Linkbucks.com

Zpráva

BFU-Ondra · #1 Příspěvek od **BFU-Ondra** » 01 led 2014 16:09

Dobrý den, mám problém s trvalým přesměrováváním na stránku linkbucks.com (V Mozille i Chrome). Četl jsem předchozí thread na toto téma

http://forum.viry.cz/viewtopic.php?f=13&t=131829

ale nejsem si jistý, nakolik je návod přenositelný. Přikládám log z RSIT. Mám rovnou přidat i ComboFix log?

Děkuju mnohokrát

Logfile of random's system information tool 1.09 (written by random/random)
Run by Živný at 2014-01-01 15:41:05
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 29 GB (39%) free of 76 GB
Total RAM: 2047 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:41:20, on 1.1.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\OETRN.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Živný\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Živný.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/secur ... =20.4.0.40
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/secur ... =20.4.0.40
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\IPS\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OEXPRESS] C:\WINDOWS\OETRN.EXE
O4 - HKLM\..\Policies\Explorer\Run: []
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 6992 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\PitchPerfectReminder.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Živný\Data aplikací\Mozilla\Firefox\Profiles\sj8rbdlz.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.google.com"
prefs.js - "extensions.enabledItems" - "{BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.2, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.24"

"ClickPotatoLite@ClickPotatoLite.com"=C:\Program Files\ClickPotatoLite\bin\10.0.536.0\firefox\extensions
"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"=C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\IPSFF
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.7.700.202 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

C:\Program Files\Mozilla Firefox\components\
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class

C:\Documents and Settings\Živný\Data aplikací\Mozilla\Firefox\Profiles\sj8rbdlz.default\extensions\
{ea614400-e918-4741-9a97-7a972ff7c30b}

C:\Documents and Settings\Živný\Data aplikací\Mozilla\Firefox\Profiles\sj8rbdlz.default\searchplugins\
conduit.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\WINDOWS\WebIE.dll [2006-03-05 491520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Norton Vulnerability Protection - C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\IPS\IPSBHO.DLL [2013-04-08 387040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\WINDOWS\WebIE.dll [2006-03-05 491520]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-08-03 577536]
"WINDVDPatch"=C:\WINDOWS\system32\CTHELPER.EXE [2002-07-02 24576]
"Jet Detection"=C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe [2001-11-29 28672]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-11-29 421888]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
""=1 []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"OEXPRESS"=C:\WINDOWS\OETRN.EXE [2006-03-05 26624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
C:\Documents and Settings\Živný\Local Settings\Data aplikací\Akamai\netsession_win.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate]
C:\Documents and Settings\Živný\Data aplikací\Seznam.cz\szninstall.exe [2013-05-16 1062472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop]
C:\Documents and Settings\Živný\Data aplikací\Seznam.cz\bin\wszndesktop.exe [2013-04-12 92664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2010-11-29 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce]
C:\Program Files\Seznam.cz\distribution\szninstall.exe -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [2005-11-10 36975]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-24 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Akamai"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2009-01-30 133632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableStatusMessages"=0
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=157
"NofolderOptions"=0
"NoDriveAutoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveTypeAutoRun"=153

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Raptr\raptr.exe"="C:\Program Files\Raptr\raptr.exe:*:Enabled:Raptr Client"
"C:\Program Files\Raptr\raptr_im.exe"="C:\Program Files\Raptr\raptr_im.exe:*:Enabled:Raptr IM"
"C:\Documents and Settings\Živný\Local Settings\Data aplikací\Akamai\netsession_win.exe"="C:\Documents and Settings\Živný\Local Settings\Data aplikací\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Interface"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Disabled:Azureus / Vuze"
"C:\GOG Games\System Shock 2\Shock2.exe"="C:\GOG Games\System Shock 2\Shock2.exe:*:Disabled:System Shock 2"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=L3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"vidc.XVID"=xvidvfw.dll
"vidc.ffds"=ffdshow.ax
"msacm.ac3filter"=ac3filter.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv

======List of files/folders created in the last 1 month======

2014-01-01 15:41:05 ----D---- C:\rsit
2013-12-23 10:19:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2898715$
2013-12-23 10:18:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2904266$
2013-12-23 10:15:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2893294$
2013-12-23 10:15:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2893984$
2013-12-23 10:15:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2892075$
2013-12-12 18:02:29 ----AD---- C:\WINDOWS\VDLL.DLL
2013-12-12 18:02:29 ----AD---- C:\WINDOWS\system32\runouce.exe
2013-12-12 18:02:29 ----AD---- C:\WINDOWS\rundll16.exe
2013-12-12 18:02:29 ----AD---- C:\WINDOWS\RUNDL132.EXE
2013-12-12 18:02:29 ----AD---- C:\WINDOWS\logo1_.exe
2013-12-12 18:02:29 ----AD---- C:\WINDOWS\logo_1.exe
2013-12-12 17:55:55 ----A---- C:\WINDOWS\system32\drivers\trufos.sys
2013-12-12 17:55:49 ----A---- C:\WINDOWS\system32\msvcr80.dll
2013-12-12 17:55:47 ----A---- C:\WINDOWS\system32\msvcp80.dll
2013-12-12 17:55:46 ----A---- C:\WINDOWS\system32\msvcp90.dll
2013-12-12 17:55:45 ----A---- C:\WINDOWS\system32\msvcr90.dll
2013-12-12 17:55:44 ----A---- C:\WINDOWS\system32\eEmpty.exe
2013-12-12 17:55:41 ----A---- C:\WINDOWS\system32\T.COM
2013-12-12 17:55:40 ----A---- C:\WINDOWS\system32\TASKMGR.COM
2013-12-12 17:55:40 ----A---- C:\WINDOWS\REGEDIT.COM
2013-12-12 17:55:40 ----A---- C:\WINDOWS\R.COM
2013-12-12 17:55:38 ----D---- C:\Program Files\Common Files\MicroWorld
2013-12-12 17:55:31 ----D---- C:\Documents and Settings\All Users\Data aplikací\MicroWorld

