VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Prosím o preventivku

https://forum.viry.cz:443/viewtopic.php?t=136202

Stránka 2 z 2

Re: Prosím o preventivku

Napsal: 15 úno 2014 23:25
od Márty84
Jeste jeden sken a budem mazat.

:arrow: Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe , ulozte na plochu a spustte.
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s
Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).

Re: Prosím o preventivku

Napsal: 16 úno 2014 00:28
od pajik999
Log z OTL :

OTL logfile created on: 15.2.2014 23:53:02 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Pavel\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

894,04 Mb Total Physical Memory | 416,95 Mb Available Physical Memory | 46,64% Memory free
2,11 Gb Paging File | 1,55 Gb Available in Paging File | 73,40% Paging File free
Paging file location(s): C:\pagefile.sys 1341 1341 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,53 Gb Total Space | 12,77 Gb Free Space | 17,14% Space Free | Partition Type: NTFS

Computer Name: NOTEWORKGROUP | User Name: Pavel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014.02.15 23:50:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pavel\Plocha\OTL.exe
PRC - [2013.12.20 14:23:04 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013.03.04 09:24:22 | 001,341,664 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2013.03.04 09:24:14 | 005,078,504 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2012.11.08 00:37:37 | 001,990,464 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
PRC - [2012.11.08 00:37:11 | 006,756,048 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
PRC - [2012.10.16 18:27:34 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2012.01.10 15:16:10 | 000,491,040 | ---- | M] () -- C:\Program Files\Seznam.cz\bin\postak.exe
PRC - [2008.04.14 04:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005.01.27 16:33:58 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\o2flash.exe


========== Modules (No Company Name) ==========

MOD - [2014.02.13 18:58:37 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b6e70acd99dc22e29b7fc8f9ac340c4\System.Configuration.ni.dll
MOD - [2014.02.13 18:23:35 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\06b454361516e65eca55a743cd93cefc\Accessibility.ni.dll
MOD - [2014.02.13 17:55:03 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2014.02.13 17:54:41 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2014.02.13 17:54:38 | 000,839,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
MOD - [2014.02.13 17:46:33 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\7faf645dc46781225cb722edf9e1e738\System.Xml.ni.dll
MOD - [2014.02.13 17:44:24 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\424bff3295c6e7539cc6df62b9425bd0\System.Drawing.ni.dll
MOD - [2014.02.13 17:36:46 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4b0455ae94e3cecca4bb3ba8c96828c9\System.ni.dll
MOD - [2014.02.13 17:35:40 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\dae02331a443fb52216ca83292cb2f21\mscorlib.ni.dll
MOD - [2014.02.05 21:23:18 | 016,287,624 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll
MOD - [2013.12.20 14:23:03 | 003,559,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012.01.10 15:16:10 | 000,491,040 | ---- | M] () -- C:\Program Files\Seznam.cz\bin\postak.exe
MOD - [2012.01.10 13:51:40 | 000,822,816 | ---- | M] () -- C:\Program Files\Seznam.cz\bin\email.4.dll
MOD - [2012.01.10 13:51:14 | 001,151,520 | ---- | M] () -- C:\Program Files\Seznam.cz\bin\core.4.dll
MOD - [2009.03.20 22:41:20 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_cs_b77a5c561934e089\mscorlib.resources.dll
MOD - [2007.06.04 10:30:00 | 000,319,488 | ---- | M] () -- C:\Program Files\WinRAR\rarlng.dll
MOD - [2007.05.22 10:59:22 | 000,128,512 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2005.10.19 10:17:58 | 000,073,728 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll
MOD - [2005.01.27 16:33:58 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\o2flash.exe


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2014.02.05 21:24:43 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.12.20 14:23:03 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.10.08 06:48:23 | 000,182,696 | ---- | M] (Oracle Corporation) [Disabled | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.03.04 09:24:22 | 001,341,664 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2012.11.08 00:37:37 | 001,990,464 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2012.10.16 18:27:34 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010.09.16 14:06:22 | 000,080,896 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2005.01.27 16:33:58 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\o2flash.exe -- (O2Flash)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\TrueSight.sys -- (TrueSight)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nbdrv.sys -- (Nbdrv)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (af2xbeh5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AWRTRD.sys -- (Ad-Watch Registry Filter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AWRTPD.sys -- (Ad-Watch Real-Time Scanner)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NSDriver.sys -- (Ad-Watch Connect Filter)
DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013.01.10 09:25:22 | 000,105,784 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2013.01.10 09:25:20 | 000,161,368 | ---- | M] (ESET) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2013.01.10 09:25:20 | 000,122,240 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2012.11.08 00:38:17 | 000,099,080 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2012.11.08 00:38:16 | 000,032,640 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2012.11.08 00:38:14 | 000,497,952 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2012.07.27 19:44:51 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2012.07.27 19:44:51 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011.11.19 21:50:58 | 000,387,584 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (hardlock)
DRV - [2011.10.26 13:33:40 | 000,056,536 | ---- | M] (Zemana Ltd.) [Kernel | System | Running] -- C:\Program Files\AntiLogger\AntiLog32.sys -- (AntiLog32)
DRV - [2010.07.07 15:05:32 | 000,014,904 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010.06.22 18:01:50 | 000,021,248 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2009.12.15 13:05:42 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.12.15 13:05:42 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009.12.15 13:05:42 | 000,024,448 | ---- | M] (Huawei Tech. Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewdcsc.sys -- (Huawei)
DRV - [2009.09.15 10:51:04 | 000,019,200 | ---- | M] (Telefónica I+D) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tidnet.sys -- (tidnet)
DRV - [2009.09.10 14:58:26 | 000,021,648 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OlyCamComm.sys -- (OlyCamComm)
DRV - [2009.06.10 00:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009.02.15 19:13:55 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ACEDRV07.sys -- (ACEDRV07)
DRV - [2008.02.10 21:05:41 | 000,715,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2007.06.14 13:41:00 | 000,466,048 | ---- | M] (LITEON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ltn_stk7070P.sys -- (Ltn_stk7070P)
DRV - [2007.06.13 18:30:20 | 000,013,440 | ---- | M] (LITEON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ltn_stkrc.sys -- (Ltn_stkrc)
DRV - [2007.03.01 17:27:26 | 004,484,608 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007.01.12 19:09:53 | 000,082,296 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfvfs02.sys -- (sfvfs02)
DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2006.07.10 17:19:58 | 000,027,032 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfsync02.sys -- (sfsync02)
DRV - [2006.07.05 13:46:06 | 000,063,352 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01a.sys -- (sfdrv01a)
DRV - [2006.06.14 15:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02)
DRV - [2006.05.10 12:22:00 | 000,043,008 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006.04.04 21:58:44 | 001,536,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006.02.27 15:00:50 | 000,034,880 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2006.02.20 16:01:06 | 000,029,056 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2006.01.20 12:44:42 | 000,862,340 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2005.09.30 11:11:42 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005.05.05 02:08:38 | 000,463,168 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2004.08.03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004.07.09 03:26:38 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2004.03.24 03:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)
DRV - [2003.07.16 07:27:40 | 000,043,264 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2002.06.13 15:08:46 | 000,014,604 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2001.07.13 13:56:14 | 000,014,976 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SBKUPNT.SYS -- (SBKUPNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1715567821-1085031214-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.yahoo.com?fr=fp-comodo
IE - HKU\S-1-5-21-1715567821-1085031214-725345543-1004\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1715567821-1085031214-725345543-1004\..\SearchScopes,DefaultScope = {8EEAC88A-079B-4b2c-80C1-7836F79EB40A}
IE - HKU\S-1-5-21-1715567821-1085031214-725345543-1004\..\SearchScopes\${searchCLSID}: "URL" = http://search.live.com/results.aspx?q={ ... rer:source?}
IE - HKU\S-1-5-21-1715567821-1085031214-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={ ... orm=IE8SRC
IE - HKU\S-1-5-21-1715567821-1085031214-725345543-1004\..\SearchScopes\{1207FBBE-F504-4AD8-9212-790AB94DCF4E}: "URL" = http://search.atlas.cz/?q={searchTerms}
IE - HKU\S-1-5-21-1715567821-1085031214-725345543-1004\..\SearchScopes\{32733901-D544-4935-B1AB-DC7CEE8DE3EF}: "URL" = http://search.centrum.cz/index.php?char ... x&kibitz=0
IE - HKU\S-1-5-21-1715567821-1085031214-725345543-1004\..\SearchScopes\{8162214D-DCE8-4473-9F0F-EAC7B1645CD4}: "URL" = http://www.google.cz/search?q={searchTe ... {startPage}
IE - HKU\S-1-5-21-1715567821-1085031214-725345543-1004\..\SearchScopes\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A}: "URL" = http://us.search.yahoo.com/search?p={se ... chr-comodo
IE - HKU\S-1-5-21-1715567821-1085031214-725345543-1004\..\SearchScopes\{A7816CE5-BF74-4D0A-843D-4D49557BE46D}: "URL" = http://search.seznam.cz/searchScreen?w= ... rms}&mod=f
IE - HKU\S-1-5-21-1715567821-1085031214-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-comodo"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-comodo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.seznam.cz"
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.100
FF - prefs.js..keyword.URL: "http://us.search.yahoo.com/search?fr=ytff-comodo&p="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Video Convert Master\codec\real\browser\plugins\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Video Convert Master\codec\real\browser\plugins\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Pavel\Local Settings\Data aplikací\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\Pavel\Local Settings\Data aplikací\Google\Update\1.2.183.7\npGoogleOneClick8.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Pavel\Local Settings\Data aplikací\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.12.20 14:22:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014.01.20 20:29:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014.01.18 20:49:25 | 000,000,000 | ---D | M]

