logfile created on: 22.9.2013 12:13:26 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Lucie\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Czech Republic | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 73,82% Memory free
3,85 Gb Paging File | 3,41 Gb Available in Paging File | 88,54% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,53 Gb Total Space | 53,24 Gb Free Space | 71,43% Space Free | Partition Type: NTFS

Computer Name: LUCINKA | User Name: Lucie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2013.09.22 12:10:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lucie\Desktop\OTL.exe
PRC - [2013.07.29 17:16:41 | 000,879,456 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2013.05.09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.04.14 16:13:38 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004.01.20 19:05:08 | 000,135,168 | ---- | M] (WIDCOMM, Inc.) -- C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
PRC - [2002.09.20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

========== Modules (No Company Name) ==========

MOD - [2013.09.22 09:27:09 | 002,103,296 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13092200\algo.dll
MOD - [2013.09.21 19:41:30 | 002,103,296 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13092101\algo.dll
MOD - [2013.06.03 17:53:04 | 016,178,568 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_64.dll
MOD - [2009.04.14 23:51:50 | 000,096,768 | ---- | M] () -- C:\WINDOWS\system32\htimon.dll
MOD - [2008.04.14 14:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008.04.14 14:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013.04.19 15:14:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2005.11.22 16:20:28 | 000,036,864 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2004.01.20 19:05:08 | 000,135,168 | ---- | M] (WIDCOMM, Inc.) [Auto | Running] -- C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2002.09.20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013.06.28 08:48:53 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013.06.28 08:48:53 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013.06.28 08:48:53 | 000,175,176 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013.05.09 10:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013.05.09 10:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013.05.09 10:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013.05.09 10:59:09 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013.05.09 10:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.04.14 16:50:15 | 000,005,632 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mv64xxmm.sys -- (mv64xxmm)
DRV - [2012.04.14 16:50:14 | 000,013,616 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mvxxmm.sys -- (mvxxmm)
DRV - [2012.04.14 16:50:14 | 000,013,616 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mv61xxmm.sys -- (mv61xxmm)
DRV - [2009.12.03 07:00:00 | 000,078,648 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\WibuKey.sys -- (WIBUKEY)
DRV - [2007.05.02 09:54:08 | 000,472,224 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2007.02.07 00:38:32 | 001,133,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004.01.20 18:40:48 | 001,260,106 | ---- | M] (WIDCOMM, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2003.06.27 09:53:44 | 001,196,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={ ... rer:source?}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1645522239-492894223-842925246-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1645522239-492894223-842925246-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={ ... orm=IE8SRC
IE - HKU\S-1-5-21-1645522239-492894223-842925246-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_64.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1645522239-492894223-842925246-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IBM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82B98FDE-2DA1-46CB-A898-B4895B91FE6B}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Lucie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lucie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.06.03 16:58:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Error creating restore point.

