Strašně pomalý PC... Prosím laskavou pomoc.

Zpráva

HonzaM · #16 Příspěvek od **HonzaM** » 17 led 2014 13:23

Další log :

RogueKiller V8.8.1 [Jan 14 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : Honza [Práva správce]
Mód : Odebrat -- Datum : 01/17/2014 13:21:39
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 3 ¤¤¤
[RUN][BLACKLIST] HKLM\[...]\Run : SW20 (C:\WINDOWS\system32\sw20.exe [-]) -> VYMAZÁNO
[RUN][BLACKLIST] HKLM\[...]\Run : SW24 (C:\WINDOWS\system32\sw24.exe [-]) -> VYMAZÁNO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 3 ¤¤¤
[All Users][SUSP UNIC] E-Color.lnk : C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\E-Color.lnk [-] -> VYMAZÁNO
[All Users][SUSP UNIC] hamachi.lnk : C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\hamachi.lnk [-] -> VYMAZÁNO
[All Users.WINDOWS][SUSP UNIC] PC Alert 4.lnk : C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\PC Alert 4.lnk [-] -> VYMAZÁNO

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO 0xc0000033] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

ÿþ1

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST380011A +++++
--- User ---
[MBR] 35dc9160f458f004f23102e0383b6c92
[BSP] 44c55289914875ff2e047e338efe5c7d : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76316 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_D_01172014_132139.txt >>
RKreport[0]_S_01172014_131805.txt

a ještě jeden :

RogueKiller V8.8.1 [Jan 14 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : Honza [Práva správce]
Mód : Oprava HOSTS -- Datum : 01/17/2014 13:23:01
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO 0xc0000033] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

ÿþ1

¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost

Dokončeno : << RKreport[0]_H_01172014_132301.txt >>
RKreport[0]_D_01172014_132139.txt;RKreport[0]_S_01172014_131805.txt

#17 Příspěvek od **Márty84** » 17 led 2014 13:28

Dejte novy log z RSIT

HonzaM · #18 Příspěvek od **HonzaM** » 17 led 2014 17:20

LOG RSIT :

Logfile of random's system information tool 1.09 (written by random/random)
Run by Honza at 2014-01-17 17:18:51
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 36 GB (48%) free of 76 GB
Total RAM: 767 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:18:58, on 17.1.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\PANDORA.TV\PanService\KMPService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PANDORA.TV\PanService\KMPProcess.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Honza.WHISKY\Dokumenty\Stažené soubory\RSIT(1).exe
C:\Program Files\trend micro\Honza.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files\PANDORA.TV\PanService\KMPService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 5019 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\WGASetup.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Honza.WHISKY\Data aplikací\Mozilla\Firefox\Profiles\fe30q1ux.default-1389005514859

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{FFB96CC1-7EB3-449D-B827-DB661701C6BB}"=C:\Program Files\CheckPoint\ZAForceField\TrustChecker
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
"wrc@avast.com"=C:\Program Files\Alwil Software\Avast5\WebRep\FF

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.9.900.170 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=c:\program files\real\realplayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647]
"Description"=RealJukebox Netscape Plugin
"Path"=c:\program files\real\realplayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652]
"Description"=RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In
"Path"=C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647]
"Description"=12.0.1.647
"Path"=c:\program files\real\realplayer\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1]
"Description"=Yahoo! activeX Plug-in Bridge
"Path"=C:\Program Files\Yahoo!\Common\npyaxmpb.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
nppl3260.xpt
nsjsrealplayerplugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npdeployJava1.dll
nppdf32.dll
nppl3260.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
nprjplug.dll
nprpjplug.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
MyHeritage.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-24 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-08-02 577536]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-08-11 86016]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2002-09-25 87751]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2013-05-09 4858968]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2013-03-14 3672640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe"="C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth"
"C:\Program Files\SoftwareTime\ComputerTime\bin\ctmn32.exe"="C:\Program Files\SoftwareTime\ComputerTime\bin\ctmn32.exe:*:Enabled:ComputerTime™"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe"="C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe"="C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\PANDORA.TV\PanService\KMPProcess.exe"="C:\Program Files\PANDORA.TV\PanService\KMPProcess.exe:*:Enabled:KMPProcess"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=serwvdrv.dll
"VIDC.WMV3"=wmv9vcm.dll
"wave2"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"VIDC.MJPG"=pvmjpg21.dll
"vidc.xvid"=xvidvfw.dll

======List of files/folders created in the last 1 month======

2014-01-16 14:16:17 ----D---- C:\AdwCleaner
2014-01-16 11:40:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2914368$
2014-01-13 23:11:37 ----D---- C:\Program Files\Mozilla Firefox
2014-01-13 15:58:52 ----D---- C:\Program Files\PANDORA.TV
2014-01-13 15:57:38 ----D---- C:\Program Files\The KMPlayer
2014-01-13 10:38:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2014-01-13 10:38:54 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2014-01-13 10:34:26 ----D---- C:\Program Files\CrystalDiskInfo
2014-01-06 11:46:31 ----A---- C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-01-06 11:10:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2898715$
2014-01-06 11:09:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2898785$
2014-01-06 11:09:03 ----HDC---- C:\WINDOWS\$NtUninstallKB2904266$
2014-01-06 11:05:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2893294$
2014-01-06 11:04:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2893984$
2014-01-05 23:34:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2892075$
2014-01-05 21:34:52 ----A---- C:\Program Files\GUT9.tmp
2014-01-05 21:34:32 ----D---- C:\Program Files\GUM8.tmp
2014-01-03 17:23:55 ----D---- C:\Program Files\GUM4.tmp
2014-01-03 17:23:55 ----A---- C:\Program Files\GUT5.tmp

======List of files/folders modified in the last 1 month======

2014-01-17 17:18:59 ----D---- C:\WINDOWS\Prefetch
2014-01-17 17:18:54 ----D---- C:\Program Files\trend micro
2014-01-17 17:14:22 ----D---- C:\WINDOWS\Temp
2014-01-17 17:14:17 ----A---- C:\WINDOWS\lexstat.ini
2014-01-17 16:34:46 ----D---- C:\WINDOWS
2014-01-17 13:58:38 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-01-17 13:58:36 ----D---- C:\WINDOWS\system32\CatRoot2
2014-01-17 13:23:47 ----D---- C:\WINDOWS\system32
2014-01-17 13:18:03 ----D---- C:\WINDOWS\system32\drivers
2014-01-17 09:13:23 ----SHD---- C:\WINDOWS\Installer
2014-01-16 22:34:23 ----SHD---- C:\WINDOWS\CSC
2014-01-16 19:20:55 ----RAD---- C:\Program Files
2014-01-16 19:15:11 ----D---- C:\WINDOWS\Debug
2014-01-16 11:42:31 ----D---- C:\WINDOWS\system32\MRT
2014-01-16 11:41:29 ----A---- C:\WINDOWS\system32\MRT.exe
2014-01-16 11:41:14 ----D---- C:\Config.Msi
2014-01-16 11:40:44 ----HD---- C:\WINDOWS\inf
2014-01-16 11:40:29 ----RSHDC---- C:\WINDOWS\system32\dllcache
2014-01-15 09:22:25 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-01-14 14:01:57 ----D---- C:\Documents and Settings
2014-01-14 12:04:17 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2014-01-14 03:07:40 ----D---- C:\SYSTEM
2014-01-14 03:07:39 ----D---- C:\Program Files\Crystal Player
2014-01-13 14:10:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-06 11:46:49 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2014-01-05 22:16:20 ----D---- C:\Program Files\Google

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [2013-05-09 49376]
R0 aswVmm;aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [2013-08-25 175176]
R0 viaagp;Filtr VIA sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
R0 viaagp1;VIA AGP Filter; C:\WINDOWS\system32\DRIVERS\viaagp1.sys [2002-07-24 32128]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2013-05-09 49760]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2013-08-25 770344]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2013-08-25 369584]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2013-05-09 56080]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2013-06-26 242240]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2013-05-09 29816]
R2 aswMonFlt;aswMonFlt; \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys []
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-10-25 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-10-25 55936]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2002-03-26 45568]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VIAudio;VIA AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\viaudio.sys [2002-09-15 64128]
R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2002-11-13 10496]
S2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys []
S3 AgereSoftModem;Microcom InPorte Home; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2002-09-25 1141248]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-08-18 4017536]
S3 CoolerXPDriver;CoolerXPDriver; \??\C:\Program Files\MSI\PC Alert 4\NTCooler.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2007-07-17 25544]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MSICPL;MSICPL; \??\D:\install4\MSICPL.sys []
S3 PCAlertDriver;PCAlertDriver; \??\C:\Program Files\MSI\PC Alert 4\NTGLM7X.sys []
S3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-06-16 83968]
S3 STAC97;VIA Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\STAC97.sys [2001-09-17 91792]
S3 TrueSight;TrueSight; \??\ []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2002-10-24 6912]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2013-05-09 46808]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2006-04-17 311296]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 PanService;PandoraService; C:\Program Files\PANDORA.TV\PanService\KMPService.exe [2013-07-08 1922600]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-20 136176]
S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-07-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-06 257416]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-20 136176]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-01-13 119408]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#19 Příspěvek od **Márty84** » 17 led 2014 17:43

Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe , ulozte na plochu a spustte.
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).