[2008.06.25 17:49:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pavel\Data aplikací\Mozilla\Extensions
[2013.08.27 04:18:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\1blityj4.default\extensions
[2010.12.07 09:28:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\1blityj4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013.08.27 04:18:16 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\1blityj4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.03.28 21:16:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\1blityj4.default\extensions\nostmp
[2012.04.13 19:31:57 | 000,006,228 | ---- | M] () -- C:\Documents and Settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\1blityj4.default\searchplugins\hellspy.xml
[2013.12.20 14:22:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013.12.20 14:23:06 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\PAVEL\DATA APLIKACĂ­\MOZILLA\FIREFOX\PROFILES\1BLITYJ4.DEFAULT\EXTENSIONS\{B9DB16A4-6EDC-47EC-A1F4-B86292ED211D}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = http://www.google.com/search?q={searchT ... utf-8&aq=t
CHR - default_search_provider: suggest_url = http://suggestqueries.google.com/comple ... earchTerms},
CHR - homepage: http://us.yahoo.com?fr=fpc-comodo
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Pavel\Local Settings\Data aplikac\u00ED\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Pavel\Local Settings\Data aplikac\u00ED\Google\Chrome\Application\32.0.1700.107\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Pavel\Local Settings\Data aplikac\u00ED\Google\Chrome\Application\32.0.1700.107\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Documents and Settings\Pavel\Local Settings\Data aplikac\u00ED\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0\McChPlg.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Documents and Settings\Pavel\Local Settings\Data aplikac\u00ED\Google\Chrome\Application\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Documents and Settings\Pavel\Local Settings\Data aplikac\u00ED\Google\Chrome\Application\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Documents and Settings\Pavel\Local Settings\Data aplikac\u00ED\Google\Chrome\Application\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Documents and Settings\Pavel\Local Settings\Data aplikac\u00ED\Google\Chrome\Application\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Documents and Settings\Pavel\Local Settings\Data aplikac\u00ED\Google\Chrome\Application\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Documents and Settings\Pavel\Local Settings\Data aplikac\u00ED\Google\Chrome\Application\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Documents and Settings\Pavel\Local Settings\Data aplikac\u00ED\Google\Chrome\Application\plugins\npqtplugin5.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Pavel\Local Settings\Data aplikac\u00ED\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Pavel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Vyhled\u00E1v\u00E1n\u00ED Google = C:\Documents and Settings\Pavel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Pen\u011B\u017Eenka Google = C:\Documents and Settings\Pavel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: Gmail = C:\Documents and Settings\Pavel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2014.02.15 20:46:24 | 000,000,741 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-1715567821-1085031214-725345543-1004\..\Toolbar\ShellBrowser: (no name) - {2462D2D8-B36E-44AB-84BF-C5A9383D2429} - No CLSID value found.
O3 - HKU\S-1-5-21-1715567821-1085031214-725345543-1004\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKU\S-1-5-21-1715567821-1085031214-725345543-1004..\Run: [Seznam Postak] C:\Program Files\Seznam.cz\bin\postak.exe ()
O4 - HKU\S-1-5-21-1715567821-1085031214-725345543-1004..\Run: [ShowBatteryBar] C:\Program Files\BatteryBar\ShowBatteryBar.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1715567821-1085031214-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-1715567821-1085031214-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 1957442203 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EAC27F67-8668-4608-BFC2-2C7F768ABB14}: DhcpNameServer = 10.0.0.138 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\Userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.01.29 22:09:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.08.03 19:21:37 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MJPG - C:\WINDOWS\System32\pvmjpg21.dll (Pegasus Imaging Corporation)
Drivers32: VIDC.PIM1 - C:\WINDOWS\System32\pclepim1.dll (Pinnacle Systems)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (http://www.helixcommunity.org)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2014.02.15 23:51:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Pavel\Plocha\OTL.exe
[2014.02.15 17:32:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pavel\Plocha\RK_Quarantine
[2014.02.14 23:33:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes' Anti-Malware
[2014.02.14 23:32:58 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014.02.14 22:50:41 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.02.14 22:47:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pavel\Plocha\LOGY
[2014.02.14 22:18:38 | 000,000,000 | ---D | C] -- C:\rsit
[2014.02.14 22:13:46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Pavel\Recent
[2014.01.18 20:49:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\ESET
[2014.01.18 20:49:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\ESET

========== Files - Modified Within 30 Days ==========

[2014.02.15 23:55:55 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014.02.15 23:50:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pavel\Plocha\OTL.exe
[2014.02.15 23:22:00 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014.02.15 23:21:12 | 000,001,026 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1085031214-725345543-1004UA.job
[2014.02.15 23:06:20 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014.02.15 21:18:31 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014.02.15 21:18:30 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\Express FilesUpdate.job
[2014.02.15 21:18:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014.02.15 21:18:19 | 937,537,536 | -HS- | M] () -- C:\hiberfil.sys
[2014.02.15 20:36:50 | 003,813,376 | ---- | M] () -- C:\Documents and Settings\Pavel\Plocha\RogueKiller.exe
[2014.02.15 20:36:50 | 003,813,376 | ---- | M] () -- C:\Documents and Settings\Pavel\Dokumenty\RogueKiller.exe
[2014.02.15 20:19:01 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1085031214-725345543-1004Core.job
[2014.02.14 23:33:05 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes Anti-Malware.lnk
[2014.02.14 22:49:20 | 001,166,132 | ---- | M] () -- C:\Documents and Settings\Pavel\Plocha\adwcleaner.exe
[2014.02.13 17:55:35 | 000,875,456 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2014.02.13 17:55:35 | 000,841,506 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014.02.13 17:55:35 | 000,327,502 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2014.02.13 17:55:35 | 000,282,534 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014.02.12 18:46:52 | 000,000,210 | -HS- | M] () -- C:\boot.ini
[2014.02.06 04:38:36 | 000,920,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2014.02.06 00:08:34 | 006,021,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2014.02.06 00:08:34 | 001,216,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2014.02.06 00:08:34 | 000,759,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2014.02.06 00:08:34 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2014.02.06 00:08:34 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2014.02.06 00:08:34 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2014.02.06 00:08:34 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2014.02.06 00:08:34 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2014.02.06 00:08:34 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2014.02.06 00:08:34 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2014.02.06 00:08:34 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2014.02.06 00:08:34 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2014.02.06 00:08:34 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2014.02.06 00:08:34 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2014.02.06 00:08:34 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2014.02.06 00:08:34 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2014.02.06 00:08:34 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2014.02.06 00:08:33 | 011,113,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2014.02.06 00:08:33 | 002,006,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2014.02.06 00:08:33 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2014.02.06 00:08:33 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2014.02.06 00:08:33 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2014.02.06 00:08:33 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2014.02.06 00:08:33 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2014.02.06 00:08:33 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2014.02.06 00:08:33 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2014.02.06 00:08:33 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2014.02.06 00:08:33 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2014.02.06 00:08:33 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2014.02.05 23:24:06 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2014.02.05 23:24:06 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2014.02.05 23:24:05 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2014.02.05 21:23:32 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014.02.05 21:23:29 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014.02.04 16:20:58 | 000,002,259 | ---- | M] () -- C:\Documents and Settings\Pavel\Plocha\Google Chrome.lnk
[2014.02.01 20:32:14 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenty\PCLECHAL.INI
[2014.02.01 20:32:07 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2014.01.29 21:55:12 | 000,002,687 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2014.01.28 21:42:35 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\CCleaner.lnk

========== Files Created - No Company Name ==========

[2014.02.15 23:55:55 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014.02.15 21:18:19 | 937,537,536 | -HS- | C] () -- C:\hiberfil.sys
[2014.02.15 20:38:31 | 003,813,376 | ---- | C] () -- C:\Documents and Settings\Pavel\Dokumenty\RogueKiller.exe
[2014.02.15 20:37:27 | 003,813,376 | ---- | C] () -- C:\Documents and Settings\Pavel\Plocha\RogueKiller.exe
[2014.02.14 23:33:05 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes Anti-Malware.lnk
[2014.02.14 22:49:57 | 001,166,132 | ---- | C] () -- C:\Documents and Settings\Pavel\Plocha\adwcleaner.exe
[2014.01.10 21:09:27 | 000,002,792 | ---- | C] () -- C:\Documents and Settings\Pavel\.recently-used.xbel
[2013.05.14 18:56:13 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\Pavel\intlname.ols
[2012.11.01 19:01:31 | 000,000,087 | ---- | C] () -- C:\WINDOWS\System32\EpfwUser.dat
[2011.08.31 20:48:08 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Pavel\Data aplikací\winscp.rnd
[2011.07.18 19:35:15 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\ReminderNextRun
[2011.02.06 22:57:02 | 000,000,888 | ---- | C] () -- C:\Documents and Settings\Pavel\Local Settings\Data aplikací\SRDownloader(2).nast
[2010.11.24 21:09:03 | 000,000,848 | ---- | C] () -- C:\Documents and Settings\Pavel\Local Settings\Data aplikací\SRDownloader.nast
[2010.11.24 21:07:03 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\Pavel\Local Settings\Data aplikací\SRDownloader.err
[2008.12.25 18:20:25 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\LauncherAccess.dt
[2008.02.14 21:31:34 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
[2008.02.01 21:49:08 | 000,000,113 | ---- | C] () -- C:\Documents and Settings\Pavel\default.pls
[2008.01.31 17:59:27 | 000,161,280 | ---- | C] () -- C:\Documents and Settings\Pavel\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.01.29 22:23:35 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\Pavel\Local Settings\Data aplikací\fusioncache.dat