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FMVC - C:\WINDOWS\System32\fmcodec.DLL (Fox Magic Software)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2013.09.22 12:10:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lucie\Desktop\OTL.exe
[2013.09.21 21:28:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucie\Application Data\Malwarebytes
[2013.09.21 21:27:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.09.21 21:27:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013.09.21 21:27:16 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.09.21 21:27:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.09.21 21:26:04 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Lucie\Desktop\mbam-setup-1.75.0.1300.exe
[2013.09.21 18:46:10 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2013.09.21 18:46:10 | 000,000,000 | ---D | C] -- C:\rsit
[2013.09.21 18:35:48 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.09.21 18:31:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WibuKey
[2013.09.21 18:31:24 | 000,356,352 | ---- | C] (WIBU-SYSTEMS AG) -- C:\WINDOWS\System32\WibuXpm4J32.dll
[2013.09.21 18:31:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2013.09.21 18:30:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2013.09.21 18:25:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucie\Application Data\Install.GS
[2013.09.21 18:11:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lucie\Desktop\ArchiCAD 15 CZ x86 x64 build3267
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Lucie\Desktop\*.tmp files -> C:\Documents and Settings\Lucie\Desktop\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2013.09.22 12:16:13 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\Lucie\Desktop\Beze jména.pln.lck
[2013.09.22 12:15:51 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013.09.22 12:10:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lucie\Desktop\OTL.exe
[2013.09.22 11:39:37 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013.09.22 11:39:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.09.22 00:43:39 | 002,030,384 | ---- | M] () -- C:\Documents and Settings\Lucie\Desktop\Beze jména.pln
[2013.09.22 00:30:58 | 002,031,040 | ---- | M] () -- C:\Documents and Settings\Lucie\Desktop\Beze jména.bpn
[2013.09.21 21:27:22 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013.09.21 21:26:43 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Lucie\Desktop\mbam-setup-1.75.0.1300.exe
[2013.09.21 18:40:52 | 000,015,955 | ---- | M] () -- C:\WINDOWS\vpd.properties
[2013.09.21 18:36:48 | 000,781,383 | ---- | M] () -- C:\Documents and Settings\Lucie\Desktop\RSIT.exe
[2013.09.21 18:33:12 | 000,000,906 | ---- | M] () -- C:\Documents and Settings\Lucie\Application Data\Microsoft\Internet Explorer\Quick Launch\ArchiCAD 15.lnk
[2013.09.21 18:33:12 | 000,000,906 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ArchiCAD 15.lnk
[2013.09.21 17:37:15 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.09.15 22:17:29 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Lucie\Desktop\*.tmp files -> C:\Documents and Settings\Lucie\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.09.22 12:16:13 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\Lucie\Desktop\Beze jména.pln.lck
[2013.09.22 12:15:51 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2013.09.21 21:27:22 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013.09.21 18:36:45 | 000,781,383 | ---- | C] () -- C:\Documents and Settings\Lucie\Desktop\RSIT.exe
[2013.09.21 18:33:12 | 000,000,906 | ---- | C] () -- C:\Documents and Settings\Lucie\Application Data\Microsoft\Internet Explorer\Quick Launch\ArchiCAD 15.lnk
[2013.09.21 18:33:12 | 000,000,906 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ArchiCAD 15.lnk
[2013.06.28 08:48:53 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys.sum
[2013.06.28 08:48:53 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum
[2013.06.28 08:48:53 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
[2013.06.16 22:03:42 | 000,096,768 | ---- | C] () -- C:\WINDOWS\System32\htimon.dll
[2013.06.06 11:57:01 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\Lucie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.06.03 19:31:14 | 000,138,056 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.06.03 18:46:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2013.06.03 18:33:24 | 000,057,552 | ---- | C] () -- C:\WINDOWS\System32\WkDos.exe
[2013.06.03 18:04:04 | 000,175,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013.06.03 18:04:04 | 000,049,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013.06.03 17:45:42 | 000,000,384 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2013.06.03 17:27:06 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2013.06.03 17:27:06 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2013.06.03 17:27:06 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\acs.exe
[2013.06.03 17:26:35 | 000,315,392 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2013.06.03 17:18:04 | 000,087,540 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2013.06.03 17:01:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013.06.03 16:54:49 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012.04.14 16:15:53 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\FontReg.exe
[2012.04.14 16:15:53 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

========== ZeroAccess Check ==========

[2013.06.03 18:29:12 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012.04.14 16:14:57 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2012.04.14 16:13:39 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 14:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013.06.03 17:53:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ashampoo
[2013.06.03 18:03:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013.06.03 17:48:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013.06.03 19:04:16 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.06.03 18:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\TuneUp Software
[2013.06.17 21:38:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucie\Application Data\Ashampoo
[2013.09.21 18:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucie\Application Data\Graphisoft
[2013.09.14 13:47:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucie\Application Data\ICQ
[2013.09.21 18:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucie\Application Data\Install.GS
[2013.06.03 17:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucie\Application Data\Opera
[2013.06.03 17:49:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucie\Application Data\TuneUp Software

