nelze vypnout PC

[makuSHka]

zprava po "oprava host"

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows XP (5.1.2600 Service Pack 2) 32 bits version
Spuštěno v : Normální režim
Uživatel : vlad [Práva správce]
Mód : Oprava HOSTS -- Datum : 05/06/2014 16:32:49
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤
-> E:\Documents and Settings\Default User\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - NO_SYS] [Sys32 - NOT_FOUND] | USERINFO [Startup - FOUND]
-> E:\Documents and Settings\LocalService\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - NO_SYS] [Sys32 - NOT_FOUND] | USERINFO [Startup - FOUND]
-> E:\Documents and Settings\NetworkService\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - NO_SYS] [Sys32 - NOT_FOUND] | USERINFO [Startup - FOUND]
-> E:\Documents and Settings\vladka\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - NO_SYS] [Sys32 - NOT_FOUND] | USERINFO [Startup - FOUND]

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost


Dokončeno : << RKreport[0]_H_05062014_163249.txt >>
RKreport[0]_D_05062014_163047.txt;RKreport[0]_S_05042014_175218.txt;RKreport[0]_S_05062014_162132.txt

[Márty84]

Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.)

Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte ComboFix.
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

[makuSHka]

Šlo by to i jinak něž přes ComboFix?

Nemám s ním dobré zkušenosti. Naposledy jsem musela PC nechat znova přeinstalovat, protože úpravu ComboFix nepřežil. A momentálně si to nemůžu dovolit, protože mamka má na něm licencované programy, které používá. Ale už se nedostane k jejich licenci, protože licence byla zakoupena na již neexistující firmu.

[Márty84]

Muzem to zkusit bez nej, ale hodil by se


V tom pripade dejte novy log z RSIT

a k tomu

Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne
Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe , ulozte na plochu a spustte.
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).

[makuSHka]

RSIT

Logfile of random's system information tool 1.09 (written by random/random)
Run by vlad at 2014-05-08 10:27:55
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 7 GB (35%) free of 20 GB
Total RAM: 511 MB (12% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:28:10, on 8.5.2014
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
D:\Program Files\Nero 8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer\Version7\TeamViewer.exe
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\TeamViewer\Version7\tv_w32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
c:\program files\teamviewer\version7\TeamViewer_Desktop.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\vlad\Plocha\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\vlad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search13.net/search.php?clid=486&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/#utm_source=icq&u ... um=centrum
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbox.digsby.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbox.digsby.com/ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "D:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ICQ] "D:\icq\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.5.7.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4331696109
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {813A45F9-744F-435F-A815-19E2DF35A9D8} (O2C-Player - area constructor view (ELECO Software GmbH)) - http://www.o2c.de/download/o2cplayerac.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus (avast! antivirus) - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Služba inteligentního přenosu na pozadí (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: DameWare NT Utilities 2.6 (DNTUS26) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DNTUS26.EXE
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero 8\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

--
End of file - 8802 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\PCConfidential.job
C:\WINDOWS\tasks\WGASetup.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\vlad\Data aplikací\Mozilla\Firefox\Profiles\p8cwiec3.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.centrum.cz/#utm_source=icq&u ... um=centrum"
prefs.js - "extensions.enabledItems" - "{800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9, {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14, {52EF0988-5232-4465-86E7-6434B5891030}:1.0, {afcedbfe-7a6d-44c6-9f1d-664d608aecea}:2.7.2.0, {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.2, {6236BA26-C117-4007-928C-DE0716C7FA80}:1.0.34, {6236BA26-C117-4007-928C-DE0716C7FA82}:1.0.2, {6236BA26-C117-4007-928C-DE0716C7FA96}:1.0.16, {6236BA26-C117-4007-928C-DE0716C7FA99}:1.0.1, {8675f4b3-2f19-11ed-2d6b-0800600c0a19}:1.0, wrc@avast.com:9.0.2013.75, {8675f4b3-2f19-11ed-2d6b-1823600c0a19}:1.0.5, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.25"

"wrc@avast.com"=C:\Program Files\Alwil Software\Avast5\WebRep\FF


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.265 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox 3 Beta 3\extensions\
{52EF0988-5232-4465-86E7-6434B5891030}
{800b5000-a755-47e1-992b-48a1c1357f07}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox 3 Beta 3\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
compreg.dat
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js
xpti.dat

C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\
npdeployJava1.dll
npnul32.dll
nppdf32.dll

C:\Program Files\Mozilla Firefox 3 Beta 3\searchplugins\
google.xml
jyxo-cz.xml
kwinzy121.xml
kwinzy123.xml
kwinzy127.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\vlad\Data aplikací\Mozilla\Firefox\Profiles\p8cwiec3.default\extensions\
{6236BA26-C117-4007-928C-DE0716C7FA80}
{6236BA26-C117-4007-928C-DE0716C7FA82}
{6236BA26-C117-4007-928C-DE0716C7FA96}
{6236BA26-C117-4007-928C-DE0716C7FA99}
{8675f4b3-2f19-11ed-2d6b-0800600c0a19}
{8675f4b3-2f19-11ed-2d6b-1823600c0a19}
{e968fc70-8f95-4ab9-9e79-304de2a71ee1}

C:\Documents and Settings\vlad\Data aplikací\Mozilla\Firefox\Profiles\p8cwiec3.default\searchplugins\
amazondotcom.xml
ebay.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2014-02-05 1143168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - avast! Online Security - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2014-02-05 1143168]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Smapp"=C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [2003-05-05 143360]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2002-09-25 87751]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-10-28 7307264]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-10-28 86016]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"RemoteControl"=D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-02-07 71216]
"LanguageShortcut"=D:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-02-07 54832]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-02-12 49152]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
"WinampAgent"=E:\Program Files\Winamp\winampa.exe []
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"AvastUI.exe"=C:\Program Files\Alwil Software\Avast5\AvastUI.exe [2014-05-03 3774312]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [2007-09-20 202024]
"ICQ"=D:\icq\ICQ7.2\ICQ.exe silent loginmode=4 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
D:\Program Files\Nero 8\Nero BackItUp\NBKeyScan.exe [2007-09-20 1836328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NMIndexingService"=3

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=0
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\CyberLink\PowerDVD\PowerDVD.exe"="D:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"D:\icq\ICQ6\ICQ.exe"="D:\icq\ICQ6\ICQ.exe:*:Enabled:ICQ Library"
"D:\Program Files\Nero 8\Nero ShowTime\ShowTime.exe"="D:\Program Files\Nero 8\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Disabled:µTorrent"
"D:\qip\QIP\qip.exe"="D:\qip\QIP\qip.exe:*:Disabled:Quiet Internet Pager"
"D:\Program Files\ArchiCAD 12\ArchiCAD.exe"="D:\Program Files\ArchiCAD 12\ArchiCAD.exe:*:Enabled:ArchiCAD 12.0.0 Component"
"D:\Program Files\TrackMania United\TmUnited.exe"="D:\Program Files\TrackMania United\TmUnited.exe:*:Enabled:TmUnited"
"D:\icq\ICQ6.5\ICQ.exe"="D:\icq\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"E:\Program Files\Pinnacle\Programs\RM.exe"="E:\Program Files\Pinnacle\Programs\RM.exe:*:Enabled:Render Manager"
"E:\Program Files\Pinnacle\Programs\umi.exe"="E:\Program Files\Pinnacle\Programs\umi.exe:*:Enabled:umi"
"E:\Program Files\Pinnacle\Programs\VideoSpin.exe"="E:\Program Files\Pinnacle\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
"C:\Program Files\TeamViewer\Version7\TeamViewer.exe"="C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"MIDI1"=SYNCOR11.DLL
"wave1"=serwvdrv.dll
"vidc.LEAD"=LCODCCMP.DLL
"MSVideo8"=VfWWDM32.dll

======File associations======

.scr - open - "C:\WINDOWS\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2014-05-04 07:51:40 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2014-05-04 07:47:23 ----ASH---- C:\hiberfil.sys
2014-05-04 07:40:47 ----A---- C:\WINDOWS\ntbtlog.txt
2014-05-03 19:33:33 ----A---- C:\WINDOWS\system32\sqlite3.dll
2014-05-03 19:32:50 ----D---- C:\AdwCleaner
2014-05-03 14:42:41 ----D---- C:\Documents and Settings\vlad\Data aplikací\Malwarebytes
2014-05-03 14:42:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2014-05-03 14:33:21 ----D---- C:\Program Files\trend micro
2014-05-03 14:33:18 ----D---- C:\rsit

