Prosim o kontrolu logu

[Márty84]

Jeste jeden sken a budem mazat.



Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe , ulozte na plochu a spustte.
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).

[Peky]

OTL logfile created on: 7.4.2014 20:18:43 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\Documents and Settings\Radek\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,97 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 72,73% Memory free
3,21 Gb Paging File | 2,83 Gb Available in Paging File | 88,10% Paging File free
Paging file location(s): E:\pagefile.sys 1428 2856 [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive E: | 298,09 Gb Total Space | 221,77 Gb Free Space | 74,40% Space Free | Partition Type: NTFS
Drive G: | 149,04 Gb Total Space | 92,57 Gb Free Space | 62,11% Space Free | Partition Type: NTFS

Computer Name: ZUZKA | User Name: Radek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014.04.07 20:17:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Radek\Plocha\OTL.exe
PRC - [2013.06.07 17:51:02 | 000,774,680 | ---- | M] (ZONER software) -- E:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe
PRC - [2008.04.14 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\explorer.exe
PRC - [2008.04.14 14:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Outlook Express\msimn.exe
PRC - [2006.10.23 02:48:00 | 000,345,712 | ---- | M] (Adobe Systems Incorporated) -- E:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
PRC - [2006.10.19 17:57:24 | 001,183,656 | ---- | M] (Acronis) -- E:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2006.10.19 05:19:42 | 001,958,800 | ---- | M] (Acronis) -- E:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2006.10.17 11:47:22 | 000,087,584 | ---- | M] (Acronis) -- E:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2006.10.17 11:47:16 | 000,230,944 | ---- | M] (Acronis) -- E:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2006.06.28 18:35:40 | 000,098,304 | ---- | M] (Intel) -- E:\Program Files\Intel\AMT\LMS.exe


========== Modules (No Company Name) ==========

MOD - [2013.12.09 02:19:10 | 002,342,912 | ---- | M] () -- E:\Program Files\VideoLAN\VLC\libvlccore.dll
MOD - [2013.12.09 02:18:16 | 000,498,176 | ---- | M] () -- E:\Program Files\VideoLAN\VLC\axvlc.dll
MOD - [2013.12.09 02:18:16 | 000,113,664 | ---- | M] () -- E:\Program Files\VideoLAN\VLC\libvlc.dll
MOD - [2006.12.14 02:31:06 | 000,049,152 | ---- | M] () -- E:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\WebLink.CZE
MOD - [2006.12.14 01:44:28 | 003,055,616 | ---- | M] () -- e:\Program Files\Adobe\Reader 8.0\Reader\RdLang32.CZE
MOD - [2006.12.14 01:32:46 | 000,005,120 | ---- | M] () -- E:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\updater.CZE
MOD - [2006.12.14 01:28:50 | 000,036,864 | ---- | M] () -- E:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Spelling.CZE
MOD - [2006.12.14 01:27:52 | 000,032,768 | ---- | M] () -- E:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\SendMail.CZE
MOD - [2006.12.14 01:26:54 | 000,053,248 | ---- | M] () -- E:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Search.CZE
MOD - [2006.12.14 01:25:58 | 000,011,776 | ---- | M] () -- E:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Search5.CZE
MOD - [2006.12.14 01:22:52 | 000,019,968 | ---- | M] () -- E:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\SaveAsRTF.CZE
MOD - [2006.12.14 01:22:00 | 000,008,192 | ---- | M] () -- E:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\reflow.CZE
MOD - [2006.12.14 01:20:26 | 000,012,800 | ---- | M] () -- E:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\ReadOutLoud.CZE
MOD - [2006.12.14 01:12:20 | 000,929,792 | ---- | M] () -- E:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\PPKLite.CZE
MOD - [2006.12.14 01:09:48 | 000,010,752 | ---- | M] () -- E:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\pddom.CZE
MOD - [2006.12.14 01:06:38 | 000,155,648 | ---- | M] () -- E:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Multimedia.CZE
MOD - [2006.12.14 01:04:24 | 000,073,728 | ---- | M] () -- E:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\makeaccessible.CZE
MOD - [2006.12.14 00:56:08 | 000,013,312 | ---- | M] () -- E:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\HLS.CZE
MOD - [2006.12.14 00:53:30 | 000,006,144 | ---- | M] () -- E:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\EWH32.CZE
MOD - [2006.12.14 00:52:26 | 000,098,304 | ---- | M] () -- E:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\EScript.CZE
MOD - [2006.12.14 00:49:06 | 000,028,672 | ---- | M] () -- E:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\eBook.CZE
MOD - [2006.12.14 00:43:54 | 000,208,896 | ---- | M] () -- E:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\DigSig.CZE
MOD - [2006.12.14 00:41:46 | 000,184,320 | ---- | M] () -- E:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Checkers.CZE
MOD - [2006.12.14 00:35:54 | 001,196,032 | ---- | M] () -- E:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Annots.CZE
MOD - [2006.12.14 00:25:06 | 000,774,144 | ---- | M] () -- E:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Acroform.CZE
MOD - [2006.12.14 00:21:50 | 000,077,824 | ---- | M] () -- E:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\accessibility.CZE
MOD - [2006.10.17 10:48:36 | 000,050,720 | ---- | M] () -- E:\Program Files\Common Files\Acronis\Common\gc.dll
MOD - [2001.10.28 18:42:30 | 000,116,224 | ---- | M] () -- E:\WINDOWS\system32\pdfcmnnt.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2014.03.12 16:14:10 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- E:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2006.10.17 11:47:16 | 000,230,944 | ---- | M] (Acronis) [Auto | Running] -- E:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2006.06.28 18:35:40 | 000,098,304 | ---- | M] (Intel) [Auto | Running] -- E:\Program Files\Intel\AMT\LMS.exe -- (LMS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013.05.23 21:52:52 | 000,395,744 | ---- | M] (Acronis) [Kernel | Boot | Running] -- E:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2013.05.23 21:52:52 | 000,039,264 | ---- | M] (Acronis) [File_System | Auto | Running] -- E:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2013.05.23 21:52:49 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- E:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2013.05.22 16:58:38 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2012.06.19 10:54:20 | 006,141,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2010.02.11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- E:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009.11.18 01:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009.11.18 01:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008.06.05 05:58:18 | 000,144,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress)
DRV - [2005.05.04 10:28:34 | 001,133,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6CDEFF5C-0484-4A4E-B223-B288CC1BDA93}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1214440339-884357618-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.cz/?rlz=1W4CHBA_csCZ570
IE - HKU\S-1-5-21-1214440339-884357618-682003330-1004\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1214440339-884357618-682003330-1004\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1214440339-884357618-682003330-1004\..\SearchScopes\{01B65D55-411B-4DDB-A5A0-0011A5F60B0C}: "URL" = http://search.yahoo.com/search?fr=chr-g ... earchTerms}
IE - HKU\S-1-5-21-1214440339-884357618-682003330-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-1214440339-884357618-682003330-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = https://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-1214440339-884357618-682003330-1004\..\SearchScopes\{6CDEFF5C-0484-4A4E-B223-B288CC1BDA93}: "URL" = http://www.google.com/search?q={searchT ... B_csCZ0537______
IE - HKU\S-1-5-21-1214440339-884357618-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: e:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: E:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: E:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: E:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)