HonzaM · #20 Příspěvek od **HonzaM** » 17 led 2014 22:11

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

a další LOG Extras

OTL Extras logfile created on: 17.1.2014 21:00:09 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Honza.WHISKY\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

767,48 Mb Total Physical Memory | 366,71 Mb Available Physical Memory | 47,78% Memory free
2,70 Gb Paging File | 2,39 Gb Available in Paging File | 88,43% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,53 Gb Total Space | 36,08 Gb Free Space | 48,41% Space Free | Partition Type: NTFS

Computer Name: WHISKY | User Name: Honza | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\SoftwareTime\ComputerTime\bin\ctmn32.exe" = C:\Program Files\SoftwareTime\ComputerTime\bin\ctmn32.exe:*:Enabled:ComputerTime™
"C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe" = C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus
"C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe" = C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\PANDORA.TV\PanService\KMPProcess.exe" = C:\Program Files\PANDORA.TV\PanService\KMPProcess.exe:*:Enabled:KMPProcess -- (PandoraTV)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 23
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{564D0000-547B-4ED8-8070-85286CC8C9BF}" = OpenOffice.org 3.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}" = RTLSetup 2.50.503
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-AB0000000001}" = Adobe Reader XI (11.0.06) - Czech
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{cb2f7edd-9d1f-43c1-90fc-4f52eae172a1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF097717-F174-4144-954A-FBC4BF301029}" = Nero 7 Premium
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"4F6D5E84-5826-4394-9F40-3A9A19165651_is1" = KMP Service
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Microcom InPorte Home
"avast" = avast! Free Antivirus
"Avisynth" = AviSynth 2.5
"CCleaner" = CCleaner
"CrystalDiskInfo_is1" = CrystalDiskInfo 5.6.2 Shizuku Edition
"DAEMON Tools Lite" = DAEMON Tools Lite
"Facebook" = Facebook Desktop
"HijackThis" = HijackThis 2.0.2
"Lexmark 1200 Series" = Lexmark 1200 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware verze 1.75.0.1300
"microsoft .net framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 26.0 (x86 cs)" = Mozilla Firefox 26.0 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Office8.0" = Microsoft Office 97, Professional Edition
"Opera 12.16.1860" = Opera 12.16
"PC Alert 4" = PC Alert 4
"pygobject-py2.5" = Python 2.5 pygobject-2.12.3
"pygtk-py2.5" = Python 2.5 pygtk-2.10.6
"The KMPlayer" = The KMPlayer (remove only)
"VIA Audio Driver Setup Program" = VIA Audio Driver Setup Program
"VLC media player" = VLC media player 1.1.11
"VobSub" = VobSub 2.23
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1220945662-1482476501-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Antivirus Events ]
Error - 10.12.2009 11:03:44 | Computer Name = WHISKY | Source = avast! | ID = 33554522
Description =

Error - 10.12.2009 11:05:22 | Computer Name = WHISKY | Source = avast! | ID = 33554522
Description =

Error - 10.12.2009 11:05:22 | Computer Name = WHISKY | Source = avast! | ID = 33554522
Description =

Error - 10.12.2009 11:06:56 | Computer Name = WHISKY | Source = avast! | ID = 33554522
Description =

Error - 10.12.2009 11:06:56 | Computer Name = WHISKY | Source = avast! | ID = 33554522
Description =

Error - 10.12.2009 11:07:03 | Computer Name = WHISKY | Source = avast! | ID = 33554522
Description =

Error - 10.12.2009 11:07:04 | Computer Name = WHISKY | Source = avast! | ID = 33554522
Description =

Error - 10.12.2009 11:09:48 | Computer Name = WHISKY | Source = avast! | ID = 33554522
Description =

Error - 10.12.2009 11:10:26 | Computer Name = WHISKY | Source = avast! | ID = 33554522
Description =

Error - 10.12.2009 11:13:04 | Computer Name = WHISKY | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 15.1.2014 4:27:12 | Computer Name = WHISKY | Source = NativeWrapper | ID = 5000
Description =

Error - 16.1.2014 6:48:07 | Computer Name = WHISKY | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 1.1 -- Internal Error 2705. Directory

Error - 16.1.2014 6:48:07 | Computer Name = WHISKY | Source = MsiInstaller | ID = 1023
Description = Aktualizaci {C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0} produktu Microsoft
.NET Framework 1.1 nebylo možné nainstalovat. Kód chyby: 1603. Další informace
naleznete v souboru protokolu C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log.

Error - 16.1.2014 6:48:08 | Computer Name = WHISKY | Source = NativeWrapper | ID = 5000
Description =

Error - 16.1.2014 14:52:23 | Computer Name = WHISKY | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 1.1 -- Internal Error 2705. Directory

Error - 16.1.2014 14:52:23 | Computer Name = WHISKY | Source = MsiInstaller | ID = 1023
Description = Aktualizaci {C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0} produktu Microsoft
.NET Framework 1.1 nebylo možné nainstalovat. Kód chyby: 1603. Další informace
naleznete v souboru protokolu C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log.

Error - 16.1.2014 14:52:25 | Computer Name = WHISKY | Source = NativeWrapper | ID = 5000
Description =

Error - 17.1.2014 4:13:24 | Computer Name = WHISKY | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 1.1 -- Internal Error 2705. Directory

Error - 17.1.2014 4:13:24 | Computer Name = WHISKY | Source = MsiInstaller | ID = 1023
Description = Aktualizaci {C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0} produktu Microsoft
.NET Framework 1.1 nebylo možné nainstalovat. Kód chyby: 1603. Další informace
naleznete v souboru protokolu C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log.

Error - 17.1.2014 4:13:27 | Computer Name = WHISKY | Source = NativeWrapper | ID = 5000
Description =

[ System Events ]
Error - 16.1.2014 14:23:22 | Computer Name = WHISKY | Source = Service Control Manager | ID = 7000
Description = Služba MCSTRM neuspěla při spuštění v důsledku následující chyby:
%%2

Error - 16.1.2014 14:52:25 | Computer Name = WHISKY | Source = Windows Update Agent | ID = 20
Description = Instalace se nezdařila: Instalace následující aktualizace se nezdařila
z důvodu chyby (0x80070643): Aktualizace zabezpečení pro rozhraní Microsoft .NET
Framework 1.1 SP1 v systémech Windows XP, Windows Vista a Windows Server 2008 platformy
x86 (KB2833941).

Error - 16.1.2014 17:27:11 | Computer Name = WHISKY | Source = Service Control Manager | ID = 7000
Description = Služba MCSTRM neuspěla při spuštění v důsledku následující chyby:
%%2

Error - 16.1.2014 17:34:41 | Computer Name = WHISKY | Source = Service Control Manager | ID = 7000
Description = Služba MCSTRM neuspěla při spuštění v důsledku následující chyby:
%%2

Error - 16.1.2014 17:52:04 | Computer Name = WHISKY | Source = Service Control Manager | ID = 7000
Description = Služba MCSTRM neuspěla při spuštění v důsledku následující chyby:
%%2

Error - 17.1.2014 4:09:50 | Computer Name = WHISKY | Source = Service Control Manager | ID = 7000
Description = Služba MCSTRM neuspěla při spuštění v důsledku následující chyby:
%%2

Error - 17.1.2014 4:14:02 | Computer Name = WHISKY | Source = Windows Update Agent | ID = 20
Description = Instalace se nezdařila: Instalace následující aktualizace se nezdařila
z důvodu chyby (0x80070643): Aktualizace zabezpečení pro rozhraní Microsoft .NET
Framework 1.1 SP1 v systémech Windows XP, Windows Vista a Windows Server 2008 platformy
x86 (KB2833941).

Error - 17.1.2014 8:10:30 | Computer Name = WHISKY | Source = Service Control Manager | ID = 7000
Description = Služba MCSTRM neuspěla při spuštění v důsledku následující chyby:
%%2

Error - 17.1.2014 11:34:44 | Computer Name = WHISKY | Source = Service Control Manager | ID = 7000
Description = Služba MCSTRM neuspěla při spuštění v důsledku následující chyby:
%%2

Error - 17.1.2014 15:45:53 | Computer Name = WHISKY | Source = Service Control Manager | ID = 7000
Description = Služba MCSTRM neuspěla při spuštění v důsledku následující chyby:
%%2

< End of report >

#21 Příspěvek od **Márty84** » 18 led 2014 05:47

No a kde je ten prvni log?

To co jste tu zkopiroval, je ten skript, ktery jste tam mel dat pred skenem

HonzaM · #22 Příspěvek od **HonzaM** » 18 led 2014 10:54

No jo máte pravdu.