======List of files/folders modified in the last 1 month======

2014-05-08 10:28:02 ----D---- C:\WINDOWS\Prefetch
2014-05-08 10:27:59 ----D---- C:\WINDOWS\Temp
2014-05-06 19:50:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-05-06 19:50:23 ----D---- C:\WINDOWS\system32\CatRoot2
2014-05-06 19:49:16 ----D---- C:\WINDOWS\system32
2014-05-06 16:21:29 ----D---- C:\WINDOWS\system32\drivers
2014-05-06 15:12:02 ----SHD---- C:\WINDOWS\Installer
2014-05-06 15:07:34 ----RD---- C:\Program Files
2014-05-06 14:43:21 ----D---- C:\WINDOWS
2014-05-04 17:57:07 ----D---- C:\Documents and Settings\vlad\Data aplikací\TeamViewer
2014-05-04 17:56:48 ----D---- C:\Program Files\TeamViewer
2014-05-04 17:47:43 ----RSD---- C:\WINDOWS\Fonts
2014-05-03 22:44:59 ----SHD---- C:\WINDOWS\CSC
2014-05-03 19:27:18 ----HD---- C:\WINDOWS\$NtUninstallKB901214$
2014-05-03 19:20:05 ----D---- C:\WINDOWS\system32\CatRoot_bak
2014-05-03 19:20:05 ----D---- C:\WINDOWS\system32\CatRoot
2014-05-03 19:19:26 ----D---- C:\WINDOWS\inf
2014-05-03 14:01:52 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-04 42368]
R0 aswRvrt;avast! Revert; C:\WINDOWS\system32\drivers\aswRvrt.sys [2013-12-10 49944]
R0 aswVmm;avast! VM Monitor; C:\WINDOWS\system32\drivers\aswVmm.sys [2014-01-02 180248]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-15 76544]
R1 aswrdr;aswRdr; \??\C:\WINDOWS\system32\drivers\aswRdr.sys []
R1 aswSnx;aswSnx; \??\C:\WINDOWS\system32\drivers\aswSnx.sys []
R1 aswSP;aswSP; \??\C:\WINDOWS\system32\drivers\aswSP.sys []
R1 aswtdi;aswTdi; \??\C:\WINDOWS\system32\drivers\aswTdi.sys []
R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver; C:\WINDOWS\system32\DRIVERS\dwvkbd.sys [2007-02-15 26624]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B}; \??\D:\Program Files\CyberLink\PowerDVD\000.fcl []
R2 aswMonFlt;aswMonFlt; \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys []
R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS []
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-03 88448]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-09-20 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-09-20 55936]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 AgereSoftModem;Microcom InPorte Home; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2002-09-25 1141248]
R3 DwMirror;DwMirror; C:\WINDOWS\system32\DRIVERS\DamewareMini.sys [2007-02-07 2944]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-10-28 3532000]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-08-29 578304]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys []
S3 adiusbaw;ADSL USB MODEM WAN ADAPTER; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-21 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-21 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-21 21744]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-07 17536]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-07 20864]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-04 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-07 8064]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-04 78464]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys []
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-09-20 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2014-02-05 50344]
R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\system32\drivers\CDAC11BA.EXE [2007-11-07 54784]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; D:\Program Files\Nero 8\Nero BackItUp\NBService.exe [2007-09-20 853288]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-10-28 131139]
R2 NwSapAgent;Agent SAP; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 TeamViewer7;TeamViewer 7; C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-14 135664]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 DNTUS26;DameWare NT Utilities 2.6; C:\WINDOWS\SYSTEM32\DNTUS26.EXE [2007-10-30 114688]
S3 DWMRCS;DameWare Mini Remote Control; C:\WINDOWS\SYSTEM32\DWRCS.EXE [2007-10-30 225792]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-14 135664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-06-15 300544]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-09-20 382248]

-----------------EOF-----------------

[Márty84]

Fajn, tak jeste OTL a budem mazat

[makuSHka]

OTL pracuje

[Márty84]

Ze se mu chce, kdyz je svatek

[makuSHka]

no moc nechce .. trvá mu to ...

[Márty84]

Nedostane priplatek, lenoch jeden

Ten sken je delsi, ale dukladny a ukaze mi to co potrebuji, abych mohl sepsat prikazy na smazani. Takze musime proste pockat

[makuSHka]

otl.txt

OTL logfile created on: 8.5.2014 10:31:17 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\vlad\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

510,73 Mb Total Physical Memory | 156,72 Mb Available Physical Memory | 30,69% Memory free
1,22 Gb Paging File | 0,74 Gb Available in Paging File | 60,71% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 6,87 Gb Free Space | 35,18% Space Free | Partition Type: NTFS
Drive D: | 129,51 Gb Total Space | 109,55 Gb Free Space | 84,58% Space Free | Partition Type: NTFS
Drive E: | 108,82 Gb Total Space | 26,42 Gb Free Space | 24,28% Space Free | Partition Type: NTFS

Computer Name: DOMACI | User Name: vlad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014.05.08 10:25:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\vlad\Plocha\OTL.exe
PRC - [2014.05.03 14:02:15 | 003,774,312 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\avastui.exe
PRC - [2014.04.24 02:33:15 | 000,841,032 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014.02.05 17:47:25 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012.03.19 13:38:48 | 002,279,296 | ---- | M] (TeamViewer GmbH) -- c:\Program Files\TeamViewer\Version7\TeamViewer_Desktop.exe
PRC - [2012.03.19 13:38:47 | 007,357,824 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer.exe
PRC - [2012.03.19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.03.19 13:29:38 | 000,106,368 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\tv_w32.exe
PRC - [2007.11.07 07:18:46 | 000,054,784 | ---- | M] (Macrovision) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE
PRC - [2007.09.20 10:51:46 | 000,853,288 | ---- | M] (Nero AG) -- D:\Program Files\Nero 8\Nero BackItUp\NBService.exe
PRC - [2007.06.13 15:23:40 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003.05.05 09:57:30 | 000,143,360 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
PRC - [2002.09.20 17:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (No Company Name) ==========

MOD - [2014.05.07 20:40:44 | 002,253,312 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\14050701\algo.dll
MOD - [2014.04.24 02:33:13 | 000,390,472 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.131\ppgooglenaclpluginchrome.dll
MOD - [2014.04.24 02:33:10 | 004,081,480 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.131\pdf.dll
MOD - [2014.04.24 02:33:03 | 001,647,432 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
MOD - [2014.04.24 02:33:01 | 000,065,352 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
MOD - [2013.12.10 22:00:39 | 019,336,120 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\libcef.dll
MOD - [2005.10.28 17:06:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2004.08.17 10:49:12 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2003.07.02 16:59:48 | 000,054,272 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenty\miranda\WIP Miranda IM 1.7.1\Plugins\shlext.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2014.02.05 17:47:25 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! antivirus)
SRV - [2012.03.19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2007.11.07 07:18:46 | 000,054,784 | ---- | M] (Macrovision) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
SRV - [2007.10.30 13:42:12 | 000,225,792 | ---- | M] (DameWare Development LLC) [On_Demand | Stopped] -- C:\WINDOWS\system32\DWRCS.EXE -- (DWMRCS)
SRV - [2007.10.30 13:38:14 | 000,114,688 | ---- | M] (DameWare Development LLC) [On_Demand | Stopped] -- C:\WINDOWS\system32\DNTUS26.EXE -- (DNTUS26)
SRV - [2007.09.20 10:51:46 | 000,853,288 | ---- | M] (Nero AG) [Auto | Running] -- D:\Program Files\Nero 8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3)
SRV - [2007.06.15 16:55:00 | 000,300,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2004.03.18 17:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2002.09.20 17:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\adiusbaw.sys -- (adiusbaw)
DRV - File not found [Kernel | Auto | Stopped] -- System32\Drivers\adildr.sys -- (ADILOADER)
DRV - [2014.05.04 07:51:40 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2014.02.05 17:47:56 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmonflt.sys -- (aswMonFlt)
DRV - [2014.02.05 17:47:30 | 000,775,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2014.02.05 17:47:30 | 000,410,784 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2014.02.05 17:47:30 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswtdi)
DRV - [2014.02.05 17:47:29 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswrdr)
DRV - [2014.01.02 10:58:50 | 000,180,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013.12.10 22:00:45 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2008.06.06 10:24:44 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008.05.07 08:38:36 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008.05.07 08:38:20 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008.05.07 08:38:20 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2007.11.07 07:18:47 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC15BA.SYS -- (CdaC15BA)
DRV - [2007.02.15 19:00:00 | 000,026,624 | ---- | M] (DameWare) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dwvkbd.sys -- (dwvkbd)
DRV - [2007.02.07 19:00:00 | 000,002,944 | ---- | M] (DameWare Development, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DamewareMini.sys -- (DwMirror)
DRV - [2006.11.02 17:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- D:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4c74-92FE-5B863F82066B})
DRV - [2004.08.03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004.08.03 18:03:36 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2002.09.25 13:44:32 | 001,141,248 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2001.09.20 11:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001.09.20 11:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://searchbox.digsby.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbox.digsby.com/ie
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7