========== Purity Check ==========

========== Custom Scans ==========

< >
[2013.06.03 16:56:24 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2013.06.03 17:05:54 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2013.06.03 18:04:03 | 000,000,316 | -H-- | C] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job

< >

< MD5 for: ATAPI.SYS >
[2012.04.14 16:21:51 | 017,785,694 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.04.14 14:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
[2008.04.14 14:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\dllcache\autochk.exe

< MD5 for: CDROM.SYS >
[2012.04.14 16:21:51 | 017,785,694 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2012.04.14 16:13:30 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=4B0A100EAF5C49EF3CCA8C641431EACC -- C:\WINDOWS\system32\drivers\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2012.04.14 16:13:38 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=2BB75B7F548D82A099125D0C5971DE7D -- C:\WINDOWS\explorer.exe
[2012.04.14 16:13:38 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=2BB75B7F548D82A099125D0C5971DE7D -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: HAL.DLL >
[2012.04.14 16:21:51 | 017,785,694 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2012.04.14 16:13:41 | 000,081,280 | ---- | M] (Microsoft Corporation) MD5=657198B12370E1BF252AC1A54615F97E -- C:\WINDOWS\system32\hal.dll

< MD5 for: SCECLI.DLL >
[2008.04.14 14:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 14:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SERVICES.EXE >
[2012.04.14 16:14:55 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=C519E15665CD89A91AD383FCE3CB556A -- C:\WINDOWS\system32\dllcache\services.exe
[2012.04.14 16:14:55 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=C519E15665CD89A91AD383FCE3CB556A -- C:\WINDOWS\system32\services.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008.04.14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: TCPIP.SYS >
[2012.04.14 16:15:13 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=51E41F16ACD80B8B39C0AE703A213F09 -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2012.04.14 16:15:13 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=51E41F16ACD80B8B39C0AE703A213F09 -- C:\WINDOWS\system32\drivers\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012.04.14 16:15:26 | 000,509,440 | ---- | M] (Microsoft Corporation) MD5=53A8857723277B1D6D5EE60A9F85B117 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2012.04.14 16:15:26 | 000,509,440 | ---- | M] (Microsoft Corporation) MD5=53A8857723277B1D6D5EE60A9F85B117 -- C:\WINDOWS\system32\winlogon.exe
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< >

< %systemroot%*.* /U /s >
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[17 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[145 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >
[2013.06.04 19:39:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2013.06.03 18:23:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2013.06.03 18:23:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2013.06.03 17:53:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ashampoo
[2013.06.03 18:03:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013.06.03 17:48:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013.09.21 21:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013.06.03 17:44:21 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2013.06.03 18:10:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2013.06.03 19:04:16 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2013.04.04 23:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_11.0.00\16487\AcrobatUpdater.exe
[2013.04.04 23:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_11.0.00\16487\AdobeARM.exe
[2013.04.04 23:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_11.0.00\16487\AdobeARMHelper.exe
[2013.04.04 23:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_11.0.00\16487\ReaderUpdater.exe
[2012.09.24 05:46:27 | 000,364,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Setup\{AC76BA86-7AD7-1029-7B44-AB0000000001}\setup.exe

< %APPDATA%\*. >
[2013.06.04 19:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucie\Application Data\Adobe
[2013.06.17 21:38:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucie\Application Data\Ashampoo
[2013.09.21 18:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucie\Application Data\Graphisoft
[2013.09.14 13:47:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucie\Application Data\ICQ
[2013.06.03 17:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucie\Application Data\Identities
[2013.09.21 18:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucie\Application Data\Install.GS
[2013.06.03 17:30:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucie\Application Data\Macromedia
[2013.09.21 21:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucie\Application Data\Malwarebytes
[2013.08.19 23:21:26 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Lucie\Application Data\Microsoft
[2013.06.03 17:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucie\Application Data\Opera
[2013.09.15 22:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucie\Application Data\Skype
[2013.06.03 18:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucie\Application Data\Sun
[2013.06.03 17:49:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucie\Application Data\TuneUp Software
[2013.09.14 13:51:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucie\Application Data\WinRAR