======List of files/folders modified in the last 1 month======

2014-01-01 15:41:20 ----D---- C:\Program Files\Trend Micro
2014-01-01 15:40:47 ----D---- C:\WINDOWS\Prefetch
2014-01-01 15:40:41 ----D---- C:\WINDOWS\Temp
2014-01-01 15:40:16 ----D---- C:\WINDOWS
2014-01-01 15:40:16 ----A---- C:\WINDOWS\MAILTRAN.INI
2014-01-01 15:39:03 ----D---- C:\Program Files\Mozilla Firefox
2014-01-01 12:37:32 ----D---- C:\Documents and Settings\Živný\Data aplikací\vlc
2014-01-01 12:00:49 ----SHD---- C:\System Volume Information
2014-01-01 11:58:06 ----A---- C:\WINDOWS\{00000002-00000000-00000001-00001102-00000002-80271102}.BAK
2014-01-01 10:10:35 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-12-27 23:16:36 ----A---- C:\WINDOWS\WDICT32.INI
2013-12-23 10:57:11 ----D---- C:\WINDOWS\system32
2013-12-23 10:19:45 ----HD---- C:\WINDOWS\inf
2013-12-23 10:19:42 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-12-23 10:19:39 ----D---- C:\Program Files\Internet Explorer
2013-12-23 10:19:13 ----A---- C:\WINDOWS\imsins.BAK
2013-12-23 10:18:51 ----D---- C:\WINDOWS\system32\MRT
2013-12-23 10:15:52 ----A---- C:\WINDOWS\system32\MRT.exe
2013-12-23 10:10:49 ----D---- C:\WINDOWS\system32\CatRoot2
2013-12-17 22:50:42 ----D---- C:\Documents and Settings\Živný\Data aplikací\Audacity
2013-12-15 21:40:42 ----D---- C:\Documents and Settings\Živný\Data aplikací\dvdcss
2013-12-12 23:30:17 ----SD---- C:\WINDOWS\Tasks
2013-12-12 18:04:11 ----D---- C:\WINDOWS\system32\drivers
2013-12-12 17:57:24 ----A---- C:\WINDOWS\win.ini
2013-12-12 17:55:38 ----D---- C:\Program Files\Common Files
2013-12-06 10:54:12 ----SHD---- C:\WINDOWS\Installer
2013-12-06 10:49:47 ----D---- C:\Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
R0 SymDS;Symantec Data Store; C:\WINDOWS\system32\drivers\NAV\1404000.028\SYMDS.SYS [2013-05-20 367704]
R0 SymEFA;Symantec Extended File Attributes; C:\WINDOWS\system32\drivers\NAV\1404000.028\SYMEFA.SYS [2013-05-22 934488]
R1 BHDrvx86;BHDrvx86; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\Definitions\BASHDefs\20131203.001\BHDrvx86.sys []
R1 ccSet_NAV;Norton AntiVirus Settings Manager; C:\WINDOWS\system32\drivers\NAV\1404000.028\ccSetx86.sys [2013-04-15 134744]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\drivers\NAV\1404000.028\SRTSPX.SYS [2013-03-04 32344]
R1 SymIRON;Symantec Iron Driver; C:\WINDOWS\system32\drivers\NAV\1404000.028\Ironx86.SYS [2013-03-04 175264]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\System32\Drivers\NAV\1404000.028\SYMTDI.SYS [2013-04-24 396760]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\PfModNT.sys []
R2 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2013-08-25 13120]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-08-18 4017536]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2002-07-19 127948]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2002-07-19 837548]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2002-07-19 11068]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2002-07-19 213860]
R3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2002-07-19 156604]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2002-07-24 998004]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\Definitions\IPSDefs\20131231.001\IDSxpx86.sys []
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\Definitions\VirusDefs\20131231.023\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\Definitions\VirusDefs\20131231.023\NAVEX15.SYS []
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2002-07-19 195432]
R3 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\NAV\1404000.028\SRTSP.SYS [2013-05-15 603224]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 ctljystk;Game port pro zařízení Creative SB Live!; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
S3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
S3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
S3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
S3 trufos;trufos; C:\WINDOWS\system32\drivers\trufos.sys [2013-12-12 343456]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NAV;Norton AntiVirus; C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe [2013-05-20 144368]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-05-08 136176]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-06-03 162408]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2013-06-09 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-05-08 136176]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2009-02-04 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 01 led 2014 16:15

Zdravim a vitam vas u nas na foru

Pravidla fora

2. Před položením dotazu použijte tlačítko Hledat. Možná již někdo problém podobným Vašemu řešil. Pokud ale ve vyřešeném tématu budou aplikovány různé utility\aplikace, nespouštějte je! Utility se používají až na pokyn rádce, jelikož mohou mazat stopy po havěti a v rukou ne-oborníka může mít jejich použití nedozírné následky.

3. Zvláště utilitu ComboFix nespouštějte i když Vám ji poradil kamarád či nějaký rádoby odborný web. Naše fórum je jediné z CZ\SK antivirových fór, které má právo luštit logy z ComboFixu a máme též plnou podporu autora této utility a přístup k nejaktuálnějším informacím a návodům.

Stahnete Shortcut Cleaner http://www.bleepingcomputer.com/downloa ... t-cleaner/

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Spustte tradicne dvouklikem
Probehne skenovani a pak se objevi log, pripadne bude ulozen v miste spusteni jako sc-cleaner.txt, ten sem vlozte

Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe

Ulozte nejlepe na plochu
Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
Probehne vytvoreni zalohy a nasledne prohledavani
Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Scan a nasledne Clean
Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

BFU-Ondra · #3 Příspěvek od **BFU-Ondra** » 01 led 2014 17:02

Děkuji za přivítání

posílám logy

Shortcut Cleaner 1.2.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
http://www.bleepingcomputer.com/downloa ... t-cleaner/

Windows Version: Microsoft Windows XP Service Pack 3
Program started at: 01/01/2014 04:24:36 PM.

Scanning for registry hijacks:

* No issues found in the Registry.

Searching for Hijacked Shortcuts:

Searching C:\Documents and Settings\Živný\Nabídka Start\

Searching C:\Documents and Settings\All Users\Nabídka Start\

Searching C:\Documents and Settings\Živný\Data aplikací\Microsoft\Internet Explorer\Quick Launch\

Searching C:\Documents and Settings\All Users\Plocha\

Searching C:\Documents and Settings\Živný\Plocha

0 bad shortcuts found.

Program finished at: 01/01/2014 04:24:37 PM
Execution time: 0 hours(s), 0 minute(s), and 0 seconds(s)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Microsoft Windows XP x86
Ran by ¦ivně on st 01.01.2014 at 16:25:20,70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\bi
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\tarma installer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\conduit.engine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2504091
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C8FD3971-589D-43FD-8C5E-1AA5210895C9}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"

~~~ Files