IE - HKU\.DEFAULT\..\URLSearchHook: - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2052111302-484061587-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.Google.com
IE - HKU\S-1-5-21-2052111302-484061587-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.Google.com
IE - HKU\S-1-5-21-2052111302-484061587-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.Google.com/
IE - HKU\S-1-5-21-2052111302-484061587-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.Google.com/
IE - HKU\S-1-5-21-2052111302-484061587-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/#utm_source=icq&u ... um=centrum
IE - HKU\S-1-5-21-2052111302-484061587-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.Google.com/
IE - HKU\S-1-5-21-2052111302-484061587-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.Google.com/
IE - HKU\S-1-5-21-2052111302-484061587-682003330-1003\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-2052111302-484061587-682003330-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2052111302-484061587-682003330-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={ ... rer:source?}
IE - HKU\S-1-5-21-2052111302-484061587-682003330-1003\..\SearchScopes\{3326ab56-742e-5603-906f-290517220122}: "URL" = http://searchbox.digsby.com/search?q={s ... utf-8&aq=t
IE - HKU\S-1-5-21-2052111302-484061587-682003330-1003\..\SearchScopes\{43A2AD5C-6271-40EE-BF67-CCB07FC4C7CA}: "URL" = http://www.google.com/search?q={searchT ... 1I7GGLJ_cs
IE - HKU\S-1-5-21-2052111302-484061587-682003330-1003\..\SearchScopes\{5F4764C9-A953-44D8-BA81-4C334ADB8090}: "URL" = http://rover.ebay.com/rover/1/711-53200 ... 972&type=3
IE - HKU\S-1-5-21-2052111302-484061587-682003330-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... lz=1I7GGLJ
IE - HKU\S-1-5-21-2052111302-484061587-682003330-1003\..\SearchScopes\{6CD9BBE3-DD01-49C6-BE7D-9AC27CA79035}: "URL" = http://www.amazon.com/gp/search?keyword ... 2&ie=UTF-8
IE - HKU\S-1-5-21-2052111302-484061587-682003330-1003\..\SearchScopes\search13: "URL" = http://search13.net/search.php?q={searchTerms}
IE - HKU\S-1-5-21-2052111302-484061587-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "http://search13.net/search.php?clid=486&q="
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.centrum.cz/#utm_source=icq&u ... um=centrum"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: {52EF0988-5232-4465-86E7-6434B5891030}:1.0
FF - prefs.js..extensions.enabledItems: {afcedbfe-7a6d-44c6-9f1d-664d608aecea}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.2
FF - prefs.js..extensions.enabledItems: {6236BA26-C117-4007-928C-DE0716C7FA80}:1.0.34
FF - prefs.js..extensions.enabledItems: {6236BA26-C117-4007-928C-DE0716C7FA82}:1.0.2
FF - prefs.js..extensions.enabledItems: {6236BA26-C117-4007-928C-DE0716C7FA96}:1.0.16
FF - prefs.js..extensions.enabledItems: {6236BA26-C117-4007-928C-DE0716C7FA99}:1.0.1
FF - prefs.js..extensions.enabledItems: {8675f4b3-2f19-11ed-2d6b-0800600c0a19}:1.0
FF - prefs.js..extensions.enabledItems: wrc@avast.com:9.0.2013.75
FF - prefs.js..extensions.enabledItems: {8675f4b3-2f19-11ed-2d6b-1823600c0a19}:1.0.5
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Documents and Settings\vlad\Data aplikací\Facebook\npfbplugin_1_0_1.dll File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\vlad\Data aplikací\Facebook\npfbplugin_1_0_3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\firefox\extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2014.02.05 17:47:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox 3 Beta 3\components [2013.07.04 18:41:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3 Beta 3\plugins [2014.01.25 13:30:22 | 000,000,000 | ---D | M]

[2008.08.19 18:06:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\vlad\Data aplikací\Mozilla\Extensions
[2014.05.04 07:44:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\vlad\Data aplikací\Mozilla\Firefox\Profiles\p8cwiec3.default\extensions
[2013.11.22 22:22:29 | 000,000,000 | ---D | M] ("Stylish Profile") -- C:\Documents and Settings\vlad\Data aplikací\Mozilla\Firefox\Profiles\p8cwiec3.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}
[2010.09.07 08:14:18 | 000,000,000 | ---D | M] ("Express Tab") -- C:\Documents and Settings\vlad\Data aplikací\Mozilla\Firefox\Profiles\p8cwiec3.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA82}
[2013.11.22 22:22:29 | 000,000,000 | ---D | M] ("Usage Stat") -- C:\Documents and Settings\vlad\Data aplikací\Mozilla\Firefox\Profiles\p8cwiec3.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96}
[2010.09.07 08:14:18 | 000,000,000 | ---D | M] (FBFan) -- C:\Documents and Settings\vlad\Data aplikací\Mozilla\Firefox\Profiles\p8cwiec3.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA99}
[2011.12.17 21:15:14 | 000,000,000 | ---D | M] (Feedback module) -- C:\Documents and Settings\vlad\Data aplikací\Mozilla\Firefox\Profiles\p8cwiec3.default\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a19}
[2013.11.22 22:22:30 | 000,000,000 | ---D | M] ("VFT Flv") -- C:\Documents and Settings\vlad\Data aplikací\Mozilla\Firefox\Profiles\p8cwiec3.default\extensions\{8675f4b3-2f19-11ed-2d6b-1823600c0a19}
[2009.07.01 18:29:39 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Documents and Settings\vlad\Data aplikací\Mozilla\Firefox\Profiles\p8cwiec3.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2010.01.28 19:29:28 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\vlad\Data aplikací\Mozilla\Firefox\Profiles\p8cwiec3.default\searchplugins\amazondotcom.xml
[2009.06.08 19:52:55 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\vlad\Data aplikací\Mozilla\Firefox\Profiles\p8cwiec3.default\searchplugins\ebay.xml
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\VLAD\DATA APLIKACĂ­\MOZILLA\FIREFOX\PROFILES\P8CWIEC3.DEFAULT\EXTENSIONS\{6236BA26-C117-4007-928C-DE0716C7FA80}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\VLAD\DATA APLIKACĂ­\MOZILLA\FIREFOX\PROFILES\P8CWIEC3.DEFAULT\EXTENSIONS\{6236BA26-C117-4007-928C-DE0716C7FA82}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\VLAD\DATA APLIKACĂ­\MOZILLA\FIREFOX\PROFILES\P8CWIEC3.DEFAULT\EXTENSIONS\{6236BA26-C117-4007-928C-DE0716C7FA96}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\VLAD\DATA APLIKACĂ­\MOZILLA\FIREFOX\PROFILES\P8CWIEC3.DEFAULT\EXTENSIONS\{6236BA26-C117-4007-928C-DE0716C7FA99}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\VLAD\DATA APLIKACĂ­\MOZILLA\FIREFOX\PROFILES\P8CWIEC3.DEFAULT\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\VLAD\DATA APLIKACĂ­\MOZILLA\FIREFOX\PROFILES\P8CWIEC3.DEFAULT\EXTENSIONS\{8675F4B3-2F19-11ED-2D6B-0800600C0A19}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\VLAD\DATA APLIKACĂ­\MOZILLA\FIREFOX\PROFILES\P8CWIEC3.DEFAULT\EXTENSIONS\{8675F4B3-2F19-11ED-2D6B-1823600C0A19}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\VLAD\DATA APLIKACĂ­\MOZILLA\FIREFOX\PROFILES\P8CWIEC3.DEFAULT\EXTENSIONS\{AFCEDBFE-7A6D-44C6-9F1D-664D608AECEA}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\VLAD\DATA APLIKACĂ­\MOZILLA\FIREFOX\PROFILES\P8CWIEC3.DEFAULT\EXTENSIONS\{E968FC70-8F95-4AB9-9E79-304DE2A71EE1}
[2014.02.05 17:47:31 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2009.07.15 09:29:40 | 000,000,000 | ---D | M] (Kwinzy) -- C:\PROGRAM FILES\MOZILLA FIREFOX 3 BETA 3\EXTENSIONS\{52EF0988-5232-4465-86E7-6434B5891030}
[2009.09.17 21:20:11 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX 3 BETA 3\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2007.06.11 14:34:00 | 002,115,816 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files\Google\Chrome\Application\34.0.1847.131\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\34.0.1847.131\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npdeployJava1.dll
CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin7.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\vlad\Data aplikacĂ­\Facebook\npfbplugin_1_0_1.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\vlad\Data aplikacĂ­\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\vlad\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: VyhledávánĂ­ Google = C:\Documents and Settings\vlad\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AT_MatthewWilliamsonV2 = C:\Documents and Settings\vlad\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\lmmhgompekhigjmnfnpelggpmlmabgce\2_0\
CHR - Extension: Peněženka Google = C:\Documents and Settings\vlad\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Documents and Settings\vlad\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2014.05.06 16:32:49 | 000,000,741 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-2052111302-484061587-682003330-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LanguageShortcut] D:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O4 - HKLM..\Run: [WinampAgent] "E:\Program Files\Winamp\winampa.exe" File not found
O4 - HKU\S-1-5-21-2052111302-484061587-682003330-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-2052111302-484061587-682003330-1003..\Run: [ICQ] "D:\icq\ICQ7.2\ICQ.exe" silent loginmode=4 File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2052111302-484061587-682003330-1003\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-2052111302-484061587-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2052111302-484061587-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-2052111302-484061587-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/200 ... oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-c23a-453e-a040-c7c580bbf700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/v ... .2.5.7.cab (DLM Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 4331696109 (WUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {813A45F9-744F-435F-A815-19E2DF35A9D8} http://www.o2c.de/download/o2cplayerac.cab (O2C-Player - area constructor view (ELECO Software GmbH))
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-secure.com/ols/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://icq.oberon-media.com/Gameshell/G ... meHost.cab (Oberon Flash Game Host)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD41D19D-95A9-493D-B4DE-BB8EC5E8A334}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\vlad\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\vlad\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.07.22 02:25:00 | 000,000,683 | ---- | M] () - C:\autoAlbum.log -- [ NTFS ]
O32 - AutoRun File - [2007.11.06 08:05:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006.01.09 11:39:55 | 000,000,000 | ---D | M] - E:\AutoCAD 2004 -- [ NTFS ]
O33 - MountPoints2\{06157e96-62c5-11e2-b6ac-000c6ecfc55d}\Shell\AutoRun\command - "" = G:\urDrive.exe
O33 - MountPoints2\{5916abda-53b3-11e3-b717-000c6ecfc55d}\Shell - "" = AutoRun
O33 - MountPoints2\{5916abda-53b3-11e3-b717-000c6ecfc55d}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{f4a4ddee-8382-11e2-b6bc-000c6ecfc55d}\Shell\AutoRun\command - "" = G:\TranscendService(JF).exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: WmdmPmSN - File not found