Zde je :

OTL logfile created on: 18.1.2014 10:02:01 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Honza.WHISKY\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

767,48 Mb Total Physical Memory | 364,59 Mb Available Physical Memory | 47,50% Memory free
2,71 Gb Paging File | 2,32 Gb Available in Paging File | 85,61% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,53 Gb Total Space | 35,87 Gb Free Space | 48,13% Space Free | Partition Type: NTFS

Computer Name: WHISKY | User Name: Honza | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014.01.17 20:57:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Honza.WHISKY\Plocha\OTL.exe
PRC - [2014.01.17 20:54:50 | 003,764,024 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2014.01.17 20:54:48 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2014.01.13 23:12:29 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013.07.08 10:42:48 | 001,922,600 | ---- | M] (Pandora.TV) -- C:\Program Files\PANDORA.TV\PanService\KMPService.exe
PRC - [2013.07.08 10:42:38 | 001,798,696 | ---- | M] (PandoraTV) -- C:\Program Files\PANDORA.TV\PanService\KMPProcess.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2008.04.14 04:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.08.02 22:12:00 | 000,577,536 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE

========== Modules (No Company Name) ==========

MOD - [2014.01.17 22:22:41 | 002,155,008 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\14011701\algo.dll
MOD - [2014.01.17 20:54:58 | 019,336,120 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\libcef.dll
MOD - [2014.01.13 23:12:26 | 003,559,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014.01.06 11:46:46 | 016,242,056 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll
MOD - [2012.10.22 11:21:42 | 001,277,952 | ---- | M] () -- C:\Program Files\PANDORA.TV\PanService\avformat-53.dll
MOD - [2012.07.09 17:57:30 | 002,090,496 | ---- | M] () -- C:\Program Files\PANDORA.TV\PanService\avcodec-53.dll
MOD - [2012.03.23 10:07:34 | 000,224,768 | ---- | M] () -- C:\Program Files\PANDORA.TV\PanService\libupnp.dll
MOD - [2011.12.06 16:19:48 | 000,133,632 | ---- | M] () -- C:\Program Files\PANDORA.TV\PanService\avutil-51.dll
MOD - [2006.02.05 20:43:04 | 000,094,208 | ---- | M] () -- C:\Program Files\Lexmark 1200 Series\ConvDIB.dll
MOD - [2006.01.19 05:33:38 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LXCZPP5C.DLL

========== Services (SafeList) ==========

SRV - [2014.01.17 20:54:48 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014.01.13 23:12:27 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014.01.06 11:46:51 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.07.08 10:42:48 | 001,922,600 | ---- | M] (Pandora.TV) [Auto | Running] -- C:\Program Files\PANDORA.TV\PanService\KMPService.exe -- (PanService)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (TrueSight)
DRV - File not found [Kernel | Disabled | Stopped] -- System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\install4\MSICPL.sys -- (MSICPL)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - [2014.01.17 20:55:02 | 000,775,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2014.01.17 20:55:02 | 000,410,528 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2014.01.17 20:55:02 | 000,180,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014.01.17 20:55:02 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2014.01.17 20:55:02 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2014.01.17 20:55:02 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2014.01.17 20:55:01 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2013.06.26 21:00:29 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2008.04.13 19:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2007.07.17 21:04:00 | 000,025,544 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2006.08.18 06:52:00 | 004,017,536 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2006.06.16 12:56:38 | 000,083,968 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2004.03.08 11:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2002.12.10 10:26:30 | 000,015,345 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\PC Alert 4\NTCooler.sys -- (CoolerXPDriver)
DRV - [2002.12.02 09:16:24 | 000,045,176 | ---- | M] (MICRO-STAR INT'L CO., LTD.) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\PC Alert 4\NTGLM7X.SYS -- (PCAlertDriver)
DRV - [2002.09.25 11:44:32 | 001,141,248 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2002.09.15 20:20:00 | 000,064,128 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viaudio.sys -- (VIAudio)
DRV - [2002.07.24 03:30:00 | 000,032,128 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)
DRV - [2002.03.26 09:34:22 | 000,045,568 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2001.10.25 15:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001.10.25 15:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001.09.17 12:40:12 | 000,091,792 | R--- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheritage.com?orig=ds&q={searchTerms}

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1220945662-1482476501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Bar = http://www.google.com
IE - HKU\S-1-5-21-1220945662-1482476501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = http://www.google.com
IE - HKU\S-1-5-21-1220945662-1482476501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1220945662-1482476501-839522115-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1220945662-1482476501-839522115-1003\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheritage.com?orig=ds&q={searchTerms}
IE - HKU\S-1-5-21-1220945662-1482476501-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.05.31 08:13:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2014.01.17 20:55:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014.01.13 23:11:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014.01.16 11:39:47 | 000,000,000 | ---D | M]

[2012.08.13 14:32:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\Mozilla\Extensions
[2014.01.16 19:20:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014.01.13 23:11:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014.01.13 23:12:30 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009.09.16 08:05:48 | 000,003,803 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MyHeritage.xml

========== Chrome ==========

O1 HOSTS File: ([2014.01.17 13:23:01 | 000,000,741 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKU\S-1-5-21-1220945662-1482476501-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKU\S-1-5-21-1220945662-1482476501-839522115-1003\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-21-1220945662-1482476501-839522115-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1220945662-1482476501-839522115-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKLM..\RunOnce: [20131224] C:\Program Files\Alwil Software\Avast5\setup\emupdate\1299ebed-72dc-410b-8153-8203233d0ef8.exe (AVAST Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1220945662-1482476501-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1220945662-1482476501-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1220945662-1482476501-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-1220945662-1482476501-839522115-1003\..Trusted Domains: ([]msn in Tento počítač)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B96B1043-512F-45A8-9BBD-1E0A7C328A39}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MJPG - C:\WINDOWS\System32\Pvmjpg21.dll (Pegasus Imaging Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.xvid - xvidvfw.dll File not found
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2014.01.18 09:51:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\AVAST Software
[2014.01.17 20:57:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Honza.WHISKY\Plocha\OTL.exe
[2014.01.17 20:55:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Avast
[2014.01.17 20:49:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\AVAST Software
[2014.01.17 13:26:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Honza.WHISKY\Recent
[2014.01.16 14:16:17 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.01.13 23:11:37 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014.01.13 15:59:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\PANDORATV
[2014.01.13 15:58:52 | 000,000,000 | ---D | C] -- C:\Program Files\PANDORA.TV
[2014.01.13 15:58:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Honza.WHISKY\Nabídka Start\Programy\The KMPlayer
[2014.01.13 15:57:38 | 000,000,000 | ---D | C] -- C:\Program Files\The KMPlayer
[2014.01.13 10:39:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Malwarebytes' Anti-Malware
[2014.01.13 10:38:54 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014.01.13 10:38:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014.01.13 10:34:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\CrystalDiskInfo
[2014.01.13 10:34:26 | 000,000,000 | ---D | C] -- C:\Program Files\CrystalDiskInfo
[2014.01.06 11:46:31 | 009,272,200 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2014.01.05 22:18:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Google Earth
[4 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014.01.18 10:04:11 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014.01.18 10:03:58 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014.01.18 10:01:15 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014.01.18 09:59:33 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2014.01.18 09:50:46 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014.01.18 09:50:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014.01.17 21:46:02 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014.01.17 20:57:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Honza.WHISKY\Plocha\OTL.exe
[2014.01.17 20:55:02 | 000,775,952 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2014.01.17 20:55:02 | 000,410,528 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2014.01.17 20:55:02 | 000,180,248 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014.01.17 20:55:02 | 000,067,824 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2014.01.17 20:55:02 | 000,057,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014.01.17 20:55:02 | 000,049,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2014.01.17 20:55:01 | 000,054,832 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2014.01.17 20:55:00 | 000,270,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014.01.17 20:55:00 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014.01.17 20:48:39 | 000,002,504 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2014.01.17 17:25:49 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Plocha\Skype.lnk
[2014.01.17 17:14:17 | 000,000,690 | ---- | M] () -- C:\WINDOWS\lexstat.ini
[2014.01.17 13:11:12 | 000,000,053 | ---- | M] () -- C:\biosinfo
[2014.01.16 19:28:07 | 003,809,280 | ---- | M] () -- C:\Documents and Settings\Honza.WHISKY\Plocha\RogueKiller.exe
[2014.01.16 14:15:53 | 001,236,282 | ---- | M] () -- C:\Documents and Settings\Honza.WHISKY\Plocha\adwcleaner.exe
[2014.01.16 10:40:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014.01.13 15:58:28 | 000,000,721 | ---- | M] () -- C:\Documents and Settings\Honza.WHISKY\Plocha\KMPlayer.lnk
[2014.01.13 14:10:49 | 000,441,112 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014.01.13 14:10:49 | 000,437,490 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2014.01.13 14:10:49 | 000,071,430 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014.01.13 14:10:48 | 000,082,890 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2014.01.13 10:39:03 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Plocha\Malwarebytes Anti-Malware.lnk
[2014.01.06 11:46:49 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014.01.06 11:46:49 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014.01.06 11:46:32 | 009,272,200 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2014.01.06 11:23:43 | 000,127,704 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[4 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014.01.16 19:28:04 | 003,809,280 | ---- | C] () -- C:\Documents and Settings\Honza.WHISKY\Plocha\RogueKiller.exe
[2014.01.16 14:15:47 | 001,236,282 | ---- | C] () -- C:\Documents and Settings\Honza.WHISKY\Plocha\adwcleaner.exe
[2014.01.13 15:58:28 | 000,000,721 | ---- | C] () -- C:\Documents and Settings\Honza.WHISKY\Plocha\KMPlayer.lnk
[2014.01.13 10:39:03 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Plocha\Malwarebytes Anti-Malware.lnk
[2013.08.25 19:45:48 | 000,180,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013.08.25 19:45:46 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2012.02.15 13:49:44 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.09.08 13:59:15 | 000,000,156 | ---- | C] () -- C:\Documents and Settings\Honza.WHISKY\defogger_reenable
[2009.10.21 10:45:13 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Honza.WHISKY\Local Settings\Data aplikací\fusioncache.dat
[2009.01.27 15:29:16 | 000,000,426 | ---- | C] () -- C:\Documents and Settings\Honza.WHISKY\.glade2
[2007.07.22 00:18:10 | 000,070,144 | ---- | C] () -- C:\Documents and Settings\Honza.WHISKY\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004.12.06 16:37:07 | 004,289,024 | ---- | C] () -- C:\Program Files\trial_setup.msi
[2004.12.06 16:37:07 | 000,040,448 | ---- | C] () -- C:\Program Files\trial_setup.exe
[2004.12.06 16:37:07 | 000,000,777 | ---- | C] () -- C:\Program Files\trial_setup.ini
[2003.10.04 15:25:21 | 023,101,440 | ---- | C] () -- C:\Program Files\language.mix