< %APPDATA%\*.exe /s >
[2013.08.19 23:21:26 | 000,003,262 | R--- | M] () -- C:\Documents and Settings\Lucie\Application Data\Microsoft\Installer\{91CA3F48-5DAD-4147-AECE-C7219C4B2562}\_2724378.exe
[2013.08.19 23:21:26 | 000,003,262 | R--- | M] () -- C:\Documents and Settings\Lucie\Application Data\Microsoft\Installer\{91CA3F48-5DAD-4147-AECE-C7219C4B2562}\_2d3a239e.exe
[2013.08.19 23:21:26 | 000,003,262 | R--- | M] () -- C:\Documents and Settings\Lucie\Application Data\Microsoft\Installer\{91CA3F48-5DAD-4147-AECE-C7219C4B2562}\_38cb5f9c.exe
[2013.08.19 23:21:26 | 000,003,262 | R--- | M] () -- C:\Documents and Settings\Lucie\Application Data\Microsoft\Installer\{91CA3F48-5DAD-4147-AECE-C7219C4B2562}\_5a273422.exe
[2013.08.19 23:21:26 | 000,003,262 | R--- | M] () -- C:\Documents and Settings\Lucie\Application Data\Microsoft\Installer\{91CA3F48-5DAD-4147-AECE-C7219C4B2562}\_730319d.exe
[2013.08.19 23:21:26 | 000,003,262 | R--- | M] () -- C:\Documents and Settings\Lucie\Application Data\Microsoft\Installer\{91CA3F48-5DAD-4147-AECE-C7219C4B2562}\_7f0210d5.exe
[2013.08.19 23:21:26 | 000,003,262 | R--- | M] () -- C:\Documents and Settings\Lucie\Application Data\Microsoft\Installer\{91CA3F48-5DAD-4147-AECE-C7219C4B2562}\_7f053ad1.exe
[2013.08.19 23:21:26 | 000,003,262 | R--- | M] () -- C:\Documents and Settings\Lucie\Application Data\Microsoft\Installer\{91CA3F48-5DAD-4147-AECE-C7219C4B2562}\_7f0864ce.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job >
[2013.09.22 11:39:37 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2013.06.03 18:44:12 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2013.06.03 18:44:12 | 001,138,688 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2013.06.03 18:44:12 | 000,909,312 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2013.09.21 17:37:15 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 14:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation)

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2012.04.14 16:16:24 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Program Files\Internet Explorer\IEXPLORE.EXE

< %PROGRAMFILES%\Opera\opera.exe /md5 >
[2013.07.29 17:16:41 | 000,879,456 | ---- | M] (Opera Software) MD5=FFC67949EF7C2BF307ED91B293581DD2 -- C:\Program Files\Opera\opera.exe

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2013.09.22 12:15:51 | 000,000,512 | ---- | M] () MD5=66CC60104A899176A652FF35F90D6D13 -- C:\PhysicalMBR.bin

