Vysoké využití CPU, fyzické paměti

[slecna_sy]

Ahoj. Prosím Vás o radu.

Dostal se mi do ruk otcův notebook, samozřejmě pozdě. Ntb řádně zpomalený, vysoké využití fyz. paměti i procesoru. MBAM něco našel, použila jsem Adwcleaner, RogueKiller, ale prakticky se v tom nevyznám.

Začnu logem s RSITu.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Pavel at 2014-04-23 11:55:55
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 214 GB (55%) free of 388 GB
Total RAM: 2046 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:56:11, on 23.4.2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16545)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\BisonCam\BisonAPP.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Light Sensor Utility\Sensor.exe
C:\Program Files\Hotkey Utility\tray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Pavel\Downloads\RSIT.exe
C:\Program Files\trend micro\Pavel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [BisonAPP] C:\Windows\BisonCam\BisonAPP.exe
O4 - HKLM\..\Run: [Silent Mode] C:\Program Files\Light Sensor Utility\Sensor.exe
O4 - HKLM\..\Run: [FIC HotKey] C:\Program Files\Hotkey Utility\tray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

--
End of file - 4340 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-18 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-03-11 5296128]
"Skytel"=C:\Windows\Skytel.exe [2008-03-11 1826816]
"BisonAPP"=C:\Windows\BisonCam\BisonAPP.exe [2007-05-17 49152]
"Silent Mode"=C:\Program Files\Light Sensor Utility\Sensor.exe [2007-06-27 253952]
"FIC HotKey"=C:\Program Files\Hotkey Utility\tray.exe [2007-07-13 561152]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-07-19 86016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-07-19 8466432]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-07-19 81920]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2014-03-11 951576]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-04-23 11:55:55 ----D---- C:\rsit
2014-04-23 11:55:55 ----D---- C:\Program Files\trend micro
2014-04-23 11:46:30 ----A---- C:\Windows\system32\TrueSight.sys
2014-04-23 11:37:46 ----A---- C:\Windows\system32\sqlite3.dll
2014-04-23 11:37:21 ----D---- C:\AdwCleaner
2014-04-23 11:03:33 ----D---- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-23 10:54:52 ----A---- C:\TDSSKiller.3.0.0.34_23.04.2014_10.54.52_log.txt
2014-04-23 10:37:43 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2014-04-23 10:37:08 ----D---- C:\ProgramData\Malwarebytes
2014-04-23 09:54:15 ----SHD---- C:\Config.Msi
2014-04-23 09:39:03 ----D---- C:\Program Files\CCleaner
2014-04-22 03:01:00 ----A---- C:\Windows\system32\mshtml.dll
2014-04-15 08:52:11 ----D---- C:\DICKINSON BRUCE
2014-04-13 14:00:30 ----D---- C:\Veselá trojka
2014-04-13 11:48:44 ----D---- C:\Program Files\Google
2014-03-29 08:01:33 ----A---- C:\Windows\system32\vbscript.dll
2014-03-29 08:01:33 ----A---- C:\Windows\system32\mshtmled.dll
2014-03-29 08:01:29 ----A---- C:\Windows\system32\jsproxy.dll
2014-03-29 08:01:29 ----A---- C:\Windows\system32\ieui.dll
2014-03-29 08:01:28 ----A---- C:\Windows\system32\ieUnatt.exe
2014-03-29 08:01:27 ----A---- C:\Windows\system32\wininet.dll
2014-03-29 08:01:27 ----A---- C:\Windows\system32\msfeeds.dll
2014-03-29 08:01:26 ----A---- C:\Windows\system32\jscript.dll
2014-03-29 08:01:25 ----A---- C:\Windows\system32\url.dll
2014-03-29 08:01:25 ----A---- C:\Windows\system32\jscript9.dll
2014-03-29 08:01:23 ----A---- C:\Windows\system32\iertutil.dll
2014-03-29 08:01:21 ----A---- C:\Windows\system32\urlmon.dll
2014-03-29 08:01:18 ----A---- C:\Windows\system32\ieframe.dll
2014-03-28 08:24:41 ----A---- C:\Windows\system32\kernel32.dll

======List of files/folders modified in the last 1 month======

2014-04-23 11:55:55 ----RD---- C:\Program Files
2014-04-23 11:55:46 ----D---- C:\Windows\Temp
2014-04-23 11:51:05 ----D---- C:\Windows\system32\drivers
2014-04-23 11:46:30 ----D---- C:\Windows\System32
2014-04-23 11:39:28 ----HD---- C:\ProgramData
2014-04-23 10:52:51 ----D---- C:\Windows
2014-04-23 10:49:28 ----D---- C:\Windows\nap
2014-04-23 10:34:26 ----D---- C:\Windows\inf
2014-04-23 10:34:26 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-04-23 10:27:57 ----SHD---- C:\System Volume Information
2014-04-23 10:27:54 ----SHD---- C:\Windows\Installer
2014-04-23 10:26:43 ----D---- C:\ProgramData\Microsoft Help
2014-04-23 10:26:41 ----RSD---- C:\Windows\assembly
2014-04-23 10:26:35 ----D---- C:\Windows\winsxs
2014-04-23 10:25:57 ----D---- C:\Program Files\Microsoft.NET
2014-04-23 10:25:57 ----D---- C:\Program Files\Common Files\microsoft shared
2014-04-23 10:25:46 ----D---- C:\Program Files\Common Files
2014-04-23 10:25:24 ----RSD---- C:\Windows\Fonts
2014-04-23 10:23:01 ----D---- C:\Windows\ShellNew
2014-04-23 10:19:02 ----D---- C:\Program Files\Opera
2014-04-23 10:19:00 ----D---- C:\Users\Pavel\AppData\Roaming\Opera
2014-04-23 10:12:43 ----D---- C:\Windows\system32\catroot
2014-04-23 09:48:56 ----D---- C:\Windows\Panther
2014-04-23 09:48:54 ----D---- C:\Windows\Minidump
2014-04-23 09:48:54 ----D---- C:\Windows\Debug
2014-04-23 09:39:16 ----D---- C:\Windows\system32\Tasks
2014-04-23 09:35:47 ----D---- C:\Program Files\DVDVideoSoft
2014-04-23 09:34:31 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2014-04-23 09:34:19 ----D---- C:\Users\Pavel\AppData\Roaming\DVDVideoSoft
2014-04-23 01:23:23 ----D---- C:\Users\Pavel\AppData\Roaming\vlc
2014-04-22 16:53:04 ----D---- C:\Windows\Prefetch
2014-04-22 01:21:41 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2014-04-19 06:58:28 ----D---- C:\Windows\system32\catroot2
2014-04-18 08:02:13 ----D---- C:\CREEDENCE
2014-04-18 07:43:35 ----D---- C:\VÝBĚR KABÁTŮ
2014-04-18 05:42:41 ----D---- C:\Novější
2014-04-15 08:59:35 ----D---- C:\Users\Pavel\AppData\Roaming\dvdcss
2014-04-15 08:51:55 ----D---- C:\RŮZNÉ
2014-04-13 11:49:43 ----D---- C:\Windows\Tasks
2014-03-29 08:19:06 ----D---- C:\Windows\system32\migration
2014-03-29 08:19:06 ----D---- C:\Program Files\Internet Explorer
2014-03-29 07:58:31 ----D---- C:\Windows\system32\MRT
2014-03-29 07:52:51 ----A---- C:\Windows\system32\mrt.exe
2014-03-26 05:29:30 ----D---- C:\Program Files\Microsoft Security Client

