Preventívka

[Minmi]

Zdravím po týždni, tu je ten Combofix

poznámka: po doskenovaní Combofix prebehol reštart a combofix potom tvoril report, počas ktorého Avira (ktorá po reštarte nabehla) 2x zablokovala prístup k registrom


ComboFix 14-02-20.01 - Monika 22.02.2014 12:18:33.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.894.506 [GMT 1:00]
Running from: c:\documents and settings\Monika\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Monika\LOCALS~1\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\docume~1\Monika\LOCALS~1\Temp\avgnt.exe\Avira.OE.NativeCore.dll
c:\docume~1\Monika\LOCALS~1\Temp\avgnt.exe\Avira.OE.Wincore.dll
c:\documents and settings\Monika\Local Settings\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\documents and settings\Monika\Local Settings\Temp\avgnt.exe\Avira.OE.NativeCore.dll
c:\documents and settings\Monika\Local Settings\Temp\avgnt.exe\Avira.OE.Wincore.dll
c:\windows\system32\MUI\041b\tourstart.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-01-22 to 2014-02-22 )))))))))))))))))))))))))))))))
.
.
2014-02-15 19:58 . 2014-02-15 20:26 -------- d-----w- C:\AdwCleaner
2014-02-15 18:44 . 2014-02-15 18:44 -------- d-----w- c:\documents and settings\Monika\Application Data\Malwarebytes
2014-02-15 18:44 . 2014-02-15 18:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2014-02-15 14:38 . 2014-02-15 15:39 -------- d-----w- c:\windows\system32\NtmsData
2014-02-15 14:34 . 2014-02-15 17:02 -------- d-----w- c:\program files\trend micro
2014-02-15 14:34 . 2014-02-15 14:34 -------- d-----w- C:\rsit
2014-02-15 14:24 . 2014-02-15 14:24 -------- d-----w- c:\documents and settings\Monika\Application Data\Avira
2014-02-15 14:23 . 2014-02-15 14:23 -------- d-----w- c:\documents and settings\LocalService\Application Data\Avira
2014-02-15 14:17 . 2013-12-09 10:37 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-02-15 14:17 . 2013-12-09 10:37 135648 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-02-15 14:17 . 2013-12-09 10:37 90400 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-02-15 14:04 . 2014-02-15 14:16 -------- d-----w- c:\program files\Avira
2014-02-15 14:04 . 2014-02-15 14:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2014-02-15 13:18 . 2014-02-15 15:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Package Cache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-21 21:14 . 2014-01-19 20:44 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-21 21:14 . 2011-06-20 23:44 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2006-07-29 188416]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-12-11 344064]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 16248320]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Avira Systray"="c:\program files\Avira\My Avira\Avira.OE.Systray.exe" [2014-01-29 172600]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-12-09 684600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstall ... er=9.0.872" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-11-30 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_2"="shell32" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]
"nltide_3"="advpack.dll" [2013-02-24 124928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe %windir%\system32\drivers\Regview.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Monika\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [15.2.2014 15:17 37352]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [21.10.2012 8:37 21624]
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-19 21:14]
.
2014-02-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1177238915-1604221776-839522115-1003Core.job
- c:\documents and settings\Monika\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-10-20 16:43]
.
2014-02-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1177238915-1604221776-839522115-1003UA.job
- c:\documents and settings\Monika\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-10-20 16:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = proxy.ulib.sk:3128
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\progra~1\PCTRAN~1\webie.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Monika\Application Data\Mozilla\Firefox\Profiles\gyiaf5i1.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=302398&p=
FF - prefs.js: network.proxy.http - proxy.ulib.sk
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-22 12:31
Windows 5.1.2600 Service Pack 3, v.6368 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(852)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'Explorer.exe'(3212)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\windows\RTHDCPL.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Avira\My Avira\Avira.OE.ServiceHost.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
.
**************************************************************************
.
Completion time: 2014-02-22 12:41:23 - machine was rebooted
ComboFix-quarantined-files.txt 2014-02-22 11:41
.
Pre-Run: 2 006 769 664 bytes free
Post-Run: 4 122 771 456 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 8DFA3FF5FC0679FC087881E58C2F7E7B
8F558EB6672622401DA993E1E865C861

[Márty84]

Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

KillAll::

File::
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1177238915-1604221776-839522115-1003Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1177238915-1604221776-839522115-1003UA.job

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
"SunJavaUpdateSched"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

Reboot::

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

[Minmi]

ComboFix 14-02-20.01 - Monika 22.02.2014 13:43:32.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.894.496 [GMT 1:00]
Running from: c:\documents and settings\Monika\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Monika\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1177238915-1604221776-839522115-1003Core.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1177238915-1604221776-839522115-1003UA.job"
.
.
((((((((((((((((((((((((( Files Created from 2014-01-22 to 2014-02-22 )))))))))))))))))))))))))))))))
.
.
2014-02-15 19:58 . 2014-02-15 20:26 -------- d-----w- C:\AdwCleaner
2014-02-15 18:44 . 2014-02-15 18:44 -------- d-----w- c:\documents and settings\Monika\Application Data\Malwarebytes
2014-02-15 18:44 . 2014-02-15 18:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2014-02-15 14:38 . 2014-02-15 15:39 -------- d-----w- c:\windows\system32\NtmsData
2014-02-15 14:34 . 2014-02-15 17:02 -------- d-----w- c:\program files\trend micro
2014-02-15 14:34 . 2014-02-15 14:34 -------- d-----w- C:\rsit
2014-02-15 14:24 . 2014-02-15 14:24 -------- d-----w- c:\documents and settings\Monika\Application Data\Avira
2014-02-15 14:23 . 2014-02-15 14:23 -------- d-----w- c:\documents and settings\LocalService\Application Data\Avira
2014-02-15 14:17 . 2013-12-09 10:37 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-02-15 14:17 . 2013-12-09 10:37 135648 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-02-15 14:17 . 2013-12-09 10:37 90400 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-02-15 14:04 . 2014-02-15 14:16 -------- d-----w- c:\program files\Avira
2014-02-15 14:04 . 2014-02-15 14:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2014-02-15 13:18 . 2014-02-15 15:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Package Cache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-21 21:14 . 2014-01-19 20:44 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-21 21:14 . 2011-06-20 23:44 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2006-07-29 188416]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-12-11 344064]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 16248320]
"Avira Systray"="c:\program files\Avira\My Avira\Avira.OE.Systray.exe" [2014-01-29 172600]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-12-09 684600]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-11-30 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_2"="shell32" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]
"nltide_3"="advpack.dll" [2013-02-24 124928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe %windir%\system32\drivers\Regview.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Monika\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [15.2.2014 15:17 37352]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [21.10.2012 8:37 21624]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [15.2.2014 15:17 440376]
S4 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [15.2.2014 15:17 1011768]
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-19 21:14]
.
2014-02-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1177238915-1604221776-839522115-1003Core.job
- c:\documents and settings\Monika\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-10-20 16:43]
.
2014-02-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1177238915-1604221776-839522115-1003UA.job
- c:\documents and settings\Monika\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-10-20 16:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = proxy.ulib.sk:3128
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\progra~1\PCTRAN~1\webie.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Monika\Application Data\Mozilla\Firefox\Profiles\gyiaf5i1.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=302398&p=
FF - prefs.js: network.proxy.http - proxy.ulib.sk
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-22 13:56
Windows 5.1.2600 Service Pack 3, v.6368 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(852)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'Explorer.exe'(2228)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Avira\My Avira\Avira.OE.ServiceHost.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
.
**************************************************************************
.
Completion time: 2014-02-22 14:06:21 - machine was rebooted
ComboFix-quarantined-files.txt 2014-02-22 13:05
ComboFix2.txt 2014-02-22 11:41
.
Pre-Run: 4 107 993 088 bytes free
Post-Run: 3 974 885 376 voľných bajtov
.
- - End Of File - - 2CDDDD424ED3D279760C7F76ED3DB767
8F558EB6672622401DA993E1E865C861

