preventivka, vyskakování okna spustit jako

[maxino]

zdravím,
prosím o kontrolu pc a zbavení se vyskakující hlášky viz níže (vždy po zapnutí pc a naběhnutí plochy se objevuje tato hláška)

Bez názvu1.JPG (24.08 KiB) Zobrazeno 2207 x

Logfile of random's system information tool 1.06 (written by random/random)
Run by Verča at 2014-03-18 07:32:30
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 4 GB (14%) free of 30 GB
Total RAM: 2030 MB (55% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{ED043CD0-00A5-47F3-AF05-3A41D6A238AC}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-12-18 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-12-18 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IntelAudioStudio"=C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe [2006-08-02 9134080]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2013-09-12 5110672]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2013-03-21 15517984]
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit -login []
"nwiz"=C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2013-03-23 1982312]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"GarminExpressTrayApp"=C:\Program Files\Garmin\Express Tray\ExpressTray.exe [2013-12-30 1095000]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\PotPlayer\daumvsvr.exe"="E:\PotPlayer\daumvsvr.exe:*:Enabled:DaumCP VoD Server"
"E:\PotPlayer\PotPlayerMini.exe"="E:\PotPlayer\PotPlayerMini.exe:*:Enabled:PotPlayer"
"E:\PotPlayer\PotPlayer.exe"="E:\PotPlayer\PotPlayer.exe:*:Enabled:PotPlayer (32-Bit)"
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"="C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\PotPlayer\PotPlayerMini.exe"="E:\PotPlayer\PotPlayerMini.exe:*:Enabled:PotPlayer"
"E:\PotPlayer\PotPlayer.exe"="E:\PotPlayer\PotPlayer.exe:*:Enabled:PotPlayer (32-Bit)"

======List of files/folders created in the last 1 months======

2014-03-13 09:03:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2929961$
2014-03-13 09:02:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2930275$
2014-03-12 20:08:37 ----A---- C:\WINDOWS\system32\FlashPlayerInstaller.exe

======List of files/folders modified in the last 1 months======

2014-03-18 07:32:32 ----D---- C:\Program Files\trend micro
2014-03-18 07:30:31 ----D---- C:\WINDOWS\temp
2014-03-17 22:07:37 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-03-17 19:08:11 ----D---- C:\WINDOWS\Prefetch
2014-03-16 09:43:32 ----A---- C:\WINDOWS\wincmd.ini
2014-03-15 15:50:14 ----A---- C:\WINDOWS\NeroDigital.ini
2014-03-14 10:53:31 ----D---- C:\WINDOWS
2014-03-13 09:06:19 ----D---- C:\WINDOWS\system32
2014-03-13 09:03:32 ----HD---- C:\WINDOWS\inf
2014-03-13 09:03:30 ----RSHDC---- C:\WINDOWS\system32\dllcache
2014-03-13 09:03:28 ----D---- C:\Program Files\Internet Explorer
2014-03-13 09:03:14 ----D---- C:\WINDOWS\ie8updates
2014-03-13 09:02:39 ----D---- C:\WINDOWS\system32\CatRoot2
2014-03-13 09:02:28 ----SHD---- C:\WINDOWS\Installer
2014-03-13 09:02:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2014-03-12 20:08:44 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2014-03-05 22:58:29 ----D---- C:\WINDOWS\Debug
2014-02-26 15:04:08 ----SD---- C:\Documents and Settings\Verča\Data aplikací\Microsoft
2014-02-24 17:05:38 ----A---- C:\WINDOWS\system32\wininet.dll
2014-02-24 12:35:36 ----N---- C:\WINDOWS\system32\occache.dll
2014-02-24 12:35:36 ----N---- C:\WINDOWS\system32\mstime.dll
2014-02-24 12:35:36 ----A---- C:\WINDOWS\system32\urlmon.dll
2014-02-24 12:35:36 ----A---- C:\WINDOWS\system32\url.dll
2014-02-24 12:35:36 ----A---- C:\WINDOWS\system32\mshtmled.dll
2014-02-24 12:35:36 ----A---- C:\WINDOWS\system32\mshtml.dll
2014-02-24 12:35:36 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2014-02-24 12:35:35 ----N---- C:\WINDOWS\system32\licmgr10.dll
2014-02-24 12:35:35 ----N---- C:\WINDOWS\system32\jsproxy.dll
2014-02-24 12:35:35 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2014-02-24 12:35:35 ----A---- C:\WINDOWS\system32\msfeeds.dll
2014-02-24 12:35:35 ----A---- C:\WINDOWS\system32\iertutil.dll
2014-02-24 12:35:35 ----A---- C:\WINDOWS\system32\iepeers.dll
2014-02-24 12:35:35 ----A---- C:\WINDOWS\system32\ieframe.dll
2014-02-24 12:35:35 ----A---- C:\WINDOWS\system32\corpol.dll
2014-02-24 11:54:22 ----N---- C:\WINDOWS\system32\ie4uinit.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2005-10-18 11008]
R1 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2013-09-17 184664]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2013-09-17 134248]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2013-09-17 61600]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2013-09-17 174400]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-07-26 231424]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2013-09-17 38952]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HECI;Intel(R) Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2006-07-29 43392]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2013-03-23 12653120]
R3 STHDA;IDT High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2008-04-10 1271032]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2009-03-18 30336]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2012-01-09 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2012-01-09 23168]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2012-06-11 19072]
S3 sfng32;Sonic Focus Plugin for Sigmatel HDA; C:\WINDOWS\system32\drivers\sfng32.sys [2005-12-02 41728]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2012-01-09 8192]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2013-08-29 26240]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2012-01-09 8192]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2006-09-04 241664]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-13 44032]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2013-09-12 1337752]
R2 Garmin Core Update Service;Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-12-30 250712]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-12-18 182696]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2013-03-21 156448]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-03-23 1259296]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-07-20 754856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12 257928]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-02-15 118896]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-06-11 724376]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Márty84]

Zdravim


Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Spustte ho.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Clean
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.


Aktualizujem skener
Smazte RSIT a slozku C:\Program Files\trend micro , pokud ji najdete.
Pak stahnete nove RSIT http://images.malwareremoval.com/random/RSIT.exe a dejte log z nej.

