VIRY.CZ

Jeste jeden sken a budem mazat.

Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe , ulozte na plochu a spustte.
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).

jen takove dotazy mimo, nez probehne ten scan

1) proc se vse musi ukladat na plochu a soustet z plochy?
2) jak se da naucit takto radit? musí mít člověk programátorské vědomosti? nebo co je zapotrebi
3) jak vite ktere púrogramy na dane problemy pouzivat?

pokud by odpovedi byly vase know-how pochopím to

dinospages píše:1) proc se vse musi ukladat na plochu a soustet z plochy?

Lip se s nimi pak pracuje, lepe se pak uklizeji, pri vytvareni skriptu pro nektere z nich by pak mohlo dojit k problemum.

dinospages píše:2) jak se da naucit takto radit? musí mít člověk programátorské vědomosti? nebo co je zapotrebi

http://forum.viry.cz/viewtopic.php?f=12&t=116819 . Nemusi mit programatorske vedomosti. Staci mit zajem, cas a trpelivost.

dinospages píše:3) jak vite ktere púrogramy na dane problemy pouzivat?

Praxe

diky za odpovedi

roguekiller, rsit a otl nespoustim z plochy ale z c:/document and settings/petra/dokumenty/stažené soubory

zde je log:

OTL logfile created on: 16.4.2014 10:24:05 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Petra\Dokumenty\Stažené soubory
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1023,48 Mb Total Physical Memory | 329,50 Mb Available Physical Memory | 32,19% Memory free
2,40 Gb Paging File | 1,79 Gb Available in Paging File | 74,52% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 137,20 Gb Free Space | 92,05% Space Free | Partition Type: NTFS

Computer Name: DOMA-9ED8BD9274 | User Name: Petra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014.04.16 10:22:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Petra\Dokumenty\Stažené soubory\OTL.exe
PRC - [2014.04.14 23:17:20 | 003,854,640 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014.04.14 23:17:20 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014.03.29 17:52:03 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.01.02 17:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

========== Modules (No Company Name) ==========

MOD - [2014.04.16 00:28:15 | 002,212,352 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\14041501\algo.dll
MOD - [2014.04.14 23:17:23 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014.03.29 17:51:30 | 003,642,480 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014.02.13 13:48:40 | 011,906,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\90e490c25be955a75f133cb359569009\System.Web.ni.dll
MOD - [2014.02.13 01:31:24 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2014.02.13 01:31:23 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2014.02.13 01:30:20 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b6e70acd99dc22e29b7fc8f9ac340c4\System.Configuration.ni.dll
MOD - [2014.02.13 01:26:16 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\7faf645dc46781225cb722edf9e1e738\System.Xml.ni.dll
MOD - [2014.02.13 01:26:10 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1cdfe1998ad6794db3237006906c6fa2\System.Windows.Forms.ni.dll
MOD - [2014.02.13 01:25:57 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\424bff3295c6e7539cc6df62b9425bd0\System.Drawing.ni.dll
MOD - [2014.02.13 01:22:49 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4b0455ae94e3cecca4bb3ba8c96828c9\System.ni.dll
MOD - [2014.02.13 01:22:29 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\dae02331a443fb52216ca83292cb2f21\mscorlib.ni.dll
MOD - [2008.04.14 08:51:48 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2014.04.14 23:17:20 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014.03.29 17:52:03 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014.03.11 22:03:19 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.10.23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2014.04.14 23:17:23 | 000,776,976 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2014.04.14 23:17:23 | 000,411,552 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2014.04.14 23:17:23 | 000,180,760 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014.04.14 23:17:23 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2014.04.14 23:17:23 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2014.04.14 23:17:23 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2014.04.14 23:17:23 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2006.10.04 03:43:22 | 001,754,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006.08.15 14:41:16 | 004,368,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2006.07.11 15:38:30 | 000,020,480 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006.07.11 15:38:28 | 000,057,856 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006.06.28 17:38:56 | 000,105,088 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2006.06.18 23:59:28 | 000,043,008 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1078081533-920026266-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE8MSE&PC=UP09
IE - HKU\S-1-5-21-1078081533-920026266-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=UP97&ocid=UP97DHP
IE - HKU\S-1-5-21-1078081533-920026266-725345543-1004\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1078081533-920026266-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-1078081533-920026266-725345543-1004\..\SearchScopes\{55024F4A-1D7E-429E-A17A-0A0A17DF51BD}: "URL" = http://search.yahoo.com/search?p={searc ... 8&fr=b1ie7
IE - HKU\S-1-5-21-1078081533-920026266-725345543-1004\..\SearchScopes\{6A377077-16F4-4827-9277-8D4B597574D1}: "URL" = http://tv.seznam.cz/hledej?w={searchTer ... arch_12902
IE - HKU\S-1-5-21-1078081533-920026266-725345543-1004\..\SearchScopes\{9EAE8787-8F9A-4652-9B92-6A5F9EEB1A98}: "URL" = http://www.bing.com/search?FORM=UP09DF& ... -SearchBox
IE - HKU\S-1-5-21-1078081533-920026266-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledAddons: 8hffxtbr%40Allin1Convert_8h.com:6.33.3.42841
FF - prefs.js..extensions.enabledAddons: 4zffxtbr%40VideoDownloadConverter_4z.com:6.33.3.42825
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\WINDOWS\ [2014.04.14 23:17:25 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014.04.14 23:17:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013.08.31 09:18:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Petra\Data aplikací\Mozilla\Extensions
[2014.03.28 23:27:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Petra\Data aplikací\Mozilla\Firefox\Profiles\yaqp4fae.default-1388947146656\extensions
[2014.03.28 23:27:51 | 000,000,000 | ---D | M] (VideoDownloadConverter) -- C:\Documents and Settings\Petra\Data aplikací\Mozilla\Firefox\Profiles\yaqp4fae.default-1388947146656\extensions\4zffxtbr@VideoDownloadConverter_4z.com
[2014.03.28 23:27:51 | 000,000,000 | ---D | M] (Allin1Convert) -- C:\Documents and Settings\Petra\Data aplikací\Mozilla\Firefox\Profiles\yaqp4fae.default-1388947146656\extensions\8hffxtbr@Allin1Convert_8h.com
[2014.04.14 23:00:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014.03.29 17:52:04 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\PETRA\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\YAQP4FAE.DEFAULT-1388947146656\EXTENSIONS\4ZFFXTBR@VIDEODOWNLOADCONVERTER_4Z.COM
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\PETRA\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\YAQP4FAE.DEFAULT-1388947146656\EXTENSIONS\8HFFXTBR@ALLIN1CONVERT_8H.COM