[Márty84]

Aktualizujem skener
Smazte RSIT a slozku C:\Program Files\trend micro , pokud ji najdete.
Pak stahnete nove RSIT http://images.malwareremoval.com/random/RSIT.exe a dejte log z nej.


a k tomu


Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe , ulozte na plochu a spustte.
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).

[Minmi]

zatiaľ RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Monika at 2014-02-22 16:20:26
Systém Microsoft Windows XP Professional Service Pack 3, v.6368
System drive C: has 4 GB (7%) free of 56 GB
Total RAM: 894 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:20:43, on 22.2.2014
Platform: Windows XP SP3, v.6368 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17128)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Monika\My Documents\Preberanie\RSIT.exe
C:\Program Files\trend micro\Monika.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.ulib.sk:3128
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: Shell=Explorer.exe %windir%\system32\drivers\Regview.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Avira Systray] C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 0807336687
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Avira Service Host (Avira.OE.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

--
End of file - 6936 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1177238915-1604221776-839522115-1003Core.job
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1177238915-1604221776-839522115-1003UA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Monika\Application Data\Mozilla\Firefox\Profiles\gyiaf5i1.default

prefs.js - "browser.startup.homepage" - "www.google.sk"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}:6.0.04, {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, jqs@sun.com:1.0, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16"
prefs.js - "keyword.URL" - "http://search.yahoo.com/search?fr=green ... =302398&p="

"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 12.0.0.70 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@macromedia.com/FlashPlayer9]
"Description"=Adobe Flash Player 9.0
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

C:\Program Files\Mozilla Firefox\extensions\
{AB2CE124-6272-4b12-94A9-7303C7397BD1}

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
nppdf32.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2011-05-27 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-05-04 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\PROGRA~1\PCTRAN~1\webie.dll [2004-05-13 319488]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2006-07-29 188416]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-12-11 344064]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-06-28 16248320]
"Avira Systray"=C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [2014-01-29 172600]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2013-12-09 684600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-12-12 47104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-01-16 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, credssp.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\Monika\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe"="C:\Documents and Settings\Monika\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.VP60"=C:\WINDOWS\system32\vp6vfw.dll
"vidc.VP61"=C:\WINDOWS\system32\vp6vfw.dll

======List of files/folders created in the last 1 month======

2014-02-22 16:20:27 ----D---- C:\Program Files\trend micro
2014-02-22 16:19:42 ----SHD---- C:\RECYCLER
2014-02-22 14:06:41 ----A---- C:\ComboFix.txt
2014-02-22 13:50:18 ----D---- C:\WINDOWS\temp
2014-02-22 12:16:51 ----A---- C:\Boot.bak
2014-02-22 12:16:45 ----RASHD---- C:\cmdcons
2014-02-22 12:14:33 ----A---- C:\WINDOWS\zip.exe
2014-02-22 12:14:33 ----A---- C:\WINDOWS\SWXCACLS.exe
2014-02-22 12:14:33 ----A---- C:\WINDOWS\SWSC.exe
2014-02-22 12:14:33 ----A---- C:\WINDOWS\SWREG.exe
2014-02-22 12:14:33 ----A---- C:\WINDOWS\sed.exe
2014-02-22 12:14:33 ----A---- C:\WINDOWS\PEV.exe
2014-02-22 12:14:33 ----A---- C:\WINDOWS\NIRCMD.exe
2014-02-22 12:14:33 ----A---- C:\WINDOWS\MBR.exe
2014-02-22 12:14:33 ----A---- C:\WINDOWS\grep.exe
2014-02-22 12:14:16 ----D---- C:\Qoobox
2014-02-22 12:13:57 ----D---- C:\WINDOWS\erdnt
2014-02-15 20:58:44 ----D---- C:\AdwCleaner
2014-02-15 19:44:59 ----D---- C:\Documents and Settings\Monika\Application Data\Malwarebytes
2014-02-15 19:44:17 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-02-15 15:38:38 ----D---- C:\WINDOWS\system32\NtmsData
2014-02-15 15:34:36 ----D---- C:\rsit
2014-02-15 15:24:14 ----D---- C:\Documents and Settings\Monika\Application Data\Avira
2014-02-15 15:17:24 ----A---- C:\WINDOWS\system32\drivers\ssmdrv.sys
2014-02-15 15:17:07 ----A---- C:\WINDOWS\system32\drivers\avkmgr.sys
2014-02-15 15:17:06 ----A---- C:\WINDOWS\system32\drivers\avipbb.sys
2014-02-15 15:17:05 ----A---- C:\WINDOWS\system32\drivers\avgntflt.sys
2014-02-15 15:04:53 ----D---- C:\Program Files\Avira
2014-02-15 15:04:52 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2014-02-15 14:47:55 ----D---- C:\WINDOWS\assembly
2014-02-15 14:38:04 ----D---- C:\WINDOWS\Microsoft.NET
2014-02-15 14:29:06 ----D---- C:\Program Files\Mozilla Firefox
2014-02-15 14:18:50 ----D---- C:\Documents and Settings\All Users\Application Data\Package Cache