========== Chrome ==========

CHR - default_search_provider: Yahoo (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo.com/search?fr=chr-g ... earchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?outpu ... earchTerms},
CHR - homepage: http://google.com/
CHR - plugin: Shockwave Flash (Enabled) = E:\Program Files\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = E:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = E:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = E:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft® DRM (Enabled) = E:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = E:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft® DRM (Enabled) = E:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = E:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = e:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = E:\Documents and Settings\Radek\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: VyhledávánĂ­ Google = E:\Documents and Settings\Radek\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Peněženka Google = E:\Documents and Settings\Radek\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = E:\Documents and Settings\Radek\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2014.04.06 09:07:27 | 000,000,741 | ---- | M]) - E:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Podpora odkazu pro Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-1214440339-884357618-682003330-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acronis Scheduler2 Service] E:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] E:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [TrueImageMonitor.exe] E:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-21-1214440339-884357618-682003330-1004..\Run: [Zoner Photo Studio Autoupdate] E:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe (ZONER software)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1214440339-884357618-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - E:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - E:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 9240389625 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.33.5 192.168.33.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{200AFE0C-337E-47D2-B535-D9A64C3B2472}: DhcpNameServer = 192.168.1.254 192.168.33.5 192.168.33.1
O20 - AppInit_DLLs: (e:\progra~1\movies~1\datamngr\mgrldr.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - E:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (E:\WINDOWS\system32\userinit.exe) - E:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - E:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: E:\WINDOWS\Web\Wallpaper\Nebe.bmp
O24 - Desktop BackupWallPaper: E:\WINDOWS\Web\Wallpaper\Nebe.bmp
O30 - LSA: Authentication Packages - (relog_ap) - E:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - E:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - E:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - E:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - E:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - E:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - E:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - E:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - E:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - E:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - E:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - E:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - E:\WINDOWS\System32\ir41_32.ax ()
Drivers32: vidc.iv50 - E:\WINDOWS\System32\ir50_32.dll ()
Drivers32: VIDC.XVID - E:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - E:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
PhysicalDisk0 MBR saved to E:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2014.04.07 20:17:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- E:\Documents and Settings\Radek\Plocha\OTL.exe
[2014.04.06 09:18:27 | 000,000,000 | ---D | C] -- E:\rsit
[2014.04.06 09:11:57 | 000,000,000 | ---D | C] -- E:\AdwCleaner
[2014.04.05 09:44:24 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Radek\Data aplikací\Malwarebytes
[2014.04.05 09:31:10 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2014.04.04 23:21:42 | 000,000,000 | RH-D | C] -- E:\Documents and Settings\Radek\Recent
[2014.04.04 22:02:28 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Radek\Local Settings\Data aplikací\Temp
[2014.04.03 12:07:44 | 000,000,000 | ---D | C] -- E:\Documents and Settings\LocalService\Local Settings\Data aplikací\Temp
[2014.03.22 10:45:52 | 000,013,312 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\xp_eos.exe
[2014.03.22 10:45:52 | 000,013,312 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\xp_eos.exe
[2014.03.20 14:31:12 | 000,000,000 | -HSD | C] -- E:\Config.Msi
[2014.03.12 16:14:08 | 005,128,584 | ---- | C] (Adobe Systems Incorporated) -- E:\WINDOWS\System32\FlashPlayerInstaller.exe
[3 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]
[1 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014.04.07 20:19:51 | 000,000,512 | ---- | M] () -- E:\PhysicalMBR.bin
[2014.04.07 20:17:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Radek\Plocha\OTL.exe
[2014.04.07 20:15:56 | 000,012,598 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl
[2014.04.07 20:15:28 | 000,000,934 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014.04.07 20:15:26 | 000,000,222 | ---- | M] () -- E:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
[2014.04.07 20:15:16 | 000,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat
[2014.04.07 16:27:00 | 000,000,938 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014.04.07 16:14:00 | 000,000,914 | ---- | M] () -- E:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014.03.30 22:22:06 | 000,435,832 | ---- | M] () -- E:\WINDOWS\System32\perfh009.dat
[2014.03.30 22:22:06 | 000,432,714 | ---- | M] () -- E:\WINDOWS\System32\perfh005.dat
[2014.03.30 22:22:06 | 000,079,678 | ---- | M] () -- E:\WINDOWS\System32\perfc005.dat
[2014.03.30 22:22:06 | 000,068,728 | ---- | M] () -- E:\WINDOWS\System32\perfc009.dat
[2014.03.28 15:26:57 | 000,000,116 | ---- | M] () -- E:\WINDOWS\NeroDigital.ini
[2014.03.23 14:47:53 | 000,000,216 | ---- | M] () -- E:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
[2014.03.13 16:22:26 | 000,269,392 | ---- | M] () -- E:\WINDOWS\System32\FNTCACHE.DAT
[2014.03.12 16:14:09 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- E:\WINDOWS\System32\FlashPlayerApp.exe
[2014.03.12 16:14:09 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- E:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014.03.12 16:14:08 | 005,128,584 | ---- | M] (Adobe Systems Incorporated) -- E:\WINDOWS\System32\FlashPlayerInstaller.exe
[3 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]
[1 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014.04.07 20:19:51 | 000,000,512 | ---- | C] () -- E:\PhysicalMBR.bin
[2014.03.22 17:00:07 | 000,000,222 | ---- | C] () -- E:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
[2014.03.22 17:00:05 | 000,000,216 | ---- | C] () -- E:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
[2014.02.05 16:51:58 | 000,003,654 | ---- | C] () -- E:\WINDOWS\System32\drivers\Sonyhcp.dll
[2014.01.26 23:19:06 | 000,164,352 | ---- | C] () -- E:\WINDOWS\System32\unrar.dll
[2014.01.26 23:19:05 | 003,596,288 | ---- | C] () -- E:\WINDOWS\System32\qt-dx331.dll
[2014.01.26 23:19:05 | 000,755,027 | ---- | C] () -- E:\WINDOWS\System32\xvidcore.dll
[2014.01.26 23:19:05 | 000,159,839 | ---- | C] () -- E:\WINDOWS\System32\xvidvfw.dll
[2014.01.26 23:19:04 | 000,007,680 | ---- | C] () -- E:\WINDOWS\System32\ff_vfw.dll
[2014.01.21 22:25:44 | 000,116,224 | ---- | C] () -- E:\WINDOWS\System32\pdfcmnnt.dll
[2013.05.24 17:28:42 | 000,000,116 | ---- | C] () -- E:\WINDOWS\NeroDigital.ini
[2013.05.22 22:07:39 | 000,516,096 | ---- | C] () -- E:\WINDOWS\System32\ati2sgag.exe
[2013.05.22 22:07:13 | 000,087,540 | ---- | C] () -- E:\WINDOWS\System32\atiicdxx.dat
[2013.05.22 21:26:03 | 000,000,390 | ---- | C] () -- E:\WINDOWS\ODBC.INI
[2013.05.22 21:05:29 | 000,014,848 | ---- | C] () -- E:\Documents and Settings\Radek\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.05.22 18:33:41 | 000,004,249 | ---- | C] () -- E:\WINDOWS\ODBCINST.INI
[2013.05.22 18:32:38 | 000,269,392 | ---- | C] () -- E:\WINDOWS\System32\FNTCACHE.DAT
[2013.05.22 18:23:12 | 000,003,072 | ---- | C] () -- E:\WINDOWS\System32\iacenc.dll
[2013.05.22 18:21:35 | 000,025,548 | ---- | C] () -- E:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2013.05.22 16:43:16 | 000,002,048 | --S- | C] () -- E:\WINDOWS\bootstat.dat
[2013.05.22 16:38:51 | 000,021,812 | ---- | C] () -- E:\WINDOWS\System32\emptyregdb.dat