========== ZeroAccess Check ==========

[2009.01.29 15:23:58 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2013.10.25 01:52:44 | 001,510,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:56:05 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 04:22:05 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2006.01.17 09:50:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.SHOOTER\Data aplikací\ICQLite
[2003.05.15 22:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\BVRP Software
[2010.08.09 19:17:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Alwil Software
[2014.01.17 20:49:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\AVAST Software
[2008.01.17 11:29:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\avg7
[2007.07.30 11:12:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\BVRP Software
[2011.08.15 22:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\C167
[2010.12.17 15:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\DAEMON Tools Lite
[2010.12.19 18:28:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Firefly Studios
[2014.01.16 19:20:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\ICQ
[2011.10.06 12:54:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\InstallMate
[2009.01.27 16:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\MyHeritage
[2010.09.12 09:43:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\SoftwareTime
[2009.01.29 15:42:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Sony
[2005.09.28 14:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Data aplikací\Azureus
[2005.10.18 16:19:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Data aplikací\Brilliant Labs, Inc
[2005.07.03 18:46:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Data aplikací\COWON
[2005.07.20 13:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Data aplikací\ICQLite
[2003.04.11 18:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Data aplikací\InterTrust
[2005.11.12 11:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza\Data aplikací\Opera
[2006.03.07 14:34:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.SHOOTER\Data aplikací\.bittorrent
[2006.05.08 20:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.SHOOTER\Data aplikací\Azureus
[2006.01.03 14:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.SHOOTER\Data aplikací\COWON
[2006.01.17 09:57:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.SHOOTER\Data aplikací\ICQ
[2006.01.20 09:05:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.SHOOTER\Data aplikací\ICQLite
[2006.04.19 12:46:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.SHOOTER\Data aplikací\InternetCalls
[2007.05.18 13:11:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.SHOOTER\Data aplikací\MegauploadToolbar
[2006.06.07 18:02:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.SHOOTER\Data aplikací\OLYMPUS
[2006.01.20 09:36:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.SHOOTER\Data aplikací\Opera
[2006.12.26 09:28:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.SHOOTER\Data aplikací\Teleca
[2006.03.09 13:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.SHOOTER\Data aplikací\VoipBuster
[2012.08.13 14:18:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\Any Video Converter
[2014.01.18 09:51:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\AVAST Software
[2008.01.17 10:13:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\AVG7
[2012.05.06 17:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\Azureus
[2011.10.06 12:52:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\Babylon
[2011.11.09 09:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\BabylonToolbar
[2010.04.19 20:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\CheckPoint
[2012.05.06 17:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\DAEMON Tools Lite
[2013.10.22 10:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\Dropbox
[2011.09.07 09:03:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\Facebook
[2011.10.06 15:46:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\facemoods.com
[2009.01.27 15:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\gramps
[2011.10.27 16:23:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\ICQ
[2007.07.30 18:23:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\ICQ Toolbar
[2007.07.30 15:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\ICQLite
[2011.08.19 08:53:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\imeshbandmltbpi
[2009.06.22 14:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\Jpeg Resampler
[2011.09.02 17:23:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\mediabarim
[2009.01.27 16:17:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\MyHeritage
[2007.07.30 10:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\OLYMPUS
[2011.09.08 14:06:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\OpenCandy
[2009.02.11 20:33:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\OpenOffice.org
[2008.01.04 13:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\Opera
[2010.09.04 16:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\Sony
[2005.09.26 19:44:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\Azureus
[2005.06.16 18:51:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\Brilliant Labs, Inc
[2005.05.14 22:04:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\COWON
[2005.06.13 19:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\ICQLite
[2005.06.16 18:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\Opera
[2005.04.22 19:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\Sierra
[2006.01.04 19:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek.SHOOTER\Data aplikací\.bittorrent
[2007.05.05 21:11:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek.SHOOTER\Data aplikací\Azureus
[2006.01.02 13:40:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek.SHOOTER\Data aplikací\COWON
[2006.01.18 15:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek.SHOOTER\Data aplikací\ICQ
[2006.01.02 13:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek.SHOOTER\Data aplikací\ICQLite
[2006.04.30 19:08:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek.SHOOTER\Data aplikací\LimeWire
[2007.06.15 23:32:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek.SHOOTER\Data aplikací\MEGAUPLOADTOOLBAR
[2007.03.02 14:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek.SHOOTER\Data aplikací\Miranda
[2006.07.19 14:07:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek.SHOOTER\Data aplikací\My Battle for Middle-earth Files
[2007.03.05 19:31:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek.SHOOTER\Data aplikací\NCH Swift Sound
[2006.06.07 17:23:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek.SHOOTER\Data aplikací\OLYMPUS
[2006.01.25 19:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek.SHOOTER\Data aplikací\Opera
[2006.12.25 19:30:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek.SHOOTER\Data aplikací\Teleca
[2006.03.05 21:06:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek.SHOOTER\Data aplikací\VoipBuster

========== Purity Check ==========

========== Custom Scans ==========

< >
[2007.07.17 20:16:29 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2007.07.17 20:27:43 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2009.04.02 08:54:47 | 000,000,260 | ---- | C] () -- C:\WINDOWS\Tasks\WGASetup.job
[2012.08.13 14:22:45 | 000,000,914 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2013.01.15 09:51:08 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job
[2013.04.18 13:42:30 | 000,000,934 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2013.04.18 13:42:32 | 000,000,938 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

< >

< MD5 for: AGP440.SYS >
[2004.08.17 14:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004.08.17 14:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys
[2004.08.03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.04.14 04:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\cmdcons\autochk.exe
[2008.04.14 04:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008.04.14 04:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe
[2004.08.17 14:49:22 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe

< MD5 for: CDROM.SYS >
[2004.08.17 14:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004.08.03 21:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2004.08.17 14:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 04:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2008.04.14 04:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 04:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 04:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 04:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2004.08.17 14:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 04:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 04:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 04:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007.06.13 14:11:59 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=9B32416BD5988C97B6397CE0B02CAF97 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007.06.13 14:23:39 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=ED7B460B142A32097B8A8F6ECC941815 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: HAL.DLL >
[2004.08.17 14:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 19:31:28 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\HAL.DLL
[2008.04.13 19:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2004.08.03 21:59:14 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll

< MD5 for: CHANGER.SYS >
[2004.08.17 14:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.13 19:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys

< MD5 for: ISAPNP.SYS >
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2001.10.24 10:44:12 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
[2001.10.25 15:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\isapnp.sys
[2001.10.24 10:44:12 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\ReinstallBackups\0016\DriverFiles\i386\isapnp.sys
[2008.04.14 03:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 03:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2004.08.17 14:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 04:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ERDNT\cache\lsass.exe
[2008.04.14 04:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 04:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008.04.13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004.08.03 22:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2004.08.17 14:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 04:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 04:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004.08.17 14:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 04:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 04:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.17 14:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2004.08.17 14:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2008.04.14 04:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 04:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008.04.14 04:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008.04.14 04:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 04:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2004.08.17 14:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2006.04.20 12:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008.06.20 11:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008.06.20 11:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2008.04.13 20:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.13 23:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9425B72F40257B45D45D24773273DAD0 -- C:\WINDOWS\$NtUninstallKB2509553$\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006.04.20 13:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 04:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 04:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2004.08.17 14:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.17 14:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 04:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 04:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2004.08.17 14:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008.04.14 04:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2008.04.14 04:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 04:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< >

< %systemroot%*.* /U /s >
[16 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\WINDOWS\CSC\*.tmp files -> C:\WINDOWS\CSC\*.tmp -> ]
[11 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[10 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2011.03.28 16:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\Adobe
[2007.07.30 09:36:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\AdobeUM
[2008.02.05 10:45:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\Ahead
[2012.08.13 14:18:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\Any Video Converter
[2009.01.30 15:46:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\Apple Computer
[2014.01.18 09:51:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\AVAST Software
[2008.01.17 10:13:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\AVG7
[2012.05.06 17:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\Azureus
[2011.10.06 12:52:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\Babylon
[2011.11.09 09:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\BabylonToolbar
[2010.04.19 20:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\CheckPoint
[2012.05.06 17:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\DAEMON Tools Lite
[2009.11.08 23:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\DivX
[2013.10.22 10:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\Dropbox
[2011.09.07 09:03:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\Facebook
[2011.10.06 15:46:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\facemoods.com
[2010.08.20 08:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\Google
[2009.01.27 15:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\gramps
[2008.10.18 19:32:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\Help
[2011.10.27 16:23:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\ICQ
[2007.07.30 18:23:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\ICQ Toolbar
[2007.07.30 15:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\ICQLite
[2007.07.17 20:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\Identities
[2011.08.19 08:53:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\imeshbandmltbpi
[2009.06.22 14:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\Jpeg Resampler
[2007.07.16 21:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\Macromedia
[2009.06.01 06:46:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\Malwarebytes
[2011.09.02 17:23:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\mediabarim
[2011.03.28 16:01:51 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\Microsoft
[2008.06.18 14:31:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\Mozilla
[2009.11.03 16:49:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\MSN6
[2009.01.27 16:17:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\MyHeritage
[2007.07.30 10:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\OLYMPUS
[2011.09.08 14:06:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\OpenCandy
[2009.02.11 20:33:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\OpenOffice.org
[2008.01.04 13:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\Opera
[2010.03.11 07:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\Real
[2014.01.17 17:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\Skype
[2011.12.24 11:32:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\skypePM
[2010.09.04 16:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\Sony
[2007.07.21 23:44:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\Sun
[2013.11.28 09:56:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\vlc
[2007.12.21 11:41:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\WinRAR