Drivers32: MIDI1 - C:\WINDOWS\System32\Syncor11.dll (SoundMAX)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2014.05.08 10:25:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\vlad\Plocha\OTL.exe
[2014.05.08 10:22:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vlad\Nabídka Start\Programy\CyberLink PowerDVD
[2014.05.04 17:56:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\TeamViewer 7
[2014.05.04 17:49:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vlad\Plocha\RK_Quarantine
[2014.05.04 17:45:41 | 322,523,176 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\vlad\Plocha\Microsoft-Windows-XP-SP3-CZ.exe
[2014.05.04 07:51:40 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2014.05.03 19:33:33 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\WINDOWS\System32\sqlite3.dll
[2014.05.03 19:32:50 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.05.03 19:19:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Dokumenty\Hudba
[2014.05.03 14:42:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vlad\Data aplikací\Malwarebytes
[2014.05.03 14:42:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2014.05.03 14:33:21 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2014.05.03 14:33:18 | 000,000,000 | ---D | C] -- C:\rsit
[2014.05.03 14:30:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\vlad\Recent
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014.05.08 10:36:58 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014.05.08 10:27:04 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014.05.08 10:25:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\vlad\Plocha\OTL.exe
[2014.05.08 10:22:16 | 000,039,472 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2014.05.08 10:22:08 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2014.05.08 10:22:05 | 000,000,932 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014.05.08 10:22:03 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\PCConfidential.job
[2014.05.08 10:21:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014.05.08 10:21:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014.05.08 10:21:50 | 535,613,440 | -HS- | M] () -- C:\hiberfil.sys
[2014.05.06 19:12:00 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014.05.04 17:56:58 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\TeamViewer 7.lnk
[2014.05.04 17:46:15 | 322,523,176 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\vlad\Plocha\Microsoft-Windows-XP-SP3-CZ.exe
[2014.05.04 17:39:52 | 003,972,608 | ---- | M] () -- C:\Documents and Settings\vlad\Plocha\RogueKiller.exe
[2014.05.04 07:51:40 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2014.05.03 19:18:28 | 001,310,621 | ---- | M] () -- C:\Documents and Settings\vlad\Plocha\adwcleaner.exe
[2014.05.03 14:33:09 | 000,781,383 | ---- | M] () -- C:\Documents and Settings\vlad\Plocha\RSIT.exe
[2014.05.03 14:01:52 | 000,403,968 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014.05.03 14:01:52 | 000,401,726 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2014.05.03 14:01:52 | 000,074,426 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2014.05.03 14:01:52 | 000,063,188 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014.05.08 10:36:58 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014.05.04 17:56:57 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\TeamViewer 7.lnk
[2014.05.04 17:39:35 | 003,972,608 | ---- | C] () -- C:\Documents and Settings\vlad\Plocha\RogueKiller.exe
[2014.05.04 07:47:23 | 535,613,440 | -HS- | C] () -- C:\hiberfil.sys
[2014.05.03 19:18:00 | 001,310,621 | ---- | C] () -- C:\Documents and Settings\vlad\Plocha\adwcleaner.exe
[2014.05.03 14:33:06 | 000,781,383 | ---- | C] () -- C:\Documents and Settings\vlad\Plocha\RSIT.exe
[2013.03.22 16:08:50 | 000,180,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013.03.22 16:08:49 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2012.12.23 13:31:13 | 000,000,246 | ---- | C] () -- C:\WINDOWS\phedit.ini
[2010.10.27 12:59:01 | 000,310,565 | ---- | C] () -- C:\Documents and Settings\vlad\.recently-used.xbel
[2010.03.22 23:57:52 | 000,001,743 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\QTSBandwidthCache
[2009.09.14 12:24:26 | 000,013,387 | ---- | C] () -- C:\Documents and Settings\vlad\Data aplikací\mdbu.bin
[2008.01.12 17:35:40 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\vlad\.gtk-bookmarks
[2007.12.16 19:53:00 | 000,000,124 | ---- | C] () -- C:\Documents and Settings\vlad\Local Settings\Data aplikací\fusioncache.dat
[2007.11.27 21:06:40 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
[2007.11.16 16:32:54 | 000,000,141 | ---- | C] () -- C:\Documents and Settings\vlad\default.pls
[2007.11.10 15:20:04 | 000,217,088 | ---- | C] () -- C:\Documents and Settings\vlad\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2007.12.16 19:33:51 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2007.08.22 14:58:08 | 001,498,624 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2004.08.17 15:49:08 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2004.08.17 15:49:20 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010.08.14 06:49:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2007.11.07 07:17:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Autodesk
[2013.12.10 21:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
[2009.02.21 15:42:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\f-secure
[2009.02.21 15:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\fssg
[2014.05.04 07:44:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2008.10.27 10:48:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Installations
[2007.12.26 09:00:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\MumboJumbo
[2008.08.15 17:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Suite
[2009.09.14 12:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PhotoGenie
[2010.02.26 10:40:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pinnacle
[2008.06.25 15:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2013.12.24 19:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\AVAST Software
[2007.11.07 07:17:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vlad\Data aplikací\Autodesk
[2013.12.10 22:24:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vlad\Data aplikací\AVAST Software
[2009.02.06 19:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vlad\Data aplikací\Graphisoft
[2010.02.26 15:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vlad\Data aplikací\gtk-2.0
[2013.05.07 18:42:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vlad\Data aplikací\ICQ
[2007.11.10 15:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vlad\Data aplikací\ICQ Toolbar
[2008.03.22 20:39:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vlad\Data aplikací\Image Zone Express
[2013.07.04 18:37:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vlad\Data aplikací\IObit
[2009.04.15 12:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vlad\Data aplikací\LimeWire
[2009.02.04 17:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vlad\Data aplikací\neuroLanguage
[2008.08.15 17:25:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vlad\Data aplikací\Nokia
[2009.03.07 11:40:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vlad\Data aplikací\PC Suite
[2008.01.19 20:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vlad\Data aplikací\QIP
[2014.05.04 17:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vlad\Data aplikací\TeamViewer
[2009.09.14 10:09:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vlad\Data aplikací\Zoner