========== ZeroAccess Check ==========

[2013.05.22 21:58:21 | 000,000,227 | RHS- | M] () -- E:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2013.04.16 23:18:20 | 001,510,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = E:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:56:05 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = E:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 14:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013.05.23 22:36:54 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Data aplikací\Acronis
[2014.04.06 09:12:42 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Data aplikací\ICQ
[2013.05.22 22:17:43 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Data aplikací\Sync App Settings
[2014.02.01 02:48:52 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Data aplikací\tmp
[2013.12.13 22:40:40 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Data aplikací\Zoner
[2013.05.22 22:38:56 | 000,000,000 | ---D | M] -- E:\Documents and Settings\LocalService\Data aplikací\{DCD48218-E972-4d0c-9E5F-43462BC13E3B}
[2014.01.21 21:45:53 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Radek\Data aplikací\ICQ
[2013.05.22 22:38:56 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Radek\Data aplikací\ICQ Search
[2013.07.26 10:16:07 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Radek\Data aplikací\Mikrotik
[2013.05.24 17:11:50 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Radek\Data aplikací\OfficeRecovery
[2013.05.24 17:12:34 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Radek\Data aplikací\OfficeRecovery.0bf44300
[2013.05.24 17:16:27 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Radek\Data aplikací\Sync App Settings
[2013.05.22 22:12:24 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Radek\Data aplikací\Zoner
[2014.02.13 21:37:19 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Zuzka\Data aplikací\ICQ
[2013.08.12 16:13:38 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Zuzka\Data aplikací\Mikrotik
[2013.05.25 09:15:41 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Zuzka\Data aplikací\Sync App Settings
[2013.05.24 08:12:11 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Zuzka\Data aplikací\Zoner