~~~ Folders

~~~ FireFox

Successfully deleted: [File] C:\Documents and Settings\¦ivně\Data aplikacˇ\mozilla\firefox\profiles\sj8rbdlz.default\user.js
Successfully deleted: [File] C:\Documents and Settings\¦ivně\Data aplikacˇ\mozilla\firefox\profiles\sj8rbdlz.default\searchplugins\conduit.xml
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\clickpotatolite@clickpotatolite.com
Successfully deleted the following from C:\Documents and Settings\¦ivně\Data aplikacˇ\mozilla\firefox\profiles\sj8rbdlz.default\prefs.js

user_pref("CT2504091.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
user_pref("CT2504091.CTID", "CT2504091");
user_pref("CT2504091.CurrentServerDate", "8-5-2011");
user_pref("CT2504091.DialogsAlignMode", "LTR");
user_pref("CT2504091.DownloadReferralCookieData", "");
user_pref("CT2504091.EMailNotifierPollDate", "Sun May 08 2011 14:34:45 GMT+0200");
user_pref("CT2504091.FeedLastCount129079840422964131", 11);
user_pref("CT2504091.FeedPollDate128891351169457140", "Sun May 08 2011 13:51:00 GMT+0200");
user_pref("CT2504091.FeedPollDate129079840422964131", "Sun May 08 2011 13:51:00 GMT+0200");
user_pref("CT2504091.FeedTTL128891351169457140", 40);
user_pref("CT2504091.FirstServerDate", "20-12-2010");
user_pref("CT2504091.FirstTime", true);
user_pref("CT2504091.FirstTimeFF3", true);
user_pref("CT2504091.FirstTimeSettingsDone", true);
user_pref("CT2504091.FixPageNotFoundErrors", true);
user_pref("CT2504091.GroupingServerCheckInterval", 1440);
user_pref("CT2504091.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
user_pref("CT2504091.Initialize", true);
user_pref("CT2504091.InitializeCommonPrefs", true);
user_pref("CT2504091.InstallationAndCookieDataSentCount", 3);
user_pref("CT2504091.InstallationType", "UnknownIntegration");
user_pref("CT2504091.InstalledDate", "Sun Dec 19 2010 22:37:09 GMT+0100");
user_pref("CT2504091.IsGrouping", false);
user_pref("CT2504091.IsMulticommunity", false);
user_pref("CT2504091.IsOpenThankYouPage", false);
user_pref("CT2504091.IsOpenUninstallPage", false);
user_pref("CT2504091.LanguagePackLastCheckTime", "Sun May 08 2011 13:50:59 GMT+0200");
user_pref("CT2504091.LanguagePackReloadIntervalMM", 1440);
user_pref("CT2504091.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
user_pref("CT2504091.LastLogin_2.7.2.0", "Sun May 08 2011 14:00:57 GMT+0200");
user_pref("CT2504091.LatestVersion", "3.3.3.2");
user_pref("CT2504091.Locale", "en-us");
user_pref("CT2504091.LoginCache", 4);
user_pref("CT2504091.MCDetectTooltipHeight", "83");
user_pref("CT2504091.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT2504091.MCDetectTooltipWidth", "295");
user_pref("CT2504091.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2504091&octid=EB_ORIGINAL_CTID&SearchSource=1");
user_pref("CT2504091.SearchFromAddressBarIsInit", true);
user_pref("CT2504091.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&q=");
user_pref("CT2504091.SearchInNewTabEnabled", true);
user_pref("CT2504091.SearchInNewTabIntervalMM", 1440);
user_pref("CT2504091.SearchInNewTabLastCheckTime", "Sun May 08 2011 11:04:55 GMT+0200");
user_pref("CT2504091.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
user_pref("CT2504091.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
user_pref("CT2504091.SettingsCheckIntervalMin", 120);
user_pref("CT2504091.SettingsLastCheckTime", "Sun May 08 2011 13:50:57 GMT+0200");
user_pref("CT2504091.SettingsLastUpdate", "1304242869");
user_pref("CT2504091.ThirdPartyComponentsInterval", 504);
user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Sat May 07 2011 11:04:54 GMT+0200");
user_pref("CT2504091.ThirdPartyComponentsLastUpdate", "1246790578");
user_pref("CT2504091.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
user_pref("CT2504091.UserID", "UN90765727678440142");
user_pref("CT2504091.ValidationData_Toolbar", 2);
user_pref("CT2504091.alertChannelId", "897164");
user_pref("CT2504091.clientLogIsEnabled", true);
user_pref("CT2504091.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2504091.myStuffEnabled", true);
user_pref("CT2504091.myStuffPublihserMinWidth", 400);
user_pref("CT2504091.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT2504091.myStuffServiceIntervalMM", 1440);
user_pref("CT2504091.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT2504091.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
user_pref("CommunityToolbar.ToolbarsList", "CT2504091");
user_pref("CommunityToolbar.ToolbarsList2", "CT2504091");
user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2504091");

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on st 01.01.2014 at 16:37:29,35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v3.016 - Report created 01/01/2014 at 16:47:30
# Updated 23/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Živný - DOC-6C22D1B09E2
# Running from : C:\Documents and Settings\Živný\Plocha\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found C:\Documents and Settings\All Users\Data aplikací\NCH Software
Folder Found C:\Documents and Settings\All Users\Data aplikací\Tarma Installer
Folder Found C:\Documents and Settings\Živný\Local Settings\Data aplikací\Conduit
Folder Found C:\Program Files\NCH Software

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AA74D58F-ACD0-450D-A85E-6C04B171C044}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{539F76FD-084E-4858-86D5-62F02F54AE86}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA74D58F-ACD0-450D-A85E-6C04B171C044}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AAA38851-3CFF-475F-B5E0-720D3645E4A5}
Key Found : HKCU\Software\NCH Software
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\bi_uninstaller
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Found : HKLM\Software\NCH Software

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v21.0 (cs)

[ File : C:\Documents and Settings\Živný\Data aplikací\Mozilla\Firefox\Profiles\sj8rbdlz.default\prefs.js ]

-\\ Google Chrome v31.0.1650.63

[ File : C:\Documents and Settings\Živný\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [2366 octets] - [01/01/2014 16:47:30]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2426 octets] ##########

#4 Příspěvek od **vyosek** » 02 led 2014 10:25

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Stari souboru zmente z 30 dnu na 7 dnu
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5

Kliknete na tlacitko Prohledat
Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
Pokud budou logy dlouhe (forum bude kricet o prekroceni maximalniho poctu znaku), tak je rozdelte do vice prispevku

BFU-Ondra · #5 Příspěvek od **BFU-Ondra** » 02 led 2014 12:58

Přikládám OTL log.

OTL logfile created on: 2.1.2014 12:15:55 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Živný\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,49 Gb Available Physical Memory | 74,51% Memory free
2,60 Gb Paging File | 2,29 Gb Available in Paging File | 87,98% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 28,77 Gb Free Space | 38,61% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: DOC-6C22D1B09E2 | User Name: Živný | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2014.01.02 12:13:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Živný\Plocha\OTL.exe
PRC - [2013.05.20 21:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe
PRC - [2008.04.14 04:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.08.03 05:12:00 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2006.03.05 19:44:01 | 000,026,624 | ---- | M] () -- C:\WINDOWS\OETRN.EXE
PRC - [2002.07.02 16:56:00 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE

========== Modules (No Company Name) ==========

MOD - [2006.03.05 19:44:01 | 000,200,704 | ---- | M] () -- C:\WINDOWS\TRNOET.DLL
MOD - [2006.03.05 19:44:01 | 000,045,056 | ---- | M] () -- C:\WINDOWS\TRNOEH.DLL
MOD - [2006.03.05 19:44:01 | 000,026,624 | ---- | M] () -- C:\WINDOWS\OETRN.EXE

========== Services (SafeList) ==========

SRV - [2013.06.03 15:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.05.20 21:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe -- (NAV)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013.12.13 09:41:18 | 000,382,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\Definitions\IPSDefs\20131231.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2013.12.12 17:55:54 | 000,343,456 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\trufos.sys -- (trufos)
DRV - [2013.12.03 19:27:33 | 001,098,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\Definitions\BASHDefs\20131203.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013.12.02 11:58:11 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\Definitions\VirusDefs\20140101.001\NAVEX15.SYS -- (NAVEX15)