< %APPDATA%\*.exe /s >
[2010.06.09 21:06:54 | 000,031,236 | ---- | M] () -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\Facebook\uninstall.exe
[2007.04.18 16:51:28 | 000,004,608 | ---- | M] () -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\Facebook\w9xpopen.exe
[2011.09.08 14:06:45 | 000,416,160 | ---- | M] () -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\OpenCandy\OpenCandy_C63A2B36AC2144728AB28AA7AEC473C6\LatestDLMgr.exe
[2011.08.01 23:38:30 | 001,872,896 | ---- | M] (Speedchecker Limited ) -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\OpenCandy\OpenCandy_C63A2B36AC2144728AB28AA7AEC473C6\pcspeedup.exe
[2011.05.26 11:20:32 | 000,308,864 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\Real\Update\UpgradeHelper\RealPlayer\8.01\rnupgagent.exe
[2011.05.27 08:10:04 | 025,824,400 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\Real\Update\UpgradeHelper\RealPlayer\8.01\stub_data\RealPlayer.exe
[2011.05.27 08:08:00 | 000,675,088 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\Real\Update\UpgradeHelper\RealPlayer\8.01\stub_exe\RealPlayer.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007.07.17 03:59:50 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2007.07.17 03:59:50 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2007.07.17 03:59:50 | 000,471,040 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >
[2014.01.17 20:55:02 | 000,067,824 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswMonFlt.sys
[2014.01.17 20:55:01 | 000,054,832 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys
[2014.01.17 20:55:02 | 000,049,944 | ---- | M] () -- C:\WINDOWS\system32\drivers\aswRvrt.sys
[2014.01.17 20:55:02 | 000,775,952 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswSnx.sys
[2014.01.17 20:55:02 | 000,410,528 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswSP.sys
[2014.01.17 20:55:02 | 000,057,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys
[2014.01.17 20:55:02 | 000,180,248 | ---- | M] () -- C:\WINDOWS\system32\drivers\aswVmm.sys

< %systemroot%\system32\*.* /3 >
[2014.01.17 20:55:00 | 000,270,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\aswBoot.exe
[2014.01.17 20:48:39 | 000,002,504 | ---- | M] () -- C:\WINDOWS\system32\CONFIG.NT
[2014.01.16 11:41:29 | 083,425,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MRT.exe
[2014.01.16 10:40:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" -- [2007.06.27 18:03:40 | 000,152,872 | ---- | M] (Nero AG)
"MSMSGS" = "C:\Program Files\Messenger\msmsgs.exe" /background -- [2008.04.14 04:22:36 | 001,695,232 | ---- | M] (Microsoft Corporation)
"DAEMON Tools Lite" = "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun -- [2013.03.14 09:23:30 | 003,672,640 | ---- | M] (Disc Soft Ltd)

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< >

< type c:\boot.ini >> test.txt /c >
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2014.01.18 10:04:11 | 000,000,512 | ---- | M] () MD5=35DC9160F458F004F23102E0383B6C92 -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2007.04.09 13:12:15 | 000,067,756 | ---- | M] () -- \CS\cstrike\sound\misc\cracker1.wav
[2006.03.18 12:44:35 | 000,023,012 | ---- | M] () -- \CS\cstrike\sound\misc\cracker1.wav.ztmp
[1999.03.28 17:19:50 | 000,092,827 | ---- | M] () -- \Program Files\Corel\Graphics9\Custom\Bumpmap\Cracks.cpt
[1997.02.27 15:43:24 | 000,016,068 | ---- | M] () -- \Program Files\Corel\Graphics9\Custom\Canvas\cracks2c.pcx
[1999.03.28 16:44:12 | 000,010,560 | ---- | M] () -- \Program Files\Corel\Graphics9\Custom\Tiles\CRACKS2M.CPT
[2004.11.25 17:37:00 | 001,538,374 | ---- | M] () -- \Program Files\Image-Line\FLStudio5\FruityLoops_v5_Crack.exe

< *keygen* /s >

< *AntiWPA* /s >

< *loader* /s >
[2003.09.15 14:02:00 | 000,169,384 | ---- | M] () -- \CS\cstrike\models\qloader.mdl
[2003.09.15 13:55:50 | 000,352,548 | ---- | M] () -- \CS\valve\models\loader.mdl
[2003.09.15 13:56:04 | 000,012,764 | ---- | M] () -- \CS\valve\sound\ambience\loader_hydra1.wav
[2003.09.15 13:56:04 | 000,012,164 | ---- | M] () -- \CS\valve\sound\ambience\loader_step1.wav
[2011.05.30 14:35:18 | 000,004,176 | ---- | M] () -- \Documents and Settings\Administrator.SHOOTER\Data aplikací\Mozilla\Firefox\Profiles\c8h813r6.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\widgets\net.vmn.www.Coupons_v2\images\loader.gif
[2011.05.30 14:35:18 | 000,004,176 | ---- | M] () -- \Documents and Settings\Administrator.WHISKY\Data aplikací\Mozilla\Firefox\Profiles\sso81axp.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\widgets\net.vmn.www.Coupons_v2\images\loader.gif
[2011.05.31 08:13:22 | 000,002,793 | ---- | M] () -- \Documents and Settings\All Users.WINDOWS\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Chrome\Content\browserrecordloader.js
[2011.05.31 08:13:22 | 000,000,319 | ---- | M] () -- \Documents and Settings\All Users.WINDOWS\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Chrome\Content\browserrecordloader.xul
[2012.06.18 11:39:40 | 000,072,638 | ---- | M] () -- \Documents and Settings\All Users.WINDOWS\Data aplikací\Skype\Apps\login\images\loader.gif
[2012.06.18 11:39:40 | 000,003,032 | ---- | M] () -- \Documents and Settings\All Users.WINDOWS\Data aplikací\Skype\Apps\login\images\loader.png
[2011.05.30 14:35:18 | 000,004,176 | ---- | M] () -- \Documents and Settings\Honza.SHOOTER\Data aplikací\Mozilla\Firefox\Profiles\b3gsh13s.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\widgets\net.vmn.www.Coupons_v2\images\loader.gif
[2007.08.08 22:52:26 | 000,005,632 | ---- | M] () -- \Documents and Settings\Honza.WHISKY\Data aplikací\Facebook\_win32sysloader.pyd
[2011.05.30 14:35:18 | 000,004,176 | ---- | M] () -- \Documents and Settings\Honza\Data aplikací\Mozilla\Firefox\Profiles\6n8ayfp6.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\widgets\net.vmn.www.Coupons_v2\images\loader.gif
[2003.04.25 20:44:48 | 000,000,065 | ---- | M] () -- \Documents and Settings\Honza\Oblíbené položky\Zábava, hudba mp3\VOL FTP Downloader.url
[2011.05.30 14:35:18 | 000,004,176 | ---- | M] () -- \Documents and Settings\Marek.SHOOTER\Data aplikací\Mozilla\Firefox\Profiles\pt94rwoo.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\widgets\net.vmn.www.Coupons_v2\images\loader.gif
[2006.03.03 16:32:39 | 000,000,000 | ---- | M] () -- \Documents and Settings\Marek.SHOOTER\Discworld Noir\crack\notes from uploader.txt
[2006.01.04 19:20:49 | 000,000,744 | ---- | M] () -- \Documents and Settings\Marek.SHOOTER\Nabídka Start\Programy\BitTorrent\Downloader.lnk
[2006.01.04 19:21:07 | 000,000,000 | ---- | M] () -- \Documents and Settings\Marek.SHOOTER\Warcraft 3.ReignOfChaosISO.FrozenThroneISO.Patch1.1-18.20a.NO-CDCrack.PVPGNBattlenet\war3loader.exe
[2006.01.04 19:21:07 | 000,000,000 | ---- | M] () -- \Documents and Settings\Marek.SHOOTER\Warcraft 3.ReignOfChaosISO.FrozenThroneISO.Patch1.1-18.20a.NO-CDCrack.PVPGNBattlenet\No.CD Cracks\AsianLoader1.1.exe
[2011.05.30 14:35:18 | 000,004,176 | ---- | M] () -- \Documents and Settings\Marek\Data aplikací\Mozilla\Firefox\Profiles\jsg61gjd.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\chrome\content\widgets\net.vmn.www.Coupons_v2\images\loader.gif
[2005.09.26 19:36:42 | 000,000,681 | ---- | M] () -- \Documents and Settings\Marek\Nabídka Start\Programy\BitTorrent\Downloader.lnk
[2004.12.03 12:21:38 | 000,002,822 | ---- | M] () -- \Program Files\BitTorrent\etc\gtk-2.0\gdk-pixbuf.loaders
[2004.12.03 12:21:36 | 000,019,456 | ---- | M] () -- \Program Files\BitTorrent\lib\gtk-2.0\2.4.0\loaders\libpixbufloader-ico.dll
[2004.12.03 12:21:36 | 000,020,480 | ---- | M] () -- \Program Files\BitTorrent\lib\gtk-2.0\2.4.0\loaders\libpixbufloader-png.dll
[2004.12.03 12:21:36 | 000,033,792 | ---- | M] () -- \Program Files\BitTorrent\lib\gtk-2.0\2.4.0\loaders\libpixbufloader-xpm.dll
[2007.06.27 18:03:00 | 000,177,448 | ---- | M] () -- \Program Files\Common Files\Ahead\Lib\NeGuideStoreLoader.dll
[2009.01.15 17:58:56 | 000,006,308 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\pythonloader.py
[2009.01.15 02:36:48 | 000,015,872 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\pythonloader.uno.dll
[2009.01.15 18:43:24 | 000,000,171 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\pythonloader.uno.ini
[2009.01.14 20:42:58 | 000,021,504 | ---- | M] () -- \Program Files\OpenOffice.org 3\URE\bin\javaloader.uno.dll
[2009.01.15 01:59:36 | 000,003,872 | ---- | M] () -- \Program Files\OpenOffice.org 3\URE\java\unoloader.jar
[2009.11.03 08:18:44 | 000,001,399 | ---- | M] () -- \Program Files\Real\RealPlayer\browserrecord\firefox\ext\chrome\content\browserrecordloader.js
[2009.11.03 08:18:44 | 000,000,319 | ---- | M] () -- \Program Files\Real\RealPlayer\browserrecord\firefox\ext\chrome\content\browserrecordloader.xul
[2006.01.30 16:01:18 | 000,495,616 | ---- | M] () -- \Program Files\Sony Ericsson\Mobile2\Sync Station\NotesPimAdaptorLoader.dll
[2008.02.25 07:05:22 | 000,856,064 | ---- | M] () -- \Program Files\The KMPlayer\ImLoader.dll
[2006.12.23 17:37:56 | 000,044,032 | ---- | M] () -- \Program Files\WinRAR\RarExtLoader.exe
[2009.01.27 15:34:42 | 000,032,441 | ---- | M] () -- \Python25\share\gtk-doc\html\pygtk\class-gdkpixbufloader.html
[2004.08.17 14:49:06 | 000,035,840 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\dmloader.dll
[2002.12.12 00:14:32 | 000,033,280 | ---- | M] () -- \WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dmloader.dll
[2008.04.14 04:21:39 | 000,035,840 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\dmloader.dll
[2008.04.13 19:31:47 | 000,230,912 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.exe
[2008.04.13 19:31:48 | 000,278,528 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.ntd
[2008.04.14 04:21:39 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dmloader.dll
[2008.04.14 04:21:39 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dllcache\dmloader.dll