< >

< *crack* /s >

< *keygen* /s >

< *loader* /s >
[2013.03.26 14:13:12 | 000,072,638 | ---- | M] () -- \Documents and Settings\All Users\Application Data\Skype\Apps\login\images\loader.gif
[2013.03.26 14:13:12 | 000,003,032 | ---- | M] () -- \Documents and Settings\All Users\Application Data\Skype\Apps\login\images\loader.png
[2013.03.26 14:13:12 | 000,009,772 | ---- | M] () -- \Documents and Settings\All Users\Application Data\Skype\Apps\login\images\retina\loader@2x.png
[2013.07.28 20:19:51 | 000,109,448 | ---- | M] () -- \Documents and Settings\Lucie\Local Settings\Temporary Internet Files\Content.IE5\9FN2DA35\AdLoader-b3e321cab5fbc3c4ed10b513bb467bae.min[1].js
[2013.09.15 22:17:56 | 000,001,511 | ---- | M] () -- \Documents and Settings\Lucie\Local Settings\Temporary Internet Files\Content.IE5\9FN2DA35\AdLoader[1].htm
[2013.06.05 14:46:07 | 000,000,200 | ---- | M] () -- \Documents and Settings\Lucie\Local Settings\Temporary Internet Files\Content.IE5\9FN2DA35\downloader_client[1].css
[2013.07.31 20:41:19 | 000,001,511 | ---- | M] () -- \Documents and Settings\Lucie\Local Settings\Temporary Internet Files\Content.IE5\PGPIDLF6\AdLoader[2].htm
[2013.07.30 19:30:00 | 000,109,505 | ---- | M] () -- \Documents and Settings\Lucie\Local Settings\Temporary Internet Files\Content.IE5\TU13KS6H\AdLoader-3ce32d357de39fd9427f374be93bd0ac.min[1].js
[2009.10.29 14:00:00 | 000,094,720 | ---- | M] () -- \Program Files\Graphisoft\ArchiCAD 13\FTPUploader.exe
[2009.10.29 14:00:00 | 000,023,040 | ---- | M] () -- \Program Files\Graphisoft\ArchiCAD 13\FTPUploaderSupport.dll
[2009.10.29 14:00:00 | 000,043,520 | ---- | M] () -- \Program Files\Graphisoft\ArchiCAD 13\Doplnky ArchiCADu\Standardní\ArchitectsJury Uploader.apx
[2011.09.20 15:00:00 | 000,000,459 | ---- | M] () -- \Program Files\Graphisoft\ArchiCAD 15\Doplnky ArchiCADu\Speciality\AYC_html\dynamicloader.css
[2011.09.20 15:00:00 | 000,000,971 | ---- | M] () -- \Program Files\Graphisoft\ArchiCAD 15\Doplnky ArchiCADu\Speciality\AYC_html\dynamicloader.html
[2011.09.20 15:00:00 | 000,002,456 | ---- | M] () -- \Program Files\Graphisoft\ArchiCAD 15\Doplnky ArchiCADu\Speciality\AYC_html\dynamicloader.js
[2013.06.03 17:55:03 | 000,005,795 | ---- | M] () -- \Program Files\ICQ7M\imApp\theme\IMAGES\XtraPreloader\loader.jpg
[2013.06.03 17:55:03 | 000,004,180 | ---- | M] () -- \Program Files\ICQ7M\imApp\theme\IMAGES\XtraPreloader\zlango-preloader.png
[2013.06.03 17:55:03 | 000,005,520 | ---- | M] () -- \Program Files\ICQ7M\imApp\theme\MUICoreLib\xtraLoader.swf
[2012.04.20 11:29:39 | 000,000,402 | ---- | M] () -- \Program Files\ICQ7M\Xtraz\icq\content\profile_lightboxs\preloader.html
[2008.02.25 08:05:22 | 000,856,064 | ---- | M] () -- \Program Files\The KMPlayer\ImLoader.dll
[2008.04.14 14:00:00 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dmloader.dll
[1 \WINDOWS\system32\*.tmp files -> \WINDOWS\system32\*.tmp -> ]
[2008.04.14 14:00:00 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dllcache\dmloader.dll

< End of report >

Neoras · #8 Příspěvek od **Neoras** » 22 zář 2013 11:46

OTL Extras logfile created on: 22.9.2013 12:13:26 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Lucie\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Czech Republic | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 73,82% Memory free
3,85 Gb Paging File | 3,41 Gb Available in Paging File | 88,54% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,53 Gb Total Space | 53,24 Gb Free Space | 71,43% Space Free | Partition Type: NTFS