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: PenÄ›Ĺľenka Google = C:\Documents and Settings\Petra\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\

O1 HOSTS File: ([2014.04.15 21:11:52 | 000,000,741 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1078081533-920026266-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKLM\..Trusted Domains: localhost ([]http in Internet)
O15 - HKU\S-1-5-21-1078081533-920026266-725345543-1004\..Trusted Domains: localhost ([]http in Internet)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 7853464015 (MUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.100.29.25 212.24.128.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF60E829-42F4-48B8-A176-8905819B55A9}: DhcpNameServer = 82.100.29.25 212.24.128.8
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.08.29 21:09:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2014.04.15 20:29:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Petra\Plocha\RK_Quarantine
[2014.04.15 13:47:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Petra\Data aplikací\Malwarebytes
[2014.04.15 13:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes' Anti-Malware
[2014.04.15 13:47:28 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014.04.15 13:47:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014.04.15 13:43:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2014.04.15 10:44:20 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.04.15 10:40:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\CrystalDiskInfo
[2014.04.15 10:40:42 | 000,000,000 | ---D | C] -- C:\Program Files\CrystalDiskInfo
[2014.04.14 23:37:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Petra\Local Settings\Data aplikací\Temp
[2014.04.14 23:20:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Petra\Data aplikací\AVAST Software
[2014.04.14 23:18:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Avast
[2014.04.14 23:17:27 | 000,057,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014.04.14 23:17:26 | 000,776,976 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2014.04.14 23:17:26 | 000,411,552 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2014.04.14 23:17:26 | 000,067,824 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2014.04.14 23:17:26 | 000,054,832 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2014.04.14 23:17:25 | 000,271,264 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014.04.14 23:17:23 | 000,043,152 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014.04.14 23:14:54 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014.04.14 23:14:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
[2014.04.14 23:13:07 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2014.04.14 23:13:07 | 000,000,000 | ---D | C] -- C:\rsit
[2014.04.14 23:04:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Petra\Recent
[2014.04.14 22:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\CCleaner
[2014.04.14 22:56:56 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014.04.14 22:54:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Petra\Dokumenty\Přijaté soubory
[2014.04.11 19:37:32 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Petra\IECompatCache
[2014.03.29 17:50:44 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014.03.27 00:01:21 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xp_eos.exe
[2014.03.27 00:01:21 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xp_eos.exe
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014.04.16 10:26:34 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014.04.16 10:15:03 | 000,000,466 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{38FBEF8C-0964-431C-ADC9-7B914A109376}.job
[2014.04.16 10:02:00 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014.04.16 10:01:00 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014.04.16 10:01:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014.04.15 23:17:06 | 000,000,362 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014.04.15 20:27:16 | 000,000,222 | ---- | M] () -- C:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
[2014.04.15 20:27:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014.04.15 13:47:30 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes Anti-Malware.lnk
[2014.04.15 10:43:40 | 001,426,178 | ---- | M] () -- C:\Documents and Settings\Petra\Plocha\adwcleaner.exe
[2014.04.15 10:40:43 | 000,001,643 | ---- | M] () -- C:\Documents and Settings\Petra\Plocha\CrystalDiskInfo.lnk
[2014.04.14 23:18:02 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\avast! Free Antivirus.lnk
[2014.04.14 23:17:23 | 000,776,976 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2014.04.14 23:17:23 | 000,411,552 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2014.04.14 23:17:23 | 000,271,264 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014.04.14 23:17:23 | 000,180,760 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014.04.14 23:17:23 | 000,067,824 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2014.04.14 23:17:23 | 000,057,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014.04.14 23:17:23 | 000,054,832 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2014.04.14 23:17:23 | 000,049,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2014.04.14 23:17:23 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014.04.14 23:04:33 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Petra\Dokumenty\cc_20140414_230430.reg
[2014.04.14 22:59:10 | 000,001,912 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2014.04.14 22:57:00 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\CCleaner.lnk
[2014.04.14 22:55:47 | 003,932,214 | ---- | M] () -- C:\Documents and Settings\Petra\Plocha\ip.bmp
[2014.04.14 18:37:25 | 000,000,396 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2014.04.13 16:29:01 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[2014.04.11 21:11:15 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Google Chrome.lnk
[2014.04.08 16:13:56 | 000,000,216 | ---- | M] () -- C:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
[2014.03.30 09:50:46 | 000,473,038 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014.03.30 09:50:46 | 000,468,336 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2014.03.30 09:50:46 | 000,087,958 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2014.03.30 09:50:46 | 000,076,132 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014.04.16 10:26:34 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014.04.15 13:47:30 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes Anti-Malware.lnk
[2014.04.15 10:42:11 | 001,426,178 | ---- | C] () -- C:\Documents and Settings\Petra\Plocha\adwcleaner.exe
[2014.04.15 10:40:43 | 000,001,643 | ---- | C] () -- C:\Documents and Settings\Petra\Plocha\CrystalDiskInfo.lnk
[2014.04.14 23:18:02 | 000,001,733 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\avast! Free Antivirus.lnk
[2014.04.14 23:17:35 | 000,000,362 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014.04.14 23:17:26 | 000,180,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014.04.14 23:17:26 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2014.04.14 23:04:32 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Petra\Dokumenty\cc_20140414_230430.reg
[2014.04.14 22:57:00 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\CCleaner.lnk
[2014.04.14 22:55:47 | 003,932,214 | ---- | C] () -- C:\Documents and Settings\Petra\Plocha\ip.bmp
[2014.04.14 22:54:14 | 000,000,426 | ---- | C] () -- C:\AVScanner.ini
[2014.04.11 19:37:05 | 000,000,466 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{38FBEF8C-0964-431C-ADC9-7B914A109376}.job
[2014.03.27 12:13:38 | 000,000,222 | ---- | C] () -- C:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
[2014.03.27 12:13:38 | 000,000,216 | ---- | C] () -- C:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
[2014.02.23 21:28:19 | 001,188,443 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2014.02.23 21:28:18 | 000,005,443 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2013.08.30 11:05:12 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2013.08.29 22:55:57 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2013.08.29 22:52:38 | 000,151,584 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.08.29 21:30:35 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2013.08.29 21:30:17 | 002,515,656 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2013.08.29 21:30:16 | 000,136,650 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2013.08.29 21:21:44 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2013.08.29 21:21:44 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2013.08.29 21:11:33 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013.08.29 21:05:42 | 000,021,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== ZeroAccess Check ==========