======List of files/folders modified in the last 1 month======

2014-02-22 16:20:33 ----D---- C:\WINDOWS\Prefetch
2014-02-22 16:20:27 ----RD---- C:\Program Files
2014-02-22 14:07:48 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-02-22 14:07:13 ----D---- C:\WINDOWS\system32\drivers
2014-02-22 13:56:39 ----D---- C:\WINDOWS\system32\CatRoot2
2014-02-22 13:52:47 ----D---- C:\WINDOWS
2014-02-22 13:52:47 ----A---- C:\WINDOWS\system.ini
2014-02-22 13:52:33 ----D---- C:\WINDOWS\system32\drivers\etc
2014-02-22 13:48:09 ----D---- C:\WINDOWS\system32
2014-02-22 13:48:09 ----D---- C:\WINDOWS\AppPatch
2014-02-22 13:48:05 ----D---- C:\Program Files\Common Files
2014-02-22 12:16:51 ----RASH---- C:\boot.ini
2014-02-21 22:14:27 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2014-02-15 21:26:18 ----D---- C:\Documents and Settings\All Users\Application Data\ICQ
2014-02-15 16:49:26 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-02-15 16:40:28 ----SHD---- C:\System Volume Information
2014-02-15 15:38:58 ----HD---- C:\WINDOWS\inf
2014-02-15 15:38:37 ----D---- C:\WINDOWS\repair
2014-02-15 15:38:25 ----D---- C:\WINDOWS\Registration
2014-02-15 15:16:11 ----SHD---- C:\WINDOWS\Installer
2014-02-15 15:03:56 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-15 14:48:01 ----D---- C:\WINDOWS\WinSxS
2014-02-15 14:42:05 ----D---- C:\WINDOWS\system32\en-us
2014-02-15 14:38:21 ----D---- C:\Program Files\Microsoft.NET
2014-02-15 14:38:09 ----D---- C:\WINDOWS\system32\mui
2014-02-14 20:52:58 ----D---- C:\Documents and Settings\Monika\Application Data\vlc

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2013-12-09 135648]
R1 avkmgr;avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [2013-12-09 37352]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\C:\WINDOWS\system32\drivers\HWiNFO32.SYS []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2007-11-30 36352]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2006-07-29 30601]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2013-12-09 28520]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl []
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2013-12-09 90400]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2007-09-20 62336]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2008-09-18 1326528]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-12-12 1414656]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2007-09-20 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-28 4304384]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2007-11-20 104320]
R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2008-02-08 57408]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2007-11-30 14592]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2007-11-30 10368]
S3 mbr;mbr; \??\C:\DOCUME~1\Monika\LOCALS~1\Temp\mbr.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12160]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2007-11-30 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2007-11-30 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2007-11-30 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-01-16 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-16 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira Real-Time Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2013-12-09 440376]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2013-12-09 440376]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-12-12 393216]
R2 Avira.OE.ServiceHost;Avira Service Host; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [2014-01-29 109112]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-05-04 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21 257928]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-02-15 118896]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2007-11-30 14336]
S4 AntiVirWebService;Avira Web Protection; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2013-12-09 1011768]

-----------------EOF-----------------

[Márty84]

Fajn, tak jeste OTL a budem mazat

[Minmi]

a OTL

OTL logfile created on: 22.2.2014 16:25:25 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Monika\Desktop
Windows XP Professional Edition Service Pack 3, v.6368 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d.M.yyyy

894,10 Mb Total Physical Memory | 392,42 Mb Available Physical Memory | 43,89% Memory free
1,46 Gb Paging File | 0,73 Gb Available in Paging File | 49,61% Paging File free
Paging file location(s): c:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 54,41 Gb Total Space | 3,72 Gb Free Space | 6,85% Space Free | Partition Type: NTFS

Computer Name: ASTOR | User Name: Monika | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014.02.22 16:22:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Monika\Desktop\OTL.exe
PRC - [2014.02.15 14:29:43 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014.01.29 13:04:44 | 000,172,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
PRC - [2014.01.29 13:04:30 | 000,109,112 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
PRC - [2013.12.09 11:37:21 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2013.12.09 11:37:19 | 000,431,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.12.09 11:37:18 | 000,684,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.12.09 11:37:18 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2007.11.30 23:26:26 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.07.29 12:07:57 | 000,188,416 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE


========== Modules (No Company Name) ==========

MOD - [2014.02.15 14:29:42 | 003,578,992 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014.01.29 13:04:48 | 000,039,480 | ---- | M] () -- C:\Documents and Settings\Monika\Local Settings\temp\avgnt.exe\Avira.OE.ExtApi.dll
MOD - [2014.01.29 13:04:40 | 000,077,368 | ---- | M] () -- C:\Program Files\Avira\My Avira\Avira.OE.AvConnectorNative.dll
MOD - [2014.01.29 13:04:32 | 000,300,088 | ---- | M] () -- C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
MOD - [2014.01.29 13:04:32 | 000,300,088 | ---- | M] () -- C:\Documents and Settings\Monika\Local Settings\temp\avgnt.exe\Avira.OE.NativeCore.dll
MOD - [2013.12.09 11:37:21 | 000,394,808 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011.05.27 08:53:10 | 000,016,832 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\ViewerPS.dll
MOD - [2004.12.26 20:34:38 | 000,121,344 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2001.10.28 16:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll


========== Services (SafeList) ==========

SRV - [2014.02.21 22:14:32 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.02.15 14:29:43 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014.01.29 13:04:30 | 000,109,112 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe -- (Avira.OE.ServiceHost)
SRV - [2013.12.09 11:37:21 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.12.09 11:37:19 | 001,011,768 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2013.12.09 11:37:18 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RTL8139.SYS -- (rtl8139)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Monika\LOCALS~1\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2013.12.09 11:37:21 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2013.12.09 11:37:19 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.12.09 11:37:18 | 000,135,648 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.12.09 11:37:18 | 000,090,400 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.10.21 08:37:28 | 000,021,624 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\HWiNFO32.SYS -- (HWiNFO32)
DRV - [2008.09.18 19:44:38 | 001,326,528 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2008.02.08 09:46:36 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2007.11.20 19:09:22 | 000,104,320 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006.07.29 12:11:23 | 000,030,601 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2006.06.28 18:25:24 | 004,304,384 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2006.05.04 10:21:50 | 000,006,656 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4c74-92FE-5B863F82066B})
DRV - [2005.12.12 01:40:44 | 001,414,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1177238915-1604221776-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-21-1177238915-1604221776-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1177238915-1604221776-839522115-1003\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1177238915-1604221776-839522115-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1177238915-1604221776-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={ ... rer:source?}
IE - HKU\S-1-5-21-1177238915-1604221776-839522115-1003\..\SearchScopes\{E2FFF44A-3D40-4201-A323-D0A0DA0DF897}: "URL" = http://search.yahoo.com/search?ei=utf-8 ... earchTerms}
IE - HKU\S-1-5-21-1177238915-1604221776-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1177238915-1604221776-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.ulib.sk:3128

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "www.google.sk"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=green ... =302398&p="
FF - prefs.js..network.proxy.http: "proxy.ulib.sk"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@macromedia.com/FlashPlayer9: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@macromedia.com/FlashPlayer9: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Monika\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014.02.15 14:29:16 | 000,000,000 | ---D | M]