DRV - [2013.12.02 11:58:11 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013.12.02 11:58:11 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\Definitions\VirusDefs\20140101.001\NAVENG.SYS -- (NAVENG)
DRV - [2013.11.21 12:20:32 | 000,108,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013.08.25 11:30:48 | 000,013,120 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2013.06.23 22:02:11 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013.05.22 22:25:28 | 000,934,488 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1404000.028\SymEFA.sys -- (SymEFA)
DRV - [2013.05.20 22:02:00 | 000,367,704 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1404000.028\SymDS.sys -- (SymDS)
DRV - [2013.05.15 22:02:14 | 000,603,224 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NAV\1404000.028\srtsp.sys -- (SRTSP)
DRV - [2013.04.24 17:43:56 | 000,396,760 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1404000.028\symtdi.sys -- (SYMTDI)
DRV - [2013.04.15 19:41:14 | 000,134,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1404000.028\ccSetx86.sys -- (ccSet_NAV)
DRV - [2013.03.04 18:39:20 | 000,175,264 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1404000.028\Ironx86.sys -- (SymIRON)
DRV - [2013.03.04 18:21:36 | 000,032,344 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1404000.028\srtspx.sys -- (SRTSPX)
DRV - [2008.04.13 19:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006.08.18 13:52:00 | 004,017,536 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM)
DRV - [2006.05.03 17:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2002.07.24 12:52:26 | 000,998,004 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2002.07.19 09:48:32 | 000,156,604 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2002.07.19 09:48:22 | 000,213,860 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2002.07.19 09:48:08 | 000,011,068 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2002.07.19 09:48:04 | 000,195,432 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2002.07.19 09:47:52 | 000,837,548 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k)
DRV - [2002.07.19 09:46:28 | 000,127,948 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2001.08.17 21:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [2001.08.17 19:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman)
DRV - [2001.08.17 19:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1)
DRV - [2001.08.17 19:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k)
DRV - [2001.08.17 19:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
DRV - [1999.12.17 00:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\PFMODNT.SYS -- (PfModNT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/secur ... =20.4.0.40
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/secur ... =20.4.0.40
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/secur ... =20.4.0.40
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/secur ... =20.4.0.40

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/secur ... =20.4.0.40

IE - HKU\S-1-5-21-2000478354-1303643608-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2000478354-1303643608-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/secur ... =20.4.0.40
IE - HKU\S-1-5-21-2000478354-1303643608-682003330-1004\Software\Microsoft\Internet Explorer\SearchURL\y, = http://yandex.ru/yandsearch?win=76&clid ... 12&text=%s
IE - HKU\S-1-5-21-2000478354-1303643608-682003330-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2000478354-1303643608-682003330-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKU\S-1-5-21-2000478354-1303643608-682003330-1004\..\SearchScopes\{202EE082-FF44-4FB9-84D2-A0E62BD1F8E7}: "URL" = http://www.novinky.cz/hledej?w={searchT ... arch_13415
IE - HKU\S-1-5-21-2000478354-1303643608-682003330-1004\..\SearchScopes\{3C49FBF8-1983-4A62-8DCC-5FDA7A4194FB}: "URL" = http://slovnik.seznam.cz/?q={searchTerm ... arch_13415
IE - HKU\S-1-5-21-2000478354-1303643608-682003330-1004\..\SearchScopes\{4584F4C5-1B79-4A28-B383-036B16374767}: "URL" = http://tv.seznam.cz/hledej?w={searchTer ... arch_13415
IE - HKU\S-1-5-21-2000478354-1303643608-682003330-1004\..\SearchScopes\{6C0BBC7C-90BC-47AF-AF7C-7D01C009C82F}: "URL" = http://slovnik.seznam.cz/?q={searchTerm ... arch_13415
IE - HKU\S-1-5-21-2000478354-1303643608-682003330-1004\..\SearchScopes\{772B5AF4-FEFF-48B5-846C-056B08F3AABF}: "URL" = http://www.zbozi.cz/?q={searchTerms}&r= ... arch_13415
IE - HKU\S-1-5-21-2000478354-1303643608-682003330-1004\..\SearchScopes\{8B9253E7-5CB0-4EF6-86EA-237655FED5B3}: "URL" = http://www.mapy.cz/?query={searchTerms} ... arch_13415
IE - HKU\S-1-5-21-2000478354-1303643608-682003330-1004\..\SearchScopes\{C80319D6-5D37-48ED-B6C7-0CC91C40D886}: "URL" = http://www.firmy.cz/?q={searchTerms}&so ... arch_13415
IE - HKU\S-1-5-21-2000478354-1303643608-682003330-1004\..\SearchScopes\{E9B0AC57-33FA-477C-9B5A-64C5700FF8EE}: "URL" = http://encyklopedie.seznam.cz/search?q= ... arch_13415
IE - HKU\S-1-5-21-2000478354-1303643608-682003330-1004\..\SearchScopes\09720724B37AE20589A542FACD8208D0: "URL" = http://search.conduit.com/ResultsExt.as ... =CT2504091
IE - HKU\S-1-5-21-2000478354-1303643608-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2000478354-1303643608-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\IPSFF [2013.10.11 11:57:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.06.01 17:05:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.12.12 18:07:45 | 000,000,000 | ---D | M]

[2010.10.23 13:45:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Živný\Data aplikací\Mozilla\Extensions
[2013.10.04 18:04:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Živný\Data aplikací\Mozilla\Firefox\Profiles\sj8rbdlz.default\extensions
[2013.08.10 08:51:03 | 000,000,000 | ---D | M] (Seznam liĹˇtiÄŤka) -- C:\Documents and Settings\Živný\Data aplikací\Mozilla\Firefox\Profiles\sj8rbdlz.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
[2013.06.01 17:05:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013.06.01 17:05:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.centrum.cz/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: ClickPotatoLite Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll
CHR - Extension: Pen\u011B\u017Eenka Google = C:\Documents and Settings\Živný\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\

O1 HOSTS File: ([2006.03.02 13:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (WebTransBHO Class) - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll ()
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (WebTranslator) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No CLSID value found.
O3 - HKU\S-1-5-21-2000478354-1303643608-682003330-1004\..\Toolbar\ShellBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
O3 - HKU\S-1-5-21-2000478354-1303643608-682003330-1004\..\Toolbar\WebBrowser: (no name) - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - No CLSID value found.
O4 - HKLM..\Run: [Jet Detection] C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [WINDVDPatch] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKU\S-1-5-21-2000478354-1303643608-682003330-1004..\Run: [OEXPRESS] C:\WINDOWS\OETRN.EXE ()
O4 - HKU\.DEFAULT..\RunOnce: [] File not found
O4 - HKU\S-1-5-18..\RunOnce: [] File not found
O4 - HKU\S-1-5-19..\RunOnce: [] File not found
O4 - HKU\S-1-5-20..\RunOnce: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-2000478354-1303643608-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O7 - HKU\S-1-5-21-2000478354-1303643608-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll ()
O9 - Extra 'Tools' menuitem : &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll ()
O9 - Extra 'Tools' menuitem : &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll ()
O9 - Extra 'Tools' menuitem : Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll ()
O9 - Extra 'Tools' menuitem : Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll ()
O15 - HKU\S-1-5-21-2000478354-1303643608-682003330-1004\..Trusted Domains: localhost ([]http in Internet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.168.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5BDCF8AF-0012-40A8-89A8-A625811E0E1A}: DhcpNameServer = 192.168.168.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Živný\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Živný\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.03.05 03:43:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 5

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ffdshow.ax ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2014.01.02 12:13:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Živný\Plocha\OTL.exe
[2014.01.01 16:47:12 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.01.01 16:25:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014.01.01 16:20:15 | 001,036,305 | ---- | C] (Thisisu) -- C:\Documents and Settings\Živný\Plocha\JRT.exe