[2013.08.29 21:32:10 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 08:51:56 | 001,499,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:56:05 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 08:52:06 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014.04.14 23:14:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
[2013.12.19 17:29:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\tmp
[2014.02.07 19:11:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\Angry Birds Breakfast 2
[2014.04.14 23:20:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\AVAST Software
[2014.02.07 19:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\com.rovio.AngryBirdsBreakfast2
[2013.11.11 23:03:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\Rovio
[2014.02.07 19:11:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\Rovio Entertainment Ltd
[2014.04.14 23:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\Seznam.cz

========== Purity Check ==========

========== Custom Scans ==========

< >
[2013.08.29 21:06:54 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2013.08.29 21:13:33 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2013.08.30 11:22:11 | 000,000,914 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2013.09.14 21:25:58 | 000,000,934 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2013.09.14 21:25:58 | 000,000,938 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2013.11.19 12:21:42 | 000,000,396 | -H-- | C] () -- C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
[2014.03.27 12:13:38 | 000,000,216 | ---- | C] () -- C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
[2014.03.27 12:13:38 | 000,000,222 | ---- | C] () -- C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
[2014.04.11 19:37:05 | 000,000,466 | -H-- | C] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{38FBEF8C-0964-431C-ADC9-7B914A109376}.job
[2014.04.14 23:17:35 | 000,000,362 | -H-- | C] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job

< >

< MD5 for: AGP440.SYS >
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006.03.02 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006.03.02 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.04.14 08:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008.04.14 08:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe
[2006.03.02 14:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe

< MD5 for: CDROM.SYS >
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:cdrom.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2006.03.02 14:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2006.03.02 14:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 08:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 08:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 08:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 08:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2006.03.02 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2006.03.02 14:00:00 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: HAL.DLL >
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:hal.dll
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.14 00:01:34 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2008.04.14 00:01:30 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=6F61D3287A6A15A08A9433222C09D17F -- C:\WINDOWS\system32\HAL.DLL
[2006.03.02 14:00:00 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll

< MD5 for: CHANGER.SYS >
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:Changer.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.14 00:11:00 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys
[2004.08.03 23:00:14 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=DAF1A8193B6CAF0FB858CADCC5C4AF4A -- C:\WINDOWS\$NtServicePackUninstall$\changer.sys

< MD5 for: ISAPNP.SYS >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2006.03.02 14:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
[2008.04.14 07:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 07:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2006.03.02 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 08:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 08:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2006.03.02 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2006.03.02 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 08:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 08:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NVATA.SYS >
[2006.06.28 17:38:56 | 000,105,088 | ---- | M] (NVIDIA Corporation) MD5=9ECCD189A9554C30A0D18A429778C7BA -- C:\WINDOWS\system32\drivers\nvata.sys

< MD5 for: SCECLI.DLL >
[2006.03.02 14:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2006.03.02 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2008.04.14 08:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 08:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2006.03.02 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.04.14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB2509553$\tcpip.sys
[2008.04.14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2006.03.02 14:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2006.03.02 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006.03.02 14:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2006.03.02 14:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008.04.14 08:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 08:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< >

< %systemroot%*.* /U /s >
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[23 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[1 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\*.tmp files -> C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >
[2013.08.29 23:55:39 | 010,601,344 | ---- | M] (Microsoft Corporation) -- C:\IE8-WindowsXP-KB2618444-x86-CSY.exe
[2013.08.29 23:55:35 | 017,013,088 | ---- | M] (Microsoft Corporation) -- C:\IE8-WindowsXP-x86-CSY.exe
[2013.08.29 23:55:26 | 000,635,944 | ---- | M] (Microsoft Corporation) -- C:\WindowsXP-KB932823-v3-x86-CSY.exe
[2013.08.29 23:58:21 | 322,523,176 | ---- | M] (Microsoft Corporation) -- C:\WindowsXP-KB936929-SP3-x86-CSY.exe