[maxino]

# AdwCleaner v3.022 - Report created 18/03/2014 at 10:32:39
# Updated 13/03/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Verča - VERONIKA-322B95
# Running from : C:\Documents and Settings\Verča\Dokumenty\Stažené soubory\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\APN PIP

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v27.0.1 (cs)

[ File : C:\Documents and Settings\Verča\Data aplikací\Mozilla\Firefox\Profiles\kfls3it7.default\prefs.js ]


[ File : C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\vn1c23sl.default\prefs.js ]


*************************

AdwCleaner[R4].txt - [980 octets] - [18/03/2014 10:31:59]
AdwCleaner[S3].txt - [904 octets] - [18/03/2014 10:32:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [963 octets] ##########

[maxino]

složka trend micro smazána

nový RSIT

Logfile of random's system information tool 1.09 (written by random/random)
Run by Verča at 2014-03-18 10:37:58
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 4 GB (15%) free of 30 GB
Total RAM: 2030 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:38:04, on 18.3.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Garmin\Express Tray\ExpressTray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Verča\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Verča.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files\Garmin\Express Tray\ExpressTray.exe"
O4 - HKUS\S-1-5-21-1409082233-115176313-725345543-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4590723468
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6975 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{ED043CD0-00A5-47F3-AF05-3A41D6A238AC}.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Verča\Data aplikací\Mozilla\Firefox\Profiles\kfls3it7.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 12.0.0.77 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.51.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-12-18 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-12-18 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IntelAudioStudio"=C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe [2006-08-02 9134080]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2013-09-12 5110672]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2013-03-21 15517984]
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit -login []
"nwiz"=C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2013-03-23 1982312]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"GarminExpressTrayApp"=C:\Program Files\Garmin\Express Tray\ExpressTray.exe [2013-12-30 1095000]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\PotPlayer\daumvsvr.exe"="E:\PotPlayer\daumvsvr.exe:*:Enabled:DaumCP VoD Server"
"E:\PotPlayer\PotPlayerMini.exe"="E:\PotPlayer\PotPlayerMini.exe:*:Enabled:PotPlayer"
"E:\PotPlayer\PotPlayer.exe"="E:\PotPlayer\PotPlayer.exe:*:Enabled:PotPlayer (32-Bit)"
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"="C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\PotPlayer\PotPlayerMini.exe"="E:\PotPlayer\PotPlayerMini.exe:*:Enabled:PotPlayer"
"E:\PotPlayer\PotPlayer.exe"="E:\PotPlayer\PotPlayer.exe:*:Enabled:PotPlayer (32-Bit)"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv

======List of files/folders created in the last 1 month======

2014-03-18 10:37:58 ----D---- C:\Program Files\trend micro
2014-03-18 10:31:57 ----D---- C:\AdwCleaner
2014-03-18 09:12:43 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2014-03-18 09:12:43 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2014-03-13 09:03:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2929961$
2014-03-13 09:02:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2930275$
2014-03-12 20:08:37 ----A---- C:\WINDOWS\system32\FlashPlayerInstaller.exe

======List of files/folders modified in the last 1 month======

2014-03-18 10:37:58 ----RD---- C:\Program Files
2014-03-18 10:37:32 ----D---- C:\WINDOWS\Prefetch
2014-03-18 10:35:27 ----D---- C:\WINDOWS\temp
2014-03-18 10:34:33 ----D---- C:\WINDOWS
2014-03-18 10:33:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-03-18 09:14:45 ----D---- C:\WINDOWS\system32\drivers
2014-03-16 09:43:32 ----A---- C:\WINDOWS\wincmd.ini
2014-03-15 15:50:14 ----A---- C:\WINDOWS\NeroDigital.ini
2014-03-13 09:06:19 ----D---- C:\WINDOWS\system32
2014-03-13 09:03:32 ----HD---- C:\WINDOWS\inf
2014-03-13 09:03:30 ----RSHDC---- C:\WINDOWS\system32\dllcache
2014-03-13 09:03:28 ----D---- C:\Program Files\Internet Explorer
2014-03-13 09:03:14 ----D---- C:\WINDOWS\ie8updates
2014-03-13 09:02:39 ----D---- C:\WINDOWS\system32\CatRoot2
2014-03-13 09:02:28 ----SHD---- C:\WINDOWS\Installer
2014-03-13 09:02:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2014-03-12 20:08:44 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2014-03-05 22:58:29 ----D---- C:\WINDOWS\Debug
2014-02-26 15:04:08 ----SD---- C:\Documents and Settings\Verča\Data aplikací\Microsoft
2014-02-24 17:05:38 ----A---- C:\WINDOWS\system32\wininet.dll
2014-02-24 12:35:36 ----N---- C:\WINDOWS\system32\occache.dll
2014-02-24 12:35:36 ----N---- C:\WINDOWS\system32\mstime.dll
2014-02-24 12:35:36 ----A---- C:\WINDOWS\system32\urlmon.dll
2014-02-24 12:35:36 ----A---- C:\WINDOWS\system32\url.dll
2014-02-24 12:35:36 ----A---- C:\WINDOWS\system32\mshtmled.dll
2014-02-24 12:35:36 ----A---- C:\WINDOWS\system32\mshtml.dll
2014-02-24 12:35:36 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2014-02-24 12:35:35 ----N---- C:\WINDOWS\system32\licmgr10.dll
2014-02-24 12:35:35 ----N---- C:\WINDOWS\system32\jsproxy.dll
2014-02-24 12:35:35 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2014-02-24 12:35:35 ----A---- C:\WINDOWS\system32\msfeeds.dll
2014-02-24 12:35:35 ----A---- C:\WINDOWS\system32\iertutil.dll
2014-02-24 12:35:35 ----A---- C:\WINDOWS\system32\iepeers.dll
2014-02-24 12:35:35 ----A---- C:\WINDOWS\system32\ieframe.dll
2014-02-24 12:35:35 ----A---- C:\WINDOWS\system32\corpol.dll
2014-02-24 11:54:22 ----N---- C:\WINDOWS\system32\ie4uinit.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 edevmon;edevmon; C:\WINDOWS\system32\DRIVERS\edevmon.sys [2013-09-17 187808]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2005-10-18 11008]
R1 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2013-09-17 184664]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2013-09-17 134248]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2013-09-17 61600]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2013-09-17 174400]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-07-26 231424]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2013-09-17 38952]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HECI;Intel(R) Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2006-07-29 43392]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2013-03-23 12653120]
R3 STHDA;IDT High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2008-04-10 1271032]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2012-01-09 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2012-01-09 23168]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2012-06-11 19072]
S3 sfng32;Sonic Focus Plugin for Sigmatel HDA; C:\WINDOWS\system32\drivers\sfng32.sys [2005-12-02 41728]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2012-01-09 8192]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2013-08-29 26240]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2012-01-09 8192]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2006-09-04 241664]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-13 44032]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2013-09-12 1337752]
R2 Garmin Core Update Service;Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-12-30 250712]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-12-18 182696]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2013-03-21 156448]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-03-23 1259296]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-07-20 754856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12 257928]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-02-15 118896]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-06-11 724376]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Márty84]

Vidim tam MBAM. Aktualizujte ho, udelejte uplnou kontrolu a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce.

[maxino]

MBAM
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Verze: v2014.03.18.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Verča :: VERONIKA-322B95 [administrátor]

18.3.2014 10:43:54
mbam-log-2014-03-18 (10-43-54).txt

Typ: Kompletní kontrola (C:\|D:\|E:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 319843
Uplynulý čas: 38 minut, 5 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

okno "spustit jako" se již neobjevuje. Čím to vzniklo?

Moc díky za pomoc

[Márty84]

Popravde, nevim cim to vzniklo, protoze z toho neslo poznat, co se to chce vlastne spoustet. Proto bych to radeji prohledl poradne.