Computer Name: LUCINKA | User Name: Lucie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-1645522239-492894223-842925246-1003\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\ICQ7M\ICQ.exe" = C:\Program Files\ICQ7M\ICQ.exe:*:Enabled:ICQ7M -- (ICQ, LLC.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\ICQ7M\ICQ.exe" = C:\Program Files\ICQ7M\ICQ.exe:*:Enabled:ICQ7M -- (ICQ, LLC.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Graphisoft\ArchiCAD 13\ArchiCAD.exe" = C:\Program Files\Graphisoft\ArchiCAD 13\ArchiCAD.exe:*:Enabled:ArchiCAD 13.0.0 Component -- (Graphisoft R&D)
"C:\Program Files\PANDORA.TV\PanService\PanProcess.exe" = C:\Program Files\PANDORA.TV\PanService\PanProcess.exe:*:Enabled:PanProcess
"C:\Program Files\PANDORA.TV\PanService\PandoraService.exe" = C:\Program Files\PANDORA.TV\PanService\PandoraService.exe:*:Enabled:PandoraService
"C:\Program Files\Graphisoft\ArchiCAD 15\ArchiCAD.exe" = C:\Program Files\Graphisoft\ArchiCAD 15\ArchiCAD.exe:*:Disabled:ArchiCAD 15.0 -- (Graphisoft SE)
"C:\Program Files\Graphisoft\ArchiCAD 15\GSQuickTimeServer\GSQTServer.exe" = C:\Program Files\Graphisoft\ArchiCAD 15\GSQuickTimeServer\GSQTServer.exe:*:Disabled:ArchiCAD 15.0 -- (Graphisoft SE)
"C:\Program Files\Graphisoft\ArchiCAD 15\GSReport.exe" = C:\Program Files\Graphisoft\ArchiCAD 15\GSReport.exe:*:Enabled:ArchiCAD 15.0.0 CZE Component -- (Graphisoft SE)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00060000-0000-1004-8002-0000C06B5161}" = WibuKey Setup (WibuKey Remove)
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{2222B364-0854-4265-B32E-A142DB9DC7BB}" = Intel(R) PRO Network Connections 11.2.0.69
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0405-0000-0000000FF1CE}" = Sada Compatibility Pack pro systém Office 2007
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91CA3F48-5DAD-4147-AECE-C7219C4B2562}" = Balík TT 2010
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}" = ThinkPad Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g)
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1029-7B44-AB0000000001}" = Adobe Reader XI (11.0.04) - Czech
"{BEAB106B-2569-451F-974A-47ED3BEBC816}" = Freeware HTI PDF Creator 4.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5AEBFD6-3AF9-4784-81C2-F442C86AA096}" = FIRE GL driver for 3D Studio MAX/VIZ
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E98D6792-FC51-4187-9448-CA9BF893384E}" = IBM Integrated Bluetooth II Software
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"001FFF1FFF13FF00FF1101F00F02F000-R1" = ArchiCAD 13 CZE
"001FFF1FFF15FF00FF1101F01F02F000-R1" = ArchiCAD 15 R1 CZE
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"All ATI Software" = ATI - Software Uninstall Utility
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.83
"ATI Display Driver" = ATI Display Driver
"aTube Catcher" = aTube Catcher
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"InstallShield_{BEAB106B-2569-451F-974A-47ED3BEBC816}" = Freeware HTI PDF Creator 4.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware verze 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Opera 12.16.1860" = Opera 12.16
"Power Management Driver" = ThinkPad Power Management Driver
"SynTPDeinstKey" = IBM ThinkPad UltraNav Driver
"The KMPlayer" = The KMPlayer (remove only)
"WinRAR archiver" = WinRAR 4.20 (32-bit)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 21.7.2013 16:53:13 | Computer Name = LUCINKA | Source = Microsoft Office 11 | ID = 1000
Description = Faulting application winword.exe, version 11.0.8402.0, stamp 5156197e,
faulting module mso.dll, version 11.0.8403.0, stamp 5188260b, debug? 0, fault address
0x002fa1f1.