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2014.03.05 21:23:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\Adobe
[2014.02.07 19:11:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\Angry Birds Breakfast 2
[2013.08.29 21:38:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\ATI
[2014.04.14 23:20:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\AVAST Software
[2014.02.07 19:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\com.rovio.AngryBirdsBreakfast2
[2013.08.29 21:15:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\Identities
[2013.08.30 11:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\Macromedia
[2014.04.15 13:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\Malwarebytes
[2014.04.14 23:16:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Petra\Data aplikací\Microsoft
[2013.08.31 09:18:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\Mozilla
[2013.11.11 23:03:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\Rovio
[2014.02.07 19:11:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\Rovio Entertainment Ltd
[2014.04.14 23:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\Seznam.cz
[2014.04.15 00:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\Skype

< %APPDATA%\*.exe /s >
[2013.06.11 15:31:03 | 000,148,480 | ---- | M] () -- C:\Documents and Settings\Petra\Data aplikací\Angry Birds Breakfast 2\AngryBirdsBreakfast2.exe
[2013.06.11 15:31:04 | 000,065,536 | ---- | M] () -- C:\Documents and Settings\Petra\Data aplikací\Angry Birds Breakfast 2\Adobe AIR\Versions\1.0\Resources\CaptiveAppEntry.exe
[2014.02.07 19:11:38 | 000,009,662 | R--- | M] () -- C:\Documents and Settings\Petra\Data aplikací\Microsoft\Installer\{6DA44563-279B-4F07-B8B0-BA97596850C4}\install_icon_cd2_48x48_1.exe
[2013.08.29 21:33:54 | 000,009,158 | R--- | M] () -- C:\Documents and Settings\Petra\Data aplikací\Microsoft\Installer\{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}\ARPPRODUCTICON.exe
[2013.10.18 16:50:21 | 001,504,880 | ---- | M] (Rovio Entertainment Ltd.) -- C:\Documents and Settings\Petra\Data aplikací\Rovio Entertainment Ltd\Angry Birds 3.3.3\install\529D510\AngryBirds.exe
[2013.10.18 16:50:21 | 001,790,576 | ---- | M] (Rovio Entertainment Ltd.) -- C:\Documents and Settings\Petra\Data aplikací\Rovio Entertainment Ltd\Angry Birds 3.3.3\install\529D510\updater.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2013.08.29 22:51:46 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2013.08.29 22:51:46 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2013.08.29 22:51:46 | 000,462,848 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.sys /3 >
[2014.04.14 23:17:23 | 000,067,824 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswMonFlt.sys
[2014.04.14 23:17:23 | 000,054,832 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys
[2014.04.14 23:17:23 | 000,049,944 | ---- | M] () -- C:\WINDOWS\system32\drivers\aswRvrt.sys
[2014.04.14 23:17:23 | 000,776,976 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswSnx.sys
[2014.04.14 23:17:23 | 000,411,552 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswSP.sys
[2014.04.14 23:17:23 | 000,057,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys
[2014.04.14 23:17:23 | 000,180,760 | ---- | M] () -- C:\WINDOWS\system32\drivers\aswVmm.sys

< %systemroot%\system32\*.* /3 >
[2014.04.14 23:17:23 | 000,271,264 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\aswBoot.exe
[2014.04.14 22:59:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\system32\sinstall.log
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >
[2013.08.29 23:55:39 | 010,601,344 | ---- | M] (Microsoft Corporation) -- C:\IE8-WindowsXP-KB2618444-x86-CSY.exe
[2013.08.29 23:55:35 | 017,013,088 | ---- | M] (Microsoft Corporation) -- C:\IE8-WindowsXP-x86-CSY.exe
[2013.08.29 23:55:26 | 000,635,944 | ---- | M] (Microsoft Corporation) -- C:\WindowsXP-KB932823-v3-x86-CSY.exe
[2013.08.29 23:58:21 | 322,523,176 | ---- | M] (Microsoft Corporation) -- C:\WindowsXP-KB936929-SP3-x86-CSY.exe

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 08:52:18 | 000,015,360 | ---- | M] (Microsoft Corporation)
"Skype" = "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun -- [2014.02.10 20:11:36 | 020,924,064 | R--- | M] (Skype Technologies S.A.)

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
No captured output from command...

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
No captured output from command...

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
No captured output from command...

< >

< type c:\boot.ini >> test.txt /c >
No captured output from command...

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2014.04.16 10:26:34 | 000,000,512 | ---- | M] () MD5=F1E96CA8FD621ABD5555FA8477647C30 -- C:\PhysicalMBR.bin