========== Purity Check ==========



========== Custom Scans ==========

< >
[2013.05.22 16:39:58 | 000,000,065 | RH-- | C] () -- E:\WINDOWS\Tasks\desktop.ini
[2013.05.22 16:45:13 | 000,000,006 | -H-- | C] () -- E:\WINDOWS\Tasks\SA.DAT
[2013.05.22 22:49:24 | 000,000,914 | ---- | C] () -- E:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2013.05.22 22:49:29 | 000,000,934 | ---- | C] () -- E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2013.05.22 22:49:30 | 000,000,938 | ---- | C] () -- E:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2014.03.22 17:00:05 | 000,000,216 | ---- | C] () -- E:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
[2014.03.22 17:00:07 | 000,000,222 | ---- | C] () -- E:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job

< >

< MD5 for: AGP440.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- E:\WINDOWS\system32\dllcache\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- E:\WINDOWS\system32\drivers\atapi.sys
[2008.04.14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- E:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- E:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.04.14 14:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- E:\WINDOWS\system32\autochk.exe
[2008.04.14 14:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- E:\WINDOWS\system32\dllcache\autochk.exe

< MD5 for: CDROM.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 14:00:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- E:\WINDOWS\system32\drivers\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2008.04.14 14:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- E:\WINDOWS\system32\cryptsvc.dll
[2008.04.14 14:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- E:\WINDOWS\system32\dllcache\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- E:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- E:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- E:\WINDOWS\explorer.exe
[2008.04.14 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- E:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: HAL.DLL >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 14:00:00 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- E:\WINDOWS\system32\hal.dll

< MD5 for: CHANGER.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys

< MD5 for: ISAPNP.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 07:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- E:\WINDOWS\system32\dllcache\isapnp.sys
[2008.04.14 07:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- E:\WINDOWS\system32\drivers\isapnp.sys
[2008.04.14 14:00:00 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- E:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\isapnp.sys

< MD5 for: LSASS.EXE >
[2008.04.14 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- E:\WINDOWS\system32\dllcache\lsass.exe
[2008.04.14 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- E:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.14 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- E:\WINDOWS\system32\dllcache\ndis.sys
[2008.04.14 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- E:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- E:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- E:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008.04.14 14:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- E:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 14:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- E:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2008.04.14 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- E:\WINDOWS\system32\dllcache\smss.exe
[2008.04.14 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- E:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- E:\WINDOWS\system32\dllcache\svchost.exe
[2008.04.14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- E:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.04.14 14:00:00 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- E:\WINDOWS\$NtUninstallKB2509553$\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- E:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- E:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- E:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- E:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- E:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008.04.14 14:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- E:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 14:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- E:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2008.04.14 14:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- E:\WINDOWS\system32\dllcache\ws2_32.dll
[2008.04.14 14:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- E:\WINDOWS\system32\ws2_32.dll

< >

< %systemroot%*.* /U /s >
[3 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]
[13 E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 E:\WINDOWS\system32\*.tmp files -> E:\WINDOWS\system32\*.tmp -> ]
[1 E:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\*.tmp files -> E:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\*.tmp -> ]
[6 E:\WINDOWS\Temp\*.tmp files -> E:\WINDOWS\Temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2013.05.28 19:09:38 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Radek\Data aplikací\Adobe
[2014.01.21 21:45:53 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Radek\Data aplikací\ICQ
[2013.05.22 22:38:56 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Radek\Data aplikací\ICQ Search
[2013.05.22 20:38:15 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Radek\Data aplikací\Identities
[2013.05.22 22:50:11 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Radek\Data aplikací\Macromedia
[2014.04.05 09:44:24 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Radek\Data aplikací\Malwarebytes
[2013.08.22 21:27:50 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Radek\Data aplikací\Media Player Classic
[2013.08.29 22:15:03 | 000,000,000 | --SD | M] -- E:\Documents and Settings\Radek\Data aplikací\Microsoft
[2013.07.26 10:16:07 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Radek\Data aplikací\Mikrotik
[2013.05.22 22:38:51 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Radek\Data aplikací\Mozilla
[2013.05.24 17:11:50 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Radek\Data aplikací\OfficeRecovery
[2013.05.24 17:12:34 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Radek\Data aplikací\OfficeRecovery.0bf44300
[2014.02.05 16:53:07 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Radek\Data aplikací\Sony Corporation
[2013.05.24 17:16:27 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Radek\Data aplikací\Sync App Settings
[2014.01.26 23:28:13 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Radek\Data aplikací\vlc
[2013.05.22 22:19:52 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Radek\Data aplikací\WinRAR
[2013.05.22 22:12:24 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Radek\Data aplikací\Zoner

< %APPDATA%\*.exe /s >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 E:\WINDOWS\system32\*.tmp files -> E:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2013.05.22 18:31:43 | 000,094,208 | ---- | M] () -- E:\WINDOWS\System32\config\default.sav
[2013.05.22 18:31:43 | 001,093,632 | ---- | M] () -- E:\WINDOWS\System32\config\software.sav
[2013.05.22 18:31:43 | 000,499,712 | ---- | M] () -- E:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[1 E:\WINDOWS\system32\*.tmp files -> E:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2014.04.07 20:15:31 | 000,000,018 | ---- | M] () -- E:\WINDOWS\system32\log.txt
[2014.04.07 20:15:56 | 000,012,598 | ---- | M] () -- E:\WINDOWS\system32\wpa.dbl
[1 E:\WINDOWS\system32\*.tmp files -> E:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = E:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 14:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation)
"MSMSGS" = "E:\Program Files\Messenger\msmsgs.exe" /background -- [2008.04.14 08:52:38 | 001,695,232 | ---- | M] (Microsoft Corporation)
"Zoner Photo Studio Autoupdate" = E:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTRAY.EXE -- [2014.03.13 17:11:32 | 000,779,776 | ---- | M] (ZONER software)