[2014.01.01 16:19:48 | 000,406,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Živný\Plocha\sc-cleaner.exe
[2014.01.01 15:41:05 | 000,000,000 | ---D | C] -- C:\rsit
[2014.01.01 15:39:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Živný\Dokumenty\Stažené soubory
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2014.01.02 12:20:37 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014.01.02 12:13:41 | 000,001,680 | ---- | M] () -- C:\WINDOWS\MAILTRAN.INI
[2014.01.02 12:13:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Živný\Plocha\OTL.exe
[2014.01.02 12:09:04 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014.01.02 12:09:03 | 003,373,917 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000001-00001102-00000002-80271102}.CDF
[2014.01.02 12:09:03 | 003,373,917 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000001-00001102-00000002-80271102}.BAK
[2014.01.02 12:09:01 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014.01.02 12:08:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014.01.02 12:08:32 | 2147,012,608 | -HS- | M] () -- C:\hiberfil.sys
[2014.01.01 23:16:13 | 000,028,224 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000001-00001102-00000002-80271102}.rfx
[2014.01.01 23:16:13 | 000,028,224 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000001-00001102-00000002-80271102}.rfx
[2014.01.01 23:16:13 | 000,016,820 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000001-00001102-00000002-80271102}.rfx
[2014.01.01 23:16:13 | 000,016,820 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000001-00001102-00000002-80271102}.rfx
[2014.01.01 23:16:13 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2014.01.01 23:16:13 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2014.01.01 23:16:13 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000001-00001102-00000002-80271102}.dat
[2014.01.01 23:16:13 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000001-00001102-00000002-80271102}.dat
[2014.01.01 22:54:00 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014.01.01 22:19:22 | 000,002,441 | ---- | M] () -- C:\Documents and Settings\Živný\Plocha\HiJackThis.lnk
[2014.01.01 17:40:22 | 000,002,638 | ---- | M] () -- C:\WINDOWS\WDICT32.INI
[2014.01.01 16:20:55 | 001,233,962 | ---- | M] () -- C:\Documents and Settings\Živný\Plocha\adwcleaner.exe
[2014.01.01 16:20:19 | 001,036,305 | ---- | M] (Thisisu) -- C:\Documents and Settings\Živný\Plocha\JRT.exe
[2014.01.01 16:19:52 | 000,406,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Živný\Plocha\sc-cleaner.exe
[2014.01.01 15:59:58 | 000,005,735 | ---- | M] () -- C:\Documents and Settings\Živný\Plocha\ComboFix.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014.01.02 12:20:37 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014.01.01 16:20:49 | 001,233,962 | ---- | C] () -- C:\Documents and Settings\Živný\Plocha\adwcleaner.exe
[2014.01.01 15:59:57 | 000,005,735 | ---- | C] () -- C:\Documents and Settings\Živný\Plocha\ComboFix.exe
[2013.12.24 12:56:06 | 000,003,592 | ---- | C] () -- C:\Documents and Settings\Živný\Local Settings\Data aplikací\recently-used.xbel
[2013.11.11 22:22:33 | 000,013,120 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2013.09.06 18:11:59 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000001-00001102-00000002-80271102}.dat
[2013.09.06 18:11:59 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000001-00001102-00000002-80271102}.dat
[2013.09.06 17:59:47 | 000,000,128 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2013.09.06 17:59:45 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2013.09.06 17:59:45 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2013.09.06 17:58:59 | 000,037,727 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2013.09.06 17:58:59 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2013.09.06 17:58:56 | 000,179,669 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2013.09.06 17:58:56 | 000,164,044 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2013.09.06 17:58:56 | 000,113,373 | ---- | C] () -- C:\WINDOWS\System32\ctbasicw.dat
[2013.09.06 17:58:56 | 000,113,273 | ---- | C] () -- C:\WINDOWS\System32\CTBAS2W.DAT
[2013.09.06 17:58:56 | 000,044,055 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2013.09.06 17:58:55 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2013.09.06 17:58:55 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\KILLAPPS.EXE
[2013.09.06 17:58:55 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2013.09.06 17:58:55 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2013.07.12 20:54:37 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2013.06.16 08:10:03 | 000,004,974 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\mtbjfghn.xbe
[2013.06.16 07:22:19 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2013.06.16 07:10:22 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013.06.15 23:02:04 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2013.06.15 13:17:44 | 000,023,503 | ---- | C] () -- C:\Documents and Settings\Živný\AdobeFnt10.lst
[2013.03.28 22:40:16 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2012.10.14 19:15:18 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.07.11 19:32:39 | 000,000,174 | ---- | C] () -- C:\WINDOWS\SSC.INI
[2009.04.05 20:59:11 | 000,204,288 | ---- | C] () -- C:\Documents and Settings\Živný\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2013.10.17 10:58:45 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012.08.30 21:33:30 | 001,510,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:56:05 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 04:22:05 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013.11.11 22:23:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Canneverbe Limited
[2013.12.12 17:55:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
[2010.10.21 16:49:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PCSettings
[2011.03.12 20:56:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\regid.1986-12.com.adobe
[2013.08.12 23:03:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Tarma Installer
[2012.01.27 00:28:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\tmp
[2013.12.17 22:50:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Živný\Data aplikací\Audacity
[2012.10.10 23:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Živný\Data aplikací\Azureus
[2013.10.12 13:34:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Živný\Data aplikací\Blender Foundation
[2013.11.11 22:22:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Živný\Data aplikací\Canneverbe Limited
[2013.06.16 08:09:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Živný\Data aplikací\Carambis
[2013.08.10 08:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Živný\Data aplikací\inkscape
[2013.06.16 08:11:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Živný\Data aplikací\Opera
[2011.05.08 13:08:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Živný\Data aplikací\Raptr
[2013.09.16 06:18:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Živný\Data aplikací\Seznam.cz
[2012.04.10 11:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Živný\Data aplikací\Tific
[2013.06.16 08:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Živný\Data aplikací\Yandex

========== Purity Check ==========

========== Custom Scans ==========

< >
[2006.03.05 03:41:24 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2006.03.05 03:46:54 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2011.05.08 13:32:50 | 000,000,934 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2011.05.08 13:32:51 | 000,000,938 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2013.12.12 23:30:17 | 000,000,296 | ---- | C] () -- C:\WINDOWS\Tasks\PitchPerfectReminder.job

< >

< MD5 for: ATAPI.SYS >
[2006.03.02 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2012.10.10 23:09:52 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2012.10.10 23:09:52 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006.03.02 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.04.14 04:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008.04.14 04:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe

< MD5 for: CDROM.SYS >
[2006.03.02 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2012.10.10 23:09:52 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2012.10.10 23:09:52 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2008.04.14 04:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 04:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

< MD5 for: HAL.DLL >