< *minodlogin* /s >

< *tnod* /s >
[2006.05.01 09:51:09 | 000,000,004 | ---- | M] () -- \Documents and Settings\Marek.SHOOTER\Local Settings\Data aplikací\Ares\Data\DHTnodes.dat

< *AutoKMS* /s >

< *activator* /s >

< *serial* /s >
[2004.08.17 14:44:16 | 000,030,301 | ---- | M] () -- \cmdcons\SERIAL.SY_
[2005.01.26 18:31:02 | 000,000,377 | ---- | M] () -- \Documents and Settings\Marek\Recent\Serial.lnk
[1999.03.23 11:54:52 | 000,037,079 | ---- | M] () -- \Program Files\Corel\Graphics9\Register\serial2.gif
[2013.09.13 00:53:56 | 000,434,368 | ---- | M] () -- \Program Files\Microsoft Silverlight\5.1.20913.0\System.Runtime.Serialization.dll
[2013.10.13 19:16:48 | 001,164,288 | ---- | M] () -- \Program Files\Microsoft Silverlight\5.1.20913.0\System.Runtime.Serialization.ni.dll
[2012.09.27 00:12:26 | 000,970,752 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2007.07.17 20:09:53 | 000,596,785 | ---- | M] () -- \Program Files\Scorpions WinCheater\Serials.sc2
[2004.08.17 14:44:16 | 000,064,640 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\serial.sys
[2009.10.21 10:44:46 | 000,131,072 | ---- | M] () -- \WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2013.10.13 19:32:17 | 000,131,072 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2013.01.10 09:28:15 | 000,970,752 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2013.09.10 16:00:32 | 000,311,296 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a95e0af6fa5d2e8ffd5e0091f6513271\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2013.08.28 13:58:25 | 002,345,472 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\ba6670610621b25b1608e457ba0ef305\System.Runtime.Serialization.ni.dll
[2004.07.15 13:31:54 | 000,131,072 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
[2008.07.25 11:17:00 | 000,131,072 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2012.09.27 00:12:26 | 000,970,752 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2008.04.14 03:17:25 | 000,028,416 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\grserial.sys
[2008.04.14 03:21:08 | 000,064,256 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\serial.sys
[2007.06.27 13:59:02 | 000,131,072 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\system.runtime.serialization.formatters.soap.dll
[2001.10.25 15:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dpserial.dll
[2001.10.25 15:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\serialui.dll
[2001.10.25 15:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dllcache\dpserial.dll
[2001.10.25 15:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\dllcache\serialui.dll
[2008.04.14 03:21:08 | 000,064,256 | ---- | M] () -- \WINDOWS\system32\drivers\serial.sys

< *w7lxe* /s >

< End of report >

#23 Příspěvek od **Márty84** » 18 led 2014 13:54

Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne

Znovu spustte OTL
Do spodniho okna vlozte nasledujici text (vcetne te dvojtecky pred slovem commands)

Kód: Vybrat vše

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[Purity]
[ClearAllRestorePoints]

:services
PanService
gupdate
SkypeUpdate
AdobeFlashPlayerUpdateSvc
gupdatem

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\Documents and Settings\Honza.WHISKY\Data aplikací\OpenCandy
C:\Documents and Settings\Honza.WHISKY\Data aplikací\Babylon
C:\Program Files\Conduit\Community Alerts\Alert.dll

:otl
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheritage.com?orig=ds&q={searchTerms}
IE - HKU\S-1-5-21-1220945662-1482476501-839522115-1003\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheritage.com?orig=ds&q={searchTerms}
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found
O3 - HKU\S-1-5-21-1220945662-1482476501-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKU\S-1-5-21-1220945662-1482476501-839522115-1003\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O15 - HKU\S-1-5-21-1220945662-1482476501-839522115-1003\..Trusted Domains: ([]msn in Tento počítač)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mv9VCM.CAB (Reg Error: Key error.)
[4 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[2008.01.17 11:29:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\avg7
[2008.01.17 10:13:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\AVG7
[2011.10.06 12:52:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\Babylon
[2011.11.09 09:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\BabylonToolbar
[2007.07.30 18:23:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\ICQ Toolbar
[2011.09.08 14:06:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Honza.WHISKY\Data aplikací\OpenCandy
[16 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\WINDOWS\CSC\*.tmp files -> C:\WINDOWS\CSC\*.tmp -> ]
[11 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[10 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> ]

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=-
"MSMSGS"=-
"DAEMON Tools Lite"=-

Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.

HonzaM · #24 Příspěvek od **HonzaM** » 19 led 2014 22:24

nový LOG :

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.SHOOTER
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.WHISKY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: ADMINI~1~SHO

User: All Users

User: All Users.WINDOWS

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Honza
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Honza.SHOOTER
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Honza.WHISKY
->Temp folder emptied: 10544052 bytes
->Temporary Internet Files folder emptied: 1937117 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 21064696 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 836 bytes

User: HONZA~1~SHO

User: HONZA~1~WHI

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY.000
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Marek
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Marek.SHOOTER
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 35829559 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 236271979 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 154234 bytes

Total Files Cleaned = 292,00 mb

[EMPTYFLASH]