< >

< *crack* /s >

< *keygen* /s >

< *AntiWPA* /s >

< *loader* /s >
[2013.10.18 16:42:17 | 000,000,768 | ---- | M] () -- \Documents and Settings\Petra\Data aplikací\Rovio Entertainment Ltd\Angry Birds 3.3.3\install\529D510\data\scripts_common\subsystems\loader.lua
[2014.01.28 20:35:56 | 000,072,638 | ---- | M] () -- \Documents and Settings\Petra\Local Settings\Data aplikací\Skype\Apps\login\images\loader.gif
[2014.01.28 20:35:56 | 000,003,032 | ---- | M] () -- \Documents and Settings\Petra\Local Settings\Data aplikací\Skype\Apps\login\images\loader.png
[2014.01.28 20:35:56 | 000,006,012 | ---- | M] () -- \Documents and Settings\Petra\Local Settings\Data aplikací\Skype\Apps\login\images\normal\loader_15fps.gif
[2014.01.28 20:35:56 | 000,021,956 | ---- | M] () -- \Documents and Settings\Petra\Local Settings\Data aplikací\Skype\Apps\login\images\normal\loader_30fps.gif
[2014.01.28 20:35:56 | 000,009,772 | ---- | M] () -- \Documents and Settings\Petra\Local Settings\Data aplikací\Skype\Apps\login\images\retina\loader@2x.png
[2014.04.14 23:17:20 | 000,072,480 | ---- | M] () -- \Program Files\AVAST Software\Avast\aswWrcIELoader32.exe
[2013.09.25 10:35:26 | 000,401,920 | ---- | M] () -- \Program Files\Drogerie TETA\Fotosvet TETA\CWImageLoader0.dll
[2013.10.18 16:42:17 | 000,000,768 | ---- | M] () -- \Program Files\Rovio Entertainment Ltd\Angry Birds\data\scripts_common\subsystems\loader.lua
[2006.03.02 14:00:00 | 000,035,840 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\dmloader.dll
[2004.08.03 22:59:38 | 000,230,400 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\osloader.exe
[2004.08.03 22:59:38 | 000,278,016 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\osloader.ntd
[2013.08.29 23:44:10 | 000,082,784 | ---- | M] () -- \WINDOWS\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll
[2008.04.14 08:51:40 | 000,035,840 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\dmloader.dll
[2008.04.14 00:01:48 | 000,230,912 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.exe
[2008.04.14 00:01:50 | 000,278,528 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.ntd
[2008.04.14 08:51:40 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dmloader.dll
[1 \WINDOWS\system32\*.tmp files -> \WINDOWS\system32\*.tmp -> ]

< *minodlogin* /s >

< *tnod* /s >

< *AutoKMS* /s >

< *activator* /s >

< *serial* /s >
[2012.09.27 00:12:26 | 000,970,752 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2004.08.17 15:43:56 | 000,028,416 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\grserial.sys
[2006.03.02 14:00:00 | 000,064,640 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\serial.sys
[2014.02.13 01:31:22 | 000,131,072 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2013.08.31 09:46:34 | 000,970,752 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2014.02.13 13:48:18 | 000,311,296 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\6c29ee2bedfe88dcd66993f1af135ad8\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.02.13 01:28:04 | 002,345,472 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9860da66bf0219612908e7412b0a6e2e\System.Runtime.Serialization.ni.dll
[2014.02.13 13:50:08 | 000,311,296 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\046c2851963b30d0e14194051c03de33\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.02.13 13:49:56 | 002,658,304 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\fa954900a6cf3a095efadfa4c683a32c\System.Runtime.Serialization.ni.dll
[2010.03.18 14:16:28 | 001,026,936 | R--- | M] () -- \WINDOWS\Installer\$PatchCache$\Managed\5C1093C35543A0E32A41B090A305076A\4.0.30319\System.Runtime.Serialization.dll.x86
[2013.12.21 21:04:17 | 000,017,840 | ---- | M] () -- \WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\v4.0_4.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2014.02.13 01:33:54 | 000,122,264 | ---- | M] () -- \WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2013.12.21 21:04:16 | 000,099,208 | ---- | M] () -- \WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System.RunTime.Serialization.resources\v4.0_4.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.resources.dll
[2014.02.13 01:33:51 | 001,039,040 | ---- | M] () -- \WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2008.07.25 11:17:00 | 000,131,072 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2012.09.27 00:12:26 | 000,970,752 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2013.09.11 07:06:54 | 001,039,040 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
[2010.03.18 14:16:28 | 000,122,264 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2010.06.15 03:33:16 | 000,017,840 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v4.0.30319\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2010.06.15 03:33:16 | 000,099,208 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v4.0.30319\cs\System.RunTime.Serialization.resources.dll
[2008.04.14 07:47:26 | 000,028,416 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\grserial.sys
[2008.04.14 07:51:10 | 000,064,256 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\serial.sys
[2006.03.02 14:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dpserial.dll
[2006.03.02 14:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\serialui.dll
[1 \WINDOWS\system32\*.tmp files -> \WINDOWS\system32\*.tmp -> ]
[2006.03.02 14:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dllcache\dpserial.dll
[2006.03.02 14:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\dllcache\serialui.dll
[2008.04.14 07:51:10 | 000,064,256 | ---- | M] () -- \WINDOWS\system32\drivers\serial.sys

< *w7lxe* /s >

< End of report >

OTL Extras logfile created on: 16.4.2014 10:24:05 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Petra\Dokumenty\Stažené soubory
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1023,48 Mb Total Physical Memory | 329,50 Mb Available Physical Memory | 32,19% Memory free
2,40 Gb Paging File | 1,79 Gb Available in Paging File | 74,52% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 137,20 Gb Free Space | 92,05% Space Free | Partition Type: NTFS