[2010.01.02 16:35:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Monika\Application Data\Mozilla\Extensions
[2013.12.28 21:15:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Monika\Application Data\Mozilla\Firefox\Profiles\gyiaf5i1.default\extensions
[2014.02.15 21:26:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014.02.15 14:29:12 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2014.02.15 14:29:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014.02.15 14:29:45 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2014.02.22 13:52:33 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (WebTranslator) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Program Files\PC Translator\webie.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Avira Systray] C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - HKU\.DEFAULT..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 File not found
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - HKU\S-1-5-18..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 File not found
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1177238915-1604221776-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1177238915-1604221776-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1177238915-1604221776-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1177238915-1604221776-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Program Files\PC Translator\webie.dll ()
O9 - Extra 'Tools' menuitem : &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files\PC Translator\webie.dll ()
O9 - Extra 'Tools' menuitem : Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files\PC Translator\webie.dll ()
O9 - Extra 'Tools' menuitem : Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files\PC Translator\webie.dll ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 0807336687 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A1057C1-2FFC-4233-8DFE-B17A8A2960E2}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (%windir%\system32\drivers\Regview.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.02.24 18:49:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2014.02.22 16:22:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Monika\Desktop\OTL.exe
[2014.02.22 16:20:27 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2014.02.22 16:19:42 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014.02.22 13:50:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2014.02.22 12:16:45 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2014.02.22 12:14:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2014.02.22 12:14:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2014.02.22 12:14:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2014.02.22 12:14:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2014.02.22 12:14:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014.02.22 12:13:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2014.02.22 12:12:06 | 005,183,886 | R--- | C] (Swearware) -- C:\Documents and Settings\Monika\Desktop\ComboFix.exe
[2014.02.15 21:35:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monika\Desktop\RK_Quarantine
[2014.02.15 20:58:44 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.02.15 19:44:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monika\Application Data\Malwarebytes
[2014.02.15 19:44:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2014.02.15 15:38:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2014.02.15 15:34:36 | 000,000,000 | ---D | C] -- C:\rsit
[2014.02.15 15:24:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monika\Application Data\Avira
[2014.02.15 15:23:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Avira
[2014.02.15 15:17:24 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2014.02.15 15:17:07 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2014.02.15 15:17:06 | 000,135,648 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2014.02.15 15:17:05 | 000,090,400 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2014.02.15 15:05:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Ponuka Štart\Programy\Avira
[2014.02.15 15:04:53 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2014.02.15 15:04:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2014.02.15 14:47:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\assembly
[2014.02.15 14:38:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2014.02.15 14:29:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014.02.15 14:18:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Package Cache
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\Documents and Settings\Monika\Desktop\*.tmp files -> C:\Documents and Settings\Monika\Desktop\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014.02.22 16:27:53 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014.02.22 16:22:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Monika\Desktop\OTL.exe
[2014.02.22 16:20:15 | 000,781,383 | ---- | M] () -- C:\Documents and Settings\Monika\Desktop\RSIT.exe
[2014.02.22 16:13:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014.02.22 15:48:06 | 000,001,116 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1177238915-1604221776-839522115-1003UA.job
[2014.02.22 13:52:33 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014.02.22 13:52:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014.02.22 12:16:51 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2014.02.22 12:12:47 | 005,183,886 | R--- | M] (Swearware) -- C:\Documents and Settings\Monika\Desktop\ComboFix.exe
[2014.02.21 22:14:27 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014.02.21 22:14:27 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014.02.21 21:34:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014.02.16 08:24:15 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014.02.15 21:34:52 | 003,813,376 | ---- | M] () -- C:\Documents and Settings\Monika\Desktop\RogueKiller.exe
[2014.02.15 20:57:49 | 001,166,132 | ---- | M] () -- C:\Documents and Settings\Monika\Desktop\adwcleaner.exe
[2014.02.15 18:48:02 | 000,001,094 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1177238915-1604221776-839522115-1003Core.job
[2014.02.15 15:05:09 | 000,000,858 | ---- | M] () -- C:\Documents and Settings\All Users\Pracovná plocha\Avira.lnk
[2014.02.15 15:03:56 | 000,408,250 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014.02.15 15:03:56 | 000,055,534 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014.02.14 20:07:23 | 000,057,856 | ---- | M] () -- C:\Documents and Settings\Monika\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\Documents and Settings\Monika\Desktop\*.tmp files -> C:\Documents and Settings\Monika\Desktop\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014.02.22 16:27:53 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014.02.22 16:20:11 | 000,781,383 | ---- | C] () -- C:\Documents and Settings\Monika\Desktop\RSIT.exe
[2014.02.22 12:16:51 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2014.02.22 12:16:47 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2014.02.22 12:14:33 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2014.02.22 12:14:33 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2014.02.22 12:14:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2014.02.22 12:14:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2014.02.22 12:14:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2014.02.15 21:34:47 | 003,813,376 | ---- | C] () -- C:\Documents and Settings\Monika\Desktop\RogueKiller.exe
[2014.02.15 21:27:47 | 000,241,898 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1177238915-1604221776-839522115-1003-0.dat
[2014.02.15 20:57:45 | 001,166,132 | ---- | C] () -- C:\Documents and Settings\Monika\Desktop\adwcleaner.exe
[2014.02.15 16:48:08 | 000,241,898 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2014.02.15 15:05:08 | 000,000,858 | ---- | C] () -- C:\Documents and Settings\All Users\Pracovná plocha\Avira.lnk
[2012.10.21 08:36:46 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010.03.03 17:43:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Monika\Local Settings\Application Data\prvlcl.dat
[2008.02.26 19:49:00 | 000,057,856 | ---- | C] () -- C:\Documents and Settings\Monika\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2007.11.30 23:25:54 | 001,498,112 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2007.11.30 23:26:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010.03.01 20:22:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2014.02.15 21:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2014.02.15 16:49:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Package Cache
[2010.09.22 21:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Application Data\ICQ
[2008.02.24 20:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Application Data\Thunderbird

========== Purity Check ==========



========== Custom Scans ==========

< >
[2008.02.24 18:46:36 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2008.02.24 18:54:47 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2011.10.20 20:59:36 | 000,001,094 | ---- | C] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1177238915-1604221776-839522115-1003Core.job
[2011.10.20 20:59:39 | 000,001,116 | ---- | C] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1177238915-1604221776-839522115-1003UA.job
[2014.01.19 21:44:49 | 000,000,830 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

< >

< MD5 for: AGP440.SYS >
[2007.11.30 23:36:18 | 019,995,189 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2007.11.30 23:36:18 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=A42ABFAEE59A1DC0E47014E7B5D76AD6 -- C:\WINDOWS\erdnt\cache\agp440.sys
[2007.11.30 23:36:18 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=A42ABFAEE59A1DC0E47014E7B5D76AD6 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2007.11.30 23:36:18 | 019,995,189 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2007.11.30 16:24:44 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=335BB30ED68CF3DC0EE2BDDB438B6A9B -- C:\WINDOWS\erdnt\cache\atapi.sys
[2007.11.30 16:24:44 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=335BB30ED68CF3DC0EE2BDDB438B6A9B -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2007.11.30 23:26:14 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=44FF395D77C0072DC99256FBD186EDF3 -- C:\cmdcons\autochk.exe
[2007.11.30 23:26:14 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=44FF395D77C0072DC99256FBD186EDF3 -- C:\WINDOWS\system32\autochk.exe