MBAM muzete odinstalovat

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe , ulozte ho na plochu a spustte.
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Zprava a objevi se log. Ten mi sem vlozte

[maxino]

RogueKiller V8.8.11 [Mar 14 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : Verča [Práva správce]
Mód : Kontrola -- Datum : 03/18/2014 12:10:24
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 2 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 1 ¤¤¤
[All Users][SUSP UNIC] Windows Search.lnk : C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk @C:\PROGRA~1\WI459E~1\WINDOW~1.EXE /startup [-][7] -> NALEZENO

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD3200AAKS-00SBA0 +++++
--- User ---
[MBR] 7873225a057c63212ebf494d3d420a39
[BSP] a2a3c9c8c91856f8c20a41eabb1af4c9 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 29996 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 61432560 | Size: 275238 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_S_03182014_121024.txt >>

[Márty84]

Znovu spustte RogueKiller (pokud jste ho jeste nezavrel/a, rovnou kliknete na napis Smazat)
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Smazat.
Pak kliknete na napis Zprava a objevi se log. Ten mi sem vlozte.
Pak kliknete na napis Oprava Host a Zprava.
Objevi se dalsi log. I ten mi sem vlozte.

[maxino]

tak první log

RogueKiller V8.8.11 [Mar 14 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : Verča [Práva správce]
Mód : Odebrat -- Datum : 03/18/2014 12:22:58
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD3200AAKS-00SBA0 +++++
--- User ---
[MBR] 7873225a057c63212ebf494d3d420a39
[BSP] a2a3c9c8c91856f8c20a41eabb1af4c9 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 29996 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 61432560 | Size: 275238 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_D_03182014_122258.txt >>
RKreport[0]_D_03182014_122110.txt;RKreport[0]_S_03182014_121024.txt;RKreport[0]_S_03182014_122253.txt

[maxino]

druhý log

RogueKiller V8.8.11 [Mar 14 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : Verča [Práva správce]
Mód : Oprava HOSTS -- Datum : 03/18/2014 12:23:33
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost


Dokončeno : << RKreport[0]_H_03182014_122333.txt >>
RKreport[0]_D_03182014_122110.txt;RKreport[0]_D_03182014_122258.txt;RKreport[0]_S_03182014_121024.txt
RKreport[0]_S_03182014_122253.txt

[Márty84]

Jeste jeden sken a budem mazat.


Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe , ulozte na plochu a spustte.
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).



Za chvili odchazim do prace, takze log prohlednu bud vecer, nebo zitra dopoledne

[maxino]

OTL logfile created on: 18.3.2014 12:30:43 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Verča\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,98 Gb Total Physical Memory | 0,93 Gb Available Physical Memory | 46,92% Memory free
3,83 Gb Paging File | 3,03 Gb Available in Paging File | 79,04% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29,29 Gb Total Space | 4,19 Gb Free Space | 14,29% Space Free | Partition Type: NTFS
Drive D: | 4,01 Gb Total Space | 3,97 Gb Free Space | 99,19% Space Free | Partition Type: NTFS
Drive E: | 264,78 Gb Total Space | 51,61 Gb Free Space | 19,49% Space Free | Partition Type: NTFS

Computer Name: VERONIKA-322B95 | User Name: Verča | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014.03.18 12:29:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Verča\Plocha\OTL.exe
PRC - [2014.02.15 11:50:34 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013.12.30 09:05:18 | 001,095,000 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files\Garmin\Express Tray\ExpressTray.exe
PRC - [2013.12.30 09:05:02 | 000,250,712 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2013.12.18 21:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013.09.12 12:06:22 | 001,337,752 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2013.09.12 12:06:06 | 005,110,672 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2013.03.23 01:22:24 | 001,259,296 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.09.04 13:49:52 | 000,241,664 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe


========== Modules (No Company Name) ==========

MOD - [2014.02.15 11:50:33 | 003,578,992 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014.02.13 09:57:51 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\2e3fdae8546832614633495638bef8d0\System.ServiceProcess.ni.dll
MOD - [2014.02.13 09:57:50 | 000,369,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\ebbdeb2224cf7f8b4aa7d039516d17bd\System.ServiceModel.Routing.ni.dll
MOD - [2014.02.13 09:57:49 | 001,142,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\5a8617e2c334fde080fbdc73c05fd8b6\System.ServiceModel.Discovery.ni.dll
MOD - [2014.02.13 09:57:48 | 000,082,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\7401d47e8eef61dd2770777964c4e481\System.ServiceModel.Channels.ni.dll
MOD - [2014.02.13 09:57:47 | 001,394,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\927a0770a75cedf18eeb9a6dbbe54afd\System.ServiceModel.Activities.ni.dll
MOD - [2014.02.13 09:57:45 | 018,109,952 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a95ac0b02617b9dadbc5f625586b2aac\System.ServiceModel.ni.dll
MOD - [2014.02.13 09:57:20 | 001,218,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\7612d2ecdf9c6beedc264e9390e97b0f\System.Management.ni.dll
MOD - [2014.02.13 09:57:17 | 001,079,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\6769297ceb522c4fe6de2c5e3575812d\System.IdentityModel.ni.dll
MOD - [2014.02.13 09:55:22 | 000,787,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\6a5f031a28c774f1163af0715c3a6097\System.EnterpriseServices.ni.dll
MOD - [2014.02.13 09:55:22 | 000,236,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\6a5f031a28c774f1163af0715c3a6097\System.EnterpriseServices.Wrapper.dll
MOD - [2014.02.13 09:55:21 | 000,649,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\fc7255cccb69c45a808b3d7e6abf55c5\System.Transactions.ni.dll
MOD - [2014.02.13 09:55:20 | 001,021,952 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\cd626ecab8e1657628451408aba720cd\System.Runtime.DurableInstancing.ni.dll
MOD - [2014.02.13 09:55:19 | 002,659,328 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\be0a1bb51a0d8fb41140c8111ed56d19\System.Runtime.Serialization.ni.dll
MOD - [2014.02.13 09:55:19 | 000,143,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\88aec4231adca9f5a4226c83911c4dad\SMDiagnostics.ni.dll
MOD - [2014.02.13 09:55:16 | 000,393,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\c74e45d841d46ea6a7c203f6f864f555\System.Xml.Linq.ni.dll
MOD - [2014.02.13 09:55:15 | 001,801,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\d116eda30a35c490e59221b0ebac6fcd\System.Xaml.ni.dll
MOD - [2014.02.12 22:10:47 | 018,003,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\880358291baf3043e07b2a7c2f401c85\PresentationFramework.ni.dll
MOD - [2014.02.12 22:10:36 | 013,199,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\2781e84862746a34f026d0ee179eed2b\System.Windows.Forms.ni.dll
MOD - [2014.02.12 22:10:27 | 011,451,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\db591e35967527b7b864124303dea13a\PresentationCore.ni.dll
MOD - [2014.02.12 22:10:19 | 000,755,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\67939f4c3d18712bacf74bfc8c75ab40\PresentationFramework.Luna.ni.dll
MOD - [2014.02.12 22:10:16 | 006,817,280 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\2c4f9ef6baacb578ab136a5b30ada098\System.Data.ni.dll
MOD - [2014.02.12 22:10:13 | 003,858,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\dc74ab189aa9b156581a7228866d3330\WindowsBase.ni.dll
MOD - [2014.02.12 22:10:08 | 001,667,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\243ff1822abc8282cb8fee37538170b4\System.Drawing.ni.dll
MOD - [2014.02.12 22:10:04 | 000,751,616 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Security\e0579383d49e212d5bf5a87c3dad50e7\System.Security.ni.dll
MOD - [2014.02.12 22:10:02 | 007,070,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\354a5906fd46f4374f86916debf3ebcb\System.Core.ni.dll
MOD - [2014.02.12 22:09:59 | 005,628,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\850fa7110c7423c324762c1ad3130219\System.Xml.ni.dll
MOD - [2014.02.12 22:09:53 | 001,014,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\991c4e11f571a4074b9c4a5841222338\System.Configuration.ni.dll
MOD - [2014.02.12 22:09:51 | 009,099,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\4c906eb82e6f56aea01b2a7291fab7ea\System.ni.dll
MOD - [2014.02.12 22:09:42 | 014,416,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\4e62d1d9b7dd2c2d14915abb73c22d50\mscorlib.ni.dll
MOD - [2013.07.10 17:07:22 | 000,756,888 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
MOD - [2011.06.22 11:46:12 | 000,434,016 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2011.05.26 20:18:44 | 000,136,536 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\OUTLCTL.DLL
MOD - [2010.04.11 17:48:06 | 000,327,680 | ---- | M] () -- C:\Program Files\WinRAR\rarlng.dll
MOD - [2010.03.15 10:28:24 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009.02.26 13:46:56 | 000,064,344 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
MOD - [2006.08.11 14:43:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll


========== Services (SafeList) ==========

SRV - [2014.03.12 20:08:45 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.02.15 11:50:33 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.12.30 09:05:02 | 000,250,712 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2013.12.18 21:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013.09.12 12:06:22 | 001,337,752 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2013.03.23 01:22:24 | 001,259,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.06.11 10:33:26 | 000,724,376 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006.09.04 13:49:52 | 000,241,664 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013.09.17 15:17:38 | 000,187,808 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\edevmon.sys -- (edevmon)
DRV - [2013.09.17 15:17:38 | 000,184,664 | ---- | M] (ESET) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2013.09.17 15:17:38 | 000,174,400 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2013.09.17 15:17:38 | 000,134,248 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2013.09.17 15:17:38 | 000,061,600 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2013.09.17 15:17:38 | 000,038,952 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2012.06.11 10:33:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012.01.09 16:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012.01.09 16:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012.01.09 16:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012.01.09 16:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008.04.10 20:10:10 | 001,271,032 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006.07.29 04:20:28 | 000,043,392 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI)
DRV - [2006.06.14 06:56:00 | 000,012,288 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2005.12.02 10:38:04 | 000,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)
DRV - [2005.10.18 15:01:00 | 000,011,008 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1409082233-115176313-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-1409082233-115176313-725345543-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1409082233-115176313-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-1409082233-115176313-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1409082233-115176313-725345543-1005\..\SearchScopes,DefaultScope =

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013.12.02 17:39:07 | 000,000,000 | ---D | M]

[2013.03.29 22:05:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Verča\Data aplikací\Mozilla\Extensions
[2013.09.27 09:01:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Verča\Data aplikací\Mozilla\Firefox\Profiles\kfls3it7.default\extensions
[2014.02.15 11:50:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014.02.15 11:50:35 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2014.03.18 12:23:33 | 000,000,741 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [IntelAudioStudio] C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKU\S-1-5-21-1409082233-115176313-725345543-1003..\Run: [GarminExpressTrayApp] C:\Program Files\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1409082233-115176313-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1409082233-115176313-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1409082233-115176313-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1409082233-115176313-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1409082233-115176313-725345543-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1409082233-115176313-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKU\S-1-5-21-1409082233-115176313-725345543-1003\..Trusted Domains: microsoft.com ([*.update] http in Důvěryhodné servery)
O15 - HKU\S-1-5-21-1409082233-115176313-725345543-1003\..Trusted Domains: microsoft.com ([*.update] https in Důvěryhodné servery)
O15 - HKU\S-1-5-21-1409082233-115176313-725345543-1003\..Trusted Domains: microsoft.com ([update] http in Důvěryhodné servery)
O15 - HKU\S-1-5-21-1409082233-115176313-725345543-1003\..Trusted Domains: microsoft.com ([update] https in Důvěryhodné servery)
O15 - HKU\S-1-5-21-1409082233-115176313-725345543-1003\..Trusted Domains: windowsupdate.com ([download] http in Důvěryhodné servery)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/wind ... 4589633359 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 4590723468 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 84.21.107.129 84.16.96.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09594390-EA1C-47C8-AA7F-CDBDB55F0286}: DhcpNameServer = 84.21.107.129 84.16.96.2
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Verča\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Verča\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2014.03.18 12:29:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Verča\Plocha\OTL.exe
[2014.03.18 12:06:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Verča\Plocha\RK_Quarantine
[2014.03.18 10:37:58 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2014.03.18 10:31:57 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.03.18 09:12:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Verča\Recent
[2014.03.12 20:08:37 | 005,777,288 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe

========== Files - Modified Within 30 Days ==========

[2014.03.18 12:32:41 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014.03.18 12:29:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Verča\Plocha\OTL.exe
[2014.03.18 12:26:32 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{ED043CD0-00A5-47F3-AF05-3A41D6A238AC}.job
[2014.03.18 12:07:00 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014.03.18 12:06:07 | 003,901,952 | ---- | M] () -- C:\Documents and Settings\Verča\Plocha\RogueKiller.exe
[2014.03.18 10:42:30 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014.03.18 10:40:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014.03.17 19:08:05 | 000,024,655 | ---- | M] () -- C:\Documents and Settings\Verča\Plocha\Bez názvu1.JPG
[2014.03.16 10:08:00 | 000,002,563 | ---- | M] () -- C:\Documents and Settings\Verča\Plocha\Microsoft Office Word 2007.lnk
[2014.03.16 09:43:32 | 000,001,955 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2014.03.15 15:50:14 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2014.03.15 15:50:13 | 000,114,688 | ---- | M] () -- C:\Documents and Settings\Verča\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014.03.14 13:17:52 | 000,002,477 | ---- | M] () -- C:\Documents and Settings\Verča\Plocha\Microsoft Office Excel 2007.lnk
[2014.03.13 09:06:20 | 000,270,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014.03.12 20:08:44 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014.03.12 20:08:44 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014.03.12 20:08:37 | 005,777,288 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2014.03.05 23:00:03 | 000,003,354 | ---- | M] () -- C:\Documents and Settings\Verča\Dokumenty\cc_20140305_230001.reg
[2014.02.24 17:05:38 | 000,920,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2014.02.24 12:35:36 | 006,022,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2014.02.24 12:35:36 | 001,216,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2014.02.24 12:35:36 | 000,759,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2014.02.24 12:35:36 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2014.02.24 12:35:36 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2014.02.24 12:35:36 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2014.02.24 12:35:36 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2014.02.24 12:35:36 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2014.02.24 12:35:36 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2014.02.24 12:35:36 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2014.02.24 12:35:36 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2014.02.24 12:35:35 | 011,113,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2014.02.24 12:35:35 | 002,006,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2014.02.24 12:35:35 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2014.02.24 12:35:35 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2014.02.24 12:35:35 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2014.02.24 12:35:35 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2014.02.24 12:35:35 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2014.02.24 12:35:35 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2014.02.24 12:35:35 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2014.02.24 12:35:35 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2014.02.24 12:35:35 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2014.02.24 12:35:35 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2014.02.24 12:35:35 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2014.02.24 12:35:35 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2014.02.24 12:35:35 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2014.02.24 12:35:35 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2014.02.24 12:35:35 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2014.02.24 12:35:35 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2014.02.24 11:54:22 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2014.02.24 11:54:22 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2014.02.24 11:54:21 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2014.02.21 10:39:32 | 000,049,283 | ---- | M] () -- C:\Documents and Settings\Verča\Plocha\obrazky-masinka-tomas-1.jpg