Computer Name: DOMA-9ED8BD9274 | User Name: Petra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-1078081533-920026266-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE prezentace fotografií] -- "C:\Program Files\Drogerie TETA\Fotosvet TETA\CEWE prezentace fotografií.exe" -d "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotosvet TETA] -- "C:\Program Files\Drogerie TETA\Fotosvet TETA\Fotosvet TETA.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{083F79E4-6FE9-46FB-A6C6-4F8862742947}" = ATI HYDRAVISION
"{0D5C7179-19E5-4F59-8373-8C03D97F39C8}" = Kryštofova dobrodružství CZ
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CE5D820-34E8-4362-BA66-02C50E1AF75E}" = ATI Catalyst Control Center
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{654977DB-0001-0002-0001-EABD228DDE8B}" = Microsoft Download Manager
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DA44563-279B-4F07-B8B0-BA97596850C4}" = Angry Birds Breakfast 2
"{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14
"{90120000-0010-0405-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Czech) 12
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_HOMESTUDENTR_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_HOMESTUDENTR_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_HOMESTUDENTR_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_HOMESTUDENTR_{0B7A4B67-2A38-42B1-9857-662FAB361E08}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_HOMESTUDENTR_{FDF9A959-241A-4662-A8DE-7DED9C22D160}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_HOMESTUDENTR_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_HOMESTUDENTR_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-AB0000000001}" = Adobe Reader XI (11.0.06) - Czech
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C306BD02-D1B0-482E-99D4-8A4E3E72E8B7}" = Angry Birds
"{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}" = AVIVO Codecs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"3FA1705966809259F916AF817C59B4F389F4572C" = Balíček ovladače systému Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"All ATI Software" = Softarová utilita ATI - Odinstalovat
"ATI Display Driver" = ATI Display Driver
"Avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"CrystalDiskInfo_is1" = CrystalDiskInfo 6.1.9a
"Doplněk pro vytváření PDF dokumentů z Účta_is1" = Doplněk pro vytváření PDF dokumentů z Účta
"Fotosvet TETA" = Fotosvet TETA
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie8" = Windows Internet Explorer 8
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware verze 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Mozilla Firefox 28.0 (x86 cs)" = Mozilla Firefox 28.0 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 27.3.2014 12:22:32 | Computer Name = DOMA-9ED8BD9274 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace firefox.exe, verze 27.0.1.5156, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 27.3.2014 13:16:15 | Computer Name = DOMA-9ED8BD9274 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace firefox.exe, verze 27.0.1.5156, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 27.3.2014 16:39:19 | Computer Name = DOMA-9ED8BD9274 | Source = Application Error | ID = 1000
Description = Chybující aplikace skype.exe, verze 6.14.60.104, chybující modul kernel32.dll,
verze 5.1.2600.6293, adresa chyby 0x0000984e.

Error - 29.3.2014 14:34:15 | Computer Name = DOMA-9ED8BD9274 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace CLI.exe, verze 1.11.0.0, zablokovaný modul hungapp,
verze 0.0.0.0, adresa bloku 0x00000000.

Error - 5.4.2014 1:06:39 | Computer Name = DOMA-9ED8BD9274 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace firefox.exe, verze 28.0.0.5186, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 6.4.2014 5:58:07 | Computer Name = DOMA-9ED8BD9274 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace Skype.exe, verze 6.14.60.104, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 14.4.2014 17:14:17 | Computer Name = DOMA-9ED8BD9274 | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Daná operace se vrátila, protože vypršel časový limit.

Error - 14.4.2014 17:14:17 | Computer Name = DOMA-9ED8BD9274 | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Zvolený server nemůže provést požadovanou operaci.

Error - 15.4.2014 7:43:55 | Computer Name = DOMA-9ED8BD9274 | Source = Application Error | ID = 1000
Description = Chybující aplikace mbam.exe, verze 1.0.0.500, chybující modul msvcr100.dll,
verze 10.0.40219.325, adresa chyby 0x0008d6fd.

Error - 15.4.2014 7:46:08 | Computer Name = DOMA-9ED8BD9274 | Source = Application Error | ID = 1000
Description = Chybující aplikace mbam.exe, verze 1.0.0.500, chybující modul msvcr100.dll,
verze 10.0.40219.325, adresa chyby 0x0008d6fd.

[ System Events ]
Error - 15.4.2014 4:48:31 | Computer Name = DOMA-9ED8BD9274 | Source = Service Control Manager | ID = 7034
Description = Služba Ati HotKey Poller byla neočekávaně ukončena. Tento stav nastal
již 1krát.

Error - 15.4.2014 4:48:31 | Computer Name = DOMA-9ED8BD9274 | Source = Service Control Manager | ID = 7031
Description = Služba Zařazování tisku byla nečekaně ukončena. Stalo se to 1 krát.
Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.

Error - 15.4.2014 4:48:32 | Computer Name = DOMA-9ED8BD9274 | Source = Service Control Manager | ID = 7034
Description = Služba Služba brány aplikačního rozhraní byla neočekávaně ukončena.
Tento stav nastal již 1krát.

Error - 15.4.2014 4:49:43 | Computer Name = DOMA-9ED8BD9274 | Source = ati2mtag | ID = 44044
Description = I2c return failed

Error - 15.4.2014 4:49:43 | Computer Name = DOMA-9ED8BD9274 | Source = ati2mtag | ID = 44044
Description = I2c return failed

Error - 15.4.2014 11:31:52 | Computer Name = DOMA-9ED8BD9274 | Source = Dhcp | ID = 1002
Description = Zapůjčení adresy IP 192.168.1.108 pro síťovou kartu s adresou 000FEA647375
byla serverem DHCP 0.0.0.0 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).