========== Purity Check ==========



========== Custom Scans ==========

< >
[2007.11.06 08:04:17 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2007.11.06 08:16:44 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2009.04.01 16:43:41 | 000,000,260 | ---- | C] () -- C:\WINDOWS\Tasks\WGASetup.job
[2009.05.31 17:20:14 | 000,000,416 | ---- | C] () -- C:\WINDOWS\Tasks\PCConfidential.job
[2010.08.14 06:49:34 | 000,000,932 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2010.08.14 06:49:34 | 000,000,936 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2012.07.15 06:56:35 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job

< >

< MD5 for: AGP440.SYS >
[2004.08.17 10:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\agp440.sys
[2004.08.04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\dllcache\agp440.sys
[2004.08.04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\AGP440.SYS
[2004.08.04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004.08.17 10:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 17:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.04.14 05:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\autochk.exe
[2004.08.17 10:49:22 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\cmdcons\autochk.exe
[2004.08.17 10:49:22 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\system32\autochk.exe
[2004.08.17 10:49:22 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\system32\dllcache\autochk.exe

< MD5 for: CDROM.SYS >
[2004.08.17 10:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\cdrom.sys
[2004.08.03 17:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\drivers\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2004.08.17 10:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\cryptsvc.dll
[2004.08.17 11:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\dllcache\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\eventlog.dll
[2004.08.17 11:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004.08.17 10:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\explorer.exe
[2004.08.17 10:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007.06.13 15:12:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=9B32416BD5988C97B6397CE0B02CAF97 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007.06.13 15:23:40 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=ED7B460B142A32097B8A8F6ECC941815 -- C:\WINDOWS\explorer.exe
[2007.06.13 15:23:40 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=ED7B460B142A32097B8A8F6ECC941815 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: HAL.DLL >
[2004.08.17 10:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\hal.dll
[2004.08.03 17:59:14 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- C:\WINDOWS\system32\hal.dll

< MD5 for: CHANGER.SYS >
[2004.08.17 10:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\changer.sys

< MD5 for: ISAPNP.SYS >
[2001.09.13 16:43:58 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\dllcache\isapnp.sys
[2001.09.13 16:43:58 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\drivers\isapnp.sys
[2001.09.20 11:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\isapnp.sys

< MD5 for: LSASS.EXE >
[2004.08.17 11:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2004.08.17 10:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\ndis.sys
[2004.08.03 18:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\dllcache\ndis.sys
[2004.08.03 18:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2004.08.17 11:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004.08.17 10:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004.08.17 11:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004.08.17 10:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.17 11:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\dllcache\smss.exe
[2004.08.17 10:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\smss.exe
[2004.08.17 15:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\svchost.exe
[2004.08.17 11:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\system32\dllcache\svchost.exe
[2004.08.17 10:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2006.04.20 13:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\system32\drivers\tcpip.sys
[2007.10.30 18:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2007.10.30 19:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2004.08.03 18:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006.04.20 14:18:36 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\userinit.exe
[2004.08.17 10:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004.08.17 10:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.17 10:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\winlogon.exe

< MD5 for: WS2_32.DLL >
[2004.08.17 11:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2004.08.17 10:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\system32\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\ws2_32.dll

< >

< %systemroot%*.* /U /s >
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\CSC\*.tmp files -> C:\WINDOWS\CSC\*.tmp -> ]
[5 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[8 C:\WINDOWS\system32\config\systemprofile\Local Settings\temp\*.tmp files -> C:\WINDOWS\system32\config\systemprofile\Local Settings\temp\*.tmp -> ]
[9 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> ]
[1 C:\WINDOWS\twain_32\*.tmp files -> C:\WINDOWS\twain_32\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2013.06.01 11:45:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vlad\Data aplikací\Adobe
[2007.12.26 01:18:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vlad\Data aplikací\Apple Computer
[2012.12.30 12:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vlad\Data aplikací\ArcSoft
[2007.11.07 07:17:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vlad\Data aplikací\Autodesk
[2013.12.10 22:24:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vlad\Data aplikací\AVAST Software
[2008.06.18 09:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vlad\Data aplikací\Comodo
[2007.11.16 09:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vlad\Data aplikací\CyberLink
[2010.10.09 14:23:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vlad\Data aplikací\Download Manager
[2007.11.10 16:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vlad\Data aplikací\Google
[2009.02.06 19:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vlad\Data aplikací\Graphisoft
[2010.02.26 15:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vlad\Data aplikací\gtk-2.0
[2007.11.26 20:59:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vlad\Data aplikací\Help
[2013.05.07 18:42:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vlad\Data aplikací\ICQ
[2007.11.10 15:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vlad\Data aplikací\ICQ Toolbar
[2007.11.06 08:17:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vlad\Data aplikací\Identities
[2008.03.22 20:39:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vlad\Data aplikací\Image Zone Express
[2013.07.04 18:37:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vlad\Data aplikací\IObit
[2009.04.15 12:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vlad\Data aplikací\LimeWire
[2007.12.28 19:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vlad\Data aplikací\Macromedia
[2014.05.03 14:42:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vlad\Data aplikací\Malwarebytes
[2010.08.14 06:54:00 | 000,000,000 | --SD | M] -- C:\Documents and Settings\vlad\Data aplikací\Microsoft
[2008.08.19 18:06:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vlad\Data aplikací\Mozilla
[2007.11.07 21:19:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vlad\Data aplikací\Nero
[2009.02.04 17:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vlad\Data aplikací\neuroLanguage
[2008.08.15 17:25:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vlad\Data aplikací\Nokia
[2009.03.07 11:40:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vlad\Data aplikací\PC Suite
[2008.01.19 20:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vlad\Data aplikací\QIP
[2009.04.26 19:03:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vlad\Data aplikací\skypePM
[2007.12.27 15:41:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vlad\Data aplikací\Sun
[2014.05.04 17:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vlad\Data aplikací\TeamViewer
[2009.09.14 10:09:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vlad\Data aplikací\Zoner

< %APPDATA%\*.exe /s >
[2007.12.22 15:00:20 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\vlad\Data aplikací\Microsoft\Installer\{457791C5-D702-4143-A7B2-2744BE9573F2}\NewShortcut1_5B69D3033CA54B39B5ECE7D051297E77.exe
[2008.03.31 19:46:03 | 000,007,168 | R--- | M] () -- C:\Documents and Settings\vlad\Data aplikací\Microsoft\Installer\{953E4CAF-B57F-43BD-B1C1-E53D4B361B1F}\Icon9B52747C.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007.11.05 11:40:20 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2007.11.05 11:40:20 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2007.11.05 11:40:20 | 000,462,848 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2014.05.08 10:22:16 | 000,039,472 | ---- | M] () -- C:\WINDOWS\system32\nvapps.xml
[2014.05.08 10:21:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2004.08.17 10:49:24 | 000,015,360 | ---- | M] (Microsoft Corporation)
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" -- [2007.09.20 16:35:10 | 000,202,024 | ---- | M] (Nero AG)
"ICQ" = "D:\icq\ICQ7.2\ICQ.exe" silent loginmode=4

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %fystemRoot%\system32\svchost.exe -k netsvcs

< >

< type c:\boot.ini >> test.txt /c >
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2014.05.08 10:36:58 | 000,000,512 | ---- | M] () MD5=B3AB6EA3EC2A00C0F8FEB9A65DEE85CD -- C:\PhysicalMBR.bin