========== ZeroAccess Check ==========

[2008.01.29 22:22:53 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 04:21:55 | 001,499,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:56:05 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 04:22:05 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011.03.14 21:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AdventureChronicles1
[2012.11.01 18:54:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
[2009.05.12 21:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DobeSoftCZ
[2014.01.18 20:49:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2013.05.30 22:07:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\GARMIN
[2014.02.14 23:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2009.08.05 14:33:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pinnacle
[2012.10.22 17:18:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2011.11.04 17:51:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\{CC181458-DF98-49F8-879F-4BC769D8FA3F}
[2013.07.05 22:33:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\BatteryBar
[2011.02.09 21:02:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\CadSoft
[2008.10.11 20:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\DAEMON Tools
[2011.07.05 19:49:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\ERS G-Studio
[2013.05.30 22:13:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\GARMIN
[2010.03.23 20:42:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\GetRightToGo
[2014.01.10 21:54:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\gtk-2.0
[2010.12.26 20:50:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\HTC
[2010.12.26 20:55:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2013.09.02 20:07:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\ICQ
[2008.01.31 20:13:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\ICQ Toolbar
[2008.06.29 18:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\MobileAction
[2008.01.31 22:04:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\Opera
[2012.07.24 17:46:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\Oracle
[2010.01.24 20:19:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\PCToolsFirewallPlus
[2009.11.04 22:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\Samsung
[2009.01.06 19:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\SeriousBit
[2010.07.19 19:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\Telefónica Móviles
[2014.02.14 23:08:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\Uniblue
[2009.11.30 20:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\VideoReDo-TVSuite
[2010.07.06 21:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\VitySoft
[2008.02.04 20:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\Zoner

========== Purity Check ==========



========== Custom Scans ==========

< >
[2008.01.29 22:07:09 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2008.01.29 22:19:19 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2009.10.31 19:04:51 | 000,000,936 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2009.10.31 19:04:56 | 000,000,940 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2011.09.02 18:50:44 | 000,000,974 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1085031214-725345543-1004Core.job
[2011.09.02 18:50:44 | 000,001,026 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1085031214-725345543-1004UA.job
[2012.10.20 21:03:00 | 000,000,914 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2013.12.09 21:17:44 | 000,000,290 | ---- | C] () -- C:\WINDOWS\Tasks\Express FilesUpdate.job

< >

< MD5 for: AGP440.SYS >
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.05.13 22:17:37 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.05.13 22:17:37 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.05.13 22:17:37 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.05.13 22:17:37 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.18 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.04.14 04:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008.04.14 04:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe
[2004.08.18 13:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe

< MD5 for: CDROM.SYS >
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.05.13 22:17:37 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.05.13 22:17:37 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004.08.18 13:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2004.08.18 13:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 04:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 04:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 04:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2000.01.27 14:36:22 | 000,028,672 | ---- | M] () MD5=56821DE391002DAD82918D73B04DC0D8 -- C:\TRUMPF\MACROS\Perl\lib\MSWin32-x86\auto\Win32\EventLog\EventLog.dll
[2004.08.18 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 04:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 04:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007.06.13 14:11:59 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=9B32416BD5988C97B6397CE0B02CAF97 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007.06.13 14:23:39 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=ED7B460B142A32097B8A8F6ECC941815 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: HAL.DLL >
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.05.13 22:17:37 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.05.13 22:17:37 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 19:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2008.04.13 19:31:28 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=6F61D3287A6A15A08A9433222C09D17F -- C:\WINDOWS\system32\HAL.DLL
[2004.08.18 13:00:00 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll

< MD5 for: CHANGER.SYS >
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008.05.13 22:17:37 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2008.05.13 22:17:37 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.13 19:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys

< MD5 for: IASTOR.SYS >
[2005.10.12 12:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: ISAPNP.SYS >
[2008.05.13 22:17:37 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.05.13 22:17:37 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2004.08.18 13:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
[2008.04.14 03:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 03:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2004.08.18 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 04:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 04:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004.08.18 13:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2004.08.18 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 04:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2005.08.18 16:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\WINDOWS\system32\drivers\nvatabus.sys

< MD5 for: NVRAID.SYS >
[2005.08.18 16:52:08 | 000,077,056 | ---- | M] (NVIDIA Corporation) MD5=A4F2A29B9D40F9FFBBB54E56CE483797 -- C:\WINDOWS\system32\drivers\nvraid.sys

< MD5 for: SCECLI.DLL >
[2004.08.18 13:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 04:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.18 13:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2008.04.14 04:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 04:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008.04.14 04:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 04:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2004.08.18 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2006.01.13 18:07:08 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=5562CC0A47B2AEF06D3417B733F3C195 -- C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[2007.10.30 17:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[2007.10.30 18:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008.04.13 20:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 04:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2004.08.18 13:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: VIAMRAID.SYS >
[2005.04.08 10:43:26 | 000,060,928 | ---- | M] (VIA Technologies inc,.ltd) MD5=0363E216E4EB5052969C96608934DBDE -- C:\WINDOWS\system32\drivers\viamraid.sys

< MD5 for: WINLOGON.EXE >
[2004.08.18 13:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 04:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2004.08.18 13:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008.04.14 04:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 04:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< >

< %systemroot%*.* /U /s >
[11 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[7 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[1 C:\WINDOWS\Installer\{FD8E178D-8B4E-42DA-B434-EFF270329B1C}\*.tmp files -> C:\WINDOWS\Installer\{FD8E178D-8B4E-42DA-B434-EFF270329B1C}\*.tmp -> ]
[1 C:\WINDOWS\system32\DirectX\*.tmp files -> C:\WINDOWS\system32\DirectX\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >
[2007.11.07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< %ALLUSERSPROFILE%\Application Data\*. >
[2011.09.23 21:12:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2011.03.26 20:18:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\Adobe
[2008.04.04 20:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\AdobeUM
[2008.06.04 20:33:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\Ahead
[2008.01.29 23:22:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\ATI
[2013.07.05 22:33:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\BatteryBar
[2011.02.09 21:02:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\CadSoft
[2008.02.04 22:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\Comodo
[2008.10.11 20:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\DAEMON Tools
[2013.08.23 19:07:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\dvdcss
[2011.07.05 19:49:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\ERS G-Studio
[2013.05.30 22:13:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\GARMIN
[2010.03.23 20:42:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\GetRightToGo
[2008.04.17 20:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\Google
[2014.01.10 21:54:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\gtk-2.0
[2010.01.13 20:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\Help
[2010.12.26 20:50:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\HTC
[2010.12.26 20:55:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2013.09.02 20:07:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\ICQ
[2008.01.31 20:13:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\ICQ Toolbar
[2008.01.29 22:24:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\Identities
[2008.01.30 09:28:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\Macromedia
[2010.08.04 19:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\Malwarebytes
[2014.02.01 21:40:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\Media Player Classic
[2011.06.24 20:00:05 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Pavel\Data aplikací\Microsoft
[2008.06.29 18:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\MobileAction
[2008.06.25 17:49:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\Mozilla
[2008.01.31 22:04:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\Opera
[2012.07.24 17:46:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\Oracle
[2010.01.24 20:19:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\PCToolsFirewallPlus
[2011.11.26 20:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\Real
[2009.11.04 22:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\Samsung
[2009.01.06 19:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\SeriousBit
[2014.01.28 21:39:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\Skype
[2012.01.21 20:06:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\skypePM
[2008.02.07 17:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\Sun
[2010.06.01 09:33:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\SUPERAntiSpyware.com
[2008.01.30 09:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\Talkback
[2010.07.19 19:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\Telefónica Móviles
[2014.02.14 23:08:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\Uniblue
[2009.11.30 20:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\VideoReDo-TVSuite
[2010.07.06 21:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\VitySoft
[2011.10.02 08:31:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\vlc
[2008.01.29 22:43:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\WinRAR
[2008.02.04 20:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\Zoner