< MD5 for: CDROM.SYS >
[2007.11.30 23:36:18 | 019,995,189 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2007.11.30 16:25:02 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F29616B1FC4D66A988CF97531BCF729 -- C:\WINDOWS\system32\drivers\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2007.11.30 23:25:32 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=B81BA41FE68A70C0FC429BBEFC547739 -- C:\WINDOWS\erdnt\cache\cryptsvc.dll
[2007.11.30 23:25:32 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=B81BA41FE68A70C0FC429BBEFC547739 -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2007.11.30 23:25:36 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=086FFA8479114AE3ECE616D7EB848577 -- C:\WINDOWS\erdnt\cache\eventlog.dll
[2007.11.30 23:25:36 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=086FFA8479114AE3ECE616D7EB848577 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2007.11.30 23:26:26 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=E0EE428F4777A3CD8760BAD61F87ABED -- C:\WINDOWS\erdnt\cache\explorer.exe
[2007.11.30 23:26:26 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=E0EE428F4777A3CD8760BAD61F87ABED -- C:\WINDOWS\explorer.exe

< MD5 for: HAL.DLL >
[2007.11.30 23:36:18 | 019,995,189 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2007.11.30 16:25:14 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=56A8B25FE98906884411B03327F6DF2D -- C:\WINDOWS\system32\hal.dll

< MD5 for: CHANGER.SYS >
[2007.11.30 23:36:18 | 019,995,189 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys

< MD5 for: ISAPNP.SYS >
[2007.11.30 23:36:18 | 019,995,189 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2007.11.30 16:31:10 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=81A40A1118265DFC09C036F7776EBCC0 -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2007.11.30 23:26:34 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=4DD0637AE896EB8E00DF331D1CCCFC5C -- C:\WINDOWS\erdnt\cache\lsass.exe
[2007.11.30 23:26:34 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=4DD0637AE896EB8E00DF331D1CCCFC5C -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2007.11.30 17:18:52 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=D1B364F049EB84A883C8A45D3B92FF3B -- C:\WINDOWS\erdnt\cache\ndis.sys
[2007.11.30 17:18:52 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=D1B364F049EB84A883C8A45D3B92FF3B -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2007.11.30 23:25:48 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=327309E36308F9DFB8D4699DF384D421 -- C:\WINDOWS\erdnt\cache\netlogon.dll
[2007.11.30 23:25:48 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=327309E36308F9DFB8D4699DF384D421 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2007.11.30 23:25:52 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=625D7B39B09AB60A683AF4B95575056E -- C:\WINDOWS\erdnt\cache\scecli.dll
[2007.11.30 23:25:52 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=625D7B39B09AB60A683AF4B95575056E -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2007.11.30 23:26:50 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=0958E61BF4F184029AE528B589CFF176 -- C:\WINDOWS\system32\smss.exe
[2004.08.04 00:56:58 | 000,152,576 | ---- | M] (Microsoft Corporation) MD5=DA5CF1C368B33D75602FD6B3A7F5E0C6 -- C:\cmdcons\SYSTEM32\SMSS.EXE

< MD5 for: SVCHOST.EXE >
[2007.11.30 23:26:52 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=0C82B0AE50BB2BC8A96A753F4EDC495F -- C:\WINDOWS\erdnt\cache\svchost.exe
[2007.11.30 23:26:52 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=0C82B0AE50BB2BC8A96A753F4EDC495F -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2007.11.30 17:18:30 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=19EBDA988DA80F133DC9E28A50F606E8 -- C:\WINDOWS\$NtUninstallKB2509553$\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\erdnt\cache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2007.11.30 23:26:54 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=813B2E9C4CAEA05FBA51A442FAB7A95D -- C:\WINDOWS\erdnt\cache\userinit.exe
[2007.11.30 23:26:54 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=813B2E9C4CAEA05FBA51A442FAB7A95D -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2007.11.30 23:26:58 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=45FFE966290B9C4BA659325561DE4830 -- C:\WINDOWS\erdnt\cache\winlogon.exe
[2007.11.30 23:26:58 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=45FFE966290B9C4BA659325561DE4830 -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2007.11.30 23:26:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=36F8F7A2EF12ED817FC16C3248E39092 -- C:\WINDOWS\erdnt\cache\ws2_32.dll
[2007.11.30 23:26:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=36F8F7A2EF12ED817FC16C3248E39092 -- C:\WINDOWS\system32\ws2_32.dll

< >

< %systemroot%*.* /U /s >
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >
[2011.06.20 13:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009.03.05 23:09:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Atheros
[2010.03.01 20:22:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2014.02.15 15:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009.03.08 19:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2014.02.15 21:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2014.02.15 19:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011.03.07 23:18:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009.03.20 12:27:30 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2012.05.08 16:55:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2014.02.15 16:49:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Package Cache
[2010.03.15 21:06:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010.11.21 23:08:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012.10.21 09:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2014.02.15 15:13:06 | 129,564,536 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Avira\My Avira\Temp\antivirus.exe
[2014.02.15 14:18:45 | 000,552,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Documents and Settings\All Users\Application Data\Package Cache\{97134356-7859-4668-a511-1db17b42de75}\Avira.OE.Setup.Bundle.AntiVirus.En-us.exe
[2014.01.29 13:05:32 | 000,037,944 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Package Cache\73F4596C4DD9564A27DDADD050C5787497AA65CB\Avira.OE.Setup.Prerequisites.exe
[2014.01.29 13:05:04 | 000,030,264 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Documents and Settings\All Users\Application Data\Package Cache\803D4618A776B18A79E153BA7DAF4CDCEB2A6DB8\Avira.OE.Setup.CustomTokenHandler.exe
[2014.02.15 14:18:58 | 000,887,896 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\Package Cache\E15AD80FC74277EF2048312E9A71AF56B2EBA622\redist\dotNetFx40_Client_setup.exe

< %APPDATA%\*. >
[2008.10.04 14:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Application Data\Adobe
[2014.02.15 15:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Application Data\Avira
[2009.03.08 19:25:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Application Data\CyberLink
[2013.02.20 20:53:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Application Data\dvdcss
[2008.02.25 01:19:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Application Data\Help
[2010.09.22 21:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Application Data\ICQ
[2008.02.24 18:58:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Application Data\Identities
[2008.02.25 23:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Application Data\InstallShield
[2008.02.26 20:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Application Data\Macromedia
[2014.02.15 19:44:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Application Data\Malwarebytes
[2008.03.02 20:38:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Application Data\Media Player Classic
[2009.08.18 14:07:59 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Monika\Application Data\Microsoft
[2008.02.24 20:56:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Application Data\Mozilla
[2013.12.29 01:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Application Data\Skype
[2013.12.29 00:05:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Application Data\skypePM
[2008.02.24 20:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Application Data\Sun
[2008.02.24 20:55:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Application Data\Talkback
[2008.02.24 20:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Application Data\Thunderbird
[2014.02.14 20:52:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Monika\Application Data\vlc