Error - 15.4.2014 11:31:58 | Computer Name = DOMA-9ED8BD9274 | Source = ati2mtag | ID = 44044
Description = I2c return failed

Error - 15.4.2014 11:31:58 | Computer Name = DOMA-9ED8BD9274 | Source = ati2mtag | ID = 44044
Description = I2c return failed

Error - 15.4.2014 14:27:20 | Computer Name = DOMA-9ED8BD9274 | Source = ati2mtag | ID = 44044
Description = I2c return failed

Error - 15.4.2014 14:27:20 | Computer Name = DOMA-9ED8BD9274 | Source = ati2mtag | ID = 44044
Description = I2c return failed

< End of report >

dinospages píše:roguekiller, rsit a otl nespoustim z plochy ale z c:/document and settings/petra/dokumenty/stažené soubory

Ja vim, vidim to v logu. U techto to nevadi. Chvili potrva, nez to sepisu

Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne

Znovu spustte OTL
Do spodniho okna vlozte nasledujici text (vcetne te dvojtecky pred slovem commands)

Kód: Vybrat vše

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[Purity]
[CreateRestorePoint]

:services
gupdate
SkypeUpdate
AdobeFlashPlayerUpdateSvc
gupdatem

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
C:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
C:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{38FBEF8C-0964-431C-ADC9-7B914A109376}.job

:otl
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1078081533-920026266-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE8MSE&PC=UP09
IE - HKU\S-1-5-21-1078081533-920026266-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=UP97&ocid=UP97DHP
IE - HKU\S-1-5-21-1078081533-920026266-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1078081533-920026266-725345543-1004\..\SearchScopes\{55024F4A-1D7E-429E-A17A-0A0A17DF51BD}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1078081533-920026266-725345543-1004\..\SearchScopes\{9EAE8787-8F9A-4652-9B92-6A5F9EEB1A98}: "URL" = http://www.bing.com/search?FORM=UP09DF&PC=UP09&q={searchTerms}&src=IE-SearchBox
O15 - HKLM\..Trusted Domains: localhost ([]http in Internet)
O15 - HKU\S-1-5-21-1078081533-920026266-725345543-1004\..Trusted Domains: localhost ([]http in Internet)
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[23 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[1 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\*.tmp files -> C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\*.tmp -> ]

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SeznamInstall-uninstall:20b0ea880249370b0c6d1d0320cbeecc]

Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 36070499 bytes

User: NetworkService
->Temp folder emptied: 1677132 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Petra
->Temp folder emptied: 16679503 bytes
->Temporary Internet Files folder emptied: 13063794 bytes
->FireFox cache emptied: 21613094 bytes
->Google Chrome cache emptied: 6817182 bytes
->Flash cache emptied: 1011 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 110592 bytes
%systemroot%\System32 .tmp files removed: 2504 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 38126062 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 316106530 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 11796642 bytes

Total Files Cleaned = 441,00 mb

[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Petra
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point
========== SERVICES/DRIVERS ==========
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service SkypeUpdate stopped successfully!
Service SkypeUpdate deleted successfully!
Service AdobeFlashPlayerUpdateSvc stopped successfully!
Service AdobeFlashPlayerUpdateSvc deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
C:\WINDOWS\tasks\Adobe Flash Player Updater.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job moved successfully.
C:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job moved successfully.
C:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job moved successfully.
C:\WINDOWS\tasks\User_Feed_Synchronization-{38FBEF8C-0964-431C-ADC9-7B914A109376}.job moved successfully.
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-1078081533-920026266-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-1078081533-920026266-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1078081533-920026266-725345543-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1078081533-920026266-725345543-1004\Software\Microsoft\Internet Explorer\SearchScopes\{55024F4A-1D7E-429E-A17A-0A0A17DF51BD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{55024F4A-1D7E-429E-A17A-0A0A17DF51BD}\ not found.
Registry key HKEY_USERS\S-1-5-21-1078081533-920026266-725345543-1004\Software\Microsoft\Internet Explorer\SearchScopes\{9EAE8787-8F9A-4652-9B92-6A5F9EEB1A98}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9EAE8787-8F9A-4652-9B92-6A5F9EEB1A98}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1078081533-920026266-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP139.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP204.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP219.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP245.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP27B.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2AA.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP30F.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3AD.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3E0.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4C6.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5F3.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP828.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP904.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP910.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9EB.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA10.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA8A.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPAC1.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPBD9.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPCE9.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD5B.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD85.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE67.tmp folder deleted successfully.
C:\WINDOWS\Installer\MSI142.tmp deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Skype deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SeznamInstall-uninstall:20b0ea880249370b0c6d1d0320cbeecc\ deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 04162014_114248

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

vyosek píše: T-Cleaner http://tharifas.sweb.cz/T-Cleaner.exe
Stahnete a spustte

Pro potvrzeni volby mackejte A, Enter

Po pouziti utilitu smazte

Antiviry mohou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

Stahnete OTC http://oldtimer.geekstogo.com/OTC.exe , ulozte a spustte.
Kliknete na napis CleanUp a pote OK - Po uklidu dojde k restartu pc.

Stahnete TFC http://oldtimer.geekstogo.com/TFC.exe , ulozte a spustte
Kliknete na START a pote OK - Po uklidu dojde k restartu pc.
Po pouziti muzete programek smazat

Stahnete Ccleaner http://www.piriform.com/ccleaner/download/slim a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!

Defragmentujte disk(y)
Stahnete program Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
Pri instalaci opet pozor na toolbar
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.

Pak napiste, jak je na tom pc.

nyni defragmentuji pc se chova normalne ale to se choval jiz po prvnich zakrocich, ja osobne jsem to nepoznal ani kdyz jsem to donesl domu me se to tu chovalo celkem dobre.

V PC zbylo: MBAM a crystaldisk, mam je odinstalovat?

dále se nemohu zbavit toolbaru videodownloadconverter a llin1converter, stále se zobrazuji ve firefoxu i kdyz v ovl pnalech - programy je nevidim a ani pres ccleaner je nevidim videocdownloadconverter jsem odinstaloval jeste pred tim nez jsem napsal sem.

dinospages píše:V PC zbylo: MBAM a crystaldisk, mam je odinstalovat?