[2006.03.02 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2012.10.10 23:09:52 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2012.10.10 23:09:52 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 19:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2008.04.13 19:31:28 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=6F61D3287A6A15A08A9433222C09D17F -- C:\WINDOWS\system32\HAL.DLL

< MD5 for: SCECLI.DLL >
[2008.04.14 04:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SERVICES.EXE >
[2009.02.09 12:18:56 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=3D107D45CCFDB266E91D84B52CD7F430 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2009.02.09 12:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=9EF697AF07BB8DD82C3B02CA953A95B7 -- C:\WINDOWS\system32\dllcache\services.exe
[2009.02.09 12:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=9EF697AF07BB8DD82C3B02CA953A95B7 -- C:\WINDOWS\system32\services.exe
[2008.04.14 04:22:45 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=F0D2AE69035092BF22DAD6B50FAB85C2 -- C:\WINDOWS\ServicePackFiles\i386\services.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 04:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 04:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.04.13 20:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 04:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008.04.14 04:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< >

< %systemroot%*.* /U /s >
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[23 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\d466afb6be5767b9d088613852f47744\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\d466afb6be5767b9d088613852f47744\*.tmp -> ]
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[8 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\*.tmp files -> C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\*.tmp -> ]
[2 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2013.06.15 20:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Živný\Data aplikací\Adobe
[2009.01.23 21:05:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Živný\Data aplikací\AdobeUM
[2011.02.12 18:30:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Živný\Data aplikací\Apple Computer
[2013.12.17 22:50:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Živný\Data aplikací\Audacity
[2012.10.10 23:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Živný\Data aplikací\Azureus
[2013.10.12 13:34:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Živný\Data aplikací\Blender Foundation
[2013.11.11 22:22:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Živný\Data aplikací\Canneverbe Limited
[2013.06.16 08:09:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Živný\Data aplikací\Carambis
[2011.03.13 21:55:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Živný\Data aplikací\CyberLink
[2013.12.15 21:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Živný\Data aplikací\dvdcss
[2013.09.16 22:41:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Živný\Data aplikací\Help
[2006.03.05 03:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Živný\Data aplikací\Identities
[2013.08.10 08:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Živný\Data aplikací\inkscape
[2010.10.22 18:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Živný\Data aplikací\Macromedia
[2013.11.11 22:25:57 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Živný\Data aplikací\Microsoft
[2010.10.23 13:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Živný\Data aplikací\Mozilla
[2013.06.16 08:11:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Živný\Data aplikací\Opera
[2011.05.08 13:08:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Živný\Data aplikací\Raptr
[2013.09.16 06:18:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Živný\Data aplikací\Seznam.cz
[2013.10.16 21:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Živný\Data aplikací\Skype
[2011.01.29 11:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Živný\Data aplikací\Sun
[2012.04.10 11:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Živný\Data aplikací\Tific
[2011.07.25 21:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Živný\Data aplikací\U3
[2014.01.01 20:34:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Živný\Data aplikací\vlc
[2013.06.16 08:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Živný\Data aplikací\Yandex

< %APPDATA%\*.exe /s >
[2010.12.19 22:21:08 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Documents and Settings\Živný\Data aplikací\Azureus\plugins\mlab\ShaperProbeC.exe
[2011.02.20 15:12:58 | 008,543,160 | ---- | M] (Vuze Inc.) -- C:\Documents and Settings\Živný\Data aplikací\Azureus\tmp\AZU25202.tmp\Vuze_4.6.0.2a_win32.exe
[2013.06.16 08:22:31 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Živný\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
[2013.05.16 14:25:04 | 001,062,472 | ---- | M] () -- C:\Documents and Settings\Živný\Data aplikací\Seznam.cz\szninstall.exe
[2013.05.16 14:26:24 | 002,589,256 | ---- | M] () -- C:\Documents and Settings\Živný\Data aplikací\Seznam.cz\sznsetup.exe
[2013.04.16 12:52:34 | 000,055,808 | ---- | M] () -- C:\Documents and Settings\Živný\Data aplikací\Seznam.cz\bin\ffkill.exe
[2013.04.29 11:53:34 | 000,045,560 | ---- | M] () -- C:\Documents and Settings\Živný\Data aplikací\Seznam.cz\bin\listicka-x64.exe
[2013.04.12 09:13:24 | 000,457,208 | ---- | M] () -- C:\Documents and Settings\Živný\Data aplikací\Seznam.cz\bin\szndesktop.exe
[2013.04.12 09:10:22 | 000,092,664 | ---- | M] () -- C:\Documents and Settings\Živný\Data aplikací\Seznam.cz\bin\wszndesktop.exe
[2006.05.23 17:04:56 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Živný\Data aplikací\U3\temp\cleanup.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job >
[2014.01.02 12:09:01 | 000,000,934 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2014.01.01 22:54:00 | 000,000,938 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2013.12.12 23:30:18 | 000,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\PitchPerfectReminder.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006.03.05 04:31:42 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2006.03.05 04:31:42 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2006.03.05 04:31:42 | 000,462,848 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2014.01.01 23:16:13 | 000,028,224 | ---- | M] () -- C:\WINDOWS\system32\BMXBkpCtrlState-{00000002-00000000-00000001-00001102-00000002-80271102}.rfx
[2014.01.01 23:16:13 | 000,028,224 | ---- | M] () -- C:\WINDOWS\system32\BMXCtrlState-{00000002-00000000-00000001-00001102-00000002-80271102}.rfx
[2014.01.01 23:16:13 | 000,016,820 | ---- | M] () -- C:\WINDOWS\system32\BMXState-{00000002-00000000-00000001-00001102-00000002-80271102}.rfx
[2014.01.01 23:16:13 | 000,016,820 | ---- | M] () -- C:\WINDOWS\system32\BMXStateBkp-{00000002-00000000-00000001-00001102-00000002-80271102}.rfx
[2014.01.01 23:16:13 | 000,000,024 | ---- | M] () -- C:\WINDOWS\system32\DVCState-{00000002-00000000-00000001-00001102-00000002-80271102}.dat
[2014.01.01 23:16:13 | 000,000,024 | ---- | M] () -- C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000001-00001102-00000002-80271102}.dat
[2014.01.01 23:16:13 | 000,001,080 | ---- | M] () -- C:\WINDOWS\system32\settings.sfm
[2014.01.01 23:16:13 | 000,001,080 | ---- | M] () -- C:\WINDOWS\system32\settingsbkup.sfm
[2014.01.02 12:09:04 | 000,013,646 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 04:22:17 | 000,015,360 | ---- | M] (Microsoft Corporation)
"OEXPRESS" = C:\WINDOWS\OETRN.EXE -- [2006.03.05 19:44:01 | 000,026,624 | ---- | M] ()

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2013.06.01 17:04:58 | 000,920,472 | ---- | M] (Mozilla Corporation) MD5=95110A1C5A1D228AC1DDF6AB67D00BEB -- C:\Program Files\Mozilla Firefox\firefox.exe

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2009.03.08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Program Files\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2013.12.04 03:48:06 | 000,863,184 | ---- | M] (Google Inc.) MD5=376A9B411BF8B77D5BF84B24D0C7DACD -- C:\Program Files\Google\Chrome\Application\chrome.exe

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2014.01.02 12:20:37 | 000,000,512 | ---- | M] () MD5=50B1A5A256E2B6D54A87ECE66814F1AF -- C:\PhysicalMBR.bin

< End of report >

a Extras

OTL Extras logfile created on: 2.1.2014 12:15:55 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Živný\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,49 Gb Available Physical Memory | 74,51% Memory free
2,60 Gb Paging File | 2,29 Gb Available in Paging File | 87,98% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 28,77 Gb Free Space | 38,61% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: DOC-6C22D1B09E2 | User Name: Živný | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-2000478354-1303643608-682003330-1004\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UacDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallDisableNotify" = 0