< %APPDATA%\*.exe /s >
[2010.12.26 20:57:58 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Documents and Settings\Pavel\Data aplikací\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2009.07.30 19:40:50 | 000,001,078 | R--- | M] () -- C:\Documents and Settings\Pavel\Data aplikací\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_18be6784.exe
[2009.07.30 19:40:50 | 000,001,078 | R--- | M] () -- C:\Documents and Settings\Pavel\Data aplikací\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_294823.exe
[2009.07.30 19:40:50 | 000,001,078 | R--- | M] () -- C:\Documents and Settings\Pavel\Data aplikací\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_2cd672ae.exe
[2009.07.30 19:40:50 | 000,001,078 | R--- | M] () -- C:\Documents and Settings\Pavel\Data aplikací\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_4ae13d6c.exe
[2011.03.01 09:59:14 | 000,034,592 | ---- | M] (NOS Microsystems Ltd.) -- C:\Documents and Settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\1blityj4.default\extensions\nostmp\content\getPlus_registrar.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2008.02.10 21:05:41 | 000,715,248 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2008.01.29 22:57:50 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008.01.29 22:57:50 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008.01.29 22:57:50 | 000,466,944 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2014.02.13 17:39:30 | 085,946,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MRT.exe
[2014.02.13 17:55:35 | 000,327,502 | ---- | M] () -- C:\WINDOWS\system32\perfc005.dat
[2014.02.13 17:55:35 | 000,282,534 | ---- | M] () -- C:\WINDOWS\system32\perfc009.dat
[2014.02.13 17:55:35 | 000,875,456 | ---- | M] () -- C:\WINDOWS\system32\perfh005.dat
[2014.02.13 17:55:35 | 000,841,506 | ---- | M] () -- C:\WINDOWS\system32\perfh009.dat
[2014.02.13 17:55:35 | 000,005,062 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI

< %SYSTEMDRIVE%\*.exe >
[2007.11.07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 04:22:17 | 000,015,360 | ---- | M] (Microsoft Corporation)
"Seznam Postak" = "C:\Program Files\Seznam.cz\bin\postak.exe" -s -- [2012.01.10 15:16:10 | 000,491,040 | ---- | M] ()
"ShowBatteryBar" = "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show -- [2013.04.11 07:17:44 | 000,090,624 | ---- | M] ()
"Google Update" = "C:\Documents and Settings\Pavel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c -- [2011.07.30 08:42:18 | 000,136,176 | ---- | M] (Google Inc.)

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< >

< type c:\boot.ini >> test.txt /c >
[boot loader]
timeout=3
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2014.02.15 23:55:55 | 000,000,512 | ---- | M] () MD5=736925906B6EC54EBC84A6B9B5EA822E -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2008.12.04 22:35:19 | 000,001,505 | ---- | M] () -- \Documents and Settings\Pavel\Plocha\Download\Hry\gta\GTA.IV.Crack.Securom.Bypass.Launcher.UBER-PROPER-FeD0R.Neo-REPACK\GTA.IV.Crack.Securom.Bypass.Launcher.UBER-PROPER-FeD0R.Neo-REPACK\GTA.IV.Crack.Securom.Bypass.Launcher.UBER-PROPER-FeD0R.nfo
[2006.10.30 21:55:50 | 000,017,408 | ---- | M] () -- \Documents and Settings\Pavel\Plocha\Download\Hry\masrepiece_fishing2.3.21\MASREPIECE_FISHING2.3.21\MASREPIECE.FISHING2_v3.21\MASREPIECE.FISHING2_v3.21\CRACK\crack.exe
[2007.09.14 09:32:40 | 001,681,408 | ---- | M] () -- \Documents and Settings\Pavel\Plocha\Download\Programy\Rapget.RS_Public_v1.0.4.0_cz\Helloween_-_Gambling_With_The_Devil__2007_\Helloween - Gambling With The Devil [2007]\01 - Crack The Riddle (Intro).mp3
[2007.08.27 16:36:00 | 000,076,354 | ---- | M] () -- \Documents and Settings\Pavel\Plocha\Sniper - Art of Victory\Data\Levels\Mission_02\LMaps\train_lair_cracked_1029.lmap
[2007.10.08 13:33:10 | 000,076,354 | ---- | M] () -- \Documents and Settings\Pavel\Plocha\Sniper - Art of Victory\Data\Levels\Mission_03\LMaps\train_lair_cracked_1029.lmap
[2007.08.14 09:56:04 | 000,000,252 | ---- | M] () -- \Documents and Settings\Pavel\Plocha\Sniper - Art of Victory\Data\materials\buildings\concrete_cracked02.mat
[2007.09.04 15:30:44 | 000,000,184 | ---- | M] () -- \Documents and Settings\Pavel\Plocha\Sniper - Art of Victory\Data\materials\buildings\fort_gate_cracked.mat
[2007.09.04 15:30:44 | 000,000,188 | ---- | M] () -- \Documents and Settings\Pavel\Plocha\Sniper - Art of Victory\Data\materials\buildings\fort_gate_crack_smoke.mat
[2007.08.14 09:53:50 | 000,141,280 | ---- | M] () -- \Documents and Settings\Pavel\Plocha\Sniper - Art of Victory\Data\Meshes\Buildings\train_lair_cracked.3da
[2007.09.04 10:34:04 | 001,398,232 | ---- | M] () -- \Documents and Settings\Pavel\Plocha\Sniper - Art of Victory\Data\Textures\Buildings\building_g_concrete-cracked01.tex
[2007.09.04 10:34:08 | 000,699,192 | ---- | M] () -- \Documents and Settings\Pavel\Plocha\Sniper - Art of Victory\Data\Textures\Buildings\building_g_concrete-cracked02.tex
[2007.10.02 11:17:18 | 000,699,168 | ---- | M] () -- \Documents and Settings\Pavel\Plocha\Sniper - Art of Victory\Data\Textures\Buildings\fort_gate_cracked.tex
[2007.10.02 11:17:18 | 000,349,648 | ---- | M] () -- \Documents and Settings\Pavel\Plocha\Sniper - Art of Victory\Data\Textures\Buildings\fort_gate_crack_smoke.tex
[2007.09.03 12:47:16 | 000,011,040 | ---- | M] () -- \Documents and Settings\Pavel\Plocha\Sniper - Art of Victory\Data\Textures\Buildings\m_cracked_window.tex
[2009.01.02 00:52:06 | 000,062,238 | ---- | M] () -- \Program Files\GIMP-2.0\share\gimp\2.0\patterns\cracked.pat
[2006.10.30 21:55:50 | 000,017,408 | ---- | M] () -- \Program Files\StuGroup\Masterpiece Fishing 2\crack.exe

< *keygen* /s >
[2010.02.07 13:54:48 | 000,084,480 | ---- | M] () -- \Documents and Settings\Pavel\Plocha\Download\ESET 5 -32+64bit(nod+Smart) SK+ crack\ESET 5 -32+64bit(nod+Smart) SK+ crack\Ashampo-uin4+KEY\Keygen-ASHu4.exe
[2011.07.10 21:30:01 | 000,151,040 | ---- | M] () -- \Documents and Settings\Pavel\Plocha\Download\zemana-antilogger-v-1-9-2-240\Zemana AntiLogger v 1.9.2.240\Keygen\keygen.exe
[2007.06.26 23:04:40 | 000,370,176 | ---- | M] () -- \Documents and Settings\Pavel\Plocha\flashka\N_kg\Nero_kg\2\Keygen by CIM.exe
[2007.06.26 23:04:40 | 000,370,176 | ---- | M] () -- \Documents and Settings\Pavel\Plocha\N_kg\Nero_kg\2\Keygen by CIM.exe