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2014-01-25 231960]
R1 MpKsl6a8fbdf4;MpKsl6a8fbdf4; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{656166C8-499E-4EE9-A5B6-CD2D899E4742}\MpKsl6a8fbdf4.sys [2014-04-23 39464]
R1 WINIO;WINIO; \??\C:\Windows\system32\WinIo.sys [2007-01-04 9336]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2014-03-11 104264]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-01-13 954368]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
R3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-03-11 2077080]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-03-06 1059112]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-07-19 7599776]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-16 12032]
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2009-03-26 64000]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-02 654336]
R3 WudfPf;@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000; C:\Windows\system32\drivers\WudfPf.sys [2012-07-26 66560]
S2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys []
S3 Cam5603D;Bison WebCam; C:\Windows\System32\Drivers\BisonCam.sys [2007-08-24 783272]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 KMWDFILTER;HIDUASDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys [2008-10-09 17408]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 TrueSight;TrueSight; \??\C:\Windows\system32\TrueSight.sys [2014-04-23 26624]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-18 65432]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2014-03-11 22216]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2014-03-11 279776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-13 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-22 257712]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-13 116648]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-09-11 770168]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2013-09-11 46688]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

[slecna_sy]

# AdwCleaner v3.207 - Report created 23/04/2014 at 11:39:28
# Updated 05/05/2014 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : Pavel - PAVEL-PC
# Running from : C:\Users\Pavel\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\FreeRIP
Folder Deleted : C:\Program Files\FreeRIP3
Folder Deleted : C:\Users\Pavel\AppData\Local\Conduit
Folder Deleted : C:\Users\Pavel\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Pavel\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Pavel\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Pavel\AppData\Roaming\dvdvideosoftiehelpers

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\MGShareware
Key Deleted : HKCU\Software\PIP
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\PIP
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16545


-\\ Google Chrome v34.0.1847.131

[ File : C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2334 octets] - [23/04/2014 11:37:24]
AdwCleaner[S0].txt - [2301 octets] - [23/04/2014 11:39:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2361 octets] ##########

[slecna_sy]

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Spuštěno v : Normální režim
Uživatel : Pavel [Práva správce]
Mód : Kontrola -- Datum : 04/23/2014 11:51:12
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 5 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : Skytel (Skytel.exe [7]) -> NALEZENO
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
[Address] EAT @explorer.exe (DllCanUnloadNow) : fdproxy.dll -> HOOKED (C:\Windows\System32\SndVolSSO.dll @ 0x748F155F)
[Address] EAT @explorer.exe (DllGetClassObject) : fdproxy.dll -> HOOKED (C:\Windows\System32\SndVolSSO.dll @ 0x748F4852)
[Address] EAT @explorer.exe (DllMain) : fdproxy.dll -> HOOKED (C:\Windows\System32\SndVolSSO.dll @ 0x748F12FB)

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost
::1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD6400BEVT-80A0RT0 ATA Device +++++
--- User ---
[MBR] b4ea55c1bd6c6cafc61e2622bfe5b1da
[BSP] 0112d3e6d90db62445919e374b18552b : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 30719 MB
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 62914560 | Size: 388212 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 857972736 | Size: 191548 MB
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_S_04232014_115112.txt >>

[vyosek]

Zdravim

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
• Do okna vlozte skript nize

• Kód: Vybrat vše

  autoclean;
  emptyclsid;
  iedefaults;
  FFdefaults;
  CHRdefaults;
  emptyalltemp;
  resethosts;
  

• Nasledne kliknete na Run Script
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

[slecna_sy]

@vyosek

Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Pavel on st 23.04.2014 at 12:42:01,61.
Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Pavel\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

23.4.2014 12:43:16 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3012796758-907522708-3336289559-1000\Software\Microsoft\Internet Explorer\SearchScopes\{93222355-46DC-4B93-A9FD-19EE93882FEB} deleted successfully
HKEY_USERS\S-1-5-21-3012796758-907522708-3336289559-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D187A56B-A33F-4CBE-9D77-459FC0BAE012} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\Malwarebytes' Anti-Malware (portable) deleted
C:\Program Files\Common Files\DVDVideoSoft\bin deleted
C:\Users\Pavel\Downloads\FreeYouTubeToMP3Converter (5).exe deleted
C:\Users\Pavel\Downloads\FreeYouTubeToMP3Converter.exe deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [09.08.2009 01:39]

==== Chrome Look ======================


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://seznam.cz/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://seznam.cz/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchT ... {startPage}"

==== Reset Google Chrome ======================

C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Pavel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=142 folders=22 73916365 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Pavel\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Pavel\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Pavel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on st 23.04.2014 at 12:56:32,86 ======================

[vyosek]

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
• Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
• Zaskrtnete okenko Pro vsechny uzivatele
• Zaskrtnete okenko Kontrola na havet "LOP"
• Zaskrtnete okenko Kontrola na havet "Purity"
• Stari souboru zmente z 30 dnu na 7 dnu
• Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

• Kód: Vybrat vše

  CREATERESTOREPOINT
  
  netsvcs
  drivers32
  savembr:0
  
  /md5start
  atapi.sys
  autochk.exe
  cdrom.sys
  explorer.exe
  hal.dll
  scecli.dll
  services.exe
  svchost.exe
  tcpip.sys
  userinit.exe
  winlogon.exe
  /md5stop
  
  %systemroot%*.* /U /s
  %SYSTEMDRIVE%\*.exe
  %ALLUSERSPROFILE%\Application Data\*.
  %ALLUSERSPROFILE%\Application Data\*.exe /s
  %APPDATA%\*.
  %APPDATA%\*.exe /s
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\system32\drivers\*.sys /3
  %systemroot%\system32\*.* /3
  %SYSTEMDRIVE%\*.exe
  
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
  
  %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
  %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
  %PROGRAMFILES%\Opera\opera.exe /md5
  %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5
  

• Kliknete na tlacitko Prohledat
• Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
• Pokud budou logy dlouhe (forum bude kricet o prekroceni maximalniho poctu znaku), tak je rozdelte do vice prispevku

[slecna_sy]

OTL logfile created on: 24.4.2014 1:45:18 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pavel\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,31 Gb Available Physical Memory | 65,65% Memory free
4,23 Gb Paging File | 3,52 Gb Available in Paging File | 83,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 379,11 Gb Total Space | 212,46 Gb Free Space | 56,04% Space Free | Partition Type: NTFS
Drive D: | 187,06 Gb Total Space | 157,49 Gb Free Space | 84,19% Space Free | Partition Type: NTFS

Computer Name: PAVEL-PC | User Name: Pavel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2014.04.24 02:33:15 | 000,841,032 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014.04.23 12:34:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pavel\Desktop\OTL.exe
PRC - [2014.03.11 11:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2014.03.11 11:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2014.03.11 11:13:14 | 000,951,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013.12.18 20:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.03.11 00:00:00 | 005,296,128 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.07.13 14:38:46 | 000,561,152 | ---- | M] () -- C:\Program Files\Hotkey Utility\tray.exe
PRC - [2007.06.27 09:56:22 | 000,253,952 | ---- | M] () -- C:\Program Files\Light Sensor Utility\Sensor.exe
PRC - [2007.05.17 22:22:06 | 000,049,152 | ---- | M] (Bison Inc.) -- C:\Windows\BisonCam\BisonAPP.exe


========== Modules (No Company Name) ==========

MOD - [2014.04.24 02:33:13 | 000,390,472 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.131\ppgooglenaclpluginchrome.dll
MOD - [2014.04.24 02:33:10 | 004,081,480 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.131\pdf.dll
MOD - [2014.04.24 02:33:03 | 001,647,432 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
MOD - [2014.04.24 02:33:01 | 000,065,352 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
MOD - [2007.07.13 14:38:46 | 000,561,152 | ---- | M] () -- C:\Program Files\Hotkey Utility\tray.exe
MOD - [2007.06.27 09:56:22 | 000,253,952 | ---- | M] () -- C:\Program Files\Light Sensor Utility\Sensor.exe