========== Files Created - No Company Name ==========

[2014.03.18 12:32:41 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014.03.18 12:05:32 | 003,901,952 | ---- | C] () -- C:\Documents and Settings\Verča\Plocha\RogueKiller.exe
[2014.03.17 19:08:05 | 000,024,655 | ---- | C] () -- C:\Documents and Settings\Verča\Plocha\Bez názvu1.JPG
[2014.03.05 23:00:02 | 000,003,354 | ---- | C] () -- C:\Documents and Settings\Verča\Dokumenty\cc_20140305_230001.reg
[2014.02.21 10:39:32 | 000,049,283 | ---- | C] () -- C:\Documents and Settings\Verča\Plocha\obrazky-masinka-tomas-1.jpg
[2014.02.04 22:40:40 | 000,414,184 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-S-1-5-21-1409082233-115176313-725345543-1003-0.dat
[2014.02.04 22:40:40 | 000,272,174 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-System.dat
[2013.12.25 19:11:22 | 000,000,342 | ---- | C] () -- C:\WINDOWS\pdf2word.INI
[2013.12.16 23:03:18 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\Verča\Local Settings\Data aplikací\fusioncache.dat
[2013.04.14 10:04:23 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013.04.14 10:04:23 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013.04.14 10:04:23 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013.04.09 14:17:22 | 000,000,124 | ---- | C] () -- C:\WINDOWS\System32\drivers\license.dat
[2013.03.30 20:40:05 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2013.03.30 20:40:04 | 000,114,688 | ---- | C] () -- C:\Documents and Settings\Verča\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.03.30 03:06:50 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2013.03.29 22:09:38 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2013.03.29 22:08:31 | 000,270,984 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.03.29 21:59:46 | 000,001,955 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2013.03.29 21:41:31 | 000,010,496 | ---- | C] () -- C:\WINDOWS\System32\ATKOSDMini.DLL
[2013.03.29 21:41:31 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2013.03.29 21:41:30 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll
[2013.03.29 21:41:30 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll
[2013.03.29 21:41:30 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll
[2013.03.29 21:41:30 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll
[2013.03.29 21:41:29 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll
[2013.03.29 21:41:29 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll
[2013.03.29 21:41:29 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll
[2013.03.29 21:41:29 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll
[2013.03.29 21:21:16 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013.03.29 21:16:07 | 000,021,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2013.02.08 04:03:08 | 002,817,904 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data

========== ZeroAccess Check ==========

[2013.10.17 20:27:40 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2013.02.06 11:55:04 | 001,510,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:56:05 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 08:52:06 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013.12.28 12:23:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ashampoo
[2013.04.02 11:50:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AVG2013
[2013.03.30 21:35:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonBJ
[2013.03.29 22:10:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\Common Files
[2013.12.02 17:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2013.09.26 13:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Friday's games
[2014.02.03 16:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Garmin
[2013.05.17 14:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Installations
[2013.04.02 11:50:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\MFAData
[2014.02.05 10:55:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Package Cache
[2013.12.28 11:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\page
[2013.05.17 14:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Suite
[2014.02.03 16:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\Garmin
[2013.12.28 12:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Verča\Data aplikací\Ashampoo
[2013.03.29 22:32:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Verča\Data aplikací\AVG2013
[2013.04.02 12:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Verča\Data aplikací\ESET
[2014.02.03 16:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Verča\Data aplikací\Garmin
[2013.05.17 14:16:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Verča\Data aplikací\Nokia
[2013.05.17 14:14:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Verča\Data aplikací\PC Suite
[2013.03.29 22:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Verča\Data aplikací\TuneUp Software
[2013.12.16 22:38:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Verča\Data aplikací\Windows Desktop Search
[2014.01.22 12:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Verča\Data aplikací\Windows Search
[2013.12.25 19:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Verča\Data aplikací\YCanPDF
[2013.03.30 06:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Verča\Data aplikací\Zoner

========== Purity Check ==========



========== Custom Scans ==========

< >
[2013.03.29 21:17:12 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2013.03.29 21:22:22 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2013.12.06 06:54:47 | 000,000,436 | -H-- | C] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{ED043CD0-00A5-47F3-AF05-3A41D6A238AC}.job
[2013.12.13 20:08:34 | 000,000,914 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

< >

< MD5 for: AGP440.SYS >
[2006.03.02 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2006.03.02 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006.03.02 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.04.14 08:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\cmdcons\autochk.exe
[2008.04.14 08:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008.04.14 08:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe
[2006.03.02 13:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe

< MD5 for: CDROM.SYS >
[2006.03.02 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2006.03.02 13:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2006.03.02 13:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 08:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 08:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 08:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 08:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2006.03.02 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2006.03.02 13:00:00 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: HAL.DLL >
[2006.03.02 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.14 00:01:30 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\HAL.DLL
[2008.04.14 00:01:34 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2006.03.02 13:00:00 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll

< MD5 for: CHANGER.SYS >
[2006.03.02 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.14 00:11:00 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys

< MD5 for: ISAPNP.SYS >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2001.10.24 11:44:12 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
[2006.03.02 13:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\isapnp.sys
[2008.04.14 07:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 07:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2006.03.02 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 08:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 08:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2006.03.02 13:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2006.03.02 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 08:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 08:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2006.03.02 13:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2006.03.02 13:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2004.08.17 15:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2008.04.14 08:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 08:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2006.03.02 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.04.14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB2509553$\tcpip.sys
[2008.04.14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2006.03.02 13:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2006.03.02 13:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006.03.02 13:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2006.03.02 13:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008.04.14 08:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 08:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< >