< %APPDATA%\*.exe /s >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008.02.26 20:18:27 | 000,262,144 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008.02.26 19:09:32 | 000,262,144 | ---- | M] () -- C:\WINDOWS\System32\config\security.sav
[2008.02.26 20:18:27 | 017,039,360 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008.02.26 20:18:29 | 004,456,448 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2014.02.21 22:14:27 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\system32\FlashPlayerApp.exe
[2014.02.21 22:14:27 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
[2014.02.21 21:34:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< >

< type c:\boot.ini >> test.txt /c >
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2014.02.22 16:27:53 | 000,000,512 | ---- | M] () MD5=F8EBE17236AE8EAE02B7D438244C5B97 -- C:\PhysicalMBR.bin

< >

< *crack* /s >

< *keygen* /s >

< *AntiWPA* /s >

< *loader* /s >
[2012.11.18 22:34:01 | 000,000,121 | ---- | M] () -- \Documents and Settings\Monika\Application Data\Macromedia\Flash Player\#SharedObjects\HMC2BKAT\fr-groupe01.cdn.videoplaza.tv\com.videoplaza.bootloader.sol
[2013.12.09 11:37:19 | 000,053,304 | ---- | M] () -- \Program Files\Avira\AntiVir Desktop\avwebloader.dll
[2013.12.09 11:37:19 | 000,566,328 | ---- | M] () -- \Program Files\Avira\AntiVir Desktop\avwebloader.exe
[2013.12.09 11:37:19 | 001,742,392 | ---- | M] () -- \Program Files\Avira\AntiVir Desktop\avwebloadergui.dll
[2001.01.16 05:55:36 | 000,053,248 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VS7DEBUG\COLOADER.DLL
[2001.01.16 03:22:34 | 000,002,560 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VS7DEBUG\COLOADER.TLB
[2009.03.01 11:31:26 | 000,005,795 | ---- | M] () -- \Program Files\ICQ6.5\services\icqApp\ver1\theme\IMAGES\XtraPreloader\loader.jpg
[2009.03.01 11:31:26 | 000,004,089 | ---- | M] () -- \Program Files\ICQ6.5\services\icqApp\ver1\theme\IMAGES\XtraPreloader\loader.swf
[2009.10.18 20:55:38 | 000,002,886 | ---- | M] () -- \Program Files\ICQ6.5\services\icqXtraz\ver1\content\babylon_feed\preloader01_b.swf
[2009.03.16 15:45:42 | 000,003,479 | ---- | M] () -- \Program Files\ICQ6.5\services\icqXtraz\ver1\content\contact_list\preloader04.swf
[2009.03.16 15:46:13 | 000,003,479 | ---- | M] () -- \Program Files\ICQ6.5\services\icqXtraz\ver1\content\coreg\preloader04.swf
[2009.03.16 15:44:53 | 000,552,798 | ---- | M] () -- \Program Files\ICQ6.5\services\icqXtraz\ver1\theme\game_center\loaderBkg.png
[2008.02.24 20:58:29 | 000,007,697 | ---- | M] () -- \Program Files\Java\jdk1.6.0_04\demo\jvmti\hprof\src\hprof_loader.c
[2008.02.24 20:58:29 | 000,002,173 | ---- | M] () -- \Program Files\Java\jdk1.6.0_04\demo\jvmti\hprof\src\hprof_loader.h
[2002.02.01 19:25:22 | 000,009,728 | ---- | M] () -- \WINDOWS\mui\FALLBACK\041b\osloader.exe.mui
[2007.11.30 23:25:34 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dmloader.dll
[1 \WINDOWS\system32\*.tmp files -> \WINDOWS\system32\*.tmp -> ]

< *minodlogin* /s >

< *tnod* /s >

< *AutoKMS* /s >

< *activator* /s >

< *serial* /s >
[2004.08.03 23:15:54 | 000,030,067 | ---- | M] () -- \cmdcons\SERIAL.SY_
[2007.12.14 01:41:04 | 000,025,600 | ---- | M] () -- \Program Files\Java\jdk1.6.0_04\bin\serialver.exe
[2014.02.15 15:46:00 | 000,310,272 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\d0ff3383438d688a0118d0fa19ed1dc4\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.02.15 15:45:29 | 002,625,024 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\e9f8a45b1063d6c6a62718c88a5623d1\System.Runtime.Serialization.ni.dll
[2014.02.15 14:50:12 | 000,122,264 | ---- | M] () -- \WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2014.02.15 14:49:56 | 001,026,936 | ---- | M] () -- \WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2010.03.18 13:16:28 | 001,026,936 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
[2010.03.18 13:16:28 | 000,122,264 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2002.02.01 19:21:26 | 000,003,584 | ---- | M] () -- \WINDOWS\mui\FALLBACK\041b\dpserial.dll.mui
[2002.02.01 19:22:16 | 000,004,096 | ---- | M] () -- \WINDOWS\mui\FALLBACK\041b\grserial.sys.mui
[2002.02.01 19:26:12 | 000,010,240 | ---- | M] () -- \WINDOWS\mui\FALLBACK\041b\serial.sys.mui
[2002.02.01 19:26:12 | 000,005,632 | ---- | M] () -- \WINDOWS\mui\FALLBACK\041b\serialui.dll.mui
[2001.08.23 12:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dpserial.dll
[2001.08.23 12:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\serialui.dll
[1 \WINDOWS\system32\*.tmp files -> \WINDOWS\system32\*.tmp -> ]
[2007.11.30 17:13:18 | 000,064,512 | ---- | M] () -- \WINDOWS\system32\drivers\serial.sys

< *w7lxe* /s >

< End of report >

[Minmi]

Extras:

OTL Extras logfile created on: 22.2.2014 16:25:25 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Monika\Desktop
Windows XP Professional Edition Service Pack 3, v.6368 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d.M.yyyy

894,10 Mb Total Physical Memory | 392,42 Mb Available Physical Memory | 43,89% Memory free
1,46 Gb Paging File | 0,73 Gb Available in Paging File | 49,61% Paging File free
Paging file location(s): c:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 54,41 Gb Total Space | 3,72 Gb Free Space | 6,85% Space Free | Partition Type: NTFS