Muzete odinstalovat.

dinospages píše:dále se nemohu zbavit toolbaru videodownloadconverter a llin1converter, stále se zobrazuji ve firefoxu i kdyz v ovl pnalech - programy je nevidim a ani pres ccleaner je nevidim videocdownloadconverter jsem odinstaloval jeste pred tim nez jsem napsal sem.

To jste mel napsat hned

Az defragmentace dobehne, stahnete znovu OTL a podle stejneho navodu jako predtim provedeme jeste jednu opravu.
Tentokrat s timto skriptem.

Kód: Vybrat vše

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[Purity]
[CreateRestorePoint]

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:otl
FF - prefs.js..extensions.enabledAddons: 8hffxtbr%40Allin1Convert_8h.com:6.33.3.42841
FF - prefs.js..extensions.enabledAddons: 4zffxtbr%40VideoDownloadConverter_4z.com:6.33.3.42825
[2014.03.28 23:27:51 | 000,000,000 | ---D | M] (VideoDownloadConverter) -- C:\Documents and Settings\Petra\Data aplikací\Mozilla\Firefox\Profiles\yaqp4fae.default-1388947146656\extensions\4zffxtbr@VideoDownloadConverter_4z.com
[2014.03.28 23:27:51 | 000,000,000 | ---D | M] (Allin1Convert) -- C:\Documents and Settings\Petra\Data aplikací\Mozilla\Firefox\Profiles\yaqp4fae.default-1388947146656\extensions\8hffxtbr@Allin1Convert_8h.com
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\PETRA\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\YAQP4FAE.DEFAULT-1388947146656\EXTENSIONS\4ZFFXTBR@VIDEODOWNLOADCONVERTER_4Z.COM
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\PETRA\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\YAQP4FAE.DEFAULT-1388947146656\EXTENSIONS\8HFFXTBR@ALLIN1CONVERT_8H.COM

Dejte zase log, co po restartu vyskoci. A napiste, jestli je to pryc.

je to pryc

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Petra
->Temp folder emptied: 1299398 bytes
->Temporary Internet Files folder emptied: 5275961 bytes
->FireFox cache emptied: 18212650 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 492 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 42 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 24,00 mb

[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Petra
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
========== OTL ==========
Prefs.js: 8hffxtbr%40Allin1Convert_8h.com:6.33.3.42841 removed from extensions.enabledAddons
Prefs.js: 4zffxtbr%40VideoDownloadConverter_4z.com:6.33.3.42825 removed from extensions.enabledAddons
C:\Documents and Settings\Petra\Data aplikací\Mozilla\Firefox\Profiles\yaqp4fae.default-1388947146656\extensions\4zffxtbr@VideoDownloadConverter_4z.com\plugins folder moved successfully.
C:\Documents and Settings\Petra\Data aplikací\Mozilla\Firefox\Profiles\yaqp4fae.default-1388947146656\extensions\4zffxtbr@VideoDownloadConverter_4z.com\META-INF folder moved successfully.
C:\Documents and Settings\Petra\Data aplikací\Mozilla\Firefox\Profiles\yaqp4fae.default-1388947146656\extensions\4zffxtbr@VideoDownloadConverter_4z.com\chrome folder moved successfully.
C:\Documents and Settings\Petra\Data aplikací\Mozilla\Firefox\Profiles\yaqp4fae.default-1388947146656\extensions\4zffxtbr@VideoDownloadConverter_4z.com folder moved successfully.
C:\Documents and Settings\Petra\Data aplikací\Mozilla\Firefox\Profiles\yaqp4fae.default-1388947146656\extensions\8hffxtbr@Allin1Convert_8h.com\plugins folder moved successfully.
C:\Documents and Settings\Petra\Data aplikací\Mozilla\Firefox\Profiles\yaqp4fae.default-1388947146656\extensions\8hffxtbr@Allin1Convert_8h.com\META-INF folder moved successfully.
C:\Documents and Settings\Petra\Data aplikací\Mozilla\Firefox\Profiles\yaqp4fae.default-1388947146656\extensions\8hffxtbr@Allin1Convert_8h.com\chrome folder moved successfully.
C:\Documents and Settings\Petra\Data aplikací\Mozilla\Firefox\Profiles\yaqp4fae.default-1388947146656\extensions\8hffxtbr@Allin1Convert_8h.com folder moved successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 04162014_132754

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Znovu spustte OTL a kliknete na napis Vycisti. Program po sobe uklidi.

No a pokud neni s pc problem, mame hotovo.

dnes mi známá říkala že se to opět strašně pomalu otevírá, asi myslí něco na internetu (jedu se k ní večer podívat myslím si, že to bude poskytovatelem, jelikož u mě jelo PC úplně v pohodě, rychlé starty, žádné vytížení CPU když jsem nic nedělal, internet byl v pohodě zkoušel jsem youtube právě kvůli rychlosti internetu i rychlost.cz a vše bylo v normálu)

Jsem na to zvědavý, dám vám vědět jak to dopadlo.

Díky moc

Logy vypadaji v poradku a pokud to u vas jelo v pohode, bude fakt problem nekde jinde nez v pc. Jeste zkuste, jak se to chova v nouzovem rezimu s praci v siti, jestli je i v nem net pomaly.

Urcite dejte vedet

A neni zac!

VIRY.CZ

preventivni kontrola

Re: preventivni kontrola

Re: preventivni kontrola

Re: preventivni kontrola

Re: preventivni kontrola

Re: preventivni kontrola

Re: preventivni kontrola

Re: preventivni kontrola

Re: preventivni kontrola

Re: preventivni kontrola

Re: preventivni kontrola

Re: preventivni kontrola

Re: preventivni kontrola

Re: preventivni kontrola

Re: preventivni kontrola

Re: preventivni kontrola