"FirewallOverride" = 0
"FirstRunDisabled" = 0
"UacDisableNotify" = 0
"UpdatesDisableNotify" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableConfig" = 0
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Raptr\raptr.exe" = C:\Program Files\Raptr\raptr.exe:*:Enabled:Raptr Client
"C:\Program Files\Raptr\raptr_im.exe" = C:\Program Files\Raptr\raptr_im.exe:*:Enabled:Raptr IM
"C:\Documents and Settings\Živný\Local Settings\Data aplikací\Akamai\netsession_win.exe" = C:\Documents and Settings\Živný\Local Settings\Data aplikací\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Interface
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Disabled:Azureus / Vuze
"C:\GOG Games\System Shock 2\Shock2.exe" = C:\GOG Games\System Shock 2\Shock2.exe:*:Disabled:System Shock 2
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FCAADB8-EB1B-11D6-AB2D-0090271A23A2}" = Sound Blaster Live! Web 2K/XP
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0405-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Czech) 12
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-A70500000002}" = Adobe Reader 7.0.5 - Czech
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 2.0.4
"Blender" = Blender
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.62
"Edraw Mind Map Freeware_is1" = Edraw Mind Map 7
"GIMP-2_is1" = GIMP 2.8.6
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie8" = Windows Internet Explorer 8
"Inkscape" = Inkscape 0.48.4
"IrfanView" = IrfanView (remove only)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 21.0 (x86 cs)" = Mozilla Firefox 21.0 (x86 cs)
"NAV" = Norton AntiVirus
"OpenAL" = OpenAL
"PC Translator" = PC Translator
"PitchPerfect" = PitchPerfect Musical Instrument Tuner
"PowerArchiver" = PowerArchiver
"Totalcmd" = Total Commander (Remove or Repair)
"VLC media player" = VLC media player 2.0.4
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"XP Codec Pack" = XP Codec Pack
"Xvid Video Codec 1.3.1" = Xvid Video Codec

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2000478354-1303643608-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SeznamInstall" = Seznam Software

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11.12.2013 11:41:52 | Computer Name = DOC-6C22D1B09E2 | Source = Microsoft Office 12 | ID = 5000
Description = EventType officelifeboathang, P1 winword.exe, P2 12.0.4518.1014, P3
ntdll.dll, P4 5.1.2600.6055, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

[ OSession Events ]
Error - 8.5.2011 7:40:06 | Computer Name = DOC-6C22D1B09E2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 29
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8.5.2011 7:41:52 | Computer Name = DOC-6C22D1B09E2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 99
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8.5.2011 7:42:18 | Computer Name = DOC-6C22D1B09E2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 18
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8.5.2011 7:49:38 | Computer Name = DOC-6C22D1B09E2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8.5.2011 7:49:55 | Computer Name = DOC-6C22D1B09E2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11.12.2013 11:42:46 | Computer Name = DOC-6C22D1B09E2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 48
seconds with 0 seconds of active time. This session ended with a crash.

< End of report >

#6 Příspěvek od **vyosek** » 02 led 2014 19:18

Spustte znovu OTL

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

:otl
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/secur ... =20.4.0.40
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/secur ... =20.4.0.40
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/secur ... =20.4.0.40
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/secur ... =20.4.0.40
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/secur ... =20.4.0.40
IE - HKU\S-1-5-21-2000478354-1303643608-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2000478354-1303643608-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/secur ... =20.4.0.40
IE - HKU\S-1-5-21-2000478354-1303643608-682003330-1004\Software\Microsoft\Internet Explorer\SearchURL\y, = http://yandex.ru/yandsearch?win=76&clid ... 1012&text=%s
IE - HKU\S-1-5-21-2000478354-1303643608-682003330-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2000478354-1303643608-682003330-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKU\S-1-5-21-2000478354-1303643608-682003330-1004\..\SearchScopes\{202EE082-FF44-4FB9-84D2-A0E62BD1F8E7}: "URL" = http://www.novinky.cz/hledej?w={searchTerms}&sourceid=QuickSearch_13415
IE - HKU\S-1-5-21-2000478354-1303643608-682003330-1004\..\SearchScopes\{3C49FBF8-1983-4A62-8DCC-5FDA7A4194FB}: "URL" = http://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_13415
IE - HKU\S-1-5-21-2000478354-1303643608-682003330-1004\..\SearchScopes\{4584F4C5-1B79-4A28-B383-036B16374767}: "URL" = http://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_13415
IE - HKU\S-1-5-21-2000478354-1303643608-682003330-1004\..\SearchScopes\{6C0BBC7C-90BC-47AF-AF7C-7D01C009C82F}: "URL" = http://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_13415
IE - HKU\S-1-5-21-2000478354-1303643608-682003330-1004\..\SearchScopes\{772B5AF4-FEFF-48B5-846C-056B08F3AABF}: "URL" = http://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=QuickSearch_13415
IE - HKU\S-1-5-21-2000478354-1303643608-682003330-1004\..\SearchScopes\{8B9253E7-5CB0-4EF6-86EA-237655FED5B3}: "URL" = http://www.mapy.cz/?query={searchTerms}&sourceid=QuickSearch_13415
IE - HKU\S-1-5-21-2000478354-1303643608-682003330-1004\..\SearchScopes\{C80319D6-5D37-48ED-B6C7-0CC91C40D886}: "URL" = http://www.firmy.cz/?q={searchTerms}&sourceid=QuickSearch_13415
IE - HKU\S-1-5-21-2000478354-1303643608-682003330-1004\..\SearchScopes\{E9B0AC57-33FA-477C-9B5A-64C5700FF8EE}: "URL" = http://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_13415
IE - HKU\S-1-5-21-2000478354-1303643608-682003330-1004\..\SearchScopes\09720724B37AE20589A542FACD8208D0: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091
IE - HKU\S-1-5-21-2000478354-1303643608-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2000478354-1303643608-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No CLSID value found.
O3 - HKU\S-1-5-21-2000478354-1303643608-682003330-1004\..\Toolbar\ShellBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
O3 - HKU\S-1-5-21-2000478354-1303643608-682003330-1004\..\Toolbar\WebBrowser: (no name) - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - No CLSID value found.
O4 - HKU\.DEFAULT..\RunOnce: [] File not found
O4 - HKU\S-1-5-18..\RunOnce: [] File not found
O4 - HKU\S-1-5-19..\RunOnce: [] File not found
O4 - HKU\S-1-5-20..\RunOnce: [] File not found
O15 - HKU\S-1-5-21-2000478354-1303643608-682003330-1004\..Trusted Domains: localhost ([]http in Internet)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O33 - MountPoints2\E\Shell - "" = AutoRun
[2014.01.01 16:20:15 | 001,036,305 | ---- | C] (Thisisu) -- C:\Documents and Settings\Živný\Plocha\JRT.exe
[2014.01.01 16:19:48 | 000,406,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Živný\Plocha\sc-cleaner.exe
[2014.01.01 16:20:55 | 001,233,962 | ---- | M] () -- C:\Documents and Settings\Živný\Plocha\adwcleaner.exe
[2014.01.01 15:59:58 | 000,005,735 | ---- | M] () -- C:\Documents and Settings\Živný\Plocha\ComboFix.exe
[2013.06.16 08:10:03 | 000,004,974 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\mtbjfghn.xbe
[23 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\d466afb6be5767b9d088613852f47744\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\d466afb6be5767b9d088613852f47744\*.tmp -> ]
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[8 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\*.tmp files -> C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\*.tmp -> ]
[2014.01.02 12:09:01 | 000,000,934 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2014.01.01 22:54:00 | 000,000,938 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2013.12.12 23:30:18 | 000,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\PitchPerfectReminder.job

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
""=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]


:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[EMPTYJAVA]

Nasledne kliknete na Opravit
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

BFU-Ondra · #7 Příspěvek od **BFU-Ondra** » 02 led 2014 20:34

Posílám log z OTL

All processes killed
========== OTL ==========
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
Service Changer stopped successfully!