User: Administrator

User: Administrator.SHOOTER

User: Administrator.WHISKY
->Flash cache emptied: 0 bytes

User: ADMINI~1~SHO

User: All Users

User: All Users.WINDOWS

User: Default User

User: Default User.WINDOWS

User: Honza
->Flash cache emptied: 0 bytes

User: Honza.SHOOTER
->Flash cache emptied: 0 bytes

User: Honza.WHISKY
->Flash cache emptied: 0 bytes

User: HONZA~1~SHO

User: HONZA~1~WHI

User: LocalService

User: LocalService.NT AUTHORITY

User: LocalService.NT AUTHORITY.000

User: Marek
->Flash cache emptied: 0 bytes

User: Marek.SHOOTER
->Flash cache emptied: 0 bytes

User: NetworkService

User: NetworkService.NT AUTHORITY

User: NetworkService.NT AUTHORITY.000

Total Flash Files Cleaned = 0,00 mb

Error creating restore point.
========== SERVICES/DRIVERS ==========
Service PanService stopped successfully!
Service PanService deleted successfully!
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service SkypeUpdate stopped successfully!
Service SkypeUpdate deleted successfully!
Service AdobeFlashPlayerUpdateSvc stopped successfully!
Service AdobeFlashPlayerUpdateSvc deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
C:\WINDOWS\tasks\Adobe Flash Player Updater.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Documents and Settings\Honza.WHISKY\Data aplikací\OpenCandy\OpenCandy_C63A2B36AC2144728AB28AA7AEC473C6 folder moved successfully.
C:\Documents and Settings\Honza.WHISKY\Data aplikací\OpenCandy folder moved successfully.
C:\Documents and Settings\Honza.WHISKY\Data aplikací\Babylon folder moved successfully.
File\Folder C:\Program Files\Conduit\Community Alerts\Alert.dll not found.
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}\ not found.
Registry key HKEY_USERS\S-1-5-21-1220945662-1482476501-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1220945662-1482476501-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
Registry value HKEY_USERS\S-1-5-21-1220945662-1482476501-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.
Registry value HKEY_USERS\S-1-5-21-1220945662-1482476501-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\\ deleted successfully.
Starting removal of ActiveX control {33564D57-0000-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\WMV9VCM.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33564D57-0000-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
C:\Program Files\GUM4.tmp\GoogleCrashHandler.exe deleted successfully.
C:\Program Files\GUM4.tmp\GoogleCrashHandler64.exe deleted successfully.
C:\Program Files\GUM4.tmp\GoogleUpdate.exe deleted successfully.
C:\Program Files\GUM4.tmp\GoogleUpdateBroker.exe deleted successfully.
C:\Program Files\GUM4.tmp\GoogleUpdateHelper.msi deleted successfully.
C:\Program Files\GUM4.tmp\GoogleUpdateOnDemand.exe deleted successfully.
C:\Program Files\GUM4.tmp\GoogleUpdateSetup.exe deleted successfully.
C:\Program Files\GUM4.tmp\goopdate.dll deleted successfully.
C:\Program Files\GUM4.tmp\goopdateres_am.dll deleted successfully.
C:\Program Files\GUM4.tmp\goopdateres_ar.dll deleted successfully.
C:\Program Files\GUM4.tmp\goopdateres_bg.dll deleted successfully.
C:\Program Files\GUM4.tmp\goopdateres_bn.dll deleted successfully.
C:\Program Files\GUM4.tmp\goopdateres_ca.dll deleted successfully.
C:\Program Files\GUM4.tmp\goopdateres_cs.dll deleted successfully.
C:\Program Files\GUM4.tmp\goopdateres_da.dll deleted successfully.
C:\Program Files\GUM4.tmp\goopdateres_de.dll deleted successfully.
C:\Program Files\GUM4.tmp\goopdateres_el.dll deleted successfully.
C:\Program Files\GUM4.tmp\goopdateres_en-GB.dll deleted successfully.
C:\Program Files\GUM4.tmp\goopdateres_en.dll deleted successfully.
C:\Program Files\GUM4.tmp\goopdateres_es-419.dll deleted successfully.
C:\Program Files\GUM4.tmp\goopdateres_es.dll deleted successfully.
C:\Program Files\GUM4.tmp\goopdateres_et.dll deleted successfully.
C:\Program Files\GUM4.tmp\goopdateres_fa.dll deleted successfully.
C:\Program Files\GUM4.tmp\goopdateres_fi.dll deleted successfully.
C:\Program Files\GUM4.tmp\goopdateres_fil.dll deleted successfully.
C:\Program Files\GUM4.tmp\goopdateres_fr.dll deleted successfully.
C:\Program Files\GUM4.tmp\goopdateres_gu.dll deleted successfully.
C:\Program Files\GUM4.tmp\goopdateres_hi.dll deleted successfully.
C:\Program Files\GUM4.tmp\goopdateres_hr.dll deleted successfully.
C:\Program Files\GUM4.tmp\goopdateres_hu.dll deleted successfully.
C:\Program Files\GUM4.tmp\goopdateres_id.dll deleted successfully.
C:\Program Files\GUM4.tmp\goopdateres_is.dll deleted successfully.
C:\Program Files\GUM4.tmp\goopdateres_it.dll deleted successfully.
C:\Program Files\GUM4.tmp\goopdateres_iw.dll deleted successfully.
C:\Program Files\GUM4.tmp\goopdateres_ja.dll deleted successfully.
C:\Program Files\GUM4.tmp\goopdateres_kn.dll deleted successfully.
C:\Program Files\GUM4.tmp\goopdateres_ko.dll deleted successfully.
C:\Program Files\GUM4.tmp\goopdateres_lt.dll deleted successfully.
C:\Program Files\GUM4.tmp\goopdateres_lv.dll deleted successfully.
C:\Program Files\GUM4.tmp\goopdateres_ml.dll deleted successfully.
C:\Program Files\GUM4.tmp\goopdateres_mr.dll deleted successfully.
C:\Program Files\GUM4.tmp\goopdateres_ms.dll deleted successfully.
C:\Program Files\GUM4.tmp\goopdateres_nl.dll deleted successfully.
C:\Program Files\GUM4.tmp\goopdateres_no.dll deleted successfully.
C:\Program Files\GUM4.tmp\goopdateres_pl.dll deleted successfully.
C:\Program Files\GUM4.tmp\goopdateres_pt-BR.dll deleted successfully.
C:\Program Files\GUM4.tmp\goopdateres_pt-PT.dll deleted successfully.
C:\Program Files\GUM4.tmp\goopdateres_ro.dll deleted successfully.
C:\Program Files\GUM4.tmp\goopdateres_ru.dll deleted successfully.
C:\Program Files\GUM4.tmp\goopdateres_sk.dll deleted successfully.
C:\Program Files\GUM4.tmp\goopdateres_sl.dll deleted successfully.
C:\Program Files\GUM4.tmp\goopdateres_sr.dll deleted successfully.
C:\Program Files\GUM4.tmp\goopdateres_sv.dll deleted successfully.
C:\Program Files\GUM4.tmp\goopdateres_sw.dll deleted successfully.
C:\Program Files\GUM4.tmp\goopdateres_ta.dll deleted successfully.
C:\Program Files\GUM4.tmp\goopdateres_te.dll deleted successfully.
C:\Program Files\GUM4.tmp\goopdateres_th.dll deleted successfully.
C:\Program Files\GUM4.tmp\goopdateres_tr.dll deleted successfully.
C:\Program Files\GUM4.tmp\goopdateres_uk.dll deleted successfully.
C:\Program Files\GUM4.tmp\goopdateres_ur.dll deleted successfully.
C:\Program Files\GUM4.tmp\goopdateres_vi.dll deleted successfully.
C:\Program Files\GUM4.tmp\goopdateres_zh-CN.dll deleted successfully.
C:\Program Files\GUM4.tmp\goopdateres_zh-TW.dll deleted successfully.
C:\Program Files\GUM4.tmp\npGoogleUpdate3.dll deleted successfully.
C:\Program Files\GUM4.tmp\psmachine.dll deleted successfully.
C:\Program Files\GUM4.tmp\psuser.dll deleted successfully.
C:\Program Files\GUM4.tmp folder deleted successfully.
C:\Program Files\GUM8.tmp\GoogleCrashHandler.exe deleted successfully.
C:\Program Files\GUM8.tmp\GoogleCrashHandler64.exe deleted successfully.
C:\Program Files\GUM8.tmp\GoogleUpdate.exe deleted successfully.
C:\Program Files\GUM8.tmp\GoogleUpdateBroker.exe deleted successfully.
C:\Program Files\GUM8.tmp\GoogleUpdateHelper.msi deleted successfully.
C:\Program Files\GUM8.tmp\GoogleUpdateOnDemand.exe deleted successfully.
C:\Program Files\GUM8.tmp\GoogleUpdateSetup.exe deleted successfully.
C:\Program Files\GUM8.tmp\goopdate.dll deleted successfully.
C:\Program Files\GUM8.tmp\goopdateres_am.dll deleted successfully.
C:\Program Files\GUM8.tmp\goopdateres_ar.dll deleted successfully.
C:\Program Files\GUM8.tmp\goopdateres_bg.dll deleted successfully.
C:\Program Files\GUM8.tmp\goopdateres_bn.dll deleted successfully.
C:\Program Files\GUM8.tmp\goopdateres_ca.dll deleted successfully.
C:\Program Files\GUM8.tmp\goopdateres_cs.dll deleted successfully.
C:\Program Files\GUM8.tmp\goopdateres_da.dll deleted successfully.
C:\Program Files\GUM8.tmp\goopdateres_de.dll deleted successfully.
C:\Program Files\GUM8.tmp\goopdateres_el.dll deleted successfully.
C:\Program Files\GUM8.tmp\goopdateres_en-GB.dll deleted successfully.
C:\Program Files\GUM8.tmp\goopdateres_en.dll deleted successfully.
C:\Program Files\GUM8.tmp\goopdateres_es-419.dll deleted successfully.
C:\Program Files\GUM8.tmp\goopdateres_es.dll deleted successfully.
C:\Program Files\GUM8.tmp\goopdateres_et.dll deleted successfully.
C:\Program Files\GUM8.tmp\goopdateres_fa.dll deleted successfully.
C:\Program Files\GUM8.tmp\goopdateres_fi.dll deleted successfully.
C:\Program Files\GUM8.tmp\goopdateres_fil.dll deleted successfully.
C:\Program Files\GUM8.tmp\goopdateres_fr.dll deleted successfully.
C:\Program Files\GUM8.tmp\goopdateres_gu.dll deleted successfully.
C:\Program Files\GUM8.tmp\goopdateres_hi.dll deleted successfully.
C:\Program Files\GUM8.tmp\goopdateres_hr.dll deleted successfully.
C:\Program Files\GUM8.tmp\goopdateres_hu.dll deleted successfully.
C:\Program Files\GUM8.tmp\goopdateres_id.dll deleted successfully.
C:\Program Files\GUM8.tmp\goopdateres_is.dll deleted successfully.
C:\Program Files\GUM8.tmp\goopdateres_it.dll deleted successfully.
C:\Program Files\GUM8.tmp\goopdateres_iw.dll deleted successfully.
C:\Program Files\GUM8.tmp\goopdateres_ja.dll deleted successfully.
C:\Program Files\GUM8.tmp\goopdateres_kn.dll deleted successfully.
C:\Program Files\GUM8.tmp\goopdateres_ko.dll deleted successfully.
C:\Program Files\GUM8.tmp\goopdateres_lt.dll deleted successfully.
C:\Program Files\GUM8.tmp\goopdateres_lv.dll deleted successfully.
C:\Program Files\GUM8.tmp\goopdateres_ml.dll deleted successfully.
C:\Program Files\GUM8.tmp\goopdateres_mr.dll deleted successfully.
C:\Program Files\GUM8.tmp\goopdateres_ms.dll deleted successfully.
C:\Program Files\GUM8.tmp\goopdateres_nl.dll deleted successfully.
C:\Program Files\GUM8.tmp\goopdateres_no.dll deleted successfully.
C:\Program Files\GUM8.tmp\goopdateres_pl.dll deleted successfully.
C:\Program Files\GUM8.tmp\goopdateres_pt-BR.dll deleted successfully.
C:\Program Files\GUM8.tmp\goopdateres_pt-PT.dll deleted successfully.
C:\Program Files\GUM8.tmp\goopdateres_ro.dll deleted successfully.
C:\Program Files\GUM8.tmp\goopdateres_ru.dll deleted successfully.
C:\Program Files\GUM8.tmp\goopdateres_sk.dll deleted successfully.
C:\Program Files\GUM8.tmp\goopdateres_sl.dll deleted successfully.
C:\Program Files\GUM8.tmp\goopdateres_sr.dll deleted successfully.
C:\Program Files\GUM8.tmp\goopdateres_sv.dll deleted successfully.
C:\Program Files\GUM8.tmp\goopdateres_sw.dll deleted successfully.
C:\Program Files\GUM8.tmp\goopdateres_ta.dll deleted successfully.
C:\Program Files\GUM8.tmp\goopdateres_te.dll deleted successfully.
C:\Program Files\GUM8.tmp\goopdateres_th.dll deleted successfully.
C:\Program Files\GUM8.tmp\goopdateres_tr.dll deleted successfully.
C:\Program Files\GUM8.tmp\goopdateres_uk.dll deleted successfully.
C:\Program Files\GUM8.tmp\goopdateres_ur.dll deleted successfully.
C:\Program Files\GUM8.tmp\goopdateres_vi.dll deleted successfully.
C:\Program Files\GUM8.tmp\goopdateres_zh-CN.dll deleted successfully.
C:\Program Files\GUM8.tmp\goopdateres_zh-TW.dll deleted successfully.
C:\Program Files\GUM8.tmp\npGoogleUpdate3.dll deleted successfully.
C:\Program Files\GUM8.tmp\psmachine.dll deleted successfully.
C:\Program Files\GUM8.tmp\psuser.dll deleted successfully.
C:\Program Files\GUM8.tmp folder deleted successfully.
C:\Program Files\GUT5.tmp deleted successfully.
C:\Program Files\GUT9.tmp deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Data aplikací\avg7\QUEUE\TEMP folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Data aplikací\avg7\QUEUE\OUT folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Data aplikací\avg7\QUEUE\ACTIVE folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Data aplikací\avg7\QUEUE folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Data aplikací\avg7\merge folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Data aplikací\avg7\Log folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Data aplikací\avg7\fwarch\arch0 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Data aplikací\avg7\fwarch folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Data aplikací\avg7 folder moved successfully.
C:\Documents and Settings\Honza.WHISKY\Data aplikací\AVG7 folder moved successfully.
Folder C:\Documents and Settings\Honza.WHISKY\Data aplikací\Babylon\ not found.
C:\Documents and Settings\Honza.WHISKY\Data aplikací\BabylonToolbar\BabylonToolbar folder moved successfully.
C:\Documents and Settings\Honza.WHISKY\Data aplikací\ICQ Toolbar folder moved successfully.
Folder C:\Documents and Settings\Honza.WHISKY\Data aplikací\OpenCandy\ not found.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP100.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP10A.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP10B.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP12A.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP168.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP179.tmp\System.Windows.Forms.dll deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP179.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP18.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1D1.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP26B.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP26D.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP297.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP354.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP37.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP55.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC.tmp folder deleted successfully.
C:\WINDOWS\CSC\csc1.tmp deleted successfully.
C:\WINDOWS\Installer\MSI145.tmp deleted successfully.
C:\WINDOWS\Installer\MSI148.tmp deleted successfully.
C:\WINDOWS\Installer\MSI14C.tmp deleted successfully.
C:\WINDOWS\Installer\MSI18.tmp deleted successfully.
C:\WINDOWS\Installer\MSI19.tmp deleted successfully.
C:\WINDOWS\Installer\MSI1A.tmp deleted successfully.
C:\WINDOWS\Installer\MSI1B.tmp deleted successfully.
C:\WINDOWS\Installer\MSI21.tmp deleted successfully.
C:\WINDOWS\Installer\MSI23.tmp deleted successfully.
C:\WINDOWS\Installer\MSIA2.tmp deleted successfully.
C:\WINDOWS\Installer\MSIEC.tmp deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MSMSGS deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 01192014_221557