< >

< *crack* /s >

< *keygen* /s >

< *AntiWPA* /s >

< *loader* /s >
[2007.09.18 12:59:00 | 000,000,232 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\Nero\Nero8\OnlineServices\NOSWebConfig\MySpace\uploadError.xml
[2007.11.06 09:51:12 | 000,001,479 | ---- | M] () -- \Documents and Settings\All Users\Nabídka Start\Programy\SoundMAX\DLS Loader.lnk
[2014.05.04 17:16:22 | 000,001,231 | ---- | M] () -- \Documents and Settings\vlad\Local Settings\Temporary Internet Files\Content.IE5\FN7ADS02\oneMscomJsCssLoader[1].js
[2014.05.04 17:32:52 | 000,003,720 | ---- | M] () -- \Documents and Settings\vlad\Local Settings\Temporary Internet Files\Content.IE5\P729R6YX\ajax-loader[1].gif
[2003.06.27 03:10:12 | 000,106,496 | ---- | M] () -- \DRIVERS\AD1888\AD1888\SoundMAX Synthesizer\DLSLoader.exe
[2003.06.26 19:10:12 | 000,106,496 | ---- | M] () -- \Program Files\Analog Devices\SoundMAX\DLSLoader.exe
[2002.08.30 16:09:00 | 000,000,595 | ---- | M] () -- \Program Files\Analog Devices\SoundMAX\DLSLoader.exe.manifest
[2007.09.26 20:37:48 | 000,107,816 | ---- | M] () -- \Program Files\Common Files\Nero\Shared\NSCLoader.dll
[2012.01.22 08:44:02 | 000,005,795 | ---- | M] () -- \Program Files\ICQ7.5\imApp\theme\IMAGES\XtraPreloader\loader.jpg
[2012.01.22 08:44:04 | 000,004,180 | ---- | M] () -- \Program Files\ICQ7.5\imApp\theme\IMAGES\XtraPreloader\zlango-preloader.png
[2012.01.22 08:44:02 | 000,005,520 | ---- | M] () -- \Program Files\ICQ7.5\imApp\theme\MUICoreLib\xtraLoader.swf
[2012.01.22 08:44:39 | 000,000,402 | ---- | M] () -- \Program Files\ICQ7.5\Xtraz\icq\content\profile_lightboxs\preloader.html
[2008.02.25 08:05:22 | 000,856,064 | ---- | M] () -- \Program Files\The KMPlayer\ImLoader.dll
[2008.02.01 03:21:04 | 000,000,350 | ---- | M] () -- \WINDOWS\Downloaded Program Files\MySpaceUploader.inf
[2008.02.01 03:17:04 | 002,637,440 | ---- | M] () -- \WINDOWS\Downloaded Program Files\MySpaceUploader.ocx
[2008.10.10 15:43:42 | 000,000,335 | ---- | M] () -- \WINDOWS\Downloaded Program Files\PhotoUploader5.inf
[2008.10.10 15:44:58 | 003,536,384 | ---- | M] () -- \WINDOWS\Downloaded Program Files\PhotoUploader5.ocx
[2009.07.29 03:00:56 | 000,000,338 | ---- | M] () -- \WINDOWS\Downloaded Program Files\PhotoUploader55.inf
[2009.07.29 21:21:24 | 003,540,488 | ---- | M] () -- \WINDOWS\Downloaded Program Files\PhotoUploader55.ocx
[2008.04.14 05:21:39 | 000,035,840 | ---- | M] () -- \WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\dmloader.dll
[2008.04.13 20:31:47 | 000,230,912 | ---- | M] () -- \WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\osloader.exe
[2008.04.13 20:31:48 | 000,278,528 | ---- | M] () -- \WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\osloader.ntd
[2004.08.17 10:49:06 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dmloader.dll
[1 \WINDOWS\system32\*.tmp files -> \WINDOWS\system32\*.tmp -> ]
[2010.10.22 13:43:22 | 000,012,532 | ---- | M] () -- \WINDOWS\system32\Adobe\Shockwave 11\shockwave_Projector_Loader.dcr
[2004.08.17 10:49:06 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dllcache\dmloader.dll
[2007.08.07 14:04:24 | 000,009,622 | ---- | M] () -- \WINDOWS\system32\Macromed\Shockwave 10\shockwave_Projector_Loader.dcr

< *minodlogin* /s >

< *tnod* /s >

< *AutoKMS* /s >

< *activator* /s >

< *serial* /s >
[2004.08.17 15:44:16 | 000,030,301 | ---- | M] () -- \cmdcons\SERIAL.SY_
[2009.08.22 09:27:40 | 000,001,243 | ---- | M] () -- \Documents and Settings\vlad\Oblíbené položky\Katka\Filmy\www.filmy-serialy.com.url
[2007.12.16 19:34:41 | 000,011,776 | ---- | M] () -- \WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.5000.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2007.12.17 22:58:49 | 000,131,072 | ---- | M] () -- \WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2010.02.26 10:34:15 | 000,131,072 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2004.07.15 15:31:54 | 000,131,072 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
[2003.04.07 20:24:52 | 000,011,776 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v1.1.4322\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2005.09.23 08:28:56 | 000,131,072 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2008.04.14 04:17:25 | 000,028,416 | ---- | M] () -- \WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\grserial.sys
[2008.04.14 04:21:08 | 000,064,256 | ---- | M] () -- \WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\serial.sys
[2007.06.27 14:59:02 | 000,131,072 | ---- | M] () -- \WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\system.runtime.serialization.formatters.soap.dll
[2001.09.20 11:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dpserial.dll
[2001.09.20 11:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\serialui.dll
[1 \WINDOWS\system32\*.tmp files -> \WINDOWS\system32\*.tmp -> ]
[2004.08.17 10:44:16 | 000,064,640 | ---- | M] () -- \WINDOWS\system32\drivers\serial.sys

< *w7lxe* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 6144 bytes -> C:\WINDOWS\Cursors\arrow_n.cur:NEDTA.DAT
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:B623B5B8

< End of report >

[makuSHka]

extras.txt

OTL Extras logfile created on: 8.5.2014 10:31:17 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\vlad\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

510,73 Mb Total Physical Memory | 156,72 Mb Available Physical Memory | 30,69% Memory free
1,22 Gb Paging File | 0,74 Gb Available in Paging File | 60,71% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 6,87 Gb Free Space | 35,18% Space Free | Partition Type: NTFS
Drive D: | 129,51 Gb Total Space | 109,55 Gb Free Space | 84,58% Space Free | Partition Type: NTFS
Drive E: | 108,82 Gb Total Space | 26,42 Gb Free Space | 24,28% Space Free | Partition Type: NTFS

Computer Name: DOMACI | User Name: vlad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2052111302-484061587-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\domainprofile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\standardprofile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"6129:TCP" = 6129:TCP:*:Disabled:dmwr

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\ICQ7.5\ICQ.exe" = C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5 -- (ICQ, LLC.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"D:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" = D:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD -- (CyberLink Corp.)
"D:\icq\ICQ6\ICQ.exe" = D:\icq\ICQ6\ICQ.exe:*:Enabled:ICQ Library -- (ICQ, Inc.)
"D:\Program Files\Nero 8\Nero ShowTime\ShowTime.exe" = D:\Program Files\Nero 8\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime -- (Nero AG)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Disabled:µTorrent
"D:\qip\QIP\qip.exe" = D:\qip\QIP\qip.exe:*:Disabled:Quiet Internet Pager -- (The Author of QIP)
"D:\Program Files\ArchiCAD 12\ArchiCAD.exe" = D:\Program Files\ArchiCAD 12\ArchiCAD.exe:*:Enabled:ArchiCAD 12.0.0 Component -- (Graphisoft R&D)
"D:\Program Files\TrackMania United\TmUnited.exe" = D:\Program Files\TrackMania United\TmUnited.exe:*:Enabled:TmUnited
"D:\icq\ICQ6.5\ICQ.exe" = D:\icq\ICQ6.5\ICQ.exe:*:Enabled:ICQ6
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"E:\Program Files\Pinnacle\Programs\RM.exe" = E:\Program Files\Pinnacle\Programs\RM.exe:*:Enabled:Render Manager
"E:\Program Files\Pinnacle\Programs\umi.exe" = E:\Program Files\Pinnacle\Programs\umi.exe:*:Enabled:umi
"E:\Program Files\Pinnacle\Programs\VideoSpin.exe" = E:\Program Files\Pinnacle\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
"C:\Program Files\ICQ7.5\ICQ.exe" = C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5 -- (ICQ, LLC.)
"C:\Program Files\TeamViewer\Version7\TeamViewer.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{2F71F2BA-B513-4113-969C-18A84D238E27}" = 1310
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = ADSL USB MODEM
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5783F2D7-0201-0405-0002-0060B0CE6BBA}" = AutoCAD 2004
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{5E65E94D-69F2-4850-9E93-6459C53A0F50}" = Microsoft .NET Framework 1.1 Czech Language Pack
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6F8A555E-F2E1-415D-AD8A-67C0A7671029}" = Nero 8
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{71E40B32-5173-4538-8996-5822DD18E8D4}" = Windows Live Messenger
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{80413011-029C-4D6B-B3AD-725DDE60B81C}" = 1310Trb
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0405-0000-0000000FF1CE}" = Sada Compatibility Pack pro systém Office 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{953E4CAF-B57F-43BD-B1C1-E53D4B361B1F}" = Mapa Prahy a ČR - InfoMapa - Home Edition 2007
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{99A40651-0BC2-4095-8F9A-A40FAB224FEF}" = PC Connectivity Solution
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A68575CE-050E-4E1F-A053-58BE8D9DE7AB}" = ArcSoft MediaImpression 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{B314F1F2-49DF-41DD-A1B4-DC4192EC1021}" = HP Image Zone Express
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{E21658D0-8C83-4ADD-937B-6ED07F335ABA}" = 1310Tour
"{E3F328E4-EB9F-4ABF-8FF3-5AD0472743D8}" = Windows Live Essentials
"{E90BEB5B-CFA0-418E-9ABB-4C4A7B0D9483}" = 1310_Help
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Microcom InPorte Home
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner (remove only)
"CdaC13Ba" = SafeCast Shared Components
"Google Chrome" = Google Chrome
"HP Photo & Imaging" = HP Image Zone 4.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Pascal Indent for Windows" = Pascal Indent for Windows
"PowerArchiver 2006 v9.64 Czech_is1" = PowerArchiver 2006 v9.64 Czech
"QIP 2005_is1" = QIP 2005 8082
"TeamViewer 7" = TeamViewer 7
"The KMPlayer" = The KMPlayer (remove only)
"Totalcmd" = Total Commander (Remove or Repair)
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5