Error - 31.7.2013 18:31:48 | Computer Name = LUCINKA | Source = Application Hang | ID = 1002
Description = Hanging application opera.exe, version 12.16.1860.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9.8.2013 14:24:12 | Computer Name = LUCINKA | Source = PandoraService.exe | ID = 0
Description =

Error - 10.8.2013 10:14:49 | Computer Name = LUCINKA | Source = PandoraService.exe | ID = 0
Description =

Error - 11.8.2013 3:46:56 | Computer Name = LUCINKA | Source = PandoraService.exe | ID = 0
Description =

Error - 29.8.2013 7:11:13 | Computer Name = LUCINKA | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ole32.dll, version 5.1.2600.6168, fault address 0x0002557a.

Error - 13.9.2013 1:23:57 | Computer Name = LUCINKA | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module msi.dll, version 4.5.6001.22375, fault address 0x000244cb.

Error - 13.9.2013 14:16:12 | Computer Name = LUCINKA | Source = PandoraService.exe | ID = 0
Description =

Error - 14.9.2013 11:29:31 | Computer Name = LUCINKA | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 6.3.0.107, faulting module
jscript.dll, version 5.8.6001.23259, fault address 0x00014e6f.

Error - 15.9.2013 5:22:13 | Computer Name = LUCINKA | Source = PandoraService.exe | ID = 0
Description =

[ System Events ]
Error - 14.7.2013 15:19:12 | Computer Name = LUCINKA | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 20.7.2013 13:33:52 | Computer Name = LUCINKA | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056

< End of report >

#9 Příspěvek od **vyosek** » 22 zář 2013 11:53

Spustte znovu OTL

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

:otl
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-1645522239-492894223-842925246-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1645522239-492894223-842925246-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
O13 - gopher Prefix: missing
[2013.08.19 23:21:26 | 000,003,262 | R--- | M] () -- C:\Documents and Settings\Lucie\Application Data\Microsoft\Installer\{91CA3F48-5DAD-4147-AECE-C7219C4B2562}\_2724378.exe
[2013.08.19 23:21:26 | 000,003,262 | R--- | M] () -- C:\Documents and Settings\Lucie\Application Data\Microsoft\Installer\{91CA3F48-5DAD-4147-AECE-C7219C4B2562}\_2d3a239e.exe
[2013.08.19 23:21:26 | 000,003,262 | R--- | M] () -- C:\Documents and Settings\Lucie\Application Data\Microsoft\Installer\{91CA3F48-5DAD-4147-AECE-C7219C4B2562}\_38cb5f9c.exe
[2013.08.19 23:21:26 | 000,003,262 | R--- | M] () -- C:\Documents and Settings\Lucie\Application Data\Microsoft\Installer\{91CA3F48-5DAD-4147-AECE-C7219C4B2562}\_5a273422.exe
[2013.08.19 23:21:26 | 000,003,262 | R--- | M] () -- C:\Documents and Settings\Lucie\Application Data\Microsoft\Installer\{91CA3F48-5DAD-4147-AECE-C7219C4B2562}\_730319d.exe
[2013.08.19 23:21:26 | 000,003,262 | R--- | M] () -- C:\Documents and Settings\Lucie\Application Data\Microsoft\Installer\{91CA3F48-5DAD-4147-AECE-C7219C4B2562}\_7f0210d5.exe
[2013.08.19 23:21:26 | 000,003,262 | R--- | M] () -- C:\Documents and Settings\Lucie\Application Data\Microsoft\Installer\{91CA3F48-5DAD-4147-AECE-C7219C4B2562}\_7f053ad1.exe
[2013.08.19 23:21:26 | 000,003,262 | R--- | M] () -- C:\Documents and Settings\Lucie\Application Data\Microsoft\Installer\{91CA3F48-5DAD-4147-AECE-C7219C4B2562}\_7f0864ce.exe
[2013.09.22 11:39:37 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[17 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"DeleteGSShellX32.dll"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Security Providers]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[EMPTYJAVA]

Nasledne kliknete na Opravit
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Neoras · #10 Příspěvek od **Neoras** » 22 zář 2013 12:14