< %systemroot%*.* /U /s >
[3 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[31 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[82 C:\WINDOWS\temp\*.tmp files -> C:\WINDOWS\temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2013.03.29 22:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Verča\Data aplikací\Adobe
[2013.12.28 12:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Verča\Data aplikací\Ashampoo
[2013.03.29 22:32:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Verča\Data aplikací\AVG2013
[2013.03.31 13:23:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Verča\Data aplikací\Creative
[2013.04.02 12:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Verča\Data aplikací\ESET
[2014.02.03 16:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Verča\Data aplikací\Garmin
[2013.03.29 21:23:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Verča\Data aplikací\Identities
[2013.03.30 22:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Verča\Data aplikací\Macromedia
[2013.12.04 06:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Verča\Data aplikací\Malwarebytes
[2014.02.26 15:04:08 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Verča\Data aplikací\Microsoft
[2013.03.29 22:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Verča\Data aplikací\Mozilla
[2013.05.17 14:16:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Verča\Data aplikací\Nokia
[2013.05.17 14:14:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Verča\Data aplikací\PC Suite
[2013.03.29 22:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Verča\Data aplikací\Sun
[2013.03.29 22:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Verča\Data aplikací\TuneUp Software
[2013.12.16 22:38:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Verča\Data aplikací\Windows Desktop Search
[2014.01.22 12:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Verča\Data aplikací\Windows Search
[2013.03.31 14:01:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Verča\Data aplikací\WinRAR
[2013.12.25 19:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Verča\Data aplikací\YCanPDF
[2013.03.30 06:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Verča\Data aplikací\Zoner

< %APPDATA%\*.exe /s >
[2014.01.15 11:24:55 | 000,145,408 | ---- | M] () -- C:\Documents and Settings\Verča\Data aplikací\Sun\Java\jre1.7.0_51\lzma.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2013.03.29 22:07:47 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2013.03.29 22:07:47 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2013.03.29 22:07:47 | 000,499,712 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2014.03.18 10:42:30 | 000,013,646 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 08:52:18 | 000,015,360 | ---- | M] (Microsoft Corporation)
"GarminExpressTrayApp" = "C:\Program Files\Garmin\Express Tray\ExpressTray.exe" -- [2013.12.30 09:05:18 | 001,095,000 | ---- | M] (Garmin Ltd or its subsidiaries)

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< >

< type c:\boot.ini >> test.txt /c >
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2014.03.18 12:32:41 | 000,000,512 | ---- | M] () MD5=7873225A057C63212EBF494D3D420A39 -- C:\PhysicalMBR.bin

< >

< *crack* /s >

< *keygen* /s >

< *AntiWPA* /s >

< *loader* /s >
[2006.10.26 13:40:34 | 000,057,344 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VS7DEBUG\coloader.dll
[2006.10.26 13:40:34 | 000,005,120 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VS7DEBUG\coloader.tlb
[2013.12.30 09:04:22 | 000,042,496 | ---- | M] () -- \Program Files\Garmin\Core Update Service\Garmin.Cartography.MyDownloader.Core.dll
[2012.06.26 11:36:20 | 000,002,560 | ---- | M] () -- \Program Files\Nokia\Nokia PC Suite 7\Lang\MapLoader_cze.NLR
[2010.03.15 10:28:24 | 000,045,056 | ---- | M] () -- \Program Files\WinRAR\RarExtLoader.exe
[2010.04.29 15:12:38 | 000,673,160 | ---- | M] () -- \Program Files\Zoner\Photo Studio 12\Plugins\Facebook\ZPSFacebookUploader.exe
[2010.04.29 15:12:40 | 000,053,640 | ---- | M] () -- \Program Files\Zoner\Photo Studio 12\Plugins\Facebook\ZPSPluginLoader.exe
[2010.04.29 15:12:42 | 000,686,984 | ---- | M] () -- \Program Files\Zoner\Photo Studio 12\Plugins\Flickr\ZPSFlickrUploader.exe
[2010.04.29 15:12:42 | 000,053,640 | ---- | M] () -- \Program Files\Zoner\Photo Studio 12\Plugins\Flickr\ZPSPluginLoader.exe
[2006.03.02 13:00:00 | 000,035,840 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\dmloader.dll
[2008.04.14 08:51:40 | 000,035,840 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\dmloader.dll
[2008.04.14 00:01:48 | 000,230,912 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.exe
[2008.04.14 00:01:50 | 000,278,528 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.ntd
[2008.04.14 08:51:40 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dmloader.dll

< *minodlogin* /s >

< *tnod* /s >

< *AutoKMS* /s >

< *activator* /s >

< *serial* /s >
[2004.08.17 15:44:16 | 000,030,301 | ---- | M] () -- \cmdcons\SERIAL.SY_
[2012.09.26 23:12:26 | 000,970,752 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2006.03.02 13:00:00 | 000,064,640 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\serial.sys
[2013.12.16 22:37:15 | 000,011,776 | ---- | M] () -- \WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.5000.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2013.12.16 23:03:07 | 000,131,072 | ---- | M] () -- \WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2013.12.16 22:13:40 | 000,011,776 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2014.02.12 22:06:16 | 000,131,072 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2013.12.16 22:13:51 | 000,090,112 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\system.runtime.serialization.resources\3.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
[2013.10.17 21:58:49 | 000,970,752 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2014.02.12 22:04:54 | 000,311,296 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\6c29ee2bedfe88dcd66993f1af135ad8\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.02.12 22:02:08 | 002,345,472 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9860da66bf0219612908e7412b0a6e2e\System.Runtime.Serialization.ni.dll
[2014.02.13 09:55:24 | 000,311,296 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\046c2851963b30d0e14194051c03de33\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2013.12.17 07:41:51 | 002,659,328 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\10519c5a16fab95707f40b55941647b5\System.Runtime.Serialization.ni.dll
[2013.12.17 07:41:57 | 000,311,296 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\ad3522eafb95969623aeef7c389246bd\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.02.13 09:55:19 | 002,659,328 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\be0a1bb51a0d8fb41140c8111ed56d19\System.Runtime.Serialization.ni.dll
[2014.02.13 09:58:01 | 000,009,216 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Serializ#\bc1a3b2de28e513e09fe7322c122144f\System.Xml.Serialization.ni.dll
[2013.12.17 07:44:38 | 000,009,216 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Serializ#\cda839ea462e123d42cb6d0883cf0f4d\System.Xml.Serialization.ni.dll
[2010.03.18 13:16:28 | 001,026,936 | R--- | M] () -- \WINDOWS\Installer\$PatchCache$\Managed\5C1093C35543A0E32A41B090A305076A\4.0.30319\System.Runtime.Serialization.dll.x86
[2013.12.15 12:49:15 | 000,017,840 | ---- | M] () -- \WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\v4.0_4.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2014.02.12 22:08:55 | 000,122,264 | ---- | M] () -- \WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2013.12.15 12:49:15 | 000,099,208 | ---- | M] () -- \WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System.RunTime.Serialization.resources\v4.0_4.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.resources.dll
[2014.02.12 22:08:52 | 001,039,040 | ---- | M] () -- \WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2014.02.12 22:09:12 | 000,011,120 | ---- | M] () -- \WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
[2004.07.15 14:31:54 | 000,131,072 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
[2003.04.07 19:24:52 | 000,011,776 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v1.1.4322\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2008.07.25 10:17:00 | 000,131,072 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2008.09.10 17:46:28 | 000,011,776 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2012.09.26 23:12:26 | 000,970,752 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2013.09.11 06:06:54 | 001,039,040 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
[2010.03.18 13:16:28 | 000,122,264 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2011.04.06 16:48:20 | 000,011,120 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v4.0.30319\System.Xml.Serialization.dll
[2010.06.15 02:33:16 | 000,017,840 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v4.0.30319\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2010.06.15 02:33:16 | 000,099,208 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v4.0.30319\cs\System.RunTime.Serialization.resources.dll
[2008.04.14 07:47:26 | 000,028,416 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\grserial.sys
[2008.04.14 07:51:10 | 000,064,256 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\serial.sys
[2007.06.27 18:29:04 | 000,131,072 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\system.runtime.serialization.formatters.soap.dll
[2006.03.02 13:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dpserial.dll
[2006.03.02 13:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\serialui.dll
[2006.03.02 13:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dllcache\dpserial.dll
[2006.03.02 13:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\dllcache\serialui.dll
[2008.04.14 07:51:10 | 000,064,256 | ---- | M] () -- \WINDOWS\system32\drivers\serial.sys