Computer Name: ASTOR | User Name: Monika | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\totalcmd\TOTALCMD.EXE" = C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows -- (C. Ghisler & Co.)
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Documents and Settings\Monika\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe" = C:\Documents and Settings\Monika\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin -- (Skype Limited)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 26
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{32A3A4F4-B792-11D6-A78A-00B0D0160040}" = Java(TM) SE Development Kit 6 Update 4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40C03514-89C3-41BA-0090-3B440256DB87}" = The Sims 2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85C4ECF1-DE0F-44E8-B702-D0F11C6B0AAB}" = Avira
"{876162E7-7079-4263-B477-99EAFA2A0CB7}" = Atheros Wireless LAN MiniPCI/PCIe card Driver
"{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}" = Facebook Video Calling 2.0.0.447
"{9011041B-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{97134356-7859-4668-a511-1db17b42de75}" = Avira
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.0
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1" = NOD32 FiX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira Free Antivirus
"GenoPro" = GenoPro 2.5.4.1
"HWiNFO32_is1" = HWiNFO32 Version 4.06
"IrfanView" = IrfanView (remove only)
"JPG2PDF_is1" = JPG2PDF 2.2.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 27.0.1 (x86 sk)" = Mozilla Firefox 27.0.1 (x86 sk)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PC Translator 2004 Komplet" = PC Translator 2004 Komplet
"PowerISO" = PowerISO
"TEKON" = Ekonómia v novej ekonomike - Testy
"Totalcmd" = Total Commander (Remove or Repair)
"VLC media player" = VLC media player 2.0.4
"WinRAR archiver" = WinRAR archiver

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5.11.2011 14:04:06 | Computer Name = ASTOR | Source = Google Update | ID = 20
Description =

Error - 6.11.2011 5:04:05 | Computer Name = ASTOR | Source = Google Update | ID = 20
Description =

Error - 6.11.2011 8:04:05 | Computer Name = ASTOR | Source = Google Update | ID = 20
Description =

Error - 6.11.2011 14:04:06 | Computer Name = ASTOR | Source = Google Update | ID = 20
Description =

Error - 8.11.2011 11:04:05 | Computer Name = ASTOR | Source = Google Update | ID = 20
Description =

Error - 9.11.2011 17:04:06 | Computer Name = ASTOR | Source = Google Update | ID = 20
Description =

Error - 11.11.2011 11:04:05 | Computer Name = ASTOR | Source = Google Update | ID = 20
Description =

Error - 11.11.2011 17:04:12 | Computer Name = ASTOR | Source = Google Update | ID = 20
Description =

Error - 12.11.2011 11:04:05 | Computer Name = ASTOR | Source = Google Update | ID = 20
Description =

Error - 12.11.2011 14:04:05 | Computer Name = ASTOR | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 22.2.2014 8:43:28 | Computer Name = ASTOR | Source = Service Control Manager | ID = 7031
Description = Služba Windows Presentation Foundation Font Cache 4.0.0.0 sa neočakávane
ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 0 ms bude vykonaná nasledujúca
opravná akcia: Reštartovať službu.

Error - 22.2.2014 8:43:28 | Computer Name = ASTOR | Source = Service Control Manager | ID = 7034
Description = Služba Java Quick Starter sa neočakávane ukončila. Služba sa týmto
spôsobom ukončila už 1 krát.

Error - 22.2.2014 8:43:28 | Computer Name = ASTOR | Source = Service Control Manager | ID = 7031
Description = Služba Avira Service Host sa neočakávane ukončila. Služba sa týmto
spôsobom ukončila už 1 krát. O 10000 ms bude vykonaná nasledujúca opravná akcia:
Reštartovať službu.

Error - 22.2.2014 8:43:28 | Computer Name = ASTOR | Source = Service Control Manager | ID = 7034
Description = Služba Ati HotKey Poller sa neočakávane ukončila. Služba sa týmto
spôsobom ukončila už 1 krát.

Error - 22.2.2014 8:44:15 | Computer Name = ASTOR | Source = DCOM | ID = 10016
Description = Nastavenia povolenia špecifické pre aplikáciu neudeľujú používateľovi
NT AUTHORITY\SYSTEM SID (S-1-5-18) povolenie Lokálne Spustenie pre aplikáciu servera
COM s identifikátorom CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B} . Toto povolenie
zabezpečenia možno zmeniť pomocou nástroja na správu Component Services.

Error - 22.2.2014 8:52:26 | Computer Name = ASTOR | Source = DCOM | ID = 10016
Description = Nastavenia povolenia špecifické pre aplikáciu neudeľujú používateľovi
NT AUTHORITY\SYSTEM SID (S-1-5-18) povolenie Lokálne Spustenie pre aplikáciu servera
COM s identifikátorom CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B} . Toto povolenie
zabezpečenia možno zmeniť pomocou nástroja na správu Component Services.

Error - 22.2.2014 8:52:29 | Computer Name = ASTOR | Source = DCOM | ID = 10016
Description = Nastavenia povolenia špecifické pre aplikáciu neudeľujú používateľovi
NT AUTHORITY\SYSTEM SID (S-1-5-18) povolenie Lokálne Spustenie pre aplikáciu servera
COM s identifikátorom CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B} . Toto povolenie
zabezpečenia možno zmeniť pomocou nástroja na správu Component Services.

Error - 22.2.2014 8:56:39 | Computer Name = ASTOR | Source = DCOM | ID = 10016
Description = Nastavenia povolenia špecifické pre aplikáciu neudeľujú používateľovi
NT AUTHORITY\SYSTEM SID (S-1-5-18) povolenie Lokálne Spustenie pre aplikáciu servera
COM s identifikátorom CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B} . Toto povolenie
zabezpečenia možno zmeniť pomocou nástroja na správu Component Services.

Error - 22.2.2014 9:08:49 | Computer Name = ASTOR | Source = Service Control Manager | ID = 7032
Description = Správca riadenia služieb sa po neočakávanom ukončení služby Windows
Management Instrumentation pokúsil vykonať opravnú akciu (Reštartovať službu),
ale táto činnosť zlyhala s nasledujúcou chybou: %%1056

Error - 22.2.2014 11:20:28 | Computer Name = ASTOR | Source = DCOM | ID = 10016
Description = Nastavenia povolenia špecifické pre aplikáciu neudeľujú používateľovi
NT AUTHORITY\SYSTEM SID (S-1-5-18) povolenie Lokálne Spustenie pre aplikáciu servera
COM s identifikátorom CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B} . Toto povolenie
zabezpečenia možno zmeniť pomocou nástroja na správu Component Services.