========== Services (SafeList) ==========

SRV - [2014.04.22 01:21:43 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.03.11 11:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2014.03.11 11:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013.12.18 20:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2008.01.18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2014.04.23 11:46:30 | 000,026,624 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\System32\TrueSight.sys -- (TrueSight)
DRV - [2014.03.11 10:52:30 | 000,104,264 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2009.01.13 09:45:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.10.09 15:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2007.08.24 02:16:46 | 000,783,272 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BisonCam.sys -- (Cam5603D)
DRV - [2007.07.19 01:31:00 | 007,599,776 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.03.06 00:00:00 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.02.16 00:00:00 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007.01.04 11:15:08 | 000,009,336 | ---- | M] (http://www.internals.com) [Kernel | System | Running] -- C:\Windows\System32\WinIo.sys -- (WINIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3012796758-907522708-3336289559-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
IE - HKU\S-1-5-21-3012796758-907522708-3336289559-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3012796758-907522708-3336289559-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3012796758-907522708-3336289559-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-3012796758-907522708-3336289559-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... {startPage}
IE - HKU\S-1-5-21-3012796758-907522708-3336289559-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: Dokumenty Google = C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Dokumenty Google = C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Disk Google = C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Vyhledávání Google = C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Peněženka Google = C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2014.04.23 12:43:23 | 000,000,781 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [BisonAPP] C:\Windows\BisonCam\BisonAPP.exe (Bison Inc.)
O4 - HKLM..\Run: [FIC HotKey] C:\Program Files\Hotkey Utility\tray.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Silent Mode] C:\Program Files\Light Sensor Utility\Sensor.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{308747EF-D0DC-45C2-B20C-DF7BC3F2AF0E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96462713-4E5B-4063-9061-AAD6E4938820}: DhcpNameServer = 10.0.0.138
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2014.04.23 12:56:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014.04.23 12:54:39 | 000,000,000 | ---D | C] -- C:\Windows\Temp
[2014.04.23 12:54:39 | 000,000,000 | ---D | C] -- C:\Users\Pavel\AppData\Local\Temp
[2014.04.23 12:41:55 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2014.04.23 12:35:01 | 000,000,000 | ---D | C] -- C:\Users\Pavel\Zastupci_na_plose
[2014.04.23 12:34:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Pavel\Desktop\OTL.exe
[2014.04.23 11:55:55 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2014.04.23 11:55:55 | 000,000,000 | ---D | C] -- C:\rsit
[2014.04.23 11:37:46 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2014.04.23 11:37:21 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.04.23 10:37:43 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014.04.23 10:37:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014.04.23 09:54:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014.04.23 09:39:03 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014.04.22 03:01:00 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

========== Files - Modified Within 7 Days ==========

[2014.04.29 12:07:56 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014.04.27 14:05:32 | 000,165,888 | ---- | M] () -- C:\Users\Pavel\Desktop\T-Cleaner.exe
[2014.04.24 01:49:16 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014.04.24 01:41:25 | 000,027,335 | ---- | M] () -- C:\Users\Pavel\AppData\Roaming\nvModes.001
[2014.04.24 01:41:11 | 000,004,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014.04.24 01:41:11 | 000,004,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014.04.24 01:41:10 | 000,000,934 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.04.24 01:40:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.04.24 01:40:53 | 2146,328,576 | -HS- | M] () -- C:\hiberfil.sys
[2014.04.23 16:11:00 | 000,000,938 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.04.23 15:21:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.04.23 12:43:23 | 000,000,781 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2014.04.23 12:41:53 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe
[2014.04.23 12:40:40 | 001,285,120 | ---- | M] () -- C:\Users\Pavel\Desktop\zoek.exe
[2014.04.23 12:38:54 | 000,000,638 | ---- | M] () -- C:\Users\Pavel\Desktop\Zastupci_na_plose – zástupce.lnk
[2014.04.23 12:34:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pavel\Desktop\OTL.exe
[2014.04.23 11:46:30 | 000,026,624 | ---- | M] () -- C:\Windows\System32\TrueSight.sys
[2014.04.23 11:44:38 | 003,972,608 | ---- | M] () -- C:\Users\Pavel\Desktop\RogueKiller.exe
[2014.04.23 11:28:17 | 001,316,991 | ---- | M] () -- C:\Users\Pavel\Desktop\adwcleaner.exe
[2014.04.23 11:21:18 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014.04.23 10:52:27 | 000,268,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014.04.23 10:34:26 | 000,645,326 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2014.04.23 10:34:26 | 000,634,484 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014.04.23 10:34:26 | 000,137,980 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2014.04.23 10:34:26 | 000,120,050 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014.04.23 09:39:09 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014.04.22 01:21:41 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014.04.22 01:21:41 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2014.04.24 01:49:16 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014.04.23 12:54:40 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe
[2014.04.23 12:41:27 | 001,285,120 | ---- | C] () -- C:\Users\Pavel\Desktop\zoek.exe
[2014.04.23 12:38:54 | 000,000,638 | ---- | C] () -- C:\Users\Pavel\Desktop\Zastupci_na_plose – zástupce.lnk
[2014.04.23 11:46:30 | 000,026,624 | ---- | C] () -- C:\Windows\System32\TrueSight.sys
[2014.04.23 11:44:48 | 003,972,608 | ---- | C] () -- C:\Users\Pavel\Desktop\RogueKiller.exe
[2014.04.23 11:30:21 | 001,316,991 | ---- | C] () -- C:\Users\Pavel\Desktop\adwcleaner.exe
[2014.04.23 10:34:19 | 000,165,888 | ---- | C] () -- C:\Users\Pavel\Desktop\T-Cleaner.exe
[2014.04.23 09:39:09 | 000,000,810 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2009.08.09 10:02:23 | 000,027,335 | ---- | C] () -- C:\Users\Pavel\AppData\Roaming\nvModes.001
[2009.08.09 03:11:20 | 000,027,335 | ---- | C] () -- C:\Users\Pavel\AppData\Roaming\nvModes.dat
[2009.08.08 19:01:41 | 000,079,360 | ---- | C] () -- C:\Users\Pavel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.08 00:17:35 | 000,000,680 | ---- | C] () -- C:\Users\Pavel\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014.04.23 09:34:19 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\DVDVideoSoft
[2014.04.23 10:19:00 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\Opera

========== Purity Check ==========



========== Custom Scans ==========

< >
[2006.11.02 15:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 15:01:49 | 000,032,612 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.07.17 17:52:13 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2014.04.13 11:49:37 | 000,000,934 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2014.04.13 11:49:43 | 000,000,938 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

< >

< MD5 for: ATAPI.SYS >
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.18 23:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.18 23:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009.08.08 23:10:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2009.08.08 23:10:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2009.08.08 23:10:25 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009.04.10 23:27:22 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\System32\autochk.exe
[2009.04.10 23:27:22 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6002.18005_none_e3df6655bee2ee3b\autochk.exe
[2008.01.18 23:33:02 | 000,642,560 | ---- | M] (Microsoft Corporation) MD5=2FC5BE79B51714B479809358E4908FC3 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe
[2006.11.02 11:44:50 | 000,640,000 | ---- | M] (Microsoft Corporation) MD5=C08D1FE284C3330934E45D6E5F5B768B -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6000.16386_none_dfbd2b4dc4d6121b\autochk.exe