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< >

< type c:\boot.ini >> test.txt /c >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2014.04.07 20:19:51 | 000,000,512 | ---- | M] () MD5=C8DA19A6F76448CE046E8A8EA65E30C1 -- E:\PhysicalMBR.bin

< >

< *crack* /s >
[2005.07.22 23:29:38 | 000,014,226 | ---- | M] () -- \Software\Vypalování\Clone\CloneCD_5.2.6.1_crack_pifoman\Crack.exe

< *keygen* /s >

< *AntiWPA* /s >

< *loader* /s >
[2001.05.16 00:29:10 | 003,713,096 | ---- | M] () -- \Documents and Settings\All Users\Dokumenty\Hudba\Super Mega Hits\Super Mega Hits 44 OK\11 TOPLOADER - Dancing In The Moonlight.mp3
[2014.04.07 20:16:32 | 000,003,208 | ---- | M] () -- \Documents and Settings\Radek\Local Settings\Temporary Internet Files\Content.IE5\AMKH0FBU\be1cede9.ajax-loader[1].gif
[2014.04.06 08:55:01 | 000,010,819 | ---- | M] () -- \Documents and Settings\Radek\Local Settings\Temporary Internet Files\Content.IE5\AMKH0FBU\loader[1].gif
[1 \Documents and Settings\Radek\Local Settings\Temporary Internet Files\Content.IE5\AMKH0FBU\*.tmp files -> \Documents and Settings\Radek\Local Settings\Temporary Internet Files\Content.IE5\AMKH0FBU\*.tmp -> ]
[2013.08.27 22:04:15 | 000,007,857 | ---- | M] () -- \Documents and Settings\Zuzka\Local Settings\Temporary Internet Files\Content.IE5\0TGQ5EOH\loader[1].js
[2014.03.19 00:32:41 | 000,000,723 | ---- | M] () -- \Documents and Settings\Zuzka\Local Settings\Temporary Internet Files\Content.IE5\1VNQC4V1\ajax-loader[1].gif
[2014.03.31 23:12:39 | 000,003,113 | ---- | M] () -- \Documents and Settings\Zuzka\Local Settings\Temporary Internet Files\Content.IE5\6NZRFSI7\ajax-loader[1].gif
[2014.04.01 09:07:50 | 000,003,208 | ---- | M] () -- \Documents and Settings\Zuzka\Local Settings\Temporary Internet Files\Content.IE5\6NZRFSI7\be1cede9.ajax-loader[1].gif
[2014.03.19 00:32:30 | 000,000,673 | ---- | M] () -- \Documents and Settings\Zuzka\Local Settings\Temporary Internet Files\Content.IE5\6NZRFSI7\loader.white[1].gif
[2014.03.31 22:52:49 | 000,003,768 | ---- | M] () -- \Documents and Settings\Zuzka\Local Settings\Temporary Internet Files\Content.IE5\7EYJD2ZJ\imageLoader[1].png
[2014.04.01 09:10:37 | 000,005,072 | ---- | M] () -- \Documents and Settings\Zuzka\Local Settings\Temporary Internet Files\Content.IE5\AFLO75PA\046713nhtd5050withloader[1].jpg
[2014.03.31 23:07:13 | 000,000,940 | ---- | M] () -- \Documents and Settings\Zuzka\Local Settings\Temporary Internet Files\Content.IE5\D2ZXNMOV\104-1-loader[1].js
[2014.03.31 23:04:44 | 000,000,673 | ---- | M] () -- \Documents and Settings\Zuzka\Local Settings\Temporary Internet Files\Content.IE5\D2ZXNMOV\loader.white[2].gif
[2014.04.01 15:45:55 | 000,000,673 | ---- | M] () -- \Documents and Settings\Zuzka\Local Settings\Temporary Internet Files\Content.IE5\D2ZXNMOV\loader.white[3].gif
[2014.03.31 23:07:15 | 000,002,435 | ---- | M] () -- \Documents and Settings\Zuzka\Local Settings\Temporary Internet Files\Content.IE5\N3D6ERWT\104-1-deferred-loader[1].js
[2014.04.01 15:43:32 | 000,000,657 | ---- | M] () -- \Documents and Settings\Zuzka\Local Settings\Temporary Internet Files\Content.IE5\N9RRLIIE\ajax-loader[1].gif
[2014.03.31 23:07:14 | 000,007,806 | ---- | M] () -- \Documents and Settings\Zuzka\Local Settings\Temporary Internet Files\Content.IE5\WCI8CWP8\product-image-loader[1].gif
[2014.04.02 22:25:20 | 000,007,204 | ---- | M] () -- \Documents and Settings\Zuzka\Local Settings\Temporary Internet Files\Content.IE5\ZX4FBSIR\loader[1].js
[2006.10.26 13:40:34 | 000,057,344 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VS7DEBUG\coloader.dll
[2006.10.26 13:40:34 | 000,005,120 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VS7DEBUG\coloader.tlb
[2013.09.25 10:35:26 | 000,401,920 | ---- | M] () -- \Program Files\dm\dm paradies foto\CWImageLoader0.dll
[2013.05.22 22:38:37 | 000,005,795 | ---- | M] () -- \Program Files\ICQ7.7\imApp\theme\IMAGES\XtraPreloader\loader.jpg
[2013.05.22 22:38:38 | 000,004,180 | ---- | M] () -- \Program Files\ICQ7.7\imApp\theme\IMAGES\XtraPreloader\zlango-preloader.png
[2013.05.22 22:38:37 | 000,005,520 | ---- | M] () -- \Program Files\ICQ7.7\imApp\theme\MUICoreLib\xtraLoader.swf
[2012.04.20 11:29:39 | 000,000,402 | ---- | M] () -- \Program Files\ICQ7.7\Xtraz\icq\content\profile_lightboxs\preloader.html
[2013.03.05 10:11:10 | 000,432,128 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Plugins\Facebook\ZPSFacebookUploader.exe
[2010.04.29 14:12:40 | 000,053,640 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Plugins\Facebook\ZPSPluginLoader.exe
[2013.03.05 13:03:44 | 000,443,904 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Plugins\Flickr\ZPSFlickrUploader.exe
[2010.04.29 14:12:42 | 000,053,640 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Plugins\Flickr\ZPSPluginLoader.exe
[2013.03.05 12:34:20 | 000,192,512 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Plugins\Picasa\ZPSPicasaUploader.exe
[2010.04.29 14:12:40 | 000,053,640 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Plugins\Picasa\ZPSPluginLoader.exe
[2014.03.13 17:11:18 | 000,103,936 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Program32\8bfLoader.exe
[2014.03.13 17:11:24 | 000,017,920 | ---- | M] () -- \Program Files\Zoner\Photo Studio 15\Program32\WICLoader.exe
[2008.08.03 11:11:12 | 002,083,080 | ---- | M] () -- \Software\Vdownloader\VDownloader.exe
[2013.05.28 17:44:39 | 000,082,784 | ---- | M] () -- \WINDOWS\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll
[2008.04.14 14:00:00 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dmloader.dll
[1 \WINDOWS\system32\*.tmp files -> \WINDOWS\system32\*.tmp -> ]
[2008.04.14 14:00:00 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dllcache\dmloader.dll