< End of report >

[Márty84]

Vypnete antivir, at nebrani programu v praci.
Znovu spustte OTL
Do spodniho okna vlozte nasledujici text (vcetne te dvojtecky pred slovem commands)

Kód: Vybrat vše

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[Purity]
[CreateRestorePoint]

:services
JavaQuickStarterService
AdobeFlashPlayerUpdateSvc

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1177238915-1604221776-839522115-1003Core.job
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1177238915-1604221776-839522115-1003UA.job

:otl
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1177238915-1604221776-839522115-1003\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1177238915-1604221776-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-1177238915-1604221776-839522115-1003\..\SearchScopes\{E2FFF44A-3D40-4201-A323-D0A0DA0DF897}: "URL" = http://search.yahoo.com/search?ei=utf-8 ... &ilc=12&p={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=302398&p="
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - HKU\.DEFAULT..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 File not found
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - HKU\S-1-5-18..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 File not found
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (%windir%\system32\drivers\Regview.exe) - File not found
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\Documents and Settings\Monika\Desktop\*.tmp files -> C:\Documents and Settings\Monika\Desktop\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[2010.03.01 20:22:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2011.03.07 23:18:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee

[Minmi]

ok a ktorú možnosť dať - opäť run scan, či fix? + zaškrtnúť znova tie 3 možnosti (LOP, purity)?

[Márty84]

zaškrtnúť znova tie 3 možnosti (LOP, purity)

Neni potreba

ok a ktorú možnosť dať - opäť run scan, či fix?

Fix

[Minmi]

tak tu to je

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Monika
->Temp folder emptied: 1490114 bytes
->Temporary Internet Files folder emptied: 7628628 bytes
->Java cache emptied: 11657 bytes
->FireFox cache emptied: 164007791 bytes
->Flash cache emptied: 113261 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 4541133 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 944547 bytes

Total Files Cleaned = 171,00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: Monika
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point
========== SERVICES/DRIVERS ==========
Service JavaQuickStarterService stopped successfully!
Service JavaQuickStarterService deleted successfully!
Service AdobeFlashPlayerUpdateSvc stopped successfully!
Service AdobeFlashPlayerUpdateSvc deleted successfully!
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
C:\WINDOWS\tasks\Adobe Flash Player Updater.job moved successfully.
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1177238915-1604221776-839522115-1003Core.job moved successfully.
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1177238915-1604221776-839522115-1003UA.job moved successfully.
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_USERS\S-1-5-21-1177238915-1604221776-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1177238915-1604221776-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1177238915-1604221776-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{E2FFF44A-3D40-4201-A323-D0A0DA0DF897}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2FFF44A-3D40-4201-A323-D0A0DA0DF897}\ not found.
Prefs.js: "Yahoo" removed from browser.search.defaultenginename
Prefs.js: "chr-greentree_ff&ilc=12&type=302398" removed from browser.search.param.yahoo-fr
Prefs.js: "Yahoo" removed from browser.search.selectedEngine
Prefs.js: "http://search.yahoo.com/search?fr=green ... =302398&p=" removed from keyword.URL
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nltide_2 deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ShowDeskFix deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nltide_2 not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ShowDeskFix not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:%windir%\system32\drivers\Regview.exe deleted successfully.
C:\Documents and Settings\Monika\Desktop\~WRL0001.tmp deleted successfully.
C:\Documents and Settings\Monika\Desktop\~WRL0003.tmp deleted successfully.
C:\Documents and Settings\Monika\Desktop\~WRL0618.tmp deleted successfully.
C:\Documents and Settings\Monika\Desktop\~WRL0920.tmp deleted successfully.
C:\Documents and Settings\Monika\Desktop\~WRL1107.tmp deleted successfully.
C:\Documents and Settings\Monika\Desktop\~WRL2423.tmp deleted successfully.
C:\WINDOWS\Installer\MSI10F.tmp- folder deleted successfully.
C:\WINDOWS\Installer\MSI111.tmp- folder deleted successfully.
C:\Documents and Settings\All Users\Application Data\Avg7 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\Common\MsiExec folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\Common folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee folder moved successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 02222014_194538

Files\Folders moved on Reboot...
C:\Documents and Settings\Monika\Local Settings\Temp\avgnt.exe\Avira.OE.ExtApi.dll moved successfully.
C:\Documents and Settings\Monika\Local Settings\Temp\avgnt.exe\Avira.OE.NativeCore.dll moved successfully.
C:\Documents and Settings\Monika\Local Settings\Temp\avgnt.exe\Avira.OE.Wincore.dll moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[Márty84]

Prejmenujte ComboFix na Uninstall a spustte ho. CF by se mel odinstalovat.

T-Cleaner http://tharifas.sweb.cz/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry mohou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

Stahnete OTC http://oldtimer.geekstogo.com/OTC.exe , ulozte a spustte.
Kliknete na napis CleanUp a pote OK - Po uklidu dojde k restartu pc.

Stahnete TFC http://oldtimer.geekstogo.com/TFC.exe , ulozte a spustte
Kliknete na START a pote OK - Po uklidu dojde k restartu pc.
Po pouziti muzete programek smazat

Stahnete Ccleaner http://www.piriform.com/ccleaner/download/slim a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!

Defragmentujte disk(y)
Stahnete program Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
Pri instalaci opet pozor na toolbar
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.




Pak napiste, jak je na tom pc.

[Minmi]

tak vykonané

po defragmentácii zrazu akosi dlho pri zapnutí pc nabieha plocha (ikony+štart)
čo sa týka tej hlášky ohľadom Regview.exe, tak tá je stále aktuálna - neviem načo ten súbor slúži, ale mám pocit, že kedysi dávno mala sestra na pc dáky vírus a odvtedy to asi vyskakuje (asi vymazal ten súbor)
centrum zabezpečenia v ovládacom paneli je stále nedostupné (neviem či to môže nejak súvisieť s tým chýbajúcim súborom)
a po spustení svchost.exe stále hlce procesor, ale ako som vygooglil, malo by to byť windows update serverom (http://www.zive.cz/poradna/problem-po-i ... tanswers=1 - "Proces svchost v tomto případě označuje automatické aktualizace. Operační systém se snaží o stáhnutí aktualizací. Microsoft je již neposkytuje. Řešení - vypnutí služby aktualizací.") tak vyskúšam a keď tak, stále sa to dá po spustení ukončiť v správcovi úloh

/edit: sem tam sa štart lišta, či niektoré okno zmení a vyzerá ako tá vo windows 98 ale po chvíli to zväčša nabehne naspäť

[Márty84]

Po defragmentaci byva hlavne prvni start delsi, ale ty dalsi uz by mely byt v normalu

Napiste mi velikost tohoto adresare C:\Documents and Settings\Monika\Desktop

Jak pisete, aktualizace windowsu vypnete.


Na tu hlasku pouzijte toto

Vypnete antivir, at nebrani programu v praci.
Stahnete OTM http://oldtimer.geekstogo.com/OTM.exe , ulozte nejlepe na plochu a spustte.
Do leveho okna zkopirujte tento skript (vcetne te dvojtecky pred slovem commands)

Kód: Vybrat vše

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[Purity]
[CreateRestorePoint]

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
C:\WINDOWS\system32\drivers\Regview.exe

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="explorer.exe"

Kliknete na MoveIt a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu sem dejte log, ktery na vas vyskoci, nebo bude zde C:\_OTM\MovedFiles\xxxxxxxx_xxxxxx (misto tech x budou cisla, predstavujici datum a cas spusteni)