Service Changer deleted successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-2000478354-1303643608-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-2000478354-1303643608-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-2000478354-1303643608-682003330-1004\Software\Microsoft\Internet Explorer\SearchURL\y\\| /E : value set successfully!
HKEY_USERS\S-1-5-21-2000478354-1303643608-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2000478354-1303643608-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2000478354-1303643608-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{202EE082-FF44-4FB9-84D2-A0E62BD1F8E7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{202EE082-FF44-4FB9-84D2-A0E62BD1F8E7}\ not found.
Registry key HKEY_USERS\S-1-5-21-2000478354-1303643608-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{3C49FBF8-1983-4A62-8DCC-5FDA7A4194FB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3C49FBF8-1983-4A62-8DCC-5FDA7A4194FB}\ not found.
Registry key HKEY_USERS\S-1-5-21-2000478354-1303643608-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{4584F4C5-1B79-4A28-B383-036B16374767}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4584F4C5-1B79-4A28-B383-036B16374767}\ not found.
Registry key HKEY_USERS\S-1-5-21-2000478354-1303643608-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{6C0BBC7C-90BC-47AF-AF7C-7D01C009C82F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C0BBC7C-90BC-47AF-AF7C-7D01C009C82F}\ not found.
Registry key HKEY_USERS\S-1-5-21-2000478354-1303643608-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{772B5AF4-FEFF-48B5-846C-056B08F3AABF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{772B5AF4-FEFF-48B5-846C-056B08F3AABF}\ not found.
Registry key HKEY_USERS\S-1-5-21-2000478354-1303643608-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{8B9253E7-5CB0-4EF6-86EA-237655FED5B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8B9253E7-5CB0-4EF6-86EA-237655FED5B3}\ not found.
Registry key HKEY_USERS\S-1-5-21-2000478354-1303643608-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{C80319D6-5D37-48ED-B6C7-0CC91C40D886}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C80319D6-5D37-48ED-B6C7-0CC91C40D886}\ not found.
Registry key HKEY_USERS\S-1-5-21-2000478354-1303643608-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{E9B0AC57-33FA-477C-9B5A-64C5700FF8EE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9B0AC57-33FA-477C-9B5A-64C5700FF8EE}\ not found.
Registry key HKEY_USERS\S-1-5-21-2000478354-1303643608-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{searchTerms}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{searchTerms}\ not found.
HKU\S-1-5-21-2000478354-1303643608-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-2000478354-1303643608-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{91397D20-1446-11D4-8AF4-0040CA1127B6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91397D20-1446-11D4-8AF4-0040CA1127B6}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{91397D20-1446-11D4-8AF4-0040CA1127B6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91397D20-1446-11D4-8AF4-0040CA1127B6}\ not found.
Registry value HKEY_USERS\S-1-5-21-2000478354-1303643608-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{BA14329E-9550-4989-B3F2-9732E92D17CC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}\ not found.
Registry value HKEY_USERS\S-1-5-21-2000478354-1303643608-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A13C2648-91D4-4BF3-BC6D-0079707C4389} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A13C2648-91D4-4BF3-BC6D-0079707C4389}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2000478354-1303643608-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
C:\Documents and Settings\Živný\Plocha\JRT.exe moved successfully.
C:\Documents and Settings\Živný\Plocha\sc-cleaner.exe moved successfully.
C:\Documents and Settings\Živný\Plocha\adwcleaner.exe moved successfully.
C:\Documents and Settings\Živný\Plocha\ComboFix.exe moved successfully.
C:\Documents and Settings\All Users\Data aplikací\mtbjfghn.xbe moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP15B.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1BC.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP287.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP29E.tmp\mscorlib.dll deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP29E.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2A0.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2C7.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP38D.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP394.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP477.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP499.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4B1.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP58.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP596.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP683.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP767.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP783.tmp\mscorlib.dll deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP783.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7AB.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7BD.tmp\WindowsBase.dll deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7BD.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8A7.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP987.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP994.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9BA.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA9F.tmp folder deleted successfully.
C:\WINDOWS\SoftwareDistribution\Download\d466afb6be5767b9d088613852f47744\BIT5.tmp deleted successfully.
C:\WINDOWS\system32\CONFIG.TMP deleted successfully.
C:\WINDOWS\system32\SET3C.tmp deleted successfully.
C:\WINDOWS\system32\SET40.tmp deleted successfully.
C:\WINDOWS\system32\SET48.tmp deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\18.tmp deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\19.tmp deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\1A.tmp deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\1D.tmp deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\4B.tmp deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\75.tmp deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\CR_B6352.tmp\SETUP_PATCH.PACKED.7Z deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\CR_B6352.tmp folder deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\E.tmp deleted successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\WINDOWS\Tasks\PitchPerfectReminder.job moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk\ deleted successfully.
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\002738_.tmp moved successfully.
C:\WINDOWS\SET21.tmp moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 4978554 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Živný
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 9748973 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 67398883 bytes
->Google Chrome cache emptied: 23231510 bytes
->Flash cache emptied: 1324 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 46523531 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 182064348 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 319,00 mb

[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Živný
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

[EMPTYJAVA]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Živný
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 01022014_202809

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_5ac.dat not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#8 Příspěvek od **vyosek** » 02 led 2014 20:35

Jak se chova nas pacient??

BFU-Ondra · #9 Příspěvek od **BFU-Ondra** » 02 led 2014 20:39

Pořád stejně, pane doktore

Přemýšlím nad euthanázií a přechodem na logaritmické pravítko.

#10 Příspěvek od **vyosek** » 02 led 2014 20:46

Ve kterem prohlizeci nastava to presmerovani??

BFU-Ondra · #11 Příspěvek od **BFU-Ondra** » 02 led 2014 20:52

IE, Mozzilla, Chrome

#12 Příspěvek od **vyosek** » 02 led 2014 20:55

Dle tohoto http://www.malwareremovalguides.info/li ... tructions/ provedte odebrani z IE, FF i Chrome

BFU-Ondra · #13 Příspěvek od **BFU-Ondra** » 03 led 2014 16:23

Havěť se stále drží. Momentálně to řeší známý, IT technik, takže uvidíme, co z toho bude

Napíšu, jakmile bude trochu jasněji.

#14 Příspěvek od **vyosek** » 03 led 2014 17:02

No jak myslite, ja v zaloze jeste nejake zpusoby reseni mel...

VIRY.CZ

Linkbucks.com

Linkbucks.com

Re: Linkbucks.com

Re: Linkbucks.com

Re: Linkbucks.com

Re: Linkbucks.com

Re: Linkbucks.com

Re: Linkbucks.com

Re: Linkbucks.com

Re: Linkbucks.com

Re: Linkbucks.com

Re: Linkbucks.com

Re: Linkbucks.com

Re: Linkbucks.com

Re: Linkbucks.com