< MD5 for: CDROM.SYS >
[2008.01.18 21:49:52 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys
[2008.01.18 21:49:52 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
[2009.04.10 21:39:18 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\drivers\cdrom.sys
[2009.04.10 21:39:18 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys
[2009.04.10 21:39:18 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys
[2006.11.02 10:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2009.08.08 23:07:43 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009.08.08 23:07:42 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009.08.08 23:07:41 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.08.08 23:56:13 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2009.08.08 23:56:13 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009.08.08 23:07:42 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.18 23:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: HAL.DLL >
[2009.04.10 23:32:48 | 000,177,128 | ---- | M] (Microsoft Corporation) MD5=B8D52005181A15D7D1470CBF2AF214DD -- C:\Windows\System32\hal.dll

< MD5 for: SCECLI.DLL >
[2008.01.18 23:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: SERVICES.EXE >
[2008.01.18 23:33:30 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2006.11.02 11:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2009.04.10 23:28:00 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009.04.10 23:28:00 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SVCHOST.EXE >
[2006.11.02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008.01.18 23:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008.01.18 23:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: TCPIP.SYS >
[2013.05.08 05:40:36 | 000,914,792 | ---- | M] (Microsoft Corporation) MD5=078218D74C4EFC2CE7E4C6DF22A94F2F -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.23106_none_b59411ab7ca4df04\tcpip.sys
[2009.04.10 23:33:04 | 000,897,000 | ---- | M] (Microsoft Corporation) MD5=0E6B0885C3D5E4643ED2D043DE3433D8 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42\tcpip.sys
[2011.09.20 23:02:55 | 000,913,280 | ---- | M] (Microsoft Corporation) MD5=16731B631F28F63CD9F4CB60940E7DDD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22719_none_b58c64c97caa1c43\tcpip.sys
[2009.08.15 23:30:53 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=2512B4D1353370D6688B1AF1F5AFA1CF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
[2009.08.14 19:01:55 | 000,900,168 | ---- | M] (Microsoft Corporation) MD5=2608E71AAD54564647D4BB984E1925AA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys
[2011.06.17 22:13:55 | 000,905,104 | ---- | M] (Microsoft Corporation) MD5=2756186E287139310997090797E0182B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18484_none_b4b2134c63c9c70f\tcpip.sys
[2012.03.30 14:39:11 | 000,905,600 | ---- | M] (Microsoft Corporation) MD5=27D470DABC77BC60D0A3B0E4DEB6CB91 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18604_none_b50896786388e1d5\tcpip.sys
[2010.02.18 13:51:51 | 000,818,688 | ---- | M] (Microsoft Corporation) MD5=2C1F7005AA3B62721BFDB307BD5F5010 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpip.sys
[2010.02.18 16:49:38 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=2EAE4500984C2F8DACFB977060300A15 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys
[2009.08.14 16:24:47 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=300208927321066EA53761FDC98747C6 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
[2013.01.04 13:28:19 | 000,914,792 | ---- | M] (Microsoft Corporation) MD5=3535CD93F944C00F098E73E12EE7FEB6 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.23013_none_b5863efb7cafb1c9\tcpip.sys
[2010.02.18 16:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) MD5=48CBE6D53632D0067C2D6B20F90D84CA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys
[2010.02.18 14:05:37 | 000,815,104 | ---- | M] (Microsoft Corporation) MD5=4A82FA8F0DF67AA354580C3FAAF8BDE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpip.sys
[2009.08.08 23:02:08 | 000,806,400 | ---- | M] (Microsoft Corporation) MD5=52A8BD6294F7D1443C6184C67AE13AF4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20752_none_5ff4e4f9ab7777f4\tcpip.sys
[2013.05.08 06:37:21 | 000,905,576 | ---- | M] (Microsoft Corporation) MD5=548E198BAE21EFC21F8B5F0C1728AD27 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18835_none_b4e92aca63a0494d\tcpip.sys
[2009.08.08 23:02:08 | 000,803,328 | ---- | M] (Microsoft Corporation) MD5=5DF77458AA92FDB36FCE79C60F74AB5D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a\tcpip.sys
[2010.06.16 17:55:58 | 000,902,032 | ---- | M] (Microsoft Corporation) MD5=6216A954ED7045B62880A92D6C9B9FC7 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys
[2009.08.14 18:27:34 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=65877AA1B6A7CB797488E831698973E9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
[2011.06.17 22:13:55 | 000,913,296 | ---- | M] (Microsoft Corporation) MD5=6647FCE6FC4970DAAFE5C64C794513D3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22662_none_b54f51417cd8f970\tcpip.sys
[2010.06.16 18:39:32 | 000,912,776 | ---- | M] (Microsoft Corporation) MD5=6A10AFCE0B38371064BE41C1FBFD3C6B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_b57d8e037cb5db63\tcpip.sys
[2013.07.05 05:20:37 | 000,914,880 | ---- | M] (Microsoft Corporation) MD5=6D0D344F643E28B31262AC2682109A3C -- C:\Windows\System32\drivers\tcpip.sys
[2013.07.05 05:20:37 | 000,914,880 | ---- | M] (Microsoft Corporation) MD5=6D0D344F643E28B31262AC2682109A3C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.23152_none_b55a00e77cd1055d\tcpip.sys
[2013.01.04 13:28:18 | 000,905,576 | ---- | M] (Microsoft Corporation) MD5=74E2D020C47BB2B2FCCBA29A518A7EB4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18764_none_b4c7b8d663b986a2\tcpip.sys
[2010.06.16 17:59:54 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=782568AB6A43160A159B6215B70BCCE9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys
[2011.09.20 23:02:55 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=814A1C66FBD4E1B310A517221F1456BF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18519_none_b502c618638c7f52\tcpip.sys
[2009.08.14 19:07:56 | 000,897,608 | ---- | M] (Microsoft Corporation) MD5=8A7AD2A214233F684242F289ED83EBC3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys
[2010.02.18 19:36:50 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=93A5655CD9CD2F080EF1CB71A3666215 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys
[2010.06.16 18:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=A474879AFA4A596B3A531F3E69730DBF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_b4baded863c37e22\tcpip.sys
[2010.04.05 19:03:01 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=A6A02EF5B5E40FBD31A1ADC577DA54BB -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys
[2010.04.05 22:00:48 | 000,910,208 | ---- | M] (Microsoft Corporation) MD5=CC9993701AC57F995554C696DDA49C12 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22377_none_b5497d157cdc9c9f\tcpip.sys
[2013.07.05 06:53:33 | 000,905,664 | ---- | M] (Microsoft Corporation) MD5=D18D53974FD715D50FC76F9FFE1C830D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18880_none_b4ae19bc63cd564f\tcpip.sys
[2006.11.02 10:58:38 | 000,802,816 | ---- | M] (Microsoft Corporation) MD5=D944522B048A5FEB7700B5170D3D9423 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16386_none_5f4ed3e0926e99e4\tcpip.sys
[2010.02.18 16:22:11 | 000,910,216 | ---- | M] (Microsoft Corporation) MD5=D9F5DD5BBC8348E8F8220CCBF14C022E -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys
[2012.03.30 14:39:11 | 000,914,304 | ---- | M] (Microsoft Corporation) MD5=EE7E10BED85C312C1D5D30C435BDDA9F -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22828_none_b58096797cb31c04\tcpip.sys
[2008.01.18 23:43:40 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
[2009.08.14 18:33:50 | 000,905,784 | ---- | M] (Microsoft Corporation) MD5=FF71856BD4CD6D4367F9FD84BE79A874 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.18 23:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< >