< *w7lxe* /s >

< End of report >

[maxino]

OTL Extras logfile created on: 18.3.2014 12:30:43 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Verča\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,98 Gb Total Physical Memory | 0,93 Gb Available Physical Memory | 46,92% Memory free
3,83 Gb Paging File | 3,03 Gb Available in Paging File | 79,04% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29,29 Gb Total Space | 4,19 Gb Free Space | 14,29% Space Free | Partition Type: NTFS
Drive D: | 4,01 Gb Total Space | 3,97 Gb Free Space | 99,19% Space Free | Partition Type: NTFS
Drive E: | 264,78 Gb Total Space | 51,61 Gb Free Space | 19,49% Space Free | Partition Type: NTFS

Computer Name: VERONIKA-322B95 | User Name: Verča | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1409082233-115176313-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Vzdálená správa systému Windows
"80:TCP" = 80:TCP:*:Disabled:Vzdálená správa systému Windows – režim kompatibility (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"E:\PotPlayer\PotPlayerMini.exe" = E:\PotPlayer\PotPlayerMini.exe:*:Enabled:PotPlayer -- (Daum Communications)
"E:\PotPlayer\PotPlayer.exe" = E:\PotPlayer\PotPlayer.exe:*:Enabled:PotPlayer (32-Bit) -- (Daum Communications)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"E:\PotPlayer\daumvsvr.exe" = E:\PotPlayer\daumvsvr.exe:*:Enabled:DaumCP VoD Server -- (Daum Contents Plug)
"E:\PotPlayer\PotPlayerMini.exe" = E:\PotPlayer\PotPlayerMini.exe:*:Enabled:PotPlayer -- (Daum Communications)
"E:\PotPlayer\PotPlayer.exe" = E:\PotPlayer\PotPlayer.exe:*:Enabled:PotPlayer (32-Bit) -- (Daum Communications)
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0904cc72-1b29-426a-b0f0-228d2744a4f6}" = Garmin Express
"{111A3D14-7596-43B0-92BA-418435C90672}" = Intel(R) PRO Network Connections
"{18FEC022-D8CE-48DF-A57A-1085D4F58F6E}" = Elevated Installer
"{1A8FE52B-983B-46B6-A2EF-9A75DDCAFCEF}" = ESET Smart Security
"{2205E3A5-DCDC-461D-8ED6-D6F2341D3B64}" = Intel Audio Studio 2.0
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 51
"{29C22873-B939-4EF9-B6E3-1EFE7FA391D1}" = ASUS nVidia Driver
"{2A9E8F56-C31B-4DBB-BFE2-0F4EC8192355}" = OLYMPUS Digital Camera Updater
"{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}" = ASUS Enhanced Display Driver
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{546C143E-68DC-314D-97BC-1E454E3BA429}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CSY
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{5E65E94D-69F2-4850-9E93-6459C53A0F50}" = Microsoft .NET Framework 1.1 Czech Language Pack
"{644F4910-E812-49AD-93EC-86828CB81A0D}" = PC Connectivity Solution
"{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}" = Nokia PC Suite
"{90120000-0010-0405-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Czech) 12
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_ENTERPRISER_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISER_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISER_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_ENTERPRISER_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_ENTERPRISER_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISER_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_ENTERPRISER_{0B7A4B67-2A38-42B1-9857-662FAB361E08}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_ENTERPRISER_{FDF9A959-241A-4662-A8DE-7DED9C22D160}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_ENTERPRISER_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_ENTERPRISER_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_ENTERPRISER_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_ENTERPRISER_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91B33C97-91F8-FFB3-581B-BC952C901685}_is1" = Ashampoo Burning Studio FREE v.1.12.0
"{95966B8A-2B40-4233-B5D3-F838568561D5}" = Intel Audio Studio 2.0
"{9608B011-02E9-4A66-A0FC-3264A79F808A}" = Garmin Express
"{A2C9CD1B-2551-3AED-B244-6698FB929FA6}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CSY
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{AC76BA86-7AD7-1029-7B44-AB0000000001}" = Adobe Reader XI (11.0.06) - Czech
"{AEE39224-92BE-4389-9493-E57FF73BB96A}" = OLYMPUS Viewer 2
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Ovládací panel NVIDIA 307.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Ovladače grafiky 307.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.53
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizace NVIDIA 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB47925A-50F0-493A-B3B0-3F6C632FCE8D}" = Garmin Express Tray
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Balíček ovladače systému Windows - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0)
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Balíček ovladače systému Windows - Nokia Modem (02/25/2011 7.01.0.9)
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"CCleaner" = CCleaner
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"Defraggler" = Defraggler
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Balíček ovladače systému Windows - Nokia Modem (02/25/2011 4.7)
"E77704EF5E71F4F18CADFBFA68595AFE036D5D97" = Balíček ovladače systému Windows - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
"ENTERPRISER" = Microsoft Office Enterprise 2007
"HECI" = Intel(R) Management Engine Interface
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Mozilla Firefox 27.0.1 (x86 cs)" = Mozilla Firefox 27.0.1 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Enterprise Edition
"Nokia PC Suite" = Nokia PC Suite
"PotPlayer" = Daum PotPlayer 1.5.36205
"Totalcmd" = Total Commander (Remove or Repair)
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"ZonerPhotoStudio12_CZ_is1" = Zoner Photo Studio 12

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12.2.2014 7:02:46 | Computer Name = VERONIKA-322B95 | Source = Windows Search Service | ID = 3013
Description = Položka <C:\DOCUMENTS AND SETTINGS\VERČA\RECENT\DESKTOP.INI> v mapě
algoritmu hash nebyla aktualizována. Kontext: aplikace , katalog SystemIndex Podrobnosti:
Zařízení
připojené k systému nefunguje. (0x8007001f)