========== Last 20 Event Log Errors ==========

[ antivirus Events ]
Error - 17.10.2008 16:25:49 | Computer Name = DOMACI | Source = avast! | ID = 33554522
Description =

Error - 13.1.2009 6:29:20 | Computer Name = DOMACI | Source = avast! | ID = 33554522
Description =

Error - 23.1.2009 6:22:00 | Computer Name = DOMACI | Source = avast! | ID = 33554522
Description =

Error - 4.5.2009 10:15:33 | Computer Name = DOMACI | Source = avast! | ID = 33554522
Description =

Error - 4.5.2009 10:15:33 | Computer Name = DOMACI | Source = avast! | ID = 33554522
Description =

Error - 4.5.2009 10:15:35 | Computer Name = DOMACI | Source = avast! | ID = 33554522
Description =

Error - 4.5.2009 10:15:40 | Computer Name = DOMACI | Source = avast! | ID = 33554522
Description =

Error - 4.5.2009 10:15:40 | Computer Name = DOMACI | Source = avast! | ID = 33554522
Description =

Error - 4.5.2009 10:15:46 | Computer Name = DOMACI | Source = avast! | ID = 33554522
Description =

Error - 21.7.2009 13:14:08 | Computer Name = DOMACI | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 21.12.2012 3:35:02 | Computer Name = DOMACI | Source = Application Error | ID = 1000
Description = Chybující aplikace hpqtra08.exe, verze 43.1.5.0, chybující modul ntdll.dll,
verze 5.1.2600.2180, adresa chyby 0x00010f29.

Error - 29.12.2012 7:17:42 | Computer Name = DOMACI | Source = Application Error | ID = 1000
Description = Chybující aplikace nerostartsmart.exe, verze 8.1.2.0, chybující modul
msvcr80.dll, verze 8.0.50727.762, adresa chyby 0x000046b4.

Error - 1.1.2013 12:47:22 | Computer Name = DOMACI | Source = Application Error | ID = 1000
Description = Chybující aplikace arcmediaservice.exe, verze 1.0.0.24, chybující
modul unknown, verze 0.0.0.0, adresa chyby 0x00000000.

Error - 16.1.2013 13:39:03 | Computer Name = DOMACI | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.


Error - 16.1.2013 13:39:03 | Computer Name = DOMACI | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.


Error - 14.2.2013 11:02:28 | Computer Name = DOMACI | Source = Application Error | ID = 1000
Description = Chybující aplikace explorer.exe, verze 6.0.2900.3156, chybující modul
shell32.dll, verze 6.0.2900.3402, adresa chyby 0x0007bd0e.

Error - 2.3.2013 17:47:54 | Computer Name = DOMACI | Source = Application Error | ID = 1000
Description = Chybující aplikace nerostartsmart.exe, verze 8.1.2.0, chybující modul
msvcr80.dll, verze 8.0.50727.762, adresa chyby 0x000046b4.

Error - 1.6.2013 5:39:10 | Computer Name = DOMACI | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.


Error - 1.6.2013 5:39:11 | Computer Name = DOMACI | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.


Error - 9.2.2014 12:04:21 | Computer Name = DOMACI | Source = Application Error | ID = 1000
Description = Chybující aplikace mmc.exe, verze 5.1.2600.2180, chybující modul ntdll.dll,
verze 5.1.2600.2180, adresa chyby 0x00011e5a.

[ Application Events ]
Error - 21.12.2012 3:35:02 | Computer Name = DOMACI | Source = Application Error | ID = 1000
Description = Chybující aplikace hpqtra08.exe, verze 43.1.5.0, chybující modul ntdll.dll,
verze 5.1.2600.2180, adresa chyby 0x00010f29.

Error - 29.12.2012 7:17:42 | Computer Name = DOMACI | Source = Application Error | ID = 1000
Description = Chybující aplikace nerostartsmart.exe, verze 8.1.2.0, chybující modul
msvcr80.dll, verze 8.0.50727.762, adresa chyby 0x000046b4.

Error - 1.1.2013 12:47:22 | Computer Name = DOMACI | Source = Application Error | ID = 1000
Description = Chybující aplikace arcmediaservice.exe, verze 1.0.0.24, chybující
modul unknown, verze 0.0.0.0, adresa chyby 0x00000000.

Error - 16.1.2013 13:39:03 | Computer Name = DOMACI | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.


Error - 16.1.2013 13:39:03 | Computer Name = DOMACI | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.


Error - 14.2.2013 11:02:28 | Computer Name = DOMACI | Source = Application Error | ID = 1000
Description = Chybující aplikace explorer.exe, verze 6.0.2900.3156, chybující modul
shell32.dll, verze 6.0.2900.3402, adresa chyby 0x0007bd0e.

Error - 2.3.2013 17:47:54 | Computer Name = DOMACI | Source = Application Error | ID = 1000
Description = Chybující aplikace nerostartsmart.exe, verze 8.1.2.0, chybující modul
msvcr80.dll, verze 8.0.50727.762, adresa chyby 0x000046b4.

Error - 1.6.2013 5:39:10 | Computer Name = DOMACI | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.


Error - 1.6.2013 5:39:11 | Computer Name = DOMACI | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.


Error - 9.2.2014 12:04:21 | Computer Name = DOMACI | Source = Application Error | ID = 1000
Description = Chybující aplikace mmc.exe, verze 5.1.2600.2180, chybující modul ntdll.dll,
verze 5.1.2600.2180, adresa chyby 0x00011e5a.

[ System Events ]
Error - 8.5.2014 4:39:59 | Computer Name = DOMACI | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %2 při pokusu o spuštění služby BITS s
argumenty za účelem spuštění serveru: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 8.5.2014 4:39:59 | Computer Name = DOMACI | Source = Service Control Manager | ID = 7000
Description = Služba Služba inteligentního přenosu na pozadí neuspěla při spuštění
v důsledku následující chyby: %%2

Error - 8.5.2014 4:39:59 | Computer Name = DOMACI | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %2 při pokusu o spuštění služby BITS s
argumenty za účelem spuštění serveru: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 8.5.2014 4:39:59 | Computer Name = DOMACI | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %2 při pokusu o spuštění služby BITS s
argumenty za účelem spuštění serveru: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 8.5.2014 4:39:59 | Computer Name = DOMACI | Source = Service Control Manager | ID = 7000
Description = Služba Služba inteligentního přenosu na pozadí neuspěla při spuštění
v důsledku následující chyby: %%2

Error - 8.5.2014 4:39:59 | Computer Name = DOMACI | Source = Service Control Manager | ID = 7000
Description = Služba Služba inteligentního přenosu na pozadí neuspěla při spuštění
v důsledku následující chyby: %%2

Error - 8.5.2014 4:39:59 | Computer Name = DOMACI | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %2 při pokusu o spuštění služby BITS s
argumenty za účelem spuštění serveru: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 8.5.2014 4:39:59 | Computer Name = DOMACI | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %2 při pokusu o spuštění služby BITS s
argumenty za účelem spuštění serveru: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 8.5.2014 4:39:59 | Computer Name = DOMACI | Source = Service Control Manager | ID = 7000
Description = Služba Služba inteligentního přenosu na pozadí neuspěla při spuštění
v důsledku následující chyby: %%2

Error - 8.5.2014 4:39:59 | Computer Name = DOMACI | Source = Service Control Manager | ID = 7000
Description = Služba Služba inteligentního přenosu na pozadí neuspěla při spuštění
v důsledku následující chyby: %%2


< End of report >

[Márty84]

Zazalohujte si mozillu pomoci mozbackup http://www.stahuj.centrum.cz/utility_a_ ... mozbackup/ . Mazu tam hodne veci, ktere nejsou obvykle pouzivany, tak kdyby vam tam pak neco chybelo...



Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne
Znovu spustte OTL
Do spodniho okna vlozte nasledujici text (vcetne te dvojtecky pred slovem commands)

Kód: Vybrat vše

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[Purity]
[CreateRestorePoint]

:services
MBAMSwissArmy
gupdate
gupdatem
NMIndexingService

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\PCConfidential.job
C:\WINDOWS\tasks\WGASetup.job

:otl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://searchbox.digsby.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbox.digsby.com/ie
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\URLSearchHook: - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\S-1-5-21-2052111302-484061587-682003330-1003\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-2052111302-484061587-682003330-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-2052111302-484061587-682003330-1003\..\SearchScopes\{3326ab56-742e-5603-906f-290517220122}: "URL" = http://searchbox.digsby.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t
IE - HKU\S-1-5-21-2052111302-484061587-682003330-1003\..\SearchScopes\search13: "URL" = http://search13.net/search.php?q={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "http://search13.net/search.php?clid=486&q="
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: {52EF0988-5232-4465-86E7-6434B5891030}:1.0
FF - prefs.js..extensions.enabledItems: {afcedbfe-7a6d-44c6-9f1d-664d608aecea}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {6236BA26-C117-4007-928C-DE0716C7FA80}:1.0.34
FF - prefs.js..extensions.enabledItems: {6236BA26-C117-4007-928C-DE0716C7FA82}:1.0.2
FF - prefs.js..extensions.enabledItems: {6236BA26-C117-4007-928C-DE0716C7FA96}:1.0.16
FF - prefs.js..extensions.enabledItems: {6236BA26-C117-4007-928C-DE0716C7FA99}:1.0.1
FF - prefs.js..extensions.enabledItems: {8675f4b3-2f19-11ed-2d6b-0800600c0a19}:1.0
FF - prefs.js..extensions.enabledItems: {8675f4b3-2f19-11ed-2d6b-1823600c0a19}:1.0.5
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Documents and Settings\vlad\Data aplikací\Facebook\npfbplugin_1_0_1.dll File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\vlad\Data aplikací\Facebook\npfbplugin_1_0_3.dll File not found
[2013.11.22 22:22:29 | 000,000,000 | ---D | M] ("Stylish Profile") -- C:\Documents and Settings\vlad\Data aplikací\Mozilla\Firefox\Profiles\p8cwiec3.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}
[2010.09.07 08:14:18 | 000,000,000 | ---D | M] ("Express Tab") -- C:\Documents and Settings\vlad\Data aplikací\Mozilla\Firefox\Profiles\p8cwiec3.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA82}
[2013.11.22 22:22:29 | 000,000,000 | ---D | M] ("Usage Stat") -- C:\Documents and Settings\vlad\Data aplikací\Mozilla\Firefox\Profiles\p8cwiec3.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96}
[2010.09.07 08:14:18 | 000,000,000 | ---D | M] (FBFan) -- C:\Documents and Settings\vlad\Data aplikací\Mozilla\Firefox\Profiles\p8cwiec3.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA99}
[2011.12.17 21:15:14 | 000,000,000 | ---D | M] (Feedback module) -- C:\Documents and Settings\vlad\Data aplikací\Mozilla\Firefox\Profiles\p8cwiec3.default\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a19}
[2013.11.22 22:22:30 | 000,000,000 | ---D | M] ("VFT Flv") -- C:\Documents and Settings\vlad\Data aplikací\Mozilla\Firefox\Profiles\p8cwiec3.default\extensions\{8675f4b3-2f19-11ed-2d6b-1823600c0a19}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\VLAD\DATA APLIKACĂ­\MOZILLA\FIREFOX\PROFILES\P8CWIEC3.DEFAULT\EXTENSIONS\{6236BA26-C117-4007-928C-DE0716C7FA80}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\VLAD\DATA APLIKACĂ­\MOZILLA\FIREFOX\PROFILES\P8CWIEC3.DEFAULT\EXTENSIONS\{6236BA26-C117-4007-928C-DE0716C7FA82}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\VLAD\DATA APLIKACĂ­\MOZILLA\FIREFOX\PROFILES\P8CWIEC3.DEFAULT\EXTENSIONS\{6236BA26-C117-4007-928C-DE0716C7FA96}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\VLAD\DATA APLIKACĂ­\MOZILLA\FIREFOX\PROFILES\P8CWIEC3.DEFAULT\EXTENSIONS\{6236BA26-C117-4007-928C-DE0716C7FA99}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\VLAD\DATA APLIKACĂ­\MOZILLA\FIREFOX\PROFILES\P8CWIEC3.DEFAULT\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\VLAD\DATA APLIKACĂ­\MOZILLA\FIREFOX\PROFILES\P8CWIEC3.DEFAULT\EXTENSIONS\{8675F4B3-2F19-11ED-2D6B-0800600C0A19}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\VLAD\DATA APLIKACĂ­\MOZILLA\FIREFOX\PROFILES\P8CWIEC3.DEFAULT\EXTENSIONS\{8675F4B3-2F19-11ED-2D6B-1823600C0A19}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\VLAD\DATA APLIKACĂ­\MOZILLA\FIREFOX\PROFILES\P8CWIEC3.DEFAULT\EXTENSIONS\{AFCEDBFE-7A6D-44C6-9F1D-664D608AECEA}
[2009.07.15 09:29:40 | 000,000,000 | ---D | M] (Kwinzy) -- C:\PROGRAM FILES\MOZILLA FIREFOX 3 BETA 3\EXTENSIONS\{52EF0988-5232-4465-86E7-6434B5891030}
O3 - HKU\S-1-5-21-2052111302-484061587-682003330-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
[2007.11.10 15:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vlad\Data aplikací\ICQ Toolbar
[2013.07.04 18:37:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vlad\Data aplikací\IObit
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\CSC\*.tmp files -> C:\WINDOWS\CSC\*.tmp -> ]
[5 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[8 C:\WINDOWS\system32\config\systemprofile\Local Settings\temp\*.tmp files -> C:\WINDOWS\system32\config\systemprofile\Local Settings\temp\*.tmp -> ]
[9 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> ]
[1 C:\WINDOWS\twain_32\*.tmp files -> C:\WINDOWS\twain_32\*.tmp -> ]
@Alternate Data Stream - 6144 bytes -> C:\WINDOWS\Cursors\arrow_n.cur:NEDTA.DAT
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:B623B5B8

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=-
"RemoteControl"=-
"LanguageShortcut"=-
"HP Software Update"=-
"WinampAgent"=-
"UserFaultCheck"=-
"Adobe ARM"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=-
"ICQ"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS]
"ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6D,00,\
  72,00,6F,00,6F,00,74,00,25,00,5C,00,73,00,79,00,73,00,74,00,65,00,6D,00,\
  33,00,32,00,5C,00,73,00,76,00,63,00,68,00,6F,00,73,00,74,00,2E,00,65,00,\
  78,00,65,00,20,00,2D,00,6B,00,20,00,6E,00,65,00,74,00,73,00,76,00,63,00,\
  73,00,00,00
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv]
"ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6D,00,\
  72,00,6F,00,6F,00,74,00,25,00,5C,00,73,00,79,00,73,00,74,00,65,00,6D,00,\
  33,00,32,00,5C,00,73,00,76,00,63,00,68,00,6F,00,73,00,74,00,2E,00,65,00,\
  78,00,65,00,20,00,2D,00,6B,00,20,00,6E,00,65,00,74,00,73,00,76,00,63,00,\
  73,00,00,00
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001

Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.

[makuSHka]

Souhlasila jsem s restartem a nic se neděje. Na monitoru mám jen plochu (bez ikon, čistě jen obrázek). Tak počkám. Snad se něco bude dít.

[Márty84]

Je mozne, ze OTL jeste pracuje. Nekdy facha jeste po restartu