< %systemroot%*.* /U /s >
[16 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\099e1c254616d7f89e4d60e0b08d09a5\*.tmp files -> C:\Windows\SoftwareDistribution\Download\099e1c254616d7f89e4d60e0b08d09a5\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\41e8ac1c7989fdcef32003523b80bc0f\*.tmp files -> C:\Windows\SoftwareDistribution\Download\41e8ac1c7989fdcef32003523b80bc0f\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\9bd50bb480e4ed1ec2f553f2d0fc0553\*.tmp files -> C:\Windows\SoftwareDistribution\Download\9bd50bb480e4ed1ec2f553f2d0fc0553\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2012.08.19 06:03:05 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\Adobe
[2009.08.09 17:41:46 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\AVS4YOU
[2014.04.15 08:59:35 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\dvdcss
[2014.04.23 09:34:19 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\DVDVideoSoft
[2009.08.08 00:17:42 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\Identities
[2009.08.08 00:47:36 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\InstallShield
[2009.08.08 20:36:24 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\Macromedia
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\Media Center Programs
[2013.04.10 12:35:55 | 000,000,000 | --SD | M] -- C:\Users\Pavel\AppData\Roaming\Microsoft
[2014.04.23 10:19:00 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\Opera
[2014.04.23 01:23:23 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\vlc

< %APPDATA%\*.exe /s >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >
[2014.04.23 15:21:00 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2014.04.24 01:41:10 | 000,000,934 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2014.04.24 02:11:40 | 000,000,938 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >
[2014.04.23 11:21:18 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\MBAMSwissArmy.sys

< %systemroot%\system32\*.* /3 >
[2014.04.24 01:41:11 | 000,004,128 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014.04.24 01:41:11 | 000,004,128 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014.04.22 01:21:41 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\FlashPlayerApp.exe
[2014.04.22 01:21:41 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\FlashPlayerCPLApp.cpl
[2014.04.23 10:52:27 | 000,268,040 | ---- | M] () -- C:\Windows\system32\FNTCACHE.DAT
[2014.04.29 12:28:42 | 012,347,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtml.dll
[2014.04.29 12:07:56 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtml.tlb
[2014.04.23 10:34:26 | 000,137,980 | ---- | M] () -- C:\Windows\system32\perfc005.dat
[2014.04.23 10:34:26 | 000,120,050 | ---- | M] () -- C:\Windows\system32\perfc009.dat
[2014.04.23 10:34:26 | 000,645,326 | ---- | M] () -- C:\Windows\system32\perfh005.dat
[2014.04.23 10:34:26 | 000,634,484 | ---- | M] () -- C:\Windows\system32\perfh009.dat
[2014.04.23 10:34:26 | 001,532,822 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI
[2014.04.23 11:46:30 | 000,026,624 | ---- | M] () -- C:\Windows\system32\TrueSight.sys

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"WMPNSCFG" = C:\Program Files\Windows Media Player\WMPNSCFG.exe -- [2008.01.18 23:33:40 | 000,202,240 | ---- | M] (Microsoft Corporation)

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2014.03.08 02:04:01 | 000,757,488 | ---- | M] (Microsoft Corporation) MD5=7116680C2C62709EE81BDDC69EF26B93 -- C:\Program Files\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2014.04.24 02:33:15 | 000,841,032 | ---- | M] (Google Inc.) MD5=542459D16B416D054161007FC9B1246E -- C:\Program Files\Google\Chrome\Application\chrome.exe

< End of report >

[slecna_sy]

OTL Extras logfile created on: 24.4.2014 1:45:18 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pavel\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,31 Gb Available Physical Memory | 65,65% Memory free
4,23 Gb Paging File | 3,52 Gb Available in Paging File | 83,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 379,11 Gb Total Space | 212,46 Gb Free Space | 56,04% Space Free | Partition Type: NTFS
Drive D: | 187,06 Gb Total Space | 157,49 Gb Free Space | 84,19% Space Free | Partition Type: NTFS

Computer Name: PAVEL-PC | User Name: Pavel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-3012796758-907522708-3336289559-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{5A576504-C816-40FA-9012-F77501FCFC86}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{9956AA18-0096-4153-B6D1-55534547C441}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{321BD107-A013-4254-93AF-5C2530CDF4C7}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{C60AD0DE-B264-4189-8628-2EF83F5651A7}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{123F4E9B-80E6-3A84-BDD4-3CB3AC59ABF0}" = Microsoft .NET Framework 4.5.1 (CSY)
"{17CA32D1-73BD-4990-B8F6-369D8D34B05D}" = Microsoft Antimalware Service CS-CZ Language Pack
"{36A345C9-0691-45A1-AEEF-29ECEC8B5014}" = Microsoft Security Client
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = Bison WebCam
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client CS-CZ Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029" = Microsoft .NET Framework 4.5.1 (čeština)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-AA1000000001}" = Adobe Reader X (10.1.9) - Czech
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"CCleaner" = CCleaner
"Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.1228
"Free YouTube Download_is1" = Free YouTube Download version 3.2.16.1030
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.34.430
"Google Chrome" = Google Chrome
"Hotkey Utility_is1" = Hotkey Utility
"KaraFun Player_is1" = KaraFun Player
"KaraFun_is1" = KaraFun 1.18
"Light Sensor Utility 1.4_is1" = Light Sensor Utility 1.4
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"The KMPlayer" = The KMPlayer (remove only)
"Virtual DJ Home - Atomix Productions" = Virtual DJ Home - Atomix Productions
"VLC media player" = VLC media player 1.0.1

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 20.2.2014 0:03:28 | Computer Name = Pavel-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 2.3.2014 18:59:48 | Computer Name = Pavel-PC | Source = PandoraService.exe | ID = 0
Description =

Error - 13.4.2014 5:39:22 | Computer Name = Pavel-PC | Source = Application Hang | ID = 1002
Description = Program Explorer.EXE verze 6.0.6002.18005 přestal spolupracovat se
systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací
o tomto problému, vyhledejte historii problému v ovládacím panelu Oznámení a řešení
problémů. ID procesu: 6f4 Čas zahájení: 01cf4baefec76c1a Čas ukončení: 24195

Error - 13.4.2014 5:42:44 | Computer Name = Pavel-PC | Source = Application Error | ID = 1000
Description = Chybující aplikace iexplore.exe, verze 9.0.8112.16545, časové razítko
0x531a4f73, chybující modul IEFRAME.dll, verze 9.0.8112.16545, časové razítko 0x531a5395,
kód výjimky 0xc0000005, posun chyby 0x00299be5, ID procesu 0x1e44, čas spuštění
aplikace 0x01cf56fc9cf6efd0.

Error - 13.4.2014 6:45:02 | Computer Name = Pavel-PC | Source = Application Error | ID = 1000
Description = Chybující aplikace iexplore.exe, verze 9.0.8112.16545, časové razítko
0x531a4f73, chybující modul Flash32_12_0_0_77.ocx, verze 12.0.0.77, časové razítko
0x5314f58e, kód výjimky 0xc0000005, posun chyby 0x0012bb32, ID procesu 0xb60, čas
spuštění aplikace 0x01cf56fca8bba1d0.

Error - 13.4.2014 8:50:14 | Computer Name = Pavel-PC | Source = Application Error | ID = 1000
Description = Chybující aplikace iexplore.exe, verze 9.0.8112.16545, časové razítko
0x531a4f73, chybující modul Flash32_13_0_0_182.ocx, verze 13.0.0.182, časové razítko
0x533390a3, kód výjimky 0xc0000005, posun chyby 0x0020c6b3, ID procesu 0x283c, čas
spuštění aplikace 0x01cf5711fc5fa1a0.

Error - 23.4.2014 3:56:35 | Computer Name = Pavel-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 23.4.2014 4:15:31 | Computer Name = Pavel-PC | Source = Application Error | ID = 1000
Description = Chybující aplikace PandoraService.exe, verze 1.0.2.5, časové razítko
0x4fe3ca70, chybující modul pthreadVC2.dll_unloaded, verze 0.0.0.0, časové razítko
0x458b2fea, kód výjimky 0xc0000005, posun chyby 0x1000691c, ID procesu 0x490, čas
spuštění aplikace 0x01cf5eba92e549ff.

Error - 23.4.2014 4:20:20 | Computer Name = Pavel-PC | Source = VSS | ID = 8194
Description =

Error - 23.4.2014 19:43:43 | Computer Name = Pavel-PC | Source = ESENT | ID = 467
Description = Windows (2188) Windows: Databáze C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb:
Index System_ItemFolderPathDisplayNarrow405 tabulky SystemIndex_0A je poškozen
(0).

[ System Events ]
Error - 23.4.2014 6:53:11 | Computer Name = Pavel-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 23.4.2014 6:53:11 | Computer Name = Pavel-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 23.4.2014 6:53:12 | Computer Name = Pavel-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 23.4.2014 6:53:13 | Computer Name = Pavel-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 23.4.2014 6:53:14 | Computer Name = Pavel-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 23.4.2014 6:56:44 | Computer Name = Pavel-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 23.4.2014 7:11:20 | Computer Name = Pavel-PC | Source = W32Time | ID = 39452706
Description = Služba Systémový čas zjistila, že je nutné změnit systémový čas o
+1573333 sekund. Služba Systémový čas nemění systémový čas o více než +54000 sekund.
Ověřte správnost času a časového pásma, a zda zdroj času time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->65.55.56.206:123)
pracuje správně.

Error - 23.4.2014 19:41:12 | Computer Name = Pavel-PC | Source = Dhcp | ID = 1002
Description = Zapůjčení adresy IP 10.0.0.141 pro síťovou kartu s adresou 001644153169
byla serverem DHCP 10.0.0.138 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).

Error - 23.4.2014 19:41:30 | Computer Name = Pavel-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 23.4.2014 19:41:31 | Computer Name = Pavel-PC | Source = W32Time | ID = 39452706
Description = Služba Systémový čas zjistila, že je nutné změnit systémový čas o
+1583814 sekund. Služba Systémový čas nemění systémový čas o více než +54000 sekund.
Ověřte správnost času a časového pásma, a zda zdroj času time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->65.55.56.206:123)
pracuje správně.


< End of report >

[vyosek]

Spustte znovu OTL

• Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
• Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

• Kód: Vybrat vše

  :otl
  DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
  DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
  DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
  DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
  DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
  DRV - [2014.04.23 11:46:30 | 000,026,624 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\System32\TrueSight.sys -- (TrueSight)
  IE - HKU\S-1-5-21-3012796758-907522708-3336289559-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
  IE - HKU\S-1-5-21-3012796758-907522708-3336289559-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
  IE - HKU\S-1-5-21-3012796758-907522708-3336289559-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
  IE - HKU\S-1-5-21-3012796758-907522708-3336289559-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
  CHR - plugin: Error reading preferences file
  [2014.04.23 12:41:55 | 000,000,000 | ---D | C] -- C:\zoek_backup
  [2014.04.27 14:05:32 | 000,165,888 | ---- | M] () -- C:\Users\Pavel\Desktop\T-Cleaner.exe
  [2014.04.23 12:41:53 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe
  [2014.04.23 12:40:40 | 001,285,120 | ---- | M] () -- C:\Users\Pavel\Desktop\zoek.exe
  [2014.04.23 11:46:30 | 000,026,624 | ---- | M] () -- C:\Windows\System32\TrueSight.sys
  [2014.04.23 11:44:38 | 003,972,608 | ---- | M] () -- C:\Users\Pavel\Desktop\RogueKiller.exe
  [2014.04.23 11:28:17 | 001,316,991 | ---- | M] () -- C:\Users\Pavel\Desktop\adwcleaner.exe
  [16 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
  [1 C:\Windows\SoftwareDistribution\Download\099e1c254616d7f89e4d60e0b08d09a5\*.tmp files -> C:\Windows\SoftwareDistribution\Download\099e1c254616d7f89e4d60e0b08d09a5\*.tmp -> ]
  [1 C:\Windows\SoftwareDistribution\Download\41e8ac1c7989fdcef32003523b80bc0f\*.tmp files -> C:\Windows\SoftwareDistribution\Download\41e8ac1c7989fdcef32003523b80bc0f\*.tmp -> ]
  [1 C:\Windows\SoftwareDistribution\Download\9bd50bb480e4ed1ec2f553f2d0fc0553\*.tmp files -> C:\Windows\SoftwareDistribution\Download\9bd50bb480e4ed1ec2f553f2d0fc0553\*.tmp -> ]
  [2014.04.23 15:21:00 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
  [2014.04.24 01:41:10 | 000,000,934 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
  [2014.04.24 02:11:40 | 000,000,938 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
  
  :files
  %windir%\system32\*.tmp.dll /s
  %windir%\system32\SET*.tmp /s
  %windir%\*.tmp
  
  :commands
  [RESETHOSTS]
  [EMPTYTEMP]
  [EMPTYFLASH]
  [EMPTYJAVA]

• Nasledne kliknete na Opravit
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

[slecna_sy]

All processes killed
========== OTL ==========
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File system32\DRIVERS\nwlnkfwd.sys not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File system32\DRIVERS\nwlnkflt.sys not found.
Service mdmxsdk stopped successfully!
Service mdmxsdk deleted successfully!
File system32\DRIVERS\mdmxsdk.sys not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File system32\DRIVERS\ipinip.sys not found.
Service blbdrive stopped successfully!
Service blbdrive deleted successfully!
File C:\Windows\system32\drivers\blbdrive.sys not found.
Error: No service named TrueSight was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrueSight deleted successfully.
C:\Windows\System32\TrueSight.sys moved successfully.
HKU\S-1-5-21-3012796758-907522708-3336289559-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
HKEY_USERS\S-1-5-21-3012796758-907522708-3336289559-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3012796758-907522708-3336289559-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3012796758-907522708-3336289559-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
C:\zoek_backup\C_Program Files_Common Files_DVDVideoSoft_bin\zh-TW folder moved successfully.
C:\zoek_backup\C_Program Files_Common Files_DVDVideoSoft_bin\zh-CN folder moved successfully.
C:\zoek_backup\C_Program Files_Common Files_DVDVideoSoft_bin\vi-VN folder moved successfully.
C:\zoek_backup\C_Program Files_Common Files_DVDVideoSoft_bin\tr-TR folder moved successfully.
C:\zoek_backup\C_Program Files_Common Files_DVDVideoSoft_bin\sv-SE folder moved successfully.
C:\zoek_backup\C_Program Files_Common Files_DVDVideoSoft_bin\sl-SI folder moved successfully.
C:\zoek_backup\C_Program Files_Common Files_DVDVideoSoft_bin\sk-SK folder moved successfully.
C:\zoek_backup\C_Program Files_Common Files_DVDVideoSoft_bin\ru-RU folder moved successfully.
C:\zoek_backup\C_Program Files_Common Files_DVDVideoSoft_bin\pt-PT folder moved successfully.
C:\zoek_backup\C_Program Files_Common Files_DVDVideoSoft_bin\pt-BR folder moved successfully.
C:\zoek_backup\C_Program Files_Common Files_DVDVideoSoft_bin\pl-PL folder moved successfully.
C:\zoek_backup\C_Program Files_Common Files_DVDVideoSoft_bin\nl-NL folder moved successfully.
C:\zoek_backup\C_Program Files_Common Files_DVDVideoSoft_bin\ja-JP folder moved successfully.
C:\zoek_backup\C_Program Files_Common Files_DVDVideoSoft_bin\it-IT folder moved successfully.
C:\zoek_backup\C_Program Files_Common Files_DVDVideoSoft_bin\hu-HU folder moved successfully.
C:\zoek_backup\C_Program Files_Common Files_DVDVideoSoft_bin\fr-FR folder moved successfully.
C:\zoek_backup\C_Program Files_Common Files_DVDVideoSoft_bin\fi-FI folder moved successfully.
C:\zoek_backup\C_Program Files_Common Files_DVDVideoSoft_bin\es-ES folder moved successfully.
C:\zoek_backup\C_Program Files_Common Files_DVDVideoSoft_bin\el-GR folder moved successfully.
C:\zoek_backup\C_Program Files_Common Files_DVDVideoSoft_bin\de-DE folder moved successfully.
C:\zoek_backup\C_Program Files_Common Files_DVDVideoSoft_bin\da-DK folder moved successfully.
C:\zoek_backup\C_Program Files_Common Files_DVDVideoSoft_bin folder moved successfully.
C:\zoek_backup folder moved successfully.
C:\Users\Pavel\Desktop\T-Cleaner.exe moved successfully.
C:\Windows\zoek-delete.exe moved successfully.
C:\Users\Pavel\Desktop\zoek.exe moved successfully.
File C:\Windows\System32\TrueSight.sys not found.
C:\Users\Pavel\Desktop\RogueKiller.exe moved successfully.
C:\Users\Pavel\Desktop\adwcleaner.exe moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP16AB.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2960.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DF2.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP64BB.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP6E7B.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP81A.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP83B0.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA4B9.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPAF9F.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC1F7.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPCAEC.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD6AF.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPDA48.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE4F1.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE752.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEEF0.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\099e1c254616d7f89e4d60e0b08d09a5\BIT77DA.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\41e8ac1c7989fdcef32003523b80bc0f\BIT94ED.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\9bd50bb480e4ed1ec2f553f2d0fc0553\BIT1D83.tmp deleted successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Pavel
->Temp folder emptied: 12641358 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Google Chrome cache emptied: 6383164 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1630 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 18,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Pavel
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Pavel

User: Public

Total Java Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 04242014_030628

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[vyosek]

Jak se chova PC???

[slecna_sy]

Děkuji za pomoc.

Nicméně nejsem si zcela jistá, protože na něm jinak nepracuji. Vytížení CPU, fyz paměti se snížilo, ale je to notebook starší, takže to zřejmě odpovídá tomu, na co má. Použila jsem TDSSKiller, MBAR, vše ok. Ještě Tcleaner a TFC, něco smazal, k restartu nedošlo. Spustila jsem defragmentaci disku, protože to bylo zanedbáváno. Snad to bude OK.

Nejvíce paměť tedy zatěžuje systémový svchost.exe, jinak se mi tam zdá vše.

[vyosek]

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

[slecna_sy]

Tak mi to nedalo, notebook nejede v pohodě, a po spuštění RogueKiller mi to ukázalo nákazu.

Přikládám logy.

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Spuštěno v : Normální režim
Uživatel : Pavel [Práva správce]
Mód : Kontrola -- Datum : 04/24/2014 12:25:10
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 4 ¤¤¤
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
[Address] EAT @explorer.exe (AddGadgetMessageHandler) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4152C)
[Address] EAT @explorer.exe (AttachWndProcA) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4C80A)
[Address] EAT @explorer.exe (AttachWndProcW) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A3DD2C)
[Address] EAT @explorer.exe (AutoTrace) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A47041)
[Address] EAT @explorer.exe (BeginTransition) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4C9A7)
[Address] EAT @explorer.exe (BuildAnimation) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A41135)
[Address] EAT @explorer.exe (BuildDropTarget) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A47131)
[Address] EAT @explorer.exe (BuildInterpolation) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4118C)
[Address] EAT @explorer.exe (CreateAction) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A37339)
[Address] EAT @explorer.exe (CreateGadget) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A35197)
[Address] EAT @explorer.exe (CreateTransition) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4C83A)
[Address] EAT @explorer.exe (DUserBuildGadget) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4B7E8)
[Address] EAT @explorer.exe (DUserCastClass) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4C776)
[Address] EAT @explorer.exe (DUserCastDirect) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4C7B9)
[Address] EAT @explorer.exe (DUserCastHandle) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4B81E)
[Address] EAT @explorer.exe (DUserDeleteGadget) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4B9C1)
[Address] EAT @explorer.exe (DUserFindClass) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4C6E7)
[Address] EAT @explorer.exe (DUserFlushDeferredMessages) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A40020)
[Address] EAT @explorer.exe (DUserFlushMessages) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A40096)
[Address] EAT @explorer.exe (DUserGetAlphaPRID) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A478FD)
[Address] EAT @explorer.exe (DUserGetGutsData) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4C7C9)
[Address] EAT @explorer.exe (DUserGetRectPRID) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A47908)
[Address] EAT @explorer.exe (DUserGetRotatePRID) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A47913)
[Address] EAT @explorer.exe (DUserGetScalePRID) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4791E)
[Address] EAT @explorer.exe (DUserInstanceOf) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4C735)
[Address] EAT @explorer.exe (DUserPostEvent) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A3630F)
[Address] EAT @explorer.exe (DUserPostMethod) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4B639)
[Address] EAT @explorer.exe (DUserRegisterGuts) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A3A5B1)
[Address] EAT @explorer.exe (DUserRegisterStub) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A39F93)
[Address] EAT @explorer.exe (DUserRegisterSuper) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A3B046)
[Address] EAT @explorer.exe (DUserSendEvent) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A33258)
[Address] EAT @explorer.exe (DUserSendMethod) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4B5B0)
[Address] EAT @explorer.exe (DUserStopAnimation) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A484E4)
[Address] EAT @explorer.exe (DeleteHandle) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A33EF8)
[Address] EAT @explorer.exe (DetachWndProc) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A3657D)
[Address] EAT @explorer.exe (DllMain) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A376F9)
[Address] EAT @explorer.exe (DrawGadgetTree) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4C646)
[Address] EAT @explorer.exe (EndTransition) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4CA90)
[Address] EAT @explorer.exe (EnumGadgets) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4C30F)
[Address] EAT @explorer.exe (FindGadgetFromPoint) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A36DA8)
[Address] EAT @explorer.exe (FindGadgetMessages) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4C19D)
[Address] EAT @explorer.exe (FindStdColor) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A3DC66)
[Address] EAT @explorer.exe (FireGadgetMessages) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4C06B)
[Address] EAT @explorer.exe (ForwardGadgetMessage) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A41CB5)
[Address] EAT @explorer.exe (GetActionTimeslice) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4CB05)
[Address] EAT @explorer.exe (GetDebug) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4705D)
[Address] EAT @explorer.exe (GetGadget) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4C527)
[Address] EAT @explorer.exe (GetGadgetAnimation) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A37083)
[Address] EAT @explorer.exe (GetGadgetBufferInfo) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A42D45)
[Address] EAT @explorer.exe (GetGadgetCenterPoint) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4BE6F)
[Address] EAT @explorer.exe (GetGadgetFocus) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A3CE28)
[Address] EAT @explorer.exe (GetGadgetMessageFilter) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4C5BA)
[Address] EAT @explorer.exe (GetGadgetProperty) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A37135)
[Address] EAT @explorer.exe (GetGadgetRect) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A32D8E)
[Address] EAT @explorer.exe (GetGadgetRgn) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A3540A)
[Address] EAT @explorer.exe (GetGadgetRootInfo) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4BFBB)
[Address] EAT @explorer.exe (GetGadgetRotation) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4BD35)
[Address] EAT @explorer.exe (GetGadgetScale) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4BBE9)
[Address] EAT @explorer.exe (GetGadgetSize) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4C3CA)
[Address] EAT @explorer.exe (GetGadgetStyle) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4232C)
[Address] EAT @explorer.exe (GetGadgetTicket) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A3C94F)
[Address] EAT @explorer.exe (GetMessageExA) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A3F459)
[Address] EAT @explorer.exe (GetMessageExW) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4B6C3)
[Address] EAT @explorer.exe (GetStdColorBrushF) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4CBEA)
[Address] EAT @explorer.exe (GetStdColorBrushI) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A32C3B)
[Address] EAT @explorer.exe (GetStdColorF) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4CE45)
[Address] EAT @explorer.exe (GetStdColorI) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A3FAF7)
[Address] EAT @explorer.exe (GetStdColorName) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4CD46)
[Address] EAT @explorer.exe (GetStdColorPenF) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4CCD2)
[Address] EAT @explorer.exe (GetStdColorPenI) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4CC5E)
[Address] EAT @explorer.exe (GetStdPalette) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4B82E)
[Address] EAT @explorer.exe (GetTransitionInterface) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4C933)
[Address] EAT @explorer.exe (InitGadgetComponent) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4B8BE)
[Address] EAT @explorer.exe (InitGadgets) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A3E373)
[Address] EAT @explorer.exe (InvalidateGadget) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A33DE5)
[Address] EAT @explorer.exe (IsGadgetParentChainStyle) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4BA7F)
[Address] EAT @explorer.exe (IsInsideContext) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4B56C)
[Address] EAT @explorer.exe (IsStartDelete) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4121D)
[Address] EAT @explorer.exe (LookupGadgetTicket) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4CDBC)
[Address] EAT @explorer.exe (MapGadgetPoints) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A43861)
[Address] EAT @explorer.exe (PeekMessageExA) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4B710)
[Address] EAT @explorer.exe (PeekMessageExW) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4B75E)
[Address] EAT @explorer.exe (PlayTransition) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4C8B0)
[Address] EAT @explorer.exe (PrintTransition) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4CA1C)
[Address] EAT @explorer.exe (RegisterGadgetMessage) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A37BA3)
[Address] EAT @explorer.exe (RegisterGadgetMessageString) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4C149)
[Address] EAT @explorer.exe (RegisterGadgetProperty) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A37D5D)
[Address] EAT @explorer.exe (RemoveGadgetMessageHandler) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4C21A)
[Address] EAT @explorer.exe (RemoveGadgetProperty) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A40DEE)
[Address] EAT @explorer.exe (SetActionTimeslice) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4CB82)
[Address] EAT @explorer.exe (SetGadgetBufferInfo) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A42C09)
[Address] EAT @explorer.exe (SetGadgetCenterPoint) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4BF0A)
[Address] EAT @explorer.exe (SetGadgetFillF) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4BB47)
[Address] EAT @explorer.exe (SetGadgetFillI) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A42149)
[Address] EAT @explorer.exe (SetGadgetFocus) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A3CEBB)
[Address] EAT @explorer.exe (SetGadgetFocusEx) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A43188)
[Address] EAT @explorer.exe (SetGadgetMessageFilter) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A35A70)
[Address] EAT @explorer.exe (SetGadgetOrder) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4C45D)
[Address] EAT @explorer.exe (SetGadgetParent) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A355F8)
[Address] EAT @explorer.exe (SetGadgetProperty) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A41284)
[Address] EAT @explorer.exe (SetGadgetRect) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A35305)
[Address] EAT @explorer.exe (SetGadgetRootInfo) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A3E857)
[Address] EAT @explorer.exe (SetGadgetRotation) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4BDC9)
[Address] EAT @explorer.exe (SetGadgetScale) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4BC84)
[Address] EAT @explorer.exe (SetGadgetStyle) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A34C48)
[Address] EAT @explorer.exe (UninitGadgetComponent) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4B93F)
[Address] EAT @explorer.exe (UnregisterGadgetMessage) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4C171)
[Address] EAT @explorer.exe (UnregisterGadgetMessageString) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4C149)
[Address] EAT @explorer.exe (UnregisterGadgetProperty) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4C2E3)
[Address] EAT @explorer.exe (UtilBuildFont) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4B83A)
[Address] EAT @explorer.exe (UtilDrawBlendRect) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4B84A)
[Address] EAT @explorer.exe (UtilDrawOutlineRect) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4B85A)
[Address] EAT @explorer.exe (UtilGetColor) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4B86A)
[Address] EAT @explorer.exe (UtilSetBackground) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4CD78)
[Address] EAT @explorer.exe (WaitMessageEx) : nlaapi.dll -> HOOKED (C:\Windows\system32\DUser.dll @ 0x74A4B7AC)
[Address] EAT @explorer.exe (ConvertINetMultiByteToUnicode) : XmlLite.dll -> HOOKED (C:\Windows\system32\MLANG.dll @ 0x749B2727)
[Address] EAT @explorer.exe (ConvertINetReset) : XmlLite.dll -> HOOKED (C:\Windows\system32\MLANG.dll @ 0x749B1532)
[Address] EAT @explorer.exe (ConvertINetString) : XmlLite.dll -> HOOKED (C:\Windows\system32\MLANG.dll @ 0x749B26FB)
[Address] EAT @explorer.exe (ConvertINetUnicodeToMultiByte) : XmlLite.dll -> HOOKED (C:\Windows\system32\MLANG.dll @ 0x749A1B69)
[Address] EAT @explorer.exe (DllCanUnloadNow) : XmlLite.dll -> HOOKED (C:\Windows\system32\MLANG.dll @ 0x749A3866)
[Address] EAT @explorer.exe (DllGetClassObject) : XmlLite.dll -> HOOKED (C:\Windows\system32\MLANG.dll @ 0x749A2434)
[Address] EAT @explorer.exe (GetGlobalFontLinkObject) : XmlLite.dll -> HOOKED (C:\Windows\system32\MLANG.dll @ 0x749B7F3C)
[Address] EAT @explorer.exe (IsConvertINetStringAvailable) : XmlLite.dll -> HOOKED (C:\Windows\system32\MLANG.dll @ 0x749A765D)
[Address] EAT @explorer.exe (LcidToRfc1766A) : XmlLite.dll -> HOOKED (C:\Windows\system32\MLANG.dll @ 0x749AF69D)
[Address] EAT @explorer.exe (LcidToRfc1766W) : XmlLite.dll -> HOOKED (C:\Windows\system32\MLANG.dll @ 0x749A4877)
[Address] EAT @explorer.exe (Rfc1766ToLcidA) : XmlLite.dll -> HOOKED (C:\Windows\system32\MLANG.dll @ 0x749AF638)
[Address] EAT @explorer.exe (Rfc1766ToLcidW) : XmlLite.dll -> HOOKED (C:\Windows\system32\MLANG.dll @ 0x749A4971)

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


ÿþ1

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD6400BEVT-80A0RT0 ATA Device +++++
--- User ---
[MBR] b4ea55c1bd6c6cafc61e2622bfe5b1da
[BSP] 0112d3e6d90db62445919e374b18552b : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 30719 MB
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 62914560 | Size: 388212 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 857972736 | Size: 191548 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Kingston DataTraveler 111 USB Device +++++
--- User ---
[MBR] 6cdeb9b2eb2e69df7333f2da266e2984
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 14782 MB
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Po?adavek není podporován. )

Dokončeno : << RKreport[0]_S_04242014_122510.txt >>




-----

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Spuštěno v : Normální režim
Uživatel : Pavel [Práva správce]
Mód : Oprava HOSTS -- Datum : 04/24/2014 12:26:08
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


ÿþ1

¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost


Dokončeno : << RKreport[0]_H_04242014_122607.txt >>
RKreport[0]_D_04242014_122605.txt;RKreport[0]_S_04242014_122510.txt

[vyosek]

Z ceho usuzujete, ze log ukazuje nakazu???