All processes killed
========== OTL ==========
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
Service Changer stopped successfully!
Service Changer deleted successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_USERS\S-1-5-21-1645522239-492894223-842925246-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1645522239-492894223-842925246-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
C:\Documents and Settings\Lucie\Application Data\Microsoft\Installer\{91CA3F48-5DAD-4147-AECE-C7219C4B2562}\_2724378.exe moved successfully.
C:\Documents and Settings\Lucie\Application Data\Microsoft\Installer\{91CA3F48-5DAD-4147-AECE-C7219C4B2562}\_2d3a239e.exe moved successfully.
C:\Documents and Settings\Lucie\Application Data\Microsoft\Installer\{91CA3F48-5DAD-4147-AECE-C7219C4B2562}\_38cb5f9c.exe moved successfully.
C:\Documents and Settings\Lucie\Application Data\Microsoft\Installer\{91CA3F48-5DAD-4147-AECE-C7219C4B2562}\_5a273422.exe moved successfully.
C:\Documents and Settings\Lucie\Application Data\Microsoft\Installer\{91CA3F48-5DAD-4147-AECE-C7219C4B2562}\_730319d.exe moved successfully.
C:\Documents and Settings\Lucie\Application Data\Microsoft\Installer\{91CA3F48-5DAD-4147-AECE-C7219C4B2562}\_7f0210d5.exe moved successfully.
C:\Documents and Settings\Lucie\Application Data\Microsoft\Installer\{91CA3F48-5DAD-4147-AECE-C7219C4B2562}\_7f053ad1.exe moved successfully.
C:\Documents and Settings\Lucie\Application Data\Microsoft\Installer\{91CA3F48-5DAD-4147-AECE-C7219C4B2562}\_7f0864ce.exe moved successfully.
C:\WINDOWS\Tasks\avast! Emergency Update.job moved successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP236.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP314.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3A4.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP401.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP453.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP537.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP543.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP664.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP6A4.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP6D1.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP6E9.tmp\PresentationFramework.dll deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP6E9.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8B8.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP98B.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9A1.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9F5.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA2C.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB4A.tmp folder deleted successfully.
C:\WINDOWS\system32\CONFIG.TMP deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\DeleteGSShellX32.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ctfmon.exe deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Security Providers\\"SecurityProviders"|"msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" /E : value set successfully!
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Lucie
->Temp folder emptied: 252452082 bytes
->Temporary Internet Files folder emptied: 47688261 bytes
->Java cache emptied: 0 bytes
->Opera cache emptied: 59127020 bytes
->Flash cache emptied: 30135 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 118609802 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 15408114 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 471,00 mb

[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: Lucie
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

[EMPTYJAVA]

User: All Users

User: Default User

User: LocalService

User: Lucie
->Java cache emptied: 0 bytes

User: NetworkService

Total Java Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 09222013_130213

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\_avast_\Webshlock.txt not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#11 Příspěvek od **vyosek** » 22 zář 2013 12:33

OTL udelalo co melo, jak se chova PC

Neoras · #12 Příspěvek od **Neoras** » 22 zář 2013 12:37

V pohodě, jen bych potřeboval vyčistit systém od logů + nějaké skryté soubory na ploše atp...

#13 Příspěvek od **vyosek** » 22 zář 2013 12:43

Tak jeste uklidime

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

Neoras · #14 Příspěvek od **Neoras** » 22 zář 2013 13:35

Díky moc.

#15 Příspěvek od **vyosek** » 22 zář 2013 13:41

Nemate zac, rad jsem pomohl

Zase nekdy Obrázek

A na zaklade Pravidla o zamykani temat

VIRY.CZ

Preventivka

Preventivka

Re: Preventivka

Re: Preventivka

Re: Preventivka

Re: Preventivka

Re: Preventivka

Re: Preventivka

Re: Preventivka

Re: Preventivka

Re: Preventivka

Re: Preventivka

Re: Preventivka

Re: Preventivka

Re: Preventivka

Re: Preventivka