< *AntiWPA* /s >

< *loader* /s >
[2012.06.18 11:39:40 | 000,072,638 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\Skype\Apps\login\images\loader.gif
[2012.06.18 11:39:40 | 000,003,032 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\Skype\Apps\login\images\loader.png
[2011.02.07 05:02:55 | 000,000,888 | ---- | M] () -- \Documents and Settings\Pavel\Local Settings\Data aplikací\SRDownloader(2).nast
[2010.11.24 21:07:03 | 000,000,046 | ---- | M] () -- \Documents and Settings\Pavel\Local Settings\Data aplikací\SRDownloader.err
[2010.11.24 22:02:13 | 000,000,848 | ---- | M] () -- \Documents and Settings\Pavel\Local Settings\Data aplikací\SRDownloader.nast
[2013.08.09 21:54:03 | 000,000,250 | ---- | M] () -- \Documents and Settings\Pavel\Local Settings\Data aplikací\Pinnacle Systems GmbH\TVCenter Pro\1.1.747.764\PMCLoader.exe.xml
[2009.06.13 19:55:10 | 000,214,528 | ---- | M] () -- \Documents and Settings\Pavel\Plocha\Download\JDownloader_0.6.193\JDownloader 0.6.193\JDownloader.exe
[2009.06.13 21:08:08 | 000,617,399 | ---- | M] () -- \Documents and Settings\Pavel\Plocha\Download\JDownloader_0.6.193\JDownloader 0.6.193\JDownloader.jar
[2009.06.13 20:47:30 | 000,003,548 | ---- | M] () -- \Documents and Settings\Pavel\Plocha\Download\JDownloader_0.6.193\JDownloader 0.6.193\jd\plugins\decrypt\JDLoader.class
[2009.06.13 22:12:40 | 000,002,223 | ---- | M] () -- \Documents and Settings\Pavel\Plocha\Download\JDownloader_0.6.193\JDownloader 0.6.193\jd\plugins\decrypt\SuperUploaderNet.class
[2009.06.13 20:47:34 | 000,005,962 | ---- | M] () -- \Documents and Settings\Pavel\Plocha\Download\JDownloader_0.6.193\JDownloader 0.6.193\jd\plugins\host\UploaderPl.class
[2009.06.13 19:54:42 | 000,389,048 | ---- | M] () -- \Documents and Settings\Pavel\Plocha\Download\JDownloader_0.6.193\JDownloader 0.6.193\tools\Windows\kikin\KikinInstaller_1_11_4_jdownloader.exe
[2008.11.21 11:32:06 | 000,003,554 | ---- | M] () -- \Documents and Settings\Pavel\Plocha\Download\Programy\Rapget.RS_Public_v1.0.4.0_cz\Phoenix_12_FiNAL\Phx_data\Res\SimPack\downloader.nsi
[2005.06.07 11:25:46 | 000,044,032 | ---- | M] () -- \Documents and Settings\Pavel\Plocha\My\RAR\RarExtLoader.exe
[2007.10.16 08:56:02 | 001,398,232 | ---- | M] () -- \Documents and Settings\Pavel\Plocha\Sniper - Art of Victory\Data\LocalizedData\Levels\mission_01_loader.tex
[2007.10.16 08:56:04 | 001,398,232 | ---- | M] () -- \Documents and Settings\Pavel\Plocha\Sniper - Art of Victory\Data\LocalizedData\Levels\mission_02_loader.tex
[2007.10.16 08:56:04 | 001,398,232 | ---- | M] () -- \Documents and Settings\Pavel\Plocha\Sniper - Art of Victory\Data\LocalizedData\Levels\mission_03_loader.tex
[2007.10.16 08:56:04 | 001,398,232 | ---- | M] () -- \Documents and Settings\Pavel\Plocha\Sniper - Art of Victory\Data\LocalizedData\Levels\mission_04_loader.tex
[2007.10.16 08:56:04 | 001,398,232 | ---- | M] () -- \Documents and Settings\Pavel\Plocha\Sniper - Art of Victory\Data\LocalizedData\Levels\mission_05_loader.tex
[2007.10.16 08:56:04 | 001,398,232 | ---- | M] () -- \Documents and Settings\Pavel\Plocha\Sniper - Art of Victory\Data\LocalizedData\Levels\mission_06_loader.tex
[2007.10.16 08:56:04 | 001,398,232 | ---- | M] () -- \Documents and Settings\Pavel\Plocha\Sniper - Art of Victory\Data\LocalizedData\Levels\mission_07_loader.tex
[2007.10.16 08:56:04 | 001,398,232 | ---- | M] () -- \Documents and Settings\Pavel\Plocha\Sniper - Art of Victory\Data\LocalizedData\Levels\mission_08_loader.tex
[2007.06.27 19:03:00 | 000,177,448 | ---- | M] () -- \Program Files\Common Files\Ahead\Lib\NeGuideStoreLoader.dll
[2008.12.16 12:37:16 | 000,003,614 | ---- | M] () -- \Program Files\GIMP-2.0\etc\gtk-2.0\gdk-pixbuf.loaders
[2009.01.01 23:52:40 | 000,016,440 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-ani.dll
[2009.01.01 23:52:24 | 000,019,000 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-bmp.dll
[2009.01.01 23:52:40 | 000,027,192 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-gif.dll
[2009.01.01 23:52:46 | 000,012,344 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-icns.dll
[2009.01.01 23:52:24 | 000,016,952 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-ico.dll
[2009.01.01 23:52:26 | 000,019,512 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-jpeg.dll
[2009.01.01 23:52:32 | 000,014,392 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-pcx.dll
[2009.01.01 23:52:30 | 000,019,000 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-png.dll
[2009.01.01 23:52:32 | 000,015,928 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-pnm.dll
[2009.01.01 23:52:34 | 000,011,832 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-ras.dll
[2009.01.01 23:52:56 | 000,016,952 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-tga.dll
[2009.01.01 23:52:40 | 000,016,440 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-tiff.dll
[2009.01.01 23:52:38 | 000,011,320 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-wbmp.dll
[2009.01.01 23:52:40 | 000,013,880 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-xbm.dll
[2009.01.01 23:52:42 | 000,028,216 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-xpm.dll
[2010.10.28 17:55:02 | 000,294,912 | ---- | M] () -- \Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
[2010.10.28 17:55:02 | 000,000,108 | ---- | M] () -- \Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.ini
[2011.07.10 20:16:05 | 000,005,795 | ---- | M] () -- \Program Files\ICQ7.5\imApp\theme\IMAGES\XtraPreloader\loader.jpg
[2011.07.10 20:16:06 | 000,004,180 | ---- | M] () -- \Program Files\ICQ7.5\imApp\theme\IMAGES\XtraPreloader\zlango-preloader.png
[2011.07.10 20:16:05 | 000,005,520 | ---- | M] () -- \Program Files\ICQ7.5\imApp\theme\MUICoreLib\xtraLoader.swf
[2011.08.14 20:30:24 | 000,000,402 | ---- | M] () -- \Program Files\ICQ7.5\Xtraz\icq\content\icq_profile\preloader.html
[2011.07.10 20:16:54 | 000,000,402 | ---- | M] () -- \Program Files\ICQ7.5\Xtraz\icq\content\profile_forms\preloader.html
[2011.07.10 20:16:53 | 000,000,402 | ---- | M] () -- \Program Files\ICQ7.5\Xtraz\icq\content\profile_lightboxs\preloader.html
[2008.09.23 15:04:38 | 000,021,776 | ---- | M] () -- \Program Files\Pinnacle\TVCenter Pro\PMC.Loader.Common.dll
[2008.09.23 15:04:40 | 000,644,368 | ---- | M] () -- \Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe
[2007.06.13 21:38:20 | 000,001,217 | ---- | M] () -- \Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe.Manifest
[2008.09.23 15:04:40 | 000,197,904 | ---- | M] () -- \Program Files\Pinnacle\TVCenter Pro\Settings.Loader.dll
[2006.12.23 17:37:56 | 000,044,032 | ---- | M] () -- \Program Files\WinRAR\RarExtLoader.exe
[1999.07.02 10:11:48 | 000,010,275 | R--- | M] () -- \TRUMPF\MACROS\Perl\lib\AutoLoader.pm
[1999.07.02 10:12:10 | 000,012,000 | R--- | M] () -- \TRUMPF\MACROS\Perl\lib\SelfLoader.pm
[1999.01.22 03:03:56 | 000,010,275 | R--- | M] () -- \TRUMPF\MACROS\Perl\lib\MSWin32-x86\AutoLoader.pm
[1999.07.02 10:12:02 | 000,024,382 | R--- | M] () -- \TRUMPF\MACROS\Perl\lib\MSWin32-x86\DynaLoader.pm
[1999.01.22 03:03:56 | 000,012,000 | R--- | M] () -- \TRUMPF\MACROS\Perl\lib\MSWin32-x86\SelfLoader.pm
[1999.07.02 10:13:50 | 000,015,899 | ---- | M] () -- \TRUMPF\MACROS\Perl\lib\Pod\html\ext\DynaLoader\DynaLoader.html
[1999.07.02 10:13:32 | 000,009,266 | ---- | M] () -- \TRUMPF\MACROS\Perl\lib\Pod\html\lib\AutoLoader.html
[1999.07.02 10:13:40 | 000,015,899 | ---- | M] () -- \TRUMPF\MACROS\Perl\lib\Pod\html\lib\DynaLoader.html
[1999.07.02 10:13:44 | 000,011,399 | ---- | M] () -- \TRUMPF\MACROS\Perl\lib\Pod\html\lib\SelfLoader.html
[2004.08.18 13:00:00 | 000,035,840 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\dmloader.dll
[2002.12.11 23:14:32 | 000,033,280 | ---- | M] () -- \WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dmloader.dll
[2008.04.14 04:21:39 | 000,035,840 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\dmloader.dll
[2008.04.13 19:31:47 | 000,230,912 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.exe
[2008.04.13 19:31:48 | 000,278,528 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.ntd
[2008.04.14 04:21:39 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dmloader.dll
[2002.12.11 23:14:32 | 000,033,280 | ---- | M] () -- \WINDOWS\system32\dllcache\dmloader.dll