< *minodlogin* /s >

< *tnod* /s >

< *AutoKMS* /s >

< *activator* /s >

< *serial* /s >
[2003.03.04 16:30:26 | 000,000,216 | ---- | M] () -- \Documents and Settings\Radek\Dokumenty\serial number.txt
[2013.05.23 22:22:17 | 000,000,013 | ---- | M] () -- \Documents and Settings\Radek\Local Settings\Data aplikací\Microsoft\Internet Explorer\DOMStore\PEMGER94\serialnumber[1].xml
[2013.09.12 15:18:21 | 000,000,013 | ---- | M] () -- \Documents and Settings\Zuzka\Local Settings\Data aplikací\Microsoft\Internet Explorer\DOMStore\VHHUQIZS\www.serialovna[1].xml
[2013.09.12 14:48:27 | 000,000,013 | ---- | M] () -- \Documents and Settings\Zuzka\Local Settings\Data aplikací\Microsoft\Internet Explorer\DOMStore\X7Z88ZCE\serialy.ke-stazeni-zdarma[1].xml
[2012.09.27 00:12:26 | 000,970,752 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2007.04.18 09:34:22 | 000,000,029 | ---- | M] () -- \Software\Acronis True Image 10.0.0.4871 CZ\serial.txt
[2006.03.03 11:48:26 | 000,000,029 | ---- | M] () -- \Software\Vypalování\Nero - Burning Rom\Serial number nero6603.txt
[2014.02.13 15:02:19 | 000,131,072 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2013.05.24 17:56:09 | 000,970,752 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2014.02.13 15:47:13 | 000,311,296 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\6c29ee2bedfe88dcd66993f1af135ad8\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.02.13 15:45:56 | 002,345,472 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9860da66bf0219612908e7412b0a6e2e\System.Runtime.Serialization.ni.dll
[2008.07.25 11:17:00 | 000,131,072 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2012.09.27 00:12:26 | 000,970,752 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2008.04.14 14:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dpserial.dll
[2008.04.14 14:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\serialui.dll
[1 \WINDOWS\system32\*.tmp files -> \WINDOWS\system32\*.tmp -> ]
[2008.04.14 14:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dllcache\dpserial.dll
[2008.04.14 14:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\dllcache\serialui.dll
[2008.04.14 14:00:00 | 000,064,256 | ---- | M] () -- \WINDOWS\system32\drivers\serial.sys

< *w7lxe* /s >

< End of report >

[Peky]

OTL Extras logfile created on: 7.4.2014 20:18:43 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\Documents and Settings\Radek\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,97 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 72,73% Memory free
3,21 Gb Paging File | 2,83 Gb Available in Paging File | 88,10% Paging File free
Paging file location(s): E:\pagefile.sys 1428 2856 [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive E: | 298,09 Gb Total Space | 221,77 Gb Free Space | 74,40% Space Free | Partition Type: NTFS
Drive G: | 149,04 Gb Total Space | 92,57 Gb Free Space | 62,11% Space Free | Partition Type: NTFS

Computer Name: ZUZKA | User Name: Radek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [CEWE prezentace fotografií] -- "E:\Program Files\dm\dm paradies foto\CEWE prezentace fotografií.exe" -d "%1" ()
Directory [dm paradies foto] -- "E:\Program Files\dm\dm paradies foto\dm paradies foto.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Unstopcp] -- Reg Error: Value error.
Directory [Winamp.Bookmark] -- "E:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "E:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "E:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"E:\Program Files\ICQ7.7\ICQ.exe" = E:\Program Files\ICQ7.7\ICQ.exe:*:Enabled:ICQ7.7 -- (ICQ, LLC.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"E:\Program Files\Attractel\Zoiper\Zoiper.exe" = E:\Program Files\Attractel\Zoiper\Zoiper.exe:*:Enabled:Zoiper -- ()
"E:\Program Files\ICQ7.7\ICQ.exe" = E:\Program Files\ICQ7.7\ICQ.exe:*:Enabled:ICQ7.7 -- (ICQ, LLC.)
"E:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = E:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"E:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = E:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"E:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = E:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"E:\Documents and Settings\Radek\Local Settings\Temp\Rar$EXa0.050\winbox.exe" = E:\Documents and Settings\Radek\Local Settings\Temp\Rar$EXa0.050\winbox.exe:*:Enabled:winbox
"E:\Documents and Settings\Radek\Local Settings\Temp\Rar$EXa0.410\winbox.exe" = E:\Documents and Settings\Radek\Local Settings\Temp\Rar$EXa0.410\winbox.exe:*:Enabled:winbox
"C:\ntb\winbox.exe" = C:\ntb\winbox.exe:*:Enabled:winbox