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#25 Příspěvek od **Márty84** » 20 led 2014 01:23

Udelejte novy test s MBAM

HonzaM · #26 Příspěvek od **HonzaM** » 20 led 2014 18:15

LOG MBAM :

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2014.01.19.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Honza :: WHISKY [administrátor]

Ochrana: Zakázána

20.1.2014 14:57:39
MBAM-log-2014-01-20 (18-13-45).txt

Typ: Kompletní kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 608457
Uplynulý čas: 2 hodin, 8 minut, 2 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 3
C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir (PUP.Optional.Conduit) -> Nebyla provedena žádná instrukce.
C:\_OTL\MovedFiles\01192014_221557\C_Documents and Settings\Honza.WHISKY\Data aplikací\OpenCandy\OpenCandy_C63A2B36AC2144728AB28AA7AEC473C6\LatestDLMgr.exe (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Honza.WHISKY\Data aplikací\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} (PUP.Optional.Searchqu.A) -> Nebyla provedena žádná instrukce.

(konec)

#27 Příspěvek od **Márty84** » 20 led 2014 19:00

Fajn, ty dve prvni veci uz jsou v karantene. Ta treti je zazrana v mozille.

Takze nalezy nechte odstranit a pak preinstalujte mozillu. Pokud nechcete prijit o zalozky, muzete je zalohovat pomoci mozbackup http://www.stahuj.centrum.cz/utility_a_ ... mozbackup/

vyosek píše: T-Cleaner http://tharifas.sweb.cz/T-Cleaner.exe
Stahnete a spustte

Pro potvrzeni volby mackejte A, Enter

Po pouziti utilitu smazte

Antiviry mohou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

Stahnete OTC http://oldtimer.geekstogo.com/OTC.exe , ulozte a spustte.
Kliknete na napis CleanUp a pote OK - Po uklidu dojde k restartu pc.

Stahnete TFC http://oldtimer.geekstogo.com/TFC.exe , ulozte a spustte
Kliknete na START a pote OK - Po uklidu dojde k restartu pc.
Po pouziti muzete programek smazat

Stahnete Ccleaner http://www.stahuj.centrum.cz/utility_a_ ... /ccleaner/ a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!

Defragmentujte disk(y)
Stahnete program Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
Pri instalaci opet pozor na toolbar
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.

Pak napiste, jak je na tom pc.

HonzaM · #28 Příspěvek od **HonzaM** » 21 led 2014 22:06

Tak jsem všechno provedl dle Vašich instrukcí a zdá se, že je PC v pořádku a šlape jako hodinky.

Děkuji pěkně za Vaši neskonalou trpělivost a perfektní vedení...

Bylo mi ctí s Vámi spolupracovat a ještě jednou díky.

#29 Příspěvek od **Márty84** » 22 led 2014 10:25

To jsem rad, ze je to v poradku

Nemate vubec zac!

Mejte se a treba zase nekdy

VIRY.CZ

Strašně pomalý PC... Prosím laskavou pomoc.

Re: Strašně pomalý PC... Prosím laskavou pomoc.

Re: Strašně pomalý PC... Prosím laskavou pomoc.

Re: Strašně pomalý PC... Prosím laskavou pomoc.

Re: Strašně pomalý PC... Prosím laskavou pomoc.

Re: Strašně pomalý PC... Prosím laskavou pomoc.

Re: Strašně pomalý PC... Prosím laskavou pomoc.

Re: Strašně pomalý PC... Prosím laskavou pomoc.

Re: Strašně pomalý PC... Prosím laskavou pomoc.

Re: Strašně pomalý PC... Prosím laskavou pomoc.

Re: Strašně pomalý PC... Prosím laskavou pomoc.

Re: Strašně pomalý PC... Prosím laskavou pomoc.

Re: Strašně pomalý PC... Prosím laskavou pomoc.

Re: Strašně pomalý PC... Prosím laskavou pomoc.

Re: Strašně pomalý PC... Prosím laskavou pomoc.