< *minodlogin* /s >

< *tnod* /s >

< *AutoKMS* /s >

< *activator* /s >

< *serial* /s >
[2007.01.27 09:31:03 | 000,000,025 | ---- | M] () -- \Documents and Settings\Pavel\Plocha\Download\mvc\Magic Video Converter v7.9.0.6\Serial.txt
[2009.05.07 16:40:37 | 000,001,244 | ---- | M] () -- \Documents and Settings\Pavel\Plocha\Download\Programy\OJOsoft.Total.Video.Converter.v2.6.5.0430.Uploaded.04.07.09\OJOsoft.Total.Video.Converter.v2.6.5.0430.Uploaded.04.07.09\HardaL\Serial.txt
[2007.05.01 19:12:06 | 000,000,082 | ---- | M] () -- \Documents and Settings\Pavel\Plocha\Download\Programy\Rapget.RS_Public_v1.1.1.1_cz\MS_Patch_Updated\MS Office 2007_Classic Menu\Office2007ClassicMenu\serial.txt
[2008.01.26 10:38:32 | 000,000,029 | ---- | M] () -- \Documents and Settings\Pavel\Plocha\Download\Programy\savyt\Save2pc_stahovaniZ_youtube\save2pc331.ser\save2pc.pro.v3.31.incl.serial\Save2pc.Pro.v3.31\serial.txt
[2013.06.08 08:47:32 | 000,069,632 | ---- | M] () -- \Program Files\BatteryBar\BatteryBar.Utilities.XmlSerializers.dll
[2010.10.28 17:55:02 | 000,118,784 | ---- | M] () -- \Program Files\HTC\HTC Sync 3.0\Maps\SyncEngine.API.XmlSerializers.dll
[2010.10.28 17:55:02 | 000,032,768 | ---- | M] () -- \Program Files\HTC\HTC Sync 3.0\Maps\SyncEngine.XmlSerializers.dll
[2013.09.13 00:53:56 | 000,434,368 | ---- | M] () -- \Program Files\Microsoft Silverlight\5.1.20913.0\System.Runtime.Serialization.dll
[2013.10.09 15:25:34 | 001,164,288 | ---- | M] () -- \Program Files\Microsoft Silverlight\5.1.20913.0\System.Runtime.Serialization.ni.dll
[2004.08.10 15:51:44 | 000,000,034 | ---- | M] () -- \Program Files\Play\Masterpiece Fishing 3\serial.txt
[2012.09.27 00:12:26 | 000,970,752 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2004.08.18 13:00:00 | 000,064,640 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\serial.sys
[2008.01.29 22:23:30 | 000,011,776 | ---- | M] () -- \WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.5000.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2008.01.29 22:24:08 | 000,131,072 | ---- | M] () -- \WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2009.03.20 22:41:24 | 000,011,776 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2014.02.13 17:54:59 | 000,131,072 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2009.03.20 22:41:43 | 000,090,112 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\system.runtime.serialization.resources\3.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
[2013.01.09 16:52:58 | 000,970,752 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2014.02.13 19:00:29 | 000,311,296 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\6c29ee2bedfe88dcd66993f1af135ad8\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.02.13 18:57:38 | 002,345,472 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9860da66bf0219612908e7412b0a6e2e\System.Runtime.Serialization.ni.dll
[2013.08.14 21:58:45 | 000,311,296 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a95e0af6fa5d2e8ffd5e0091f6513271\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2013.08.14 21:56:09 | 002,345,472 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\ba6670610621b25b1608e457ba0ef305\System.Runtime.Serialization.ni.dll
[2004.07.15 14:31:54 | 000,131,072 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
[2003.04.07 19:24:52 | 000,011,776 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v1.1.4322\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2008.07.25 11:17:00 | 000,131,072 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2008.09.10 17:46:28 | 000,011,776 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2012.09.27 00:12:26 | 000,970,752 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2008.04.14 03:17:25 | 000,028,416 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\grserial.sys
[2008.04.14 03:21:08 | 000,064,256 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\serial.sys
[2004.08.18 13:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dpserial.dll
[2004.08.18 13:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\serialui.dll
[2004.08.18 13:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dllcache\dpserial.dll
[2004.08.18 13:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\dllcache\serialui.dll
[2008.04.14 03:21:08 | 000,064,256 | ---- | M] () -- \WINDOWS\system32\drivers\serial.sys
[2006.01.20 12:44:42 | 000,862,340 | ---- | M] () -- \WINDOWS\system32\drivers\smserial.sys

< *w7lxe* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 169 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:DFC5A2B2
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:C31F31E6
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:A8ADE5D8
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:0888F409
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:5C321E34

< End of report >

Re: Prosím o preventivku

Napsal: 16 úno 2014 00:30
od pajik999
Druhý z OTL :

OTL Extras logfile created on: 15.2.2014 23:53:02 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Pavel\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

894,04 Mb Total Physical Memory | 416,95 Mb Available Physical Memory | 46,64% Memory free
2,11 Gb Paging File | 1,55 Gb Available in Paging File | 73,40% Paging File free
Paging file location(s): C:\pagefile.sys 1341 1341 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,53 Gb Total Space | 12,77 Gb Free Space | 17,14% Space Free | Partition Type: NTFS

Computer Name: NOTEWORKGROUP | User Name: Pavel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1715567821-1085031214-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\ICQ7.5\ICQ.exe" = C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5 -- (ICQ, LLC.)
"C:\Program Files\Veetle\Player\VeetleNet.exe" = C:\Program Files\Veetle\Player\VeetleNet.exe:*:Enabled:VeetleNet -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\ICQ6\ICQ.exe" = C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6
"C:\Program Files\TrackMania Sunrise\TmSunrise.exe" = C:\Program Files\TrackMania Sunrise\TmSunrise.exe:*:Enabled:TmSunrise
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6
"C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe" = C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe:LocalSubNet:Enabled:Pinnacle Streaming Server -- (Avid Development GmbH)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App -- (Microsoft Corporation)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary
"C:\Program Files\www.Cstr1k3rs.uCoz.Com\CarbonCS v1.1\cstrike.exe" = C:\Program Files\www.Cstr1k3rs.uCoz.Com\CarbonCS v1.1\cstrike.exe:*:Enabled:CarbonCS v1.1
"C:\Program Files\www.Cstr1k3rs.uCoz.Com\CarbonCS v1.1\hl.exe" = C:\Program Files\www.Cstr1k3rs.uCoz.Com\CarbonCS v1.1\hl.exe:*:Enabled:Half-Life Launcher
"C:\Program Files\www.Cstr1k3rs.uCoz.Com\CarbonCS v1.1\hlds.exe" = C:\Program Files\www.Cstr1k3rs.uCoz.Com\CarbonCS v1.1\hlds.exe:*:Enabled:HLDS Launcher
"C:\Program Files\www.Cstr1k3rs.uCoz.Com\CarbonCS v1.1\hltv.exe" = C:\Program Files\www.Cstr1k3rs.uCoz.Com\CarbonCS v1.1\hltv.exe:*:Enabled:HLTV Launcher
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\rc\RAL.EXE" = C:\rc\RAL.EXE:*:Enabled:RAL
"C:\Program Files\ICQ7.5\ICQ.exe" = C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5 -- (ICQ, LLC.)
"C:\Program Files\Veetle\Player\VeetleNet.exe" = C:\Program Files\Veetle\Player\VeetleNet.exe:*:Enabled:VeetleNet -- ()
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\ExpressFiles\expressdl.exe" = C:\Program Files\ExpressFiles\expressdl.exe:*:Enabled:Express Files
"C:\Program Files\ExpressFiles\ExpressFiles.exe" = C:\Program Files\ExpressFiles\ExpressFiles.exe:*:Enabled:Express Files