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3DB0E77E-7F00-0AE3-35ED-2D1B1C048E4A}" = ATI Catalyst Install Manager
"{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis True Image Home
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.22
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{888C6BAB-729D-FF8A-1856-F2A58A702C1C}" = ATI Problem Report Wizard
"{8D19AAD8-DE58-4340-8EEF-1BC84C627E78}" = pdfforge Toolbar v8.9
"{90120000-0010-0405-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Czech) 12
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_ENTERPRISE_{0B7A4B67-2A38-42B1-9857-662FAB361E08}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_ENTERPRISE_{FDF9A959-241A-4662-A8DE-7DED9C22D160}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_ENTERPRISE_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-A80000000000}" = Adobe Reader 8 - Czech
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Allway Sync_is1" = Allway Sync version 12.14.11
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner
"CDex" = CDex extraction audio
"dm paradies foto" = dm paradies foto
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.9.0 Full
"MESOL" = Intel(R) Active Management Technology LMS Service and SOL Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MWSnap 3" = MWSnap 3
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"PROSet" = Intel(R) Network Connections Drivers
"VLC media player" = VLC media player 2.1.2
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinRAR archiver" = WinRAR 5.00 beta 4 (32-bit)
"Zoiper" = Zoiper 2.06 Free
"ZonerPhotoStudio15_CZ_is1" = Zoner Photo Studio 15

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 21.1.2014 4:43:09 | Computer Name = ZUZKA | Source = LMS | ID = 2
Description = LMS Service cannot connect to HECI driver

Error - 21.1.2014 8:12:26 | Computer Name = ZUZKA | Source = LMS | ID = 2
Description = LMS Service cannot connect to HECI driver

Error - 21.1.2014 15:39:25 | Computer Name = ZUZKA | Source = LMS | ID = 2
Description = LMS Service cannot connect to HECI driver

Error - 21.1.2014 15:43:52 | Computer Name = ZUZKA | Source = LMS | ID = 2
Description = LMS Service cannot connect to HECI driver

Error - 21.1.2014 16:10:09 | Computer Name = ZUZKA | Source = LMS | ID = 2
Description = LMS Service cannot connect to HECI driver

Error - 21.1.2014 16:24:15 | Computer Name = ZUZKA | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace iexplore.exe, verze 8.0.6001.18702, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 22.1.2014 2:32:10 | Computer Name = ZUZKA | Source = LMS | ID = 2
Description = LMS Service cannot connect to HECI driver

Error - 22.1.2014 12:37:04 | Computer Name = ZUZKA | Source = LMS | ID = 2
Description = LMS Service cannot connect to HECI driver

Error - 22.1.2014 16:47:19 | Computer Name = ZUZKA | Source = LMS | ID = 2
Description = LMS Service cannot connect to HECI driver

Error - 22.1.2014 18:01:56 | Computer Name = ZUZKA | Source = LMS | ID = 2
Description = LMS Service cannot connect to HECI driver

[ System Events ]
Error - 29.8.2013 16:22:17 | Computer Name = ZUZKA | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk0\D.

Error - 29.8.2013 16:22:17 | Computer Name = ZUZKA | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk0\D.

Error - 29.8.2013 16:22:18 | Computer Name = ZUZKA | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk0\D.

Error - 29.8.2013 16:22:18 | Computer Name = ZUZKA | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk0\D.

Error - 29.8.2013 16:22:19 | Computer Name = ZUZKA | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk0\D.

Error - 29.8.2013 16:22:19 | Computer Name = ZUZKA | Source = atapi | ID = 262149
Description = Na \Device\Ide\IdePort2 byla zjištěna chyba parity.

Error - 29.8.2013 16:22:19 | Computer Name = ZUZKA | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk0\D.

Error - 30.8.2013 3:51:49 | Computer Name = ZUZKA | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk0\D.

Error - 30.8.2013 3:51:49 | Computer Name = ZUZKA | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk0\D.


< End of report >

[Márty84]

Znovu spustte OTL
Do spodniho okna vlozte nasledujici text (vcetne te dvojtecky pred slovem commands)

Kód: Vybrat vše

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[Purity]
[CreateRestorePoint]

:services
gupdate
AdobeFlashPlayerUpdateSvc
gupdatem

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
E:\WINDOWS\tasks\Adobe Flash Player Updater.job
E:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
E:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
E:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
E:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job

:otl
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1214440339-884357618-682003330-1004\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1214440339-884357618-682003330-1004\..\SearchScopes\{01B65D55-411B-4DDB-A5A0-0011A5F60B0C}: "URL" = http://search.yahoo.com/search?fr=chr-g ... =827316&p={searchTerms}
IE - HKU\S-1-5-21-1214440339-884357618-682003330-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
CHR - default_search_provider: Yahoo (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo.com/search?fr=chr-g ... =827316&p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?outpu ... n&command={searchTerms},
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-1214440339-884357618-682003330-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O20 - AppInit_DLLs: (e:\progra~1\movies~1\datamngr\mgrldr.dll) - File not found
[2013.05.22 22:38:56 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Radek\Data aplikací\ICQ Search
[3 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]
[13 E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 E:\WINDOWS\system32\*.tmp files -> E:\WINDOWS\system32\*.tmp -> ]
[1 E:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\*.tmp files -> E:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\*.tmp -> ]
[6 E:\WINDOWS\Temp\*.tmp files -> E:\WINDOWS\Temp\*.tmp -> ]

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=-
"GrooveMonitor"=-
""=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=-
"Zoner Photo Studio Autoupdate"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.

[Peky]

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 34146 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Radek
->Temp folder emptied: 39520422 bytes
->Temporary Internet Files folder emptied: 30478668 bytes
->Google Chrome cache emptied: 62861032 bytes
->Flash cache emptied: 1560 bytes

User: Zuzka
->Temp folder emptied: 27403963 bytes
->Temporary Internet Files folder emptied: 333261161 bytes
->Google Chrome cache emptied: 370816947 bytes
->Flash cache emptied: 26074 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2351732 bytes
%systemroot%\System32 .tmp files removed: 2504 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7519453 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 166336169 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 175827926 bytes

Total Files Cleaned = 1 160,00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Radek
->Flash cache emptied: 0 bytes

User: Zuzka
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point
========== SERVICES/DRIVERS ==========
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service AdobeFlashPlayerUpdateSvc stopped successfully!
Service AdobeFlashPlayerUpdateSvc deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
========== FILES ==========
File/Folder E:\WINDOWS\system32\*.tmp.dll not found.
File/Folder E:\WINDOWS\system32\SET*.tmp not found.
File/Folder E:\WINDOWS\*.tmp not found.
E:\WINDOWS\tasks\Adobe Flash Player Updater.job moved successfully.
E:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
E:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
E:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job moved successfully.
E:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job moved successfully.
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_USERS\S-1-5-21-1214440339-884357618-682003330-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1214440339-884357618-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{01B65D55-411B-4DDB-A5A0-0011A5F60B0C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01B65D55-411B-4DDB-A5A0-0011A5F60B0C}\ not found.
Registry key HKEY_USERS\S-1-5-21-1214440339-884357618-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1214440339-884357618-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:e:\progra~1\movies~1\datamngr\mgrldr.dll deleted successfully.
E:\Documents and Settings\Radek\Data aplikací\ICQ Search folder moved successfully.
E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP14D.tmp folder deleted successfully.
E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP222.tmp\mscorlib.dll deleted successfully.
E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP222.tmp folder deleted successfully.
E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP24F.tmp folder deleted successfully.
E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP29A.tmp folder deleted successfully.
E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2BA.tmp folder deleted successfully.
E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2D3.tmp folder deleted successfully.
E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2D6.tmp folder deleted successfully.
E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP35.tmp folder deleted successfully.
E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP39.tmp folder deleted successfully.
E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP397.tmp folder deleted successfully.
E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP6.tmp folder deleted successfully.
E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9EA.tmp folder deleted successfully.
E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA59.tmp folder deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\GrooveMonitor deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MSMSGS deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Zoner Photo Studio Autoupdate deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLs"|"" /E : value set successfully!

OTL by OldTimer - Version 3.2.69.0 log created on 04082014_211228

Files\Folders moved on Reboot...
File\Folder E:\Documents and Settings\Radek\Local Settings\Temp\~DFEB1E.tmp not found!
File\Folder E:\Documents and Settings\Radek\Local Settings\Temp\~DFEB29.tmp not found!
File\Folder E:\Documents and Settings\Radek\Local Settings\Temp\~DFEB81.tmp not found!
File\Folder E:\Documents and Settings\Radek\Local Settings\Temp\~DFEB8C.tmp not found!
E:\Documents and Settings\Radek\Local Settings\Temporary Internet Files\Content.IE5\AMKH0FBU\context[1].htm moved successfully.
E:\Documents and Settings\Radek\Local Settings\Temporary Internet Files\Content.IE5\3FEKGW63\context[1].htm moved successfully.
File\Folder E:\Documents and Settings\Radek\Local Settings\Temporary Internet Files\Content.IE5\2K161A02\afr[1].htm not found!
File\Folder E:\Documents and Settings\Radek\Local Settings\Temporary Internet Files\Content.IE5\2K161A02\afr[2].htm not found!
File\Folder E:\Documents and Settings\Radek\Local Settings\Temporary Internet Files\Content.IE5\2K161A02\viewtopic[2].htm not found!
E:\Documents and Settings\Radek\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[Márty84]

T-Cleaner http://tharifas.sweb.cz/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry mohou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

Stahnete OTC http://oldtimer.geekstogo.com/OTC.exe , ulozte a spustte.
Kliknete na napis CleanUp a pote OK - Po uklidu dojde k restartu pc.

Stahnete TFC http://oldtimer.geekstogo.com/TFC.exe , ulozte a spustte
Kliknete na START a pote OK - Po uklidu dojde k restartu pc.
Po pouziti muzete programek smazat

Stahnete Ccleaner http://www.piriform.com/ccleaner/download/slim a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!

Defragmentujte disk(y)
Stahnete program Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
Pri instalaci opet pozor na toolbar
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.




Pak napiste, jak je na tom pc.

[Peky]

ok diky super. Pred tim jsem zadne problemy nemel (nepozoroval) slo pouze o preventiv.

[Márty84]

Tak to odpovida, nebylo tam nic vazneho, jen nejake brzdy a zbytecnosti

Nemate zac!

Mejte se a treba zase nekdy