Error - 12.2.2014 7:02:46 | Computer Name = VERONIKA-322B95 | Source = Windows Search Service | ID = 3013
Description = Položka <C:\DOCUMENTS AND SETTINGS\VERČA\RECENT\DESKTOP.INI> v mapě
algoritmu hash nebyla aktualizována. Kontext: aplikace , katalog SystemIndex Podrobnosti:
Zařízení
připojené k systému nefunguje. (0x8007001f)

Error - 13.2.2014 4:30:13 | Computer Name = VERONIKA-322B95 | Source = Windows Search Service | ID = 3013
Description = Položka <C:\DOCUMENTS AND SETTINGS\VERČA\RECENT\DESKTOP.INI> v mapě
algoritmu hash nebyla aktualizována. Kontext: aplikace , katalog SystemIndex Podrobnosti:
Zařízení
připojené k systému nefunguje. (0x8007001f)

Error - 27.2.2014 5:18:16 | Computer Name = VERONIKA-322B95 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace firefox.exe, verze 27.0.1.5156, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 3.3.2014 4:59:19 | Computer Name = VERONIKA-322B95 | Source = Microsoft Office 12 | ID = 5000
Description = EventType officelifeboathang, P1 outlook.exe, P2 12.0.6680.5000, P3
ntdll.dll, P4 5.1.2600.6055, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

Error - 5.3.2014 17:59:49 | Computer Name = VERONIKA-322B95 | Source = Windows Search Service | ID = 3013
Description = Položka <C:\DOCUMENTS AND SETTINGS\VERČA\RECENT\DESKTOP.INI> v mapě
algoritmu hash nebyla aktualizována. Kontext: aplikace , katalog SystemIndex Podrobnosti:
Zařízení
připojené k systému nefunguje. (0x8007001f)

Error - 11.3.2014 12:59:36 | Computer Name = VERONIKA-322B95 | Source = Windows Search Service | ID = 3013
Description = Položka <C:\DOCUMENTS AND SETTINGS\VERČA\RECENT\DESKTOP.INI> v mapě
algoritmu hash nebyla aktualizována. Kontext: aplikace , katalog SystemIndex Podrobnosti:
Zařízení
připojené k systému nefunguje. (0x8007001f)

Error - 13.3.2014 15:08:19 | Computer Name = VERONIKA-322B95 | Source = Windows Search Service | ID = 3013
Description = Položka <C:\DOCUMENTS AND SETTINGS\VERČA\RECENT\DESKTOP.INI> v mapě
algoritmu hash nebyla aktualizována. Kontext: aplikace , katalog SystemIndex Podrobnosti:
Zařízení
připojené k systému nefunguje. (0x8007001f)

Error - 13.3.2014 15:08:20 | Computer Name = VERONIKA-322B95 | Source = Windows Search Service | ID = 3013
Description = Položka <C:\DOCUMENTS AND SETTINGS\VERČA\RECENT\DESKTOP.INI> v mapě
algoritmu hash nebyla aktualizována. Kontext: aplikace , katalog SystemIndex Podrobnosti:
Zařízení
připojené k systému nefunguje. (0x8007001f)

Error - 13.3.2014 15:08:23 | Computer Name = VERONIKA-322B95 | Source = Windows Search Service | ID = 3013
Description = Položka <C:\DOCUMENTS AND SETTINGS\VERČA\RECENT\DESKTOP.INI> v mapě
algoritmu hash nebyla aktualizována. Kontext: aplikace , katalog SystemIndex Podrobnosti:
Zařízení
připojené k systému nefunguje. (0x8007001f)

[ System Events ]
Error - 13.2.2014 4:30:49 | Computer Name = VERONIKA-322B95 | Source = Service Control Manager | ID = 7022
Description = Služba ESET Service přestala během spouštění reagovat.

Error - 13.2.2014 12:57:17 | Computer Name = VERONIKA-322B95 | Source = Service Control Manager | ID = 7022
Description = Služba ESET Service přestala během spouštění reagovat.

Error - 1.3.2014 6:43:34 | Computer Name = VERONIKA-322B95 | Source = Service Control Manager | ID = 7022
Description = Služba ESET Service přestala během spouštění reagovat.

Error - 3.3.2014 4:59:24 | Computer Name = VERONIKA-322B95 | Source = Service Control Manager | ID = 7022
Description = Služba ESET Service přestala během spouštění reagovat.

Error - 13.3.2014 4:02:29 | Computer Name = VERONIKA-322B95 | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1053 při pokusu o spuštění služby WSearch
s argumenty za účelem spuštění serveru: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 13.3.2014 4:02:29 | Computer Name = VERONIKA-322B95 | Source = Service Control Manager | ID = 7009
Description = Vypršel časový limit (30000 milisekund) čekání na připojení služby
Windows Search.

Error - 13.3.2014 4:02:29 | Computer Name = VERONIKA-322B95 | Source = Service Control Manager | ID = 7000
Description = Služba Windows Search neuspěla při spuštění v důsledku následující
chyby: %%1053

Error - 18.3.2014 5:42:29 | Computer Name = VERONIKA-322B95 | Source = Service Control Manager | ID = 7022
Description = Služba ESET Service přestala během spouštění reagovat.


< End of report >

[Márty84]

Pozor na pouzivani TuneUp, dokaze to v pc nadelat peknou paseku.


Vypnete antivir, at nebrani programu v praci.
Znovu spustte OTL
Do spodniho okna vlozte nasledujici text (vcetne te dvojtecky pred slovem commands)

Kód: Vybrat vše

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[Purity]
[CreateRestorePoint]

:services
JavaQuickStarterService
AdobeFlashPlayerUpdateSvc

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:otl
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1409082233-115176313-725345543-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1409082233-115176313-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
O15 - HKU\S-1-5-21-1409082233-115176313-725345543-1003\..Trusted Domains: microsoft.com ([*.update] http in Důvěryhodné servery)
O15 - HKU\S-1-5-21-1409082233-115176313-725345543-1003\..Trusted Domains: microsoft.com ([*.update] https in Důvěryhodné servery)
O15 - HKU\S-1-5-21-1409082233-115176313-725345543-1003\..Trusted Domains: microsoft.com ([update] http in Důvěryhodné servery)
O15 - HKU\S-1-5-21-1409082233-115176313-725345543-1003\..Trusted Domains: microsoft.com ([update] https in Důvěryhodné servery)
O15 - HKU\S-1-5-21-1409082233-115176313-725345543-1003\..Trusted Domains: windowsupdate.com ([download] http in Důvěryhodné servery)
[2013.04.02 11:50:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AVG2013
[2013.03.29 22:32:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Verča\Data aplikací\AVG2013
[3 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[31 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[82 C:\WINDOWS\temp\*.tmp files -> C:\WINDOWS\temp\*.tmp -> ]

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"=-
"SunJavaUpdateSched"=-
"Adobe ARM"=-

Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.