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{014534FF-1D46-4A77-9B48-29EFD145995B}" = AntiLogger
"{0F9196C6-58B4-445B-B56E-B1200FECC151}" = Microsoft Bootvis
"{17528AC4-E6C2-43CD-8D8D-A62BA476ADC7}" = Zoner Photo Studio 7 - zkušební verze
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 45
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2A9E8F56-C31B-4DBB-BFE2-0F4EC8192355}" = OLYMPUS Digital Camera Updater
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{40755BAA-75E1-4BD6-B553-9DB18F016CC2}" = VAG-COM USB
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{53EF6570-21A4-47ED-A40A-E6470A5677A3}" = Studio 8
"{546C143E-68DC-314D-97BC-1E454E3BA429}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CSY
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58DE458E-3844-430E-AC5F-63D9D60FAA1D}" = ESET NOD32 Antivirus
"{5E65E94D-69F2-4850-9E93-6459C53A0F50}" = Microsoft .NET Framework 1.1 Czech Language Pack
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74656168-CF28-40BD-9D87-700B07BAF9B6}" = HTC Sync
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C7AC2D4-1077-45C8-826A-16445B5E0DB7}" = Pinnacle DistanTV Server
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D70145A-3BD3-4DBF-9CBF-223EF4A43257}" = ATI Parental Control & Encoder
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0405-0000-0000000FF1CE}" = Sada Compatibility Pack pro systém Office 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91C0B95B-B83A-4828-A775-BBE2DD421029}" = Nero 7 Ultra Edition
"{91CA8C77-30FC-4AAF-B2EE-F51B0746D95C}" = ATI Catalyst Control Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2A227E0-8DEC-11D2-A564-B2890D000000}" = 5D PDF Creator
"{A2C9CD1B-2551-3AED-B244-6698FB929FA6}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CSY
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5A82A64-AA95-4BB0-8270-371BE1ADD26A}" = ATLAS Czech 2011.5 NT
"{A662E280-64A8-4CF5-8407-13D0808602B3}" = Call of Duty - United Offensive
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-AB0000000001}" = Adobe Reader XI (11.0.06) - Czech
"{AEE39224-92BE-4389-9493-E57FF73BB96A}" = OLYMPUS Viewer 2
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{EB1B0104-6A57-446F-B855-FDF49151BE0C}" = O2Micro Flash Memory Card Windows Driver V2.04
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle TVCenter Pro
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"{FE6BAD47-65BD-4C5F-BDF6-DCA408E0419A}" = Opera 11.11
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{Pruzkumnici - Ztraceni v oceanu}_is1" = Průzkumníci - Ztraceni v oceánu 1.0
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Balíček ovladače systému Windows - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Balíček ovladače systému Windows - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"6EDA9AD6C8C68418427383EF403AC547797F6A93" = Balíček ovladače systému Windows - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0)
"7-Zip" = 7-Zip 4.57
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Aide PDF to DXF Converter_is1" = Aide PDF to DXF Converter 5.1
"All ATI Software" = ATI - Software Uninstall Utility
"AntiLogger" = AntiLogger
"Atf" = Atf Profi
"ATI Display Driver" = ATI Display Driver
"AVIConverter" = AVIConverter CHN-EN Package
"AXIS Media Control Embedded" = AXIS Media Control Embedded
"BatteryBar" = BatteryBar (remove only)
"Call of Duty" = Call of Duty
"CCleaner" = CCleaner
"CompuApps SwissKnife V3" = CompuApps SwissKnife V3
"Defraggler" = Defraggler
"DVD Shrink_is1" = DVD Shrink 3.2
"E77704EF5E71F4F18CADFBFA68595AFE036D5D97" = Balíček ovladače systému Windows - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
"EAGLE 5.11.0" = EAGLE 5.11.0
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Free FLV Converter_is1" = Free FLV Converter
"GSpot" = GSpot Codec Information Appliance
"Hardlock Device Driver" = Hardlock Device Driver
"HijackThis" = HijackThis 2.0.2
"Hollywood FX 4.6" = Pinnacle Hollywood FX 4.6
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Image Grabber II" = Image Grabber II
"InstallShield_{A662E280-64A8-4CF5-8407-13D0808602B3}" = Call of Duty - United Offensive
"InstallShield_{EB1B0104-6A57-446F-B855-FDF49151BE0C}" = O2Micro Flash Memory Card Windows Driver V2.04
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.2.0 Full
"Magic Video Converter_is1" = Magic Video Converter Trial Version (English) 7.9.0.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware verze 1.75.0.1300
"Masterpiece Fishing 3_is1" = asterpiece Fishing 3
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 21.0 (x86 cs)" = Mozilla Firefox 21.0 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"O2CZ" = O2
"OpenAL" = OpenAL
"Polda V_is1" = Polda V
"rajče.net_is1" = rajče verze 58 sestavení 212
"Raster to Vector_is1" = Raster to Vector 9.1
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAPSproW_is1" = SAPSproW ver.19 (20110923)
"save2pc Pro_is1" = save2pc Pro 3.31
"Secunia PSI" = Secunia PSI
"Skispringen 2007_0001" = Skispringen 2007
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SopCast" = SopCast 3.4.0
"SpywareBlaster_is1" = SpywareBlaster 4.6
"szn-software-postak" = Seznam Pošťák 2 (Všichni uživatelé tohoto počítače.)
"Total Video Converter 3.50_is1" = Total Video Converter 3.50
"Totalcmd" = Total Commander (Remove or Repair)
"Veetle TV" = Veetle TV
"VideoReDoTVSuite_is1" = VideoReDo TVSuite Version 3.1.4.551
"VLC media player" = VLC media player 0.9.8a
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.4
"WinRAR archiver" = WinRAR
"WM Converter 2.0" = WM Converter 2.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1715567821-1085031214-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"MDG_MULTI_WIN" = MDG_MULTI_WIN
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 15.2.2014 14:19:43 | Computer Name = NOTEWORKGROUP | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Takové síťové připojení neexistuje.

Error - 15.2.2014 14:19:44 | Computer Name = NOTEWORKGROUP | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Takové síťové připojení neexistuje.

Error - 15.2.2014 14:19:44 | Computer Name = NOTEWORKGROUP | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Takové síťové připojení neexistuje.

Error - 15.2.2014 14:19:55 | Computer Name = NOTEWORKGROUP | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Takové síťové připojení neexistuje.

Error - 15.2.2014 14:19:55 | Computer Name = NOTEWORKGROUP | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Takové síťové připojení neexistuje.

Error - 15.2.2014 14:19:55 | Computer Name = NOTEWORKGROUP | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Takové síťové připojení neexistuje.

Error - 15.2.2014 14:19:55 | Computer Name = NOTEWORKGROUP | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Takové síťové připojení neexistuje.

Error - 15.2.2014 14:19:55 | Computer Name = NOTEWORKGROUP | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Takové síťové připojení neexistuje.

Error - 15.2.2014 14:19:55 | Computer Name = NOTEWORKGROUP | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Takové síťové připojení neexistuje.

Error - 15.2.2014 14:19:57 | Computer Name = NOTEWORKGROUP | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Takové síťové připojení neexistuje.

[ System Events ]
Error - 15.2.2014 13:58:11 | Computer Name = NOTEWORKGROUP | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: AFD AmdK8 cmdGuard cmdHlp eamon ehdrv epfwtdir Fips IPSec Lbd MRxSmb NetBIOS
NetBT
RasAcd
Rdbss
SASDIFSV
SASKUTIL
StarOpen
Tcpip
tidnet
WS2IFSL

Error - 15.2.2014 13:59:49 | Computer Name = NOTEWORKGROUP | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby StiSvc
s argumenty za účelem spuštění serveru: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 15.2.2014 14:28:08 | Computer Name = NOTEWORKGROUP | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby StiSvc
s argumenty za účelem spuštění serveru: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 15.2.2014 14:28:51 | Computer Name = NOTEWORKGROUP | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby EventSystem
s argumenty za účelem spuštění serveru: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 15.2.2014 14:30:18 | Computer Name = NOTEWORKGROUP | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: Lbd

Error - 15.2.2014 15:40:16 | Computer Name = NOTEWORKGROUP | Source = sfsync02 | ID = 262156
Description =

Error - 15.2.2014 15:40:56 | Computer Name = NOTEWORKGROUP | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby EventSystem
s argumenty za účelem spuštění serveru: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 15.2.2014 15:41:38 | Computer Name = NOTEWORKGROUP | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: AmdK8 cmdGuard eamon ehdrv Fips Lbd SASDIFSV SASKUTIL StarOpen

Error - 15.2.2014 16:17:14 | Computer Name = NOTEWORKGROUP | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby EventSystem
s argumenty za účelem spuštění serveru: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 15.2.2014 16:18:39 | Computer Name = NOTEWORKGROUP | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: Lbd


< End of report >

Re: Prosím o preventivku

Napsal: 16 úno 2014 08:41
od Márty84
:!: Vypnete antivir, at nebrani programu v praci.
:arrow: Znovu spustte OTL
Do spodniho okna vlozte nasledujici text (vcetne te dvojtecky pred slovem commands)

Kód: Vybrat vše

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[Purity]
[CreateRestorePoint]

:services
Lbd
Ad-Watch Connect Filter
Ad-Watch Real-Time Scanner
Ad-Watch Registry Filter
gupdate1c9f761c4738244
SkypeUpdate
AdobeFlashPlayerUpdateSvc
gupdatem
NBService
NMIndexingService

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\Express FilesUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1085031214-725345543-1004Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1085031214-725345543-1004UA.job

:otl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1715567821-1085031214-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.yahoo.com?fr=fp-comodo
IE - HKU\S-1-5-21-1715567821-1085031214-725345543-1004\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1715567821-1085031214-725345543-1004\..\SearchScopes,DefaultScope = {8EEAC88A-079B-4b2c-80C1-7836F79EB40A}
IE - HKU\S-1-5-21-1715567821-1085031214-725345543-1004\..\SearchScopes\${searchCLSID}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-1715567821-1085031214-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1715567821-1085031214-725345543-1004\..\SearchScopes\{1207FBBE-F504-4AD8-9212-790AB94DCF4E}: "URL" = http://search.atlas.cz/?q={searchTerms}
IE - HKU\S-1-5-21-1715567821-1085031214-725345543-1004\..\SearchScopes\{32733901-D544-4935-B1AB-DC7CEE8DE3EF}: "URL" = http://search.centrum.cz/index.php?charset=utf-8&q={searchTerms}&mt=2&mts=1&sec=mix&kibitz=0
IE - HKU\S-1-5-21-1715567821-1085031214-725345543-1004\..\SearchScopes\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A}: "URL" = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-comodo"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-comodo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..keyword.URL: "http://us.search.yahoo.com/search?fr=ytff-comodo&p="
CHR - homepage: http://us.yahoo.com?fr=fpc-comodo
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Documents and Settings\Pavel\Local Settings\Data aplikac\u00ED\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0\McChPlg.dll
O3 - HKU\S-1-5-21-1715567821-1085031214-725345543-1004\..\Toolbar\ShellBrowser: (no name) - {2462D2D8-B36E-44AB-84BF-C5A9383D2429} - No CLSID value found.
O3 - HKU\S-1-5-21-1715567821-1085031214-725345543-1004\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
[2008.01.31 20:13:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\ICQ Toolbar
[11 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[7 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[1 C:\WINDOWS\Installer\{FD8E178D-8B4E-42DA-B434-EFF270329B1C}\*.tmp files -> C:\WINDOWS\Installer\{FD8E178D-8B4E-42DA-B434-EFF270329B1C}\*.tmp -> ]
[1 C:\WINDOWS\system32\DirectX\*.tmp files -> C:\WINDOWS\system32\DirectX\*.tmp -> ]
[2009.07.30 19:40:50 | 000,001,078 | R--- | M] () -- C:\Documents and Settings\Pavel\Data aplikací\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_18be6784.exe
[2009.07.30 19:40:50 | 000,001,078 | R--- | M] () -- C:\Documents and Settings\Pavel\Data aplikací\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_294823.exe
[2009.07.30 19:40:50 | 000,001,078 | R--- | M] () -- C:\Documents and Settings\Pavel\Data aplikací\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_2cd672ae.exe
[2009.07.30 19:40:50 | 000,001,078 | R--- | M] () -- C:\Documents and Settings\Pavel\Data aplikací\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_4ae13d6c.exe
[2010.02.07 13:54:48 | 000,084,480 | ---- | M] () -- \Documents and Settings\Pavel\Plocha\Download\ESET 5 -32+64bit(nod+Smart) SK+ crack\ESET 5 -32+64bit(nod+Smart) SK+ crack\Ashampo-uin4+KEY\Keygen-ASHu4.exe
[2011.07.10 21:30:01 | 000,151,040 | ---- | M] () -- \Documents and Settings\Pavel\Plocha\Download\zemana-antilogger-v-1-9-2-240\Zemana AntiLogger v 1.9.2.240\Keygen\keygen.exe
@Alternate Data Stream - 169 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:DFC5A2B2
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:C31F31E6
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:A8ADE5D8
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:0888F409
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:5C321E34

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntiLogger]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NextLive]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSpeedUp]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rapget]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^TRUMPF_Manager.lnk]
Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.

Re: Prosím o preventivku

Napsal: 16 úno 2014 10:08
od pajik999
Zde je log :

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 713216 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->FireFox cache emptied: 16596357 bytes
->Flash cache emptied: 578 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: JooFoo

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 7437246 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Pavel
->Temp folder emptied: 1127336 bytes
->Temporary Internet Files folder emptied: 1085833 bytes
->Java cache emptied: 2582167 bytes
->FireFox cache emptied: 71493163 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 57553 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 291965644 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 375,00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: JooFoo

User: LocalService

User: NetworkService

User: Pavel
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point
========== SERVICES/DRIVERS ==========
Service Lbd stopped successfully!
Service Lbd deleted successfully!
Service Ad-Watch Connect Filter stopped successfully!
Service Ad-Watch Connect Filter deleted successfully!
Service Ad-Watch Real-Time Scanner stopped successfully!
Service Ad-Watch Real-Time Scanner deleted successfully!
Service Ad-Watch Registry Filter stopped successfully!
Service Ad-Watch Registry Filter deleted successfully!
Service gupdate1c9f761c4738244 stopped successfully!
Service gupdate1c9f761c4738244 deleted successfully!
Service SkypeUpdate stopped successfully!
Service SkypeUpdate deleted successfully!
Service AdobeFlashPlayerUpdateSvc stopped successfully!
Service AdobeFlashPlayerUpdateSvc deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
Service NBService stopped successfully!
Service NBService deleted successfully!
Service NMIndexingService stopped successfully!
Service NMIndexingService deleted successfully!
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
C:\WINDOWS\tasks\Adobe Flash Player Updater.job moved successfully.
C:\WINDOWS\tasks\Express FilesUpdate.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1085031214-725345543-1004Core.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1085031214-725345543-1004UA.job moved successfully.
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search bar| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-1715567821-1085031214-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1715567821-1085031214-725345543-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
HKEY_USERS\S-1-5-21-1715567821-1085031214-725345543-1004\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1715567821-1085031214-725345543-1004\Software\Microsoft\Internet Explorer\SearchScopes\{searchCLSID}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{searchCLSID}\ not found.
Registry key HKEY_USERS\S-1-5-21-1715567821-1085031214-725345543-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1715567821-1085031214-725345543-1004\Software\Microsoft\Internet Explorer\SearchScopes\{1207FBBE-F504-4AD8-9212-790AB94DCF4E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1207FBBE-F504-4AD8-9212-790AB94DCF4E}\ not found.
Registry key HKEY_USERS\S-1-5-21-1715567821-1085031214-725345543-1004\Software\Microsoft\Internet Explorer\SearchScopes\{32733901-D544-4935-B1AB-DC7CEE8DE3EF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32733901-D544-4935-B1AB-DC7CEE8DE3EF}\ not found.
Registry key HKEY_USERS\S-1-5-21-1715567821-1085031214-725345543-1004\Software\Microsoft\Internet Explorer\SearchScopes\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A}\ not found.
Prefs.js: "chrf-comodo" removed from browser.search.param.yahoo-fr
Prefs.js: "chrf-comodo" removed from browser.search.param.yahoo-fr-cjkt
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "http://us.search.yahoo.com/search?fr=ytff-comodo&p=" removed from keyword.URL
Use Chrome's Settings page to change the HomePage.
File C:\Documents and Settings\Pavel\Local Settings\Data aplikac\u00ED\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0\McChPlg.dll not found.
Registry value HKEY_USERS\S-1-5-21-1715567821-1085031214-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2462D2D8-B36E-44AB-84BF-C5A9383D2429} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2462D2D8-B36E-44AB-84BF-C5A9383D2429}\ not found.
Registry value HKEY_USERS\S-1-5-21-1715567821-1085031214-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
C:\Documents and Settings\Pavel\Data aplikací\ICQ Toolbar folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1C4.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1E.tmp\System.Web.Extensions.dll deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1E.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP789.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP96A.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPCFD.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE3F3.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE4F2.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE80.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF006.tmp\System.Web.dll deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF006.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF487.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF79.tmp\PresentationCFFRasterizer.dll deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF79.tmp folder deleted successfully.
C:\WINDOWS\Installer\MSI1A.tmp deleted successfully.
C:\WINDOWS\Installer\MSI1B.tmp deleted successfully.
C:\WINDOWS\Installer\MSI1C.tmp deleted successfully.
C:\WINDOWS\Installer\MSI1D.tmp deleted successfully.
C:\WINDOWS\Installer\MSI1E.tmp deleted successfully.
C:\WINDOWS\Installer\MSI1F.tmp deleted successfully.
C:\WINDOWS\Installer\MSI20.tmp deleted successfully.
C:\WINDOWS\Installer\{FD8E178D-8B4E-42DA-B434-EFF270329B1C}\upd81.tmp deleted successfully.
C:\WINDOWS\system32\DirectX\DX1B.tmp\system folder deleted successfully.
C:\WINDOWS\system32\DirectX\DX1B.tmp\sysbckup folder deleted successfully.
C:\WINDOWS\system32\DirectX\DX1B.tmp\inf folder deleted successfully.
C:\WINDOWS\system32\DirectX\DX1B.tmp\help folder deleted successfully.
C:\WINDOWS\system32\DirectX\DX1B.tmp\drivers folder deleted successfully.
C:\WINDOWS\system32\DirectX\DX1B.tmp\directx folder deleted successfully.
C:\WINDOWS\system32\DirectX\DX1B.tmp folder deleted successfully.
C:\Documents and Settings\Pavel\Data aplikací\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_18be6784.exe moved successfully.
C:\Documents and Settings\Pavel\Data aplikací\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_294823.exe moved successfully.
C:\Documents and Settings\Pavel\Data aplikací\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_2cd672ae.exe moved successfully.
C:\Documents and Settings\Pavel\Data aplikací\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_4ae13d6c.exe moved successfully.
\Documents and Settings\Pavel\Plocha\Download\ESET 5 -32+64bit(nod+Smart) SK+ crack\ESET 5 -32+64bit(nod+Smart) SK+ crack\Ashampo-uin4+KEY\Keygen-ASHu4.exe moved successfully.
\Documents and Settings\Pavel\Plocha\Download\zemana-antilogger-v-1-9-2-240\Zemana AntiLogger v 1.9.2.240\Keygen\keygen.exe moved successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:C31F31E6 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:A8ADE5D8 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:0888F409 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:5C321E34 deleted successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntiLogger\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NextLive\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSpeedUp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rapget\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^TRUMPF_Manager.lnk\ deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 02162014_095743

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Re: Prosím o preventivku

Napsal: 16 úno 2014 10:29
od Márty84
:arrow:
vyosek píše: :arrow: T-Cleaner http://tharifas.sweb.cz/T-Cleaner.exe
  • Stahnete a spustte
  • Pro potvrzeni volby mackejte A, Enter
  • Po pouziti utilitu smazte
  • Antiviry mohou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
:arrow: Stahnete OTC http://oldtimer.geekstogo.com/OTC.exe , ulozte a spustte.
Kliknete na napis CleanUp a pote OK - Po uklidu dojde k restartu pc.

:arrow: Stahnete TFC http://oldtimer.geekstogo.com/TFC.exe , ulozte a spustte
Kliknete na START a pote OK - Po uklidu dojde k restartu pc.
Po pouziti muzete programek smazat

:arrow: Stahnete Ccleaner http://www.piriform.com/ccleaner/download/slim a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!

:arrow: Defragmentujte disk(y)
Stahnete program Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
Pri instalaci opet pozor na toolbar
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.




:arrow: Pak napiste, jak je na tom pc.

Re: Prosím o preventivku

Napsal: 16 úno 2014 20:07
od pajik999
Takže vše hotovo,dle postupu.

Počítač je určitě mnohem svižnější a hlavně nebliká HDD aniž by k tomu měl důvod. :)

Moc díky za perfektní práci,ochotu,přístup a hlavně čas :thumbsup:

Re: Prosím o preventivku

Napsal: 17 úno 2014 02:27
od Márty84
Neni vubec zac! :)

Mejte se a treba zase nekdy :bye:

:closed:
Všechny časy jsou v UTC+01:00
